diff --git a/src/sonic-pac/authmgr/Makefile.am b/src/sonic-pac/authmgr/Makefile.am new file mode 100755 index 000000000000..e339c3db1dda --- /dev/null +++ b/src/sonic-pac/authmgr/Makefile.am @@ -0,0 +1,18 @@ +sonic_wpa_supp_path = $(top_srcdir)/../wpasupplicant/sonic-wpa-supplicant + +INCLUDES = -I $(top_srcdir)/paccfg -I $(top_srcdir)/pacoper -I $(top_srcdir)/authmgr/common -I $(top_srcdir)/authmgr/mapping/include -I $(top_srcdir)/fpinfra/inc -I $(top_srcdir)/authmgr/mapping/auth_mgr_sid -I $(top_srcdir)/authmgr/protocol/include -I $(sonic_wpa_supp_path)/src/common -I $(sonic_wpa_supp_path)/src/utils -I $(sonic_wpa_supp_path)/src/radius -I $(top_srcdir)/mab/mapping/include + +lib_LTLIBRARIES = libauthmgr.la + +if DEBUG +DBGFLAGS = -ggdb -DDEBUG +else +DBGFLAGS = -g -DNDEBUG +endif + +AM_CPPFLAGS = -save-temps -Wall -Wno-pointer-sign -Wno-pointer-sign -Wno-unused-but-set-variable -Wno-address -Wno-array-bounds -Wno-sequence-point -Wno-switch -Wno-uninitialized -Wno-unused-result -Wno-aggressive-loop-optimizations -Wno-sizeof-pointer-memaccess -Wno-unused-local-typedefs -Wno-unused-value -Wno-format-truncation -g -Werror $(SONIC_COMMON_CFLAGS) -DCONFIG_CTRL_IFACE -DCONFIG_CTRL_IFACE_UNIX -DCONFIG_SONIC_HOSTAPD + +libauthmgr_la_SOURCES = $(top_srcdir)/authmgr/protocol/auth_mgr_db.c $(top_srcdir)/authmgr/mapping/auth_mgr_cnfgr.c $(top_srcdir)/authmgr/mapping/auth_mgr_cfg.c $(top_srcdir)/authmgr/mapping/auth_mgr_api.c $(top_srcdir)/authmgr/mapping/auth_mgr_control.c $(top_srcdir)/authmgr/mapping/auth_mgr_client.c $(top_srcdir)/authmgr/mapping/auth_mgr_ih.c $(top_srcdir)/authmgr/mapping/auth_mgr_debug.c $(top_srcdir)/authmgr/mapping/auth_mgr_sid/auth_mgr_sid.c $(top_srcdir)/authmgr/mapping/auth_mgr_dot1x.c $(top_srcdir)/authmgr/mapping/auth_mgr_mab.c $(top_srcdir)/authmgr/mapping/auth_mgr_socket.c $(top_srcdir)/authmgr/protocol/auth_mgr_sm.c $(top_srcdir)/authmgr/protocol/auth_mgr_mac_db.c $(top_srcdir)/authmgr/protocol/auth_mgr_radius.c $(top_srcdir)/authmgr/protocol/auth_mgr_timer.c $(top_srcdir)/authmgr/protocol/auth_mgr_utils.c $(top_srcdir)/authmgr/protocol/auth_mgr_vlan.c $(top_srcdir)/authmgr/protocol/auth_mgr_vlan_db.c $(top_srcdir)/authmgr/protocol/auth_mgr_txrx.c $(sonic_wpa_supp_path)/src/common/wpa_ctrl.c $(sonic_wpa_supp_path)/src/utils/os_unix.c + +libauthmgr_la_LIBADD = -L$(top_srcdir)/fpinfra/ -lfpinfra -L$(top_srcdir)/paccfg/ -lpaccfg -L$(top_srcdir)/pacoper/ -lpacoper $(SONIC_COMMON_LDFLAGS) + diff --git a/src/sonic-pac/authmgr/common/auth_mgr_api.h b/src/sonic-pac/authmgr/common/auth_mgr_api.h new file mode 100755 index 000000000000..678fc7b7706c --- /dev/null +++ b/src/sonic-pac/authmgr/common/auth_mgr_api.h @@ -0,0 +1,1856 @@ +/* + * Copyright 2024 Broadcom Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + + +#ifndef __AUTH_MGR_API_H_ +#define __AUTH_MGR_API_H_ + +/* USE C Declarations */ +#ifdef __cplusplus +extern "C" { +#endif + +#include "auth_mgr_exports.h" +#include "datatypes.h" + + +typedef struct authmgrAuthRespParams_s +{ + AUTHMGR_METHOD_t method; + AUTHMGR_STATUS_t status; + authmgrClientStatusInfo_t clientParams; +}authmgrAuthRespParams_t; + + +/********************************************************************* +* @purpose Get initialize value for a port +* +* @param intIfNum @b{(input)} internal interface number +* @param *initialize @b{(output)} initialize value +* +* @returns SUCCESS +* @returns FAILURE +* +* @comments This value indicates whether a port is being initialized +* due to a management request +* +* @end +*********************************************************************/ +RC_t authmgrPortInitializeGet(uint32 intIfNum, BOOL *initialize); + +/********************************************************************* +* @purpose Set initialize value for a port +* +* @param intIfNum @b{(input)} internal interface number +* @param initialize @b{(input)} initialize value +* +* @returns SUCCESS +* @returns FAILURE +* +* @comments This value is set to TRUE by management in order to force +* initialization of a port. It is re-set to FALSE after +* initialization has completed. +* +* @end +*********************************************************************/ +RC_t authmgrPortInitializeSet(uint32 intIfNum, BOOL initialize); + +/********************************************************************* +* @purpose Get auth mgr reauthenticate timer value +* +* @param intIfNum @b{(input)} internal interface number +* @param *timerVal@b{(output)}reauthenticate timer value +* +* @returns SUCCESS +* @returns FAILURE +* +* @comments +* +* @end +*********************************************************************/ +RC_t authmgrPortAuthRestartTimerGet(uint32 intIfNum, uint32 *timerVal); + +/********************************************************************* +* @purpose Set auth mgr reauthenticate timer value +* +* @param intIfNum @b{(input)} internal interface number +* @param timerval @b{(input)} reauthenticate timer value +* +* @returns SUCCESS +* @returns FAILURE +* +* @comments Authentication restart timer value , for which the port will wait before, + retstarting authentication when all the authentication methods fail. +* +* @end +*********************************************************************/ +RC_t authmgrPortAuthRestartTimerSet(uint32 intIfNum, uint32 timerVal); + +/********************************************************************* +* @purpose Set auth mgr method or priority +* +* @param mode @b{(input)} order or priority +* @param index @b{(input)} position of the method or order +* @param method @b{(input)} authentication manager methods, + i.e.dot1x/mab/cp +* +* @returns SUCCESS +* @returns FAILURE +* +* @comments Authentication restart timer value , for which the port will wait before, + retstarting authentication when all the authentication methods fail. +* +* @end +*********************************************************************/ +RC_t authmgrPortAuthMethodSet( AUTHMGR_METHOD_TYPE_t mode, uint32 intIfNum, + uint32 index, AUTHMGR_METHOD_t method); +/********************************************************************* +* @purpose Get auth mgr method or priority +* +* @param mode @b{(input)} order or priority +* @param index @b{(input)} position of the method or order +* @param *method @b{(output)} authentication manager methods, + i.e.dot1x/mab/cp +* +* @returns SUCCESS +* @returns FAILURE +* +* @comments Authentication restart timer value , for which the port will wait before, + retstarting authentication when all the authentication methods fail. +* +* @end +*********************************************************************/ +RC_t authmgrPortAuthMethodGet( AUTHMGR_METHOD_TYPE_t mode, uint32 intIfNum, + uint32 index, AUTHMGR_METHOD_t *method); + +/********************************************************************* + * @purpose Clear authmgr stats for specified port + * + * @param intIfNum @b{(input)} internal interface number + * + * @returns SUCCESS + * @returns FAILURE + * + * @comments + * + * @end + *********************************************************************/ +RC_t authmgrPortStatsClear(uint32 intIfNum); +/********************************************************************* + * @purpose Get authmgr stats for specified port + * + * @param intIfNum @b{(input)} internal interface number + * + * @returns SUCCESS + * @returns FAILURE + * + * @comments + * + * @end + *********************************************************************/ +RC_t authmgrPortStatsGet(uint32 intIfNum, AUTHMGR_STATS_TYPE_t method, uint32 *stats); + +/********************************************************************* +* @purpose Return Internal Interface Number of next valid interface for +* authmgr. +* +* @param intIfNum @b{(input)} Internal Interface Number +* @param pNextintIfNum @b{(output)} pointer to Next Internal Interface Number, +* +* @returns SUCCESS if success +* @returns ERROR if interface does not exist +* @returns FAILURE if other failure +* +* @comments none +* +* @end +*********************************************************************/ +RC_t authmgrNextValidIntf(uint32 intIfNum, uint32 *pNextIntIfNum); +/********************************************************************* +* @purpose Return Internal Interface Number of the first valid interface for +* authmgr. +* +* @param pFirstIntIfNum @b{(output)} pointer to first internal interface number +* +* @returns SUCCESS if success +* @returns ERROR if interface does not exist +* @returns FAILURE if other failure +* +* @comments none +* +* @end +*********************************************************************/ +RC_t authmgrFirstValidIntfNumber(uint32 *pFirstIntIfNum); + +/********************************************************************* +* @purpose Returns the first logical port for the physcial interface +* +* @param intIfNum @b{(input)} internal interface number +* @param lIntIfNum @b((output)) the logical interface +* +* @returns SUCCESS if success +* @returns FAILURE if other failure +* +* @comments none +* +* @end +*********************************************************************/ +RC_t authmgrLogicalPortFirstGet(uint32 intIfNum,uint32 *lIntIfNum); + +/********************************************************************* +* @purpose Returns the first logical port for the physcial interface +* +* @param lIntIfNum @b((input)) the logical interface +* @param nextIntf @b{(ouput)} the next interface +* +* @returns SUCCESS if success +* @returns FAILURE if other failure +* +* @comments none +* +* @end +*********************************************************************/ +RC_t authmgrLogicalPortNextGet(uint32 lIntIfNum,uint32 *nextIntf); + +/********************************************************************* +* @purpose Returns the User Name for the logical interface +* +* @param lIntIfNum @b((input)) the specified interface +* @param userName @b((output)) user name for the logical interface +* +* @returns SUCCESS if success +* @returns FAILURE if other failure +* +* @comments none +* +* @end +*********************************************************************/ +RC_t authmgrLogicalPortUserNameGet (uint32 lIntIfNum, + uchar8 *userName); + +/********************************************************************* +* @purpose Returns the accouting session Id for the logical interface +* +* @param lIntIfNum @b((input)) the specified interface +* @param acctSessionIdStr @b((output)) Accouting Session Id +* for the logical interface +* +* @returns SUCCESS if success +* @returns FAILURE if other failure +* +* @comments none +* +* @end +*********************************************************************/ +RC_t authmgrLogicalPortAcctSessionIdGet (uint32 lIntIfNum, + uchar8 *acctSessionIdStr); + +/********************************************************************* +* @purpose Returns the client Mac address for the logical interface +* +* @param lIntIfNum @b((input)) the specified interface +* @param macAddr @b((output)) Mac Address of the supplicant +* +* @returns SUCCESS if success +* @returns FAILURE if other failure +* +* @comments none +* +* @end +*********************************************************************/ +RC_t authmgrLogicalPortClientMacAddrGet(uint32 lIntIfNum, + uchar8 *macAddr); + + +/********************************************************************* +* @purpose Returns the physical port corresponding to the logical interface +* +* @param lIntIfNum @b((input)) the logical interface +* @param physport @b{(ouput)} the physical interface +* +* @returns SUCCESS if success +* @returns FAILURE if other failure +* +* @comments none +* +* @end +*********************************************************************/ +RC_t authmgrPhysicalPortGet(uint32 lIntIfNum,uint32 *physPort); + +/********************************************************************* +* +* @purpose Update the status and other information of the client + from the authentication method to Auth Mgr. +* +* @param uint32 intIfNum @b((input)) Internal interface number +* @param method @b{(input)} authentication manager methods, + i.e.dot1x/mab/cp +* @param status @b{(input)} authentication status, + i.e start/success/fail/timeout. +* @param clientParams @b{(input)} client status event related information +* +* @returns SUCCESS +* @returns FAILURE +* +* @notes This API is called from DOT1X and CP when they are starting the authentication + and also when the method is success/failure/timedout +* +* @end +*********************************************************************/ +RC_t authmgrPortClientAuthStatusUpdate(uint32 intIfNum, + AUTHMGR_METHOD_t method, + AUTHMGR_STATUS_t status, + void *clientParams); + + +/****************************************************************************** + * @purpose Gets the next History Log interface index + * + * @param intIfNum @b{(input/output)} Physical Interface Number + * + * @returns SUCCESS + * @returns FAILURE If there are no entries + * + * @notes + * + * @end + *******************************************************************************/ +RC_t authmgrAuthHistoryLogIfIndexNextGet(uint32 *intIfNum); + + +/****************************************************************************** + * @purpose Gets the next History Log entry indexs + * + * @param intIfNum @b{(input/output)} Physical Interface Number + * @param entryIndex @b{(input/output)} EntryIndex + * + * @returns SUCCESS + * @returns FAILURE If there are no entries + * + * @notes + * + * @end + *******************************************************************************/ +RC_t authmgrAuthHistoryLogIndexNextGet(uint32 *intIfNum, + uint32 *entryIndex); +/****************************************************************************** + * @purpose Gets the next History Log entry indexs in reverse order + * + * @param intIfNum @b{(input/output)} Physical Interface Number + * @param entryIndex @b{(input/output)} EntryIndex + * + * @returns SUCCESS + * @returns FAILURE If there are no entries + * + * @notes + * + * @end + *******************************************************************************/ +RC_t authmgrAuthHistoryLogReverseIndexNextGet(uint32 *intIfNum, + uint32 *entryIndex); + +/********************************************************************* + * @purpose Purge all authmgr auth history log entries for the given + * interface + * + * @param intIfNum @b{(input)} Physical Interface Number + * + * @returns SUCCESS + * @returns FAILURE + * + * @comments + * + * @notes + * @end + * + **********************************************************************/ +RC_t authmgrAuthHistoryLogInterfacePurge(uint32 intIfNum); + +/********************************************************************* + * @purpose Purge all authmgr auth history log entries + * + * @param void + * + * @returns SUCCESS + * @returns FAILURE + * + * @comments + * + * @notes + * + * @end + * + **********************************************************************/ +RC_t authmgrAuthHistoryLogPurgeAll(); + + +/********************************************************************* + * @purpose Get the timestamp from the authmgr Auth History table + * + * @param intIfNum @b{(input)} Physical Interface Number + * @param entryIndex @b{(input)} EntryIndex + * @param pTimeStamp @b{(output)} reference to the Reason Code + * + * @returns SUCCESS + * @returns FAILURE + * + * @comments + * + * @notes + * + * @end + * + *********************************************************************/ +RC_t authmgrAuthHistoryLogTimestampGet(uint32 intIfNum, + uint32 entryIndex, + uint32 *pTimeStamp); + +/********************************************************************* + * @purpose Get the VlanId from the authmgr Auth History table + * + * @param intIfNum @b{(input)} Physical Interface Number + * @param entryIndex @b{(input)} EntryIndex + * @param pVlanId @b{(output)} reference to the VLANID + * + * @returns SUCCESS + * @returns FAILURE + * + * @comments + * + * @notes + * + * @end + * + *********************************************************************/ +RC_t authmgrAuthHistoryLogVlanIdGet(uint32 intIfNum, + uint32 entryIndex, + ushort16 *pVlanId); + +/********************************************************************* + * @purpose Get the VlanId from the authmgr Auth History table + * + * @param intIfNum @b{(input)} Physical Interface Number + * @param entryIndex @b{(input)} EntryIndex + * @param pMethod @b{(output)} reference to the auth Method + * + * @returns SUCCESS + * @returns FAILURE + * + * @comments + * + * @notes + * + * @end + * + *********************************************************************/ +RC_t authmgrAuthHistoryLogMethodGet(uint32 intIfNum, + uint32 entryIndex, + AUTHMGR_METHOD_t *pMethod); + +/********************************************************************* + * @purpose Get the reasonCode from the authmgr Auth History table + * + * @param intIfNum @b{(input)} Physical Interface Number + * @param entryIndex @b{(input)} EntryIndex + * @param pReasonCode @b{(output)} Reference