eap_get_config_password() function

eap_get_config - Get current network configuration @sm: Pointer to EAP state machine allocated with eap_peer_sm_init() Returns: Pointer to the current network configuration or %NULL if not found EAP peer methods should avoid using this function if they can use other access functions, like eap_get_config_identity() and eap_get_config_password(), that do not require direct access to struct eap_peer_config.

eap_get_config_identity - Get identity from the network configuration @sm: Pointer to EAP state machine allocated with eap_peer_sm_init() @len: Buffer for the length of the identity Returns: Pointer to the identity or %NULL if not found

eap_peer_tls_encrypt - Encrypt phase 2 TLS message @sm: Pointer to EAP state machine allocated with eap_peer_sm_init() @data: Data for TLS processing @eap_type: EAP type (EAP_TYPE_TLS, EAP_TYPE_PEAP, ...) @peap_version: Version number for EAP-PEAP/TTLS @id: EAP identifier for the response @in_data: Plaintext phase 2 data to encrypt or %NULL to continue fragments @out_data: Buffer for returning a pointer to the encrypted response message Returns: 0 on success, -1 on failure

eap_peer_tls_derive_key - Derive a key based on TLS session data @sm: Pointer to EAP state machine allocated with eap_peer_sm_init() @data: Data for TLS processing @label: Label string for deriving the keys, e.g., "client EAP encryption" @context: Optional extra upper-layer context (max len 2^16) @context_len: The length of the context value @len: Length of the key material to generate (usually 64 for MSK) Returns: Pointer to allocated key on success or %NULL on failure This function uses TLS-PRF to generate pseudo-random data based on the TLS session data (client/server random and master key). Each key type may use a different label to bind the key usage into the generated material. The caller is responsible for freeing the returned buffer. Note: To provide the RFC 5705 context, the context variable must be non-NULL.

eap_get_config_password2 - Get password from the network configuration @sm: Pointer to EAP state machine allocated with eap_peer_sm_init() @len: Buffer for the length of the password @hash: Buffer for returning whether the password is stored as a NtPasswordHash instead of plaintext password; can be %NULL if this information is not needed Returns: Pointer to the password or %NULL if not found

eap_peer_tls_ssl_init - Initialize shared TLS functionality @sm: Pointer to EAP state machine allocated with eap_peer_sm_init() @data: Data for TLS processing @config: Pointer to the network configuration @eap_type: EAP method used in Phase 1 (EAP_TYPE_TLS/PEAP/TTLS/FAST) Returns: 0 on success, -1 on failure This function is used to initialize shared TLS functionality for EAP-TLS, EAP-PEAP, EAP-TTLS, and EAP-FAST.

eap_peer_tls_ssl_deinit - Deinitialize shared TLS functionality @sm: Pointer to EAP state machine allocated with eap_peer_sm_init() @data: Data for TLS processing This function deinitializes shared TLS functionality that was initialized with eap_peer_tls_ssl_init().

eap_peer_tls_derive_session_id - Derive a Session-Id based on TLS data @sm: Pointer to EAP state machine allocated with eap_peer_sm_init() @data: Data for TLS processing @eap_type: EAP method used in Phase 1 (EAP_TYPE_TLS/PEAP/TTLS/FAST) @len: Pointer to length of the session ID generated Returns: Pointer to allocated Session-Id on success or %NULL on failure This function derive the Session-Id based on the TLS session data (client/server random and method type). The caller is responsible for freeing the returned buffer.

eap_peer_tls_process_helper - Process TLS handshake message @sm: Pointer to EAP state machine allocated with eap_peer_sm_init() @data: Data for TLS processing @eap_type: EAP type (EAP_TYPE_TLS, EAP_TYPE_PEAP, ...) @peap_version: Version number for EAP-PEAP/TTLS @id: EAP identifier for the response @in_data: Message received from the server @in_len: Length of in_data @out_data: Buffer for returning a pointer to the response message Returns: 0 on success, 1 if more input data is needed, 2 if application data is available, or -1 on failure This function can be used to process TLS handshake messages. It reassembles the received fragments and uses a TLS library to process the messages. The response data from the TLS library is fragmented to suitable output messages that the caller can send out. out_data is used to return the response message if the return value of this function is 0, 2, or -1. In case of failure, the message is likely a TLS alarm message. The caller is responsible for freeing the allocated buffer if *out_data is not %NULL. This function is called for each received TLS message during the TLS handshake after eap_peer_tls_process_init() call and possible processing of TLS Flags field. Once the handshake has been completed, i.e., when tls_connection_established() returns 1, EAP method specific decrypting of the tunneled data is used.

eap_peer_tls_process_init - Initial validation/processing of EAP requests @sm: Pointer to EAP state machine allocated with eap_peer_sm_init() @data: Data for TLS processing @eap_type: EAP type (EAP_TYPE_TLS, EAP_TYPE_PEAP, ...) @ret: Return values from EAP request validation and processing @reqData: EAP request to be processed (eapReqData) @len: Buffer for returning length of the remaining payload @flags: Buffer for returning TLS flags Returns: Pointer to payload after TLS flags and length or %NULL on failure This function validates the EAP header and processes the optional TLS Message Length field. If this is the first fragment of a TLS message, the TLS reassembly code is initialized to receive the indicated number of bytes. EAP-TLS, EAP-PEAP, EAP-TTLS, and EAP-FAST methods are expected to use this function as the first step in processing received messages. They will need to process the flags (apart from Message Length Included) that are returned through the flags pointer and the message payload that will be returned (and the length is returned through the len pointer). Return values (ret) are set for continuation of EAP method processing. The caller is responsible for setting these to indicate completion (either success or failure) based on the authentication result.

eap_get_config_blob - Get a named configuration blob @sm: Pointer to EAP state machine allocated with eap_peer_sm_init() @name: Name of the blob Returns: Pointer to blob data or %NULL if not found

eap_peer_tls_status - Get TLS status @sm: Pointer to EAP state machine allocated with eap_peer_sm_init() @data: Data for TLS processing @buf: Buffer for status information @buflen: Maximum buffer length @verbose: Whether to include verbose status information Returns: Number of bytes written to buf.

eap_peer_tls_decrypt - Decrypt received phase 2 TLS message @sm: Pointer to EAP state machine allocated with eap_peer_sm_init() @data: Data for TLS processing @in_data: Message received from the server @in_decrypted: Buffer for returning a pointer to the decrypted message Returns: 0 on success, 1 if more input data is needed, or -1 on failure

eap_server_clear_identity - Clear EAP identity information @sm: Pointer to EAP state machine allocated with eap_server_sm_init() This function can be used to clear the EAP identity information in the EAP server context. This allows the EAP/Identity method to be used again after EAPOL-Start or EAPOL-Logoff.

eap_sm_buildIdentity - Build EAP-Identity/Response for the current network @sm: Pointer to EAP state machine allocated with eap_peer_sm_init() @id: EAP identifier for the packet @encrypted: Whether the packet is for encrypted tunnel (EAP phase 2) Returns: Pointer to the allocated EAP-Identity/Response packet or %NULL on failure This function allocates and builds an EAP-Identity/Response packet for the current network. The caller is responsible for freeing the returned data.

eap_sm_request_identity - Request identity from user (ctrl_iface) @sm: Pointer to EAP state machine allocated with eap_peer_sm_init() EAP methods can call this function to request identity information for the current network. This is normally called when the identity is not included in the network configuration. The request will be sent to monitor programs through the control interface.

eap_peer_tls_reauth_init - Re-initialize shared TLS for session resumption @sm: Pointer to EAP state machine allocated with eap_peer_sm_init() @data: Data for TLS processing Returns: 0 on success, -1 on failure

eap_server_sm_deinit - Deinitialize and free an EAP server state machine @sm: Pointer to EAP state machine allocated with eap_server_sm_init() This function deinitializes EAP state machine and frees all allocated resources.