to the Reason Code + * + * @returns SUCCESS + * @returns FAILURE + * + * @comments + * + * @notes + * + * @end + * + *********************************************************************/ +RC_t authmgrAuthHistoryLogReasonCodeGet(uint32 intIfNum, + uint32 entryIndex, + uint32 *pReasonCode); + +/********************************************************************* + * @purpose Get the accessStatus from the authmgr Auth History table + * + * @param intIfNum @b{(input)} Physical Interface Number + * @param entryIndex @b{(input)} EntryIndex + * @param pStatus @b{(output)} Reference to the Access Status + * + * @returns SUCCESS + * @returns FAILURE + * + * @comments + * + * @notes + * + * @end + * + *********************************************************************/ +RC_t authmgrAuthHistoryLogAuthStatusGet(uint32 intIfNum, + uint32 entryIndex, + uint32 *pStatus); + + +/********************************************************************* + * @purpose Get the authmgr authentication Status from the authmgr Auth + * History table + * + * @param intIfNum @b{(input)} Physical Interface Number + * @param entryIndex @b{(input)} EntryIndex + * @param pStatus @b{(output)} Reference to the Auth Status + * + * @returns SUCCESS + * @returns FAILURE + * + * @comments + * + * @notes + * + * @end + * + *********************************************************************/ +RC_t authmgrAuthHistoryLogAuthStatusGet(uint32 intIfNum, + uint32 entryIndex, + uint32 *pStatus); + +/********************************************************************* + * @purpose Get the supplicant Mac Address from the authmgr Auth History table + * + * @param intIfNum @b{(input)} Physical Interface Number + * @param entryIndex @b{(input)} EntryIndex + * @param pMacAddress @b{(output)} Reference to the Mac Address + * + * @returns SUCCESS + * @returns FAILURE + * + * @comments + * + * @notes + * + * @end + * + *********************************************************************/ +RC_t authmgrAuthHistoryLogClientMacAddressGet(uint32 intIfNum, + uint32 entryIndex, + enetMacAddr_t *pMacAddress); + +/********************************************************************* + * @purpose Get the FilterID for the Authmgr Radius Accept Packet + * located in the authmgr Auth History table + * + * @param intIfNum @b{(input)} Physical Interface Number + * @param entryIndex @b{(input)} EntryIndex + * @param pFilterId @b{(output)} Reference to the filter Id + * @param pFilterLen @b{(input/output)} Reference to filter Length + * + * @returns SUCCESS + * @returns FAILURE + * + * @comments + * + * @notes + * + * @end + * + *********************************************************************/ +RC_t authmgrAuthHistoryLogFilterIdGet (uint32 intIfNum, + uint32 entryIndex, + uchar8 *pFilterIdName, + uint32 *pFilterLen); + +/********************************************************************* + * @purpose Check if the authmgr auth history log entry exists in History + * table + * + * @param intIfNum @b{(input)} Physical Interface Number + * @param entryIndex @b{(input)} EntryIndex + * + * @returns SUCCESS + * @returns FAILURE + * + * @comments + * + * @notes + * + * @end + * + *********************************************************************/ +RC_t authmgrAuthHistoryLogEntryIsValid(uint32 intIfNum, + uint32 entryIndex); + /********************************************************************* + * @purpose Return Reason in String format for the given entry + * + * @param intIfNum (input) - Interface + * entryIndex (input) - Entry Index + * reasonCode (input) - Reason Code + * strReason (output) - Reason in String format + * strLen (input/output) - Length of Reason String + * + * @returns SUCCESS/ FAILURE + * + * @comments + * + * @notes + * + * @end + * + *********************************************************************/ +RC_t authmgrAuthHistoryLogReasonStringGet(uint32 intIfNum, + uint32 entryIndex, + uint32 reasonCode, + char8 *strReason, + uint32 *strLen); + +/********************************************************************* + * @purpose Verify specified config interface index is valid + * + * @param intIfNum @b{(input)} Internal interface number + * + * @returns SUCCESS + * @returns FAILURE + * + * @comments + * + * @end + *********************************************************************/ +RC_t authmgrIntfIndexGet(uint32 intIfNum); + +/********************************************************************* + * @purpose Determine next sequential auth Mgr config interface index + * + * @param intIfNum @b{(input)} Internal interface number to begin search + * @param *pNext @b{(output)} Ptr to next internal interface number + * + * @returns SUCCESS + * @returns FAILURE + * + * @comments + * + * @end + *********************************************************************/ +RC_t authmgrIntfIndexGetNext(uint32 intIfNum, uint32 *pNext); + +/********************************************************************* + * @purpose Verify specified index exists + * + * @param index @b{(input)} index of the config array + * + * @returns SUCCESS + * @returns FAILURE + * + * @comments Auth Mgr expects the index to come to the api with incremented by 1. + In the API we reduce the index by 1 as the data structure is array. + * + * @end + *********************************************************************/ +RC_t authmgrMethodIndexGet(uint32 index); + +/********************************************************************* + * @purpose Determine next sequential index + * + * @param index @b{(input)} index of the config array + * @param *pNext @b{(output)} Ptr to next priority + * + * @returns SUCCESS + * @returns FAILURE + * + * @comments + * + * @end + *********************************************************************/ +RC_t authmgrIndexGetNext(uint32 index, uint32 *pNext); + +/********************************************************************* + * @purpose Determine next sequential auth Mgr config interface index + * + * @param intIfNum @b{(input)} Internal interface number to begin search + * @param *pNext @b{(output)} Ptr to next internal interface number + * + * @returns SUCCESS + * @returns FAILURE + * + * @comments + * + * @end + *********************************************************************/ +RC_t authmgrEntryIndexGet(uint32 intIfNum, uint32 index); +/********************************************************************* + * @purpose Determine next sequential auth Mgr config interface index + * + * @param intIfNum @b{(input)} Internal interface number to begin search + * @param *pNext @b{(output)} Ptr to next internal interface number + * + * @returns SUCCESS + * @returns FAILURE + * + * @comments + * + * @end + *********************************************************************/ +RC_t authmgrEntryIndexGetNext(uint32 intIfNum, uint32 *pNextNum, + uint32 index, uint32 *pNextIndex); + +/********************************************************************* + * @purpose chechks if method order config is valid. + * + * @param intIfNum @b{(input)} internal interface number + * @param method @b{(input)} authentication manager methods, + i.e.dot1x/mab/cp + * + * @returns TRUE + * @returns FALSE + * + * @comments This API should only be called from the methods DOT1X and captive portal + applications only. When 8021x or CP receives a PDU or packet then they + query Auth mgr if the can start authentication process.This API returns if the + same can start the authentication process. + * + * @end + *********************************************************************/ +RC_t authmgrPortAuthMethodStartAuthAllowed(uint32 intIfNum, AUTHMGR_METHOD_t method); +/********************************************************************* + * @purpose gets the authenticated method or currently running authenticated method for the client + * + * @param intIfNum @b{(input)} internal interface number + * @param mac_addr @b{(input)}client's mac address + * @param *method @b{(input)}reference to the method + * + * @returns FALSE_ + * @returns TRUE + * + * @comments This API should only be called from the methods DOT1X and captive portal + * + * @end + *********************************************************************/ +RC_t authmgrClientAuthenticatedMethodGet(uint32 intIfNum, enetMacAddr_t mac_addr, AUTHMGR_METHOD_t *method ); + +/********************************************************************* + * @purpose chechs if method is Enabled. + * + * @param intIfNum @b{(input)} internal interface number + * @param method @b{(input)} authentication method which is being checked, + i.e.dot1x/mab/cp + * @param *entryIndex @b{(outout)}reference to the entry index + * + * @returns FALSE + * @returns TRUE + * + * @comments This API should only be called from the methods DOT1X and captive portal + applications only. + * + * @end + *********************************************************************/ + + BOOL authmgrIsMethodEnabled(uint32 intIfNum, AUTHMGR_METHOD_t method, uint32 *entryIndex); +/********************************************************************* + * @purpose Determine if the interface is valid for auth mgr + * + * @param intIfNum @b{(input)} internal interface number + * + * @returns TRUE + * @returns FALSE + * + * @comments none + * + * @end + *********************************************************************/ + BOOL authmgrIsValidIntf(uint32 intIfNum); + +/********************************************************************* +* @purpose Get number of attempts for the method +* +* @param intIfNum @b{(input)} internal interface number +* @param method @b{(input)} method for which the attempts are requested +* @param *numAttempts @b{(output)} number of attempts +* +* @returns SUCCESS +* @returns FAILURE +* +* @comments +* +* @end +*********************************************************************/ +RC_t authmgrPortAttemptsGet(uint32 intIfNum, AUTHMGR_METHOD_t method, uint32 *numAttempts); + +/********************************************************************* +* @purpose Get number of failed attempts for the method +* +* @param intIfNum @b{(input)} internal interface number +* @param method @b{(input)} method for which the attempts are requested +* @param *numAttempts @b{(output)} number of attempts +* +* @returns SUCCESS +* @returns FAILURE +* +* @comments +* +* @end +*********************************************************************/ +RC_t authmgrPortFailedAttemptsGet(uint32 intIfNum, AUTHMGR_METHOD_t method, uint32 *numAttempts); + + +/********************************************************************* + * @purpose Determine next sequential index + * + * @param index @b{(input)} index of the config array + * @param *pNext @b{(output)} Ptr to next priority + * + * @returns SUCCESS + * @returns FAILURE + * + * @comments + * + * @end + *********************************************************************/ +RC_t authmgrMethodIndexGetNext(uint32 index, uint32 *pNext); + +/********************************************************************* + * @purpose Get the number of clients authenticated. + * + * @param intIfNum @b((input)) interface number + * @param pCount @b((output)) ptr to the number of clients + * + * @returns SUCCESS + * @returns FAILURE + * + * @comments + * + * @notes + * @notes + * + * @end + * + *********************************************************************/ +RC_t authmgrNumClientsGet(uint32 intIfNum, uint32 *pCount); + +/********************************************************************* + * @purpose Get the number of clients authenticated. + * + * @param intIfNum @b((input)) interface number +* @param mode @b{(input)} order or priority +* @param index @b{(input)} position of the method or order +* @param *method @b{(output)} authentication manager methods, + i.e.dot1x/mab/cp + * + * @returns SUCCESS + * @returns FAILURE + * + * @comments + * + * @notes + * @notes + * + * @end + * + *********************************************************************/ +RC_t authmgrEnabledMethodGet( AUTHMGR_METHOD_TYPE_t mode, uint32 intIfNum, + uint32 index, AUTHMGR_METHOD_t *method); + +/********************************************************************* +* @purpose Returns the client authenticated Method for the logical interface +* +* @param lIntIfNum @b((input)) the specified interface +* @param method @b((output)) authenticating method +* +* @returns SUCCESS if success +* @returns FAILURE if other failure +* +* @comments none +* +* @end +*********************************************************************/ +RC_t authmgrLogicalPortClientAuthenticatedMethodGet(uint32 lIntIfNum, + AUTHMGR_METHOD_t *method); + + +/********************************************************************* +* @purpose Returns the client auth state for the logical interface +* +* @param lIntIfNum @b((input)) the specified interface +* @param state @b((output)) authenticating state +* +* @returns SUCCESS if success +* @returns FAILURE if other failure +* +* @comments none +* +* @end +*********************************************************************/ +RC_t authmgrLogicalPortClientAuthStateGet(uint32 lIntIfNum, + AUTHMGR_STATES_t *state); + +/********************************************************************* +* @purpose Returns the client reauth state for the logical interface +* +* @param lIntIfNum @b((input)) the specified interface +* @param state @b((output)) reauthenticating state +* +* @returns SUCCESS if success +* @returns FAILURE if other failure +* +* @comments none +* +* @end +*********************************************************************/ +RC_t authmgrLogicalPortClientReauthStateGet(uint32 lIntIfNum, + BOOL *state); + +/********************************************************************* +* @purpose Returns the client auth status for the logical interface +* +* @param lIntIfNum @b((input)) the specified interface +* @param status @b((output)) authenticated status +* +* @returns SUCCESS if success +* @returns FAILURE if other failure +* +* @comments none +* +* @end +*********************************************************************/ +RC_t authmgrLogicalPortClientAuthStatusGet(uint32 lIntIfNum, + AUTHMGR_PORT_STATUS_t *status); + +/********************************************************************* +* +* @purpose Update the status and other information of the client + from the authentication method to Auth Mgr. +* +* @param uint32 intIfNum @b((input)) Internal interface number +* @param method @b{(input)} authentication manager methods, + i.e.dot1x/mab/cp +* @param status @b{(input)} TRUE/ FALSE + i.e start/success/fail/timeout. +* +* @returns SUCCESS +* @returns FAILURE +* +* @notes This API is called from DOT1X and CP when the feature is enabled or disabled. + In case of Global mode changes, the interface will come as ALL_INTERFACES + and also when the method is success/failure/timedout +* +* @end +*********************************************************************/ +RC_t authmgrMethodAdminModeCallback( uint32 intIfNum, + AUTHMGR_METHOD_t method, + BOOL status); +/********************************************************************* +* @purpose Returns the logical port for the next client Mac Address +* in the mac address database +* +* @param mac_addr @b{(input)} supplicant mac address to be searched +* @param lIntIfNum @b((output)) the logical interface +* +* @returns SUCCESS if success +* @returns FAILURE if other failure +* +* @comments for SNMP +* +* @end +*********************************************************************/ +RC_t authmgrClientMacAddressNextGet( enetMacAddr_t *macAddr,uint32 *lIntIfNum); +/********************************************************************* +* @purpose Returns the logical port for the corresponding supplicant Mac Address +* +* @param mac_addr @b{(input)} supplicant mac address to be searched +* @param lIntIfNum @b((output)) the logical interface +* +* @returns SUCCESS if success +* @returns FAILURE if other failure +* +* @comments for SNMP +* +* @end +*********************************************************************/ +RC_t authmgrClientMacAddressGet( enetMacAddr_t *macAddr,uint32 *lIntIfNum); +/********************************************************************* +* @purpose function to validate of Mab is enabled before 8021x +* intIfNum : interface number +* +* @returns SUCCESS if MAB is enabled before 802.1X +* @returns FAILURE +* +* @comments +* +* @end +*********************************************************************/ + BOOL authmgrIsMabEnabledPriorToDot1x(uint32 intIfNum); +/************************************************************************** +* @purpose Wrapper function to authentication manager API +* +* @returns SUCCESS +* @returns FAILURE +* +* @comments +* +* @end +*************************************************************************/ +RC_t authmgrEnabledMethodGetNext(uint32 intIfNum, uint32 method, uint32 *nextMethod); + +/********************************************************************* + * @purpose Get the