eap_server_sm_step - Step EAP server state machine @sm: Pointer to EAP state machine allocated with eap_server_sm_init() Returns: 1 if EAP state was changed or 0 if not This function advances EAP state machine to a new state to match with the current variables. This should be called whenever variables used by the EAP state machine have changed.

eap_sm_pending_cb - EAP state machine callback for a pending EAP request @sm: Pointer to EAP state machine allocated with eap_server_sm_init() This function is called when data for a pending EAP-Request is received.

eap_get_identity - Get the user identity (from EAP-Response/Identity) @sm: Pointer to EAP state machine allocated with eap_server_sm_init() @len: Buffer for returning identity length Returns: Pointer to the user identity or %NULL if not available

eap_get_interface - Get pointer to EAP-EAPOL interface data @sm: Pointer to EAP state machine allocated with eap_server_sm_init() Returns: Pointer to the EAP-EAPOL interface data

eap_sm_request_password - Request password from user (ctrl_iface) @sm: Pointer to EAP state machine allocated with eap_peer_sm_init() EAP methods can call this function to request password information for the current network. This is normally called when the password is not included in the network configuration. The request will be sent to monitor programs through the control interface.

eap_sm_request_new_password - Request new password from user (ctrl_iface) @sm: Pointer to EAP state machine allocated with eap_peer_sm_init() EAP methods can call this function to request new password information for the current network. This is normally called when the EAP method indicates that the current password has expired and password change is required. The request will be sent to monitor programs through the control interface.

eap_get_config_new_password - Get new password from network configuration @sm: Pointer to EAP state machine allocated with eap_peer_sm_init() @len: Buffer for the length of the new password Returns: Pointer to the new password or %NULL if not found

eap_set_config_blob - Set or add a named configuration blob @sm: Pointer to EAP state machine allocated with eap_peer_sm_init() @blob: New value for the blob Adds a new configuration blob or replaces the current value of an existing blob.

eap_allowed_method - Check whether EAP method is allowed @sm: Pointer to EAP state machine allocated with eap_peer_sm_init() @vendor: Vendor-Id for expanded types or 0 = IETF for legacy types @method: EAP type Returns: 1 = allowed EAP method, 0 = not allowed

eap_fast_load_pac - Load PAC entries (text format) @sm: Pointer to EAP state machine allocated with eap_peer_sm_init() @pac_root: Pointer to root of the PAC list (to be filled) @pac_file: Name of the PAC file/blob to load Returns: 0 on success, -1 on failure

eap_fast_save_pac - Save PAC entries (text format) @sm: Pointer to EAP state machine allocated with eap_peer_sm_init() @pac_root: Root of the PAC list @pac_file: Name of the PAC file/blob Returns: 0 on success, -1 on failure

eap_fast_load_pac_bin - Load PAC entries (binary format) @sm: Pointer to EAP state machine allocated with eap_peer_sm_init() @pac_root: Pointer to root of the PAC list (to be filled) @pac_file: Name of the PAC file/blob to load Returns: 0 on success, -1 on failure

eap_fast_save_pac_bin - Save PAC entries (binary format) @sm: Pointer to EAP state machine allocated with eap_peer_sm_init() @pac_root: Root of the PAC list @pac_file: Name of the PAC file/blob Returns: 0 on success, -1 on failure

eap_sm_process_nak - Process EAP-Response/Nak @sm: Pointer to EAP state machine allocated with eap_server_sm_init() @nak_list: Nak list (allowed methods) from the supplicant @len: Length of nak_list in bytes This function is called when EAP-Response/Nak is received from the supplicant. This can happen for both phase 1 and phase 2 authentications.

eap_user_get - Fetch user information from the database @sm: Pointer to EAP state machine allocated with eap_server_sm_init() @identity: Identity (User-Name) of the user @identity_len: Length of identity in bytes @phase2: 0 = EAP phase1 user, 1 = EAP phase2 (tunneled) user Returns: 0 on success, or -1 on failure This function is used to fetch user information for EAP. The user will be selected based on the specified identity. sm->user and sm->user_eap_method_index are updated for the new user when a matching user is found. sm->user can be used to get user information (e.g., password).