Authentication Method string for given method type + * + * @param method @b{(input)} Authentication Method type + * + * @returns Method name String for given input method + * + * @comments none + * + * @end + *********************************************************************/ + uchar8 *authmgrMethodTypeToName( AUTHMGR_METHOD_t method); + +/********************************************************************* +* @purpose Get port control mode +* +* @param intIfNum @b{(input)} internal interface number +* @param *portControl @b{(output)} port control mode +* +* @returns SUCCESS +* @returns FAILURE +* +* @comments +* +* @end +*********************************************************************/ +extern RC_t authmgrPortControlModeGet(uint32 intIfNum, AUTHMGR_PORT_CONTROL_t *portControl); + +/********************************************************************* +* @purpose Set port control mode +* +* @param intIfNum @b{(input)} internal interface number +* @param portControl @b{(input)} port control mode +* +* @returns SUCCESS +* @returns FAILURE +* +* @comments +* +* @end +*********************************************************************/ +extern RC_t authmgrPortControlModeSet(uint32 intIfNum, AUTHMGR_PORT_CONTROL_t portControl); + +/********************************************************************* +* @purpose Get Authentiation Server timeout value +* +* @param intIfNum @b{(input)} internal interface number +* @param *serverTimeout @b{(output)} Authentication Server timeout +* +* @returns SUCCESS +* @returns FAILURE +* +* @comments The serverTimeout is the initialization value for aWhile, +* which is a timer used by the Authenticator state machine +* to time out the Authentiation Server. +* +* @end +*********************************************************************/ +extern RC_t authmgrPortServerTimeoutGet(uint32 intIfNum, uint32 *serverTimeout); + +/********************************************************************* +* @purpose Set Authentiation Server timeout value +* +* @param intIfNum @b{(input)} internal interface number +* @param serverTimeout @b{(input)} Authentication Server timeout +* +* @returns SUCCESS +* @returns FAILURE +* +* @comments The serverTimeout is the initialization value for aWhile, +* which is a timer used by the Authenticator state machine +* to time out the Authentiation Server. +* +* @end +*********************************************************************/ +extern RC_t authmgrPortServerTimeoutSet(uint32 intIfNum, uint32 serverTimeout); +/********************************************************************* +* +* @purpose Callback from DTL informing about an unauthorized address +* +* @param uint32 intIfNum @b((input)) Internal interface number +* @param enetMacAddr_t macAddr @b((output)) MAC address +* @param ushort16 vlanId @b((output)) VLAN ID +* +* @returns SUCCESS +* @returns FAILURE +* +* @notes none +* +* @end +*********************************************************************/ +extern RC_t authmgrUnauthAddrCallBack( uint32 intIfNum, enetMacAddr_t macAddr, ushort16 vlanId ); + + +/********************************************************************* +* @purpose Get host control mode +* +* @param intIfNum @b{(input)} internal interface number +* @param *hostControl @b{(output)} host control mode +* +* @returns SUCCESS +* @returns FAILURE +* +* @comments +* +* @end +*********************************************************************/ +extern RC_t authmgrHostControlModeGet(uint32 intIfNum, AUTHMGR_HOST_CONTROL_t *hostControl); + +/********************************************************************* +* @purpose Set port control mode +* +* @param intIfNum @b{(input)} internal interface number +* @param portControl @b{(input)} port control mode +* +* @returns SUCCESS +* @returns FAILURE +* +* @comments +* +* @end +*********************************************************************/ +RC_t authmgrHostControlModeSet(uint32 intIfNum, AUTHMGR_HOST_CONTROL_t hostMode); + +/********************************************************************* + * @purpose Determine if the interface type is valid to participate in authmgr + * + * @param sysIntfType @b{(input)} interface type + * + * @returns TRUE + * @returns FALSE + * + * @comments + * + * @end + *********************************************************************/ + BOOL authmgrIsValidIntfType(uint32 sysIntfType); + + +/********************************************************************* +* @purpose Determine if a client is authenticated on an interface +* +* @param intIfNum @b{(input)} internal interface number +* @param macAddr @b{(input)} client's MAC address +* +* @returns SUCCESS +* @returns FAILURE +* +* @comments +* +* @end +*********************************************************************/ + BOOL authmgrPortClientAuthenticationGet(uint32 intIfNum, uchar8 *macAddr); + +/********************************************************************* +* @purpose Get operational value of controlled directions +* +* @param intIfNum @b{(input)} internal interface number +* @param *portStatus @b{(output)} port authentication status +* +* @returns SUCCESS +* @returns FAILURE +* +* @comments +* +* @end +*********************************************************************/ +extern RC_t authmgrPortAuthControlledPortStatusGet(uint32 intIfNum, + AUTHMGR_PORT_STATUS_t *portStatus); + +/********************************************************************* +* @purpose Get the port autherization status. +* +* @param intIfNum @b{(input)} internal interface number +* +* @returns SUCCESS +* @returns FAILURE +* +* @comments +* +* @end +*********************************************************************/ +extern RC_t authmgrPortIsAuthorized(uint32 intIfNum); + +/********************************************************************* + * @purpose Get the Authentication Method string for given method type + * + * @param method @b{(input)} Authentication Method type + * + * @returns Method name String for given input method + * + * @comments none + * + * @end + *********************************************************************/ +extern uchar8 *authmgrMethodTypeToName( AUTHMGR_METHOD_t method); + +/********************************************************************* + * @purpose function to get max users + * + * @param hostMode @b{(input)) hostmode + * @param *appyPolicy @b{(input)) bool value + * + * @returns SUCCESS + * @returns FAILURE + * + * @comments + * + * @end + *********************************************************************/ +RC_t authmgrMaxUsersGet(uint32 intIfNum, uint32 *maxUsers); + +/********************************************************************* +* @purpose Set administrative mode setting for authmgr Vlan Assignment +* +* @param mode @b{(input)} radius vlan assignment mode +* +* @returns SUCCESS +* @returns FAILURE +* +* @comments +* +* @end +*********************************************************************/ +RC_t authmgrVlanAssignmentModeSet (uint32 mode); + +/********************************************************************* +* @purpose Get administrative mode setting for authmgr Vlan Assignment +* +* @param mode @b{(input)} radius vlan assignment mode +* +* @returns SUCCESS +* @returns FAILURE +* +* @comments +* +* @end +*********************************************************************/ +RC_t authmgrVlanAssignmentModeGet(uint32 *mode); + +/********************************************************************* +* @purpose Set the Guest Vlan Id for the port. +* +* @param intIfNum @b{(input)} internal interface number +* @param *guestVlanId @b{(output)} guest vlan Id +* +* @returns SUCCESS +* @returns FAILURE +* +* @comments +* +* @end +*********************************************************************/ +RC_t authmgrAdvancedGuestPortsCfgSet(uint32 intIfNum,uint32 guestVlanId); + +/********************************************************************* +* @purpose Set the Guest Vlan Id for the port. +* +* @param intIfNum @b{(input)} internal interface number +* @param *guestVlanId @b{(output)} guest vlan Id +* +* @returns SUCCESS +* @returns FAILURE +* +* @comments +* +* @end +*********************************************************************/ +RC_t authmgrAdvancedGuestPortCfgGet(uint32 intIfNum,uint32 *guestVlanId); + +/********************************************************************* +* @purpose Set the Guest Vlan Period for the port. +* +* @param intIfNum @b{(input)} internal interface number +* @param