eap_sm_notify_cached - Notify EAP state machine of cached PMK @sm: Pointer to EAP state machine allocated with eap_server_sm_init() This function is called when PMKSA caching is used to skip EAP authentication.

eap_sm_method_pending - Query whether EAP method is waiting for pending data @sm: Pointer to EAP state machine allocated with eap_server_sm_init() Returns: 1 if method is waiting for pending data or 0 if not

eap_get_serial_num - Get the serial number of user certificate @sm: Pointer to EAP state machine allocated with eap_server_sm_init() Returns: Pointer to the serial number or %NULL if not available

eap_get_method - Get the used EAP method @sm: Pointer to EAP state machine allocated with eap_server_sm_init() Returns: Pointer to the method name or %NULL if not available

eap_get_imsi - Get IMSI of the user @sm: Pointer to EAP state machine allocated with eap_server_sm_init() Returns: Pointer to IMSI or %NULL if not available

eap_config_allowed_method - Check whether EAP method is allowed @sm: Pointer to EAP state machine allocated with eap_peer_sm_init() @config: EAP configuration @vendor: Vendor-Id for expanded types or 0 = IETF for legacy types @method: EAP type Returns: 1 = allowed EAP method, 0 = not allowed

eap_mschapv2_process - Process an EAP-MSCHAPv2 challenge message @sm: Pointer to EAP state machine allocated with eap_peer_sm_init() @data: Pointer to private EAP method data from eap_mschapv2_init() @ret: Return values from EAP request validation and processing @req: Pointer to EAP-MSCHAPv2 header from the request @req_len: Length of the EAP-MSCHAPv2 data @id: EAP identifier used in the request Returns: Pointer to allocated EAP response packet (eapRespData) or %NULL if no reply available

eap_mschapv2_process - Process an EAP-MSCHAPv2 failure message @sm: Pointer to EAP state machine allocated with eap_peer_sm_init() @data: Pointer to private EAP method data from eap_mschapv2_init() @ret: Return values from EAP request validation and processing @req: Pointer to EAP-MSCHAPv2 header from the request @req_len: Length of the EAP-MSCHAPv2 data @id: EAP identifier used in th erequest Returns: Pointer to allocated EAP response packet (eapRespData) or %NULL if no reply available

eap_mschapv2_process - Process an EAP-MSCHAPv2 request @sm: Pointer to EAP state machine allocated with eap_peer_sm_init() @priv: Pointer to private EAP method data from eap_mschapv2_init() @ret: Return values from EAP request validation and processing @reqData: EAP request to be processed (eapReqData) Returns: Pointer to allocated EAP response packet (eapRespData) or %NULL if no reply available

eap_tlv_build_result - Build EAP-TLV Result message @id: EAP identifier for the header @status: Status (EAP_TLV_RESULT_SUCCESS or EAP_TLV_RESULT_FAILURE) Returns: Buffer to the allocated EAP-TLV Result message or %NULL on failure This function builds an EAP-TLV Result message. The caller is responsible for freeing the returned buffer.

eap_tlv_process - Process a received EAP-TLV message and generate a response @sm: Pointer to EAP state machine allocated with eap_peer_sm_init() @ret: Return values from EAP request validation and processing @req: EAP-TLV request to be processed. The caller must have validated that the buffer is large enough to contain full request (hdr->length bytes) and that the EAP type is EAP_TYPE_TLV. @resp: Buffer to return a pointer to the allocated response message. This field should be initialized to %NULL before the call. The value will be updated if a response message is generated. The caller is responsible for freeing the allocated message. @force_failure: Force negotiation to fail Returns: 0 on success, -1 on failure

eap_tls_process_input - Process incoming TLS message @sm: Pointer to EAP state machine allocated with eap_peer_sm_init() @data: Data for TLS processing @in_data: Message received from the server @in_len: Length of in_data @out_data: Buffer for returning a pointer to application data (if available) Returns: 0 on success, 1 if more input data is needed, 2 if application data is available, -1 on failure