guestVlanPeriod @b{(output)} guest vlan Period +* +* @returns SUCCESS +* @returns FAILURE +* +* @comments +* +* @end +*********************************************************************/ +RC_t authmgrAdvancedGuestVlanPeriodSet(uint32 intIfNum,uint32 guestVlanPeriod); + + +/********************************************************************* +* @purpose Set max users value +* +* @param intIfNum @b{(input)} internal interface number +* @param maxUsers @b{(input)} max users +* +* @returns SUCCESS +* @returns FAILURE +* +* @comments The maxUsers is the maximum number of hosts that can be +* authenticated on a port using mac based authentication +* +* @end +*********************************************************************/ +RC_t authmgrPortMaxUsersSet(uint32 intIfNum, uint32 maxUsers); + +/********************************************************************* +* @purpose Get max users value +* +* @param intIfNum @b{(input)} internal interface number +* @param *maxUsers @b{(output)} max users per port +* +* @returns SUCCESS +* @returns FAILURE +* +* @comments The maxUsers is the maximum number of hosts that can be +* authenticated on a port using mac based authentication +* +* @end +*********************************************************************/ +RC_t authmgrPortMaxUsersGet(uint32 intIfNum, uint32 *maxUsers); +/********************************************************************* +* @purpose Returns the session timeout value for the logical interface +* +* @param lIntIfNum @b((input)) the specified interface +* @param sessiontimeout @b((output)) session timeout for the logical interface +* +* @returns SUCCESS if success +* @returns FAILURE if other failure +* +* @comments none +* +* @end +*********************************************************************/ +RC_t authmgrLogicalPortSessionTimeoutGet(uint32 lIntIfNum, + uint32 *session_timeout); + +/********************************************************************* +* @purpose To get the time left for the session termination action +* to occur for the logical interface +* +* @param lIntIfNum @b((input)) Logical interface number +* @param timeLeft @b((output)) Pointer to store the left out time +* +* @returns SUCCESS if success +* @returns FAILURE if other failure +* +* @comments none +* +* @end +*********************************************************************/ +RC_t authmgrLogicalPortTimeLeftForTerminateActionGet(uint32 lIntIfNum, + uint32 *timeLeft); + +/********************************************************************* +* @purpose Returns the termination Action for the logical interface +* +* @param lIntIfNum @b((input)) the specified interface +* @param terminationAction @b((output)) termination Action for the logical interface +* +* @returns SUCCESS if success +* @returns FAILURE if other failure +* +* @comments none +* +* @end +*********************************************************************/ +RC_t authmgrLogicalPortTerminationActionGet(uint32 lIntIfNum, + uint32 *terminationAction); + +/********************************************************************* +* @purpose Check if the vlan is assigned to any client or port +* +* @param phyPort @b{(input)} physical port +* @param vlanId @b{(input)} vlanId +* +* @returns TRUE +* @returns FALSE +* +* @comments +* +* @end +*********************************************************************/ + BOOL authmgrVlanAssignedCheck (uint32 phyPort, uint32 vlanId); + + +/********************************************************************* +* @purpose Get reauthentication value for a port +* +* @param intIfNum @b{(input)} internal interface number +* @param *reauthenticate @b{(output)} reauthentication value +* +* @returns SUCCESS +* @returns FAILURE +* +* @comments This value indicates whether a port is being reauthenticated +* due to a management request +* +* @end +*********************************************************************/ +extern RC_t authmgrPortReauthenticateGet(uint32 intIfNum, BOOL *reauthenticate); + +/********************************************************************* +* @purpose Set reauthentication value for a port +* +* @param intIfNum @b{(input)} internal interface number +* @param reauthenticate @b{(input)} reauthentication value +* +* @returns SUCCESS +* @returns FAILURE +* +* @comments This value is set to TRUE by management in order to force +* reauthentication of a port. It is re-set to FALSE after +* reauthentication has completed. +* +* @end +*********************************************************************/ +extern RC_t authmgrPortReauthenticateSet(uint32 intIfNum, BOOL reauthenticate); + + +/********************************************************************* +* @purpose Get the Reauthentication period +* +* @param intIfNum @b{(input)} internal interface number +* @param *reAuthPeriod @b{(output)} reauthentication period +* @param serverConfig @b{(output)} get reauthentication period +* from server option +* +* @returns SUCCESS +* @returns FAILURE +* +* @comments The reAuthPeriod is the initialization value for reAuthWhen, +* which is a timer used by the Authenticator state machine to +* determine when reauthentication of the Supplicant takes place. +* +* @end +*********************************************************************/ +extern RC_t authmgrPortReAuthPeriodGet(uint32 intIfNum, + uint32 *reAuthPeriod, + BOOL *serverConfig); + +/********************************************************************* +* @purpose Set the Reauthentication period +* +* @param intIfNum @b{(input)} internal interface number +* @param reAuthPeriod @b{(input)} reauthentication period +* @param serverConfig @b{(input)} set option to get reauthentication +* period from server option +* +* @returns SUCCESS +* @returns FAILURE +* +* @comments The reAuthPeriod is the initialization value for reAuthWhen, +* which is a timer used by the Authenticator state machine to +* determine when reauthentication of the Supplicant takes place. +* +* @end +*********************************************************************/ +extern RC_t authmgrPortReAuthPeriodSet(uint32 intIfNum, + uint32 reAuthPeriod, + BOOL serverConfig); + +/********************************************************************* +* @purpose Get the Reauthentication mode +* +* @param intIfNum @b{(input)} internal interface number +* @param *reAuthEnabled @b{(output)} reauthentication mode +* +* @returns SUCCESS +* @returns FAILURE +* +* @comments The reAuthEnabled mode determines whether reauthentication +* of the Supplicant takes place. +* +* @end +*********************************************************************/ +extern RC_t authmgrPortReAuthEnabledGet(uint32 intIfNum, BOOL *reAuthEnabled); + +/********************************************************************* +* @purpose Set the Reauthentication mode +* +* @param intIfNum @b{(input)} internal interface number +* @param reAuthEnabled @b{(input)} reauthentication mode +* +* @returns SUCCESS +* @returns FAILURE +* +* @comments The reAuthEnabled mode determines whether reauthentication +* of the Supplicant takes place. +* +* @end +*********************************************************************/ +extern RC_t authmgrPortReAuthEnabledSet(uint32 intIfNum, BOOL reAuthEnabled); +/********************************************************************* +* @purpose Get port operational mode +* +* @param intIfNum @b{(input)} internal interface number +* @param *portMode @b{(output)} port operational mode +* +* @returns SUCCESS +* @returns FAILURE +* +* @comments +* +* @end +*********************************************************************/ +extern RC_t authmgrPortOperControlModeGet(uint32 intIfNum, AUTHMGR_PORT_CONTROL_t *portMode); + + +/********************************************************************* +* @purpose Set maximum number of times authentication +* may be reattempted by the user on the port. +* +* @param intIfNum @b{(input)} internal interface number +* @param maxReq @b{(input)} maximum request value +* +* @returns SUCCESS +* @returns FAILURE +* @returns NOT_SUPPORTED +* +* @end +*********************************************************************/ +RC_t authmgrPortMaxAuthAttemptsSet(uint32 intIfNum, uint32 maxAuthAttempts); + +/********************************************************************* +* @purpose Get maximum number of times authentication +* may be reattempted by the user on the port. +* +* @param intIfNum @b{(input)} internal interface number +* @param *maxReq @b{(output)} maximum request value +* +* @returns SUCCESS +* @returns FAILURE +* +* @end +*********************************************************************/ +RC_t authmgrPortMaxAuthAttemptsGet(uint32 intIfNum, uint32 *maxAuthAttempts); + +/********************************************************************* +* @purpose Returns the Supplicant Mac address for the logical interface +* +* @param lIntIfNum @b((input)) the specified interface +* @param macAddr @b((output)) Mac Address of the supplicant +* +* @returns SUCCESS if success +* @returns FAILURE if other failure +* +* @comments none +* +* @end +*********************************************************************/ +RC_t authmgrLogicalPortSupplicantMacAddrGet(uint32 lIntIfNum, + uchar8 *macAddr); +/********************************************************************* +* @purpose Get the port acquire status. +* +* @param intIfNum @b{(input)} internal interface number +* +* @returns TRUE if yes +* @returns FALSE otherwise +* +* @comments +* +* @end +*********************************************************************/ + BOOL authmgrPortIsAcquired(uint32 intIfNum); + +/********************************************************************* + * + * @purpose Register routines to be called by Auth Manager for various events. + * + * @param method @b((input)) authentication protocol + * @param *notify @b((input)) pointer to a routine to be invoked upon a respones. + * portCtrlFn: routine to set port control mode + * hostCtrlFn: routine to set port host mode + * eventNotifyFn: routine to handle Auth Mgr events + * enableGetFn: routine to get admin mode of the authentication protocol + * radiusEnableGetFn: routine to get whether RADIUS is configured as + * an authentication method + * + * + * @returns SUCCESS + * @returns FAILURE + * + * @comments + * + * @end + * + *********************************************************************/ +RC_t authmgrEventCallbackRegister( AUTHMGR_METHOD_t method, + RC_t(*portCtrlFn) (uint32 intIfNum, AUTHMGR_PORT_CONTROL_t portControl), + RC_t(*hostCtrlFn) (uint32 intIfNum, AUTHMGR_HOST_CONTROL_t hostMode), + RC_t(*eventNotifyFn) (uint32 intIfNum, uint32 event, enetMacAddr_t *macAddr), + RC_t(*enableGetFn) (uint32 intIfNum, uint32 *enabled), + RC_t(*radiusEnableGetFn) (uint32 intIfNum, uint32 *enabled)); + + +/********************************************************************* +* +* @purpose Deregister all routines to be called when a RADIUS response is +* received from a server for a previously submitted request. +* +* @param componentId @b{(input)} one of COMPONENT_IDS_t +* +* @returns SUCCESS +* +* @comments +* +* @end +* +*********************************************************************/ +RC_t authmgrEventCallbackDeregister( AUTHMGR_METHOD_t method); + +/********************************************************************* +* +* @purpose Set the port capabilities +* +* @param intIfNum @b{(input)} interface number +* @param paeCapabilities @b{(input)} capabiities (authenticator or supplicant) +* +* @returns SUCCESS +* +* @comments +* +* @end +* +*********************************************************************/ +RC_t authmgrDot1xCapabilitiesUpdate(uint32 intIfNum, uint32 paeCapabilities); +/********************************************************************* +* @purpose Returns the Vlan assigned for the logical interface +* +* @param lIntIfNum @b((input)) the specified interface +* @param vlan @b((output)) vlan assigned to the logical interface +* @param mode @b((output)) mode of assignment Radius/Default +* +* @returns SUCCESS if success +* @returns FAILURE if other failure +* +* @comments none +* +* @end +*********************************************************************/ +RC_t authmgrLogicalPortVlanAssignmentGet(uint32 lIntIfNum, + uint32 *vlanId, + uint32 *mode); + +/********************************************************************* +* @purpose Returns the authentication status of the client +* +* @param lIntIfNum @b((input)) the specified interface +* @param authStat @b((output)) auth status +* +* @returns SUCCESS if success +* @returns FAILURE if other failure +* +* @comments none +* +* @end +*********************************************************************/ +RC_t authmgrClientVlanGet(uint32 lIntIfNum, + uint32 *vlanType, + uint32 *vlanId); + +/********************************************************************* +* @purpose Returns the authentication status of the client +* +* @param lIntIfNum @b((input)) the specified interface +* @param authStat @b((output)) auth status +* +* @returns SUCCESS if success +* @returns FAILURE if other failure +* +* @comments none +* +* @end +*********************************************************************/ +RC_t authmgrClientAuthStatusGet(uint32 lIntIfNum, + uint32 *authStatus); + +/********************************************************************* +* @purpose Get global port control mode +* +* @param *portControl @b{(output)} port control mode +* +* @returns SUCCESS +* @returns FAILURE +* +* @comments +* +* @end +*********************************************************************/ +RC_t authmgrGlobalPortControlModeGet( AUTHMGR_PORT_CONTROL_t *portControl); + +/********************************************************************* +* @purpose Set port control mode +* +* @param portControl @b{(input)} port control mode +* +* @returns SUCCESS +* @returns FAILURE +* +* @comments +* +* @end +*********************************************************************/ +RC_t authmgrGlobalPortControlModeSet( AUTHMGR_PORT_CONTROL_t portControl); + +/********************************************************************* +* @purpose Set port control mode to default +* +* @param intIfNum @b{(input)} internal interface number +* +* @returns SUCCESS +* @returns FAILURE +* +* @comments +* +* @end +*********************************************************************/ +RC_t authmgrPortControlModeReset(uint32 intIfNum); + +/********************************************************************* +* @purpose Set global host control mode +* +* @param intIfNum @b{(input)} internal interface number +* @param host @b{(input)} port control mode +* +* @returns SUCCESS +* @returns FAILURE +* +* @comments +* +* @end +*********************************************************************/ +RC_t authmgrGlobalHostModeSet( AUTHMGR_HOST_CONTROL_t hostMode); + +/********************************************************************* +* @purpose Get global host control mode +* +* @param intIfNum @b{(input)} internal interface number +* @param host @b{(input)} port control mode +* +* @returns SUCCESS +* @returns FAILURE +* +* @comments +* +* @end +*********************************************************************/ +RC_t authmgrGlobalHostModeGet( AUTHMGR_HOST_CONTROL_t *hostMode); + +/********************************************************************* +* @purpose Set host control mode to default +* +* @param intIfNum @b{(input)} internal interface number +* +* @returns SUCCESS +* @returns FAILURE +* +* @comments +* +* @end +*********************************************************************/ +RC_t authmgrHostModeReset(uint32 intIfNum); + +/********************************************************************* +* @purpose Get number of authenticated clients on a port +* +* @param intIfNum @b{(input)} internal interface number +* @param *count @b{(output)} number of authenticated clients +* +* @returns SUCCESS +* @returns FAILURE +* +* @comments none +* +* @end +*********************************************************************/ +RC_t authmgrPortAuthCountGet(uint32 intIfNum, uint32 *count); + +/********************************************************************* +* @purpose Get number of authenticated clients on a port +* +* @param intIfNum @b{(input)} internal interface number +* @param *count @b{(output)} number of authenticated clients +* +* @returns SUCCESS +* @returns FAILURE +* +* @comments none +* +* @end +*********************************************************************/ +RC_t authmgrPortAuthCountGet(uint32 intIfNum, uint32 *count); +/********************************************************************* +* @purpose Processes Authmgr-related event initiated by PACmgr. +* +* @param (in) vlanData VLAN data +* @param (in) intIfNum Interface Number +* @param (in) event +* +* @returns SUCCESS or FAILURE +* +* @end +*********************************************************************/ +RC_t authmgrVlanChangeCallback (dot1qNotifyData_t * vlanData, + uint32 intIfNum, uint32 event); + +/********************************************************************* +* @purpose Processes Authmgr-related event initiated by PACmgr. +* +* @param (in) vlanData VLAN data +* @param (in) intIfNum Interface Number +* @param (in) event +* +* @returns SUCCESS or FAILURE +* +* @end +*********************************************************************/ +RC_t authmgrVlanConfChangeCallback (dot1qNotifyData_t * vlanData, + uint32 intIfNum, uint32 event); + +/********************************************************************* +* @purpose Reset port information +* +* @param intIfNum @b{(input)} internal interface number +* @param initialize @b{(input)} initialize value +* +* @returns SUCCESS +* @returns FAILURE +* +* @comments This value is set to TRUE by management in order to force +* initialization of a port. It is re-set to FALSE after +* initialization has completed. +* +* @end +*********************************************************************/ +RC_t authmgrPortInfoReset(uint32 intIfNum, BOOL initialize); + +/********************************************************************* + * @purpose Cleans up a client session + * + * @param mac_addr @b{(input)}client's mac address + * + * @returns FALSE_ + * @returns TRUE + * + * @comments + * + * @end + *********************************************************************/ +RC_t authmgrClientDelete( enetMacAddr_t macAddr); + +/* USE C Declarations */ +#ifdef __cplusplus +} +#endif + +#endif diff --git a/src/sonic-pac/authmgr/common/auth_mgr_common.h b/src/sonic-pac/authmgr/common/auth_mgr_common.h new file mode 100755 index 000000000000..0d62fff6d1a1 --- /dev/null +++ b/src/sonic-pac/authmgr/common/auth_mgr_common.h @@ -0,0 +1,354 @@ +/* + * Copyright 2024 Broadcom Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + + +#ifndef INCLUDE_AUTH_MGR_COMMON +#define INCLUDE_AUTH_MGR_COMMON + +/* USE C Declarations */ +#ifdef __cplusplus +extern "C" { +#endif + +#include "commdefs.h" +#include "datatypes.h" +#include "resources.h" +#include "component_mask.h" +#include "log.h" +#include "packet.h" +#include "cpustats_api.h" + +#define SYSAPI_PRINTF printf +#define __FP_FILE__ __FILE__ + +#define AUTHMGR_INTF_MAX_COUNT ( MAX_PORT_COUNT + 1) + +#define IP6_LEN 40 +#define IP4_STR_LEN 20 +#define IP6_ADDR_LEN 16 + +#define DOT1Q_NULL_VLAN_ID 0 +#define DOT1Q_MIN_VLAN_ID 1 +#define DOT1Q_MAX_VLAN_ID 4094 // - RESERVED VLANs if any +#define VLAN_MAX_MASK_BIT DOT1Q_MAX_VLAN_ID + +#define CLI_MAX_STRING_LENGTH 256 + +#define ETYPE_EAPOL 0x888E + +/* EAPOL Packet types */ +#define EAPOL_EAPPKT 0 /* 0000 0000B */ +#define EAPOL_START 1 /* 0000 0001B */ +#define EAPOL_LOGOFF 2 /* 0000 0010B */ +#define EAPOL_KEY 3 /* 0000 0011B */ +#define EAPOL_ENCASFALERT 4 /* 0000 0100B */ + +/* EAPOL packet header */ +typedef struct eapolPacket_s +{ + uchar8 protocolVersion; + uchar8 packetType; + ushort16 packetBodyLength; +} eapolPacket_t; + +/* Length defines for EAPOL-Key frame */ +#define EAPOL_KEY_REPLAY_COUNTER_LEN 8 +#define EAPOL_KEY_IV_LEN 16 +#define EAPOL_KEY_SIGNATURE_LEN 16 + +/* Bitmask defines for keyIndex field in EAPOL-Key frame */ +#define EAPOL_KEY_UNICAST 0x80 /* first bit */ +#define EAPOL_KEY_INDEX 0x7F /* last 7 bits */ + +/* EAPOL-Key packet format */ +typedef struct eapolKeyPacket_s +{ + uchar8 descriptorType; + ushort16 keyLength; + uchar8 replayCounter[EAPOL_KEY_REPLAY_COUNTER_LEN]; + uchar8 keyIV[EAPOL_KEY_IV_LEN]; + uchar8 keyIndex; + uchar8 keySignature[EAPOL_KEY_SIGNATURE_LEN]; +} eapolKeyPacket_t; + +/* EAP Packet code types */ +#define EAP_REQUEST 1 +#define EAP_RESPONSE 2 +#define EAP_SUCCESS 3 +#define EAP_FAILURE 4 + +/* EAP packet header */ +typedef struct authmgrEapPacket_s +{ + uchar8 code; + uchar8 id; + ushort16 length; +} authmgrEapPacket_t; + +/* Defines for 'type' field of EAP Request and Response frames */ +#define EAP_RRIDENTITY 1 /* Request/Identity or Response/Identity */ +#define EAP_RRNOTIF 2 /* Notification */ +#define EAP_RRNAK 3 /* NAK (Response only) */ +#define EAP_RRMD5 4 /* MD5-Challenge */ +#define EAP_RROTP 5 /* One-Time Password */ +#define EAP_RRGTK 6 /* Generic Token Card */ +#define EAP_TLS 13 /* EAP/TLS */ +#define EAP_TTLS 21 /* EAP/TTLS */ +#define EAP_PEAP 25 /* EAP/PEAP */ + +/* EAP Request/Response packet header */ +typedef struct eapRrPacket_s +{ + uchar8 type; +} eapRrPacket_t; + +/* Ethernet Encapsulation Overlay */ +typedef struct enet_encaps_s +{ + ushort16 type; /* ether type */ +} enet_encaps_t; + +#define ENET_ENCAPS_HDR_SIZE (uint32)sizeof( enet_encaps_t) + +/* Ethernet MAC Address */ + +#define ENET_HDR_SIZE (uint32)sizeof( enetHeader_t) +#define ETH_HDR_SIZE (uint32)sizeof( ethHeader_t) + +typedef enum +{ + AUTH_METHOD_UNDEFINED = 0, + AUTH_METHOD_LOCAL, + AUTH_METHOD_NONE, + AUTH_METHOD_RADIUS, + AUTH_METHOD_REJECT +} USER_MGR_AUTH_METHOD_t; + +#define MAX_AUTH_METHODS 4 + +#define MAX_FRAME_SIZE 3000 + +#define VLAN_INDICES ((4095) / (sizeof( uchar8) * 8) + 1) + +typedef enum dot1qTaggingMode_s +{ + DOT1Q_MEMBER_UNTAGGED = 0, + DOT1Q_MEMBER_TAGGED = 1 +} dot1qTaggingMode_t; + +typedef struct +{ + uchar8 value[ VLAN_INDICES]; +} VLAN_MASK_t; + +#define VLAN_STRING_SIZE (32 + 1) + +/* VLAN Notification Structure */ +typedef struct dot1qNotifyData_s +{ +// uint32 numVlans; /* If num Vlan is 1 use vlanId member of the union, else use vlanMask of the union*/ +// VLAN_MASK_t vlanTagModeMask; /* If set, VLAN member is tagged else untagged. */ + BOOL tagged; /* VLAN member is tagged else untagged. */ + union + { + uint32 vlanId; + char8 vlanString[ VLAN_STRING_SIZE]; +// VLAN_MASK_t vlanMask; + }data; +}dot1qNotifyData_t; + +typedef struct sysnet_pdu_info_s +{ + /* Originally, this structure contained only intIfNum and vlanId on the + * receive side. Unfortunately, the meaning of intIfNum depends on context. + * intIfNum is originally set to the ingress physical port. + * Once IP MAP processes an incoming packet, it resets intIfNum to + * the logical (e.g., VLAN routing interface) ingress interface. See ipMapPduRcv(). + * All the software forwarding code and sysnet interceptors depend on + * this behavior. DHCP relay needs to know the ingress physical port to + * set option 82 correctly. So we add a new member, rxPort, to this + * structure as a place to put this. If we were starting over, intIfNum + * would always have the same meaning and we'd add a field for the + * logical ingress interface, but I'm afraid we're stuck with + * a bunch of code that depends on the current behavior. NOTE: rxPort is + * only set in IP MAP. So if packet hasn't been handled by IP MAP, you can't + * use rxPort. */ + uint32 intIfNum; /* Receiving intIfNum */ + uint32 rxPort; /* Physical port where packet was received */ + uint32 vlanId; /* Receiving VLAN */ + uint32 innerVlanId; /* Receiving inner VLAN if the packet is double tagged.*/ + + uint32 destIntIfNum; /* Destination intIfNum */ + uint32 destVlanId; /* Destination VLAN */ + + uint32 vrfId; /* NOTE: Identifier of the VRF that this PDU is received on + * and this field makes sense only when 'intIfNum' is not set. + * If 'intIfNum' is set, this field can be derived from that + * receiving interface number and 'vrfId' would be redundant. */ +} sysnet_pdu_info_t; + +typedef enum +{ + SYSNET_PDU_RC_DISCARD = 0, /* Discard this frame */ + SYSNET_PDU_RC_CONSUMED, /* Frame has been consumed by interceptor */ + SYSNET_PDU_RC_COPIED, /* Frame has been copied by interceptor */ + SYSNET_PDU_RC_IGNORED, /* Frame ignored by interceptor */ + SYSNET_PDU_RC_PROCESSED, /* Frame has been processed by interceptor */ + SYSNET_PDU_RC_MODIFIED, /* Frame has been modified by interceptor */ + SYSNET_PDU_RC_LAST +} SYSNET_PDU_RC_t; + +/* TLV handle type */ +typedef uint32 tlvHandle_t; + +typedef struct +{ + uint32 type; /* TLV type identifier */ + uint32 length; /* TLV length of value field */ + uchar8 valueStart[1]; /* start of TLV value field */ +} tlv_t; + + +/* VLAN outcall notification events */ +typedef enum +{ + VLAN_ADD_NOTIFY = 0x00000001, /* Create a new VLAN */ + VLAN_DELETE_PENDING_NOTIFY = 0x00000002, /* Vlan is about to be deleted */ + VLAN_DELETE_NOTIFY = 0x00000004, /* Delete a VLAN */ + VLAN_ADD_PORT_NOTIFY = 0x00000008, /* Add a port to a VLAN */ + VLAN_DELETE_PORT_NOTIFY = 0x00000010, /* Delete a port from a VLAN */ + VLAN_START_TAGGING_PORT_NOTIFY = 0x00000020, /* Start tagging on a port */ + VLAN_STOP_TAGGING_PORT_NOTIFY = 0x00000040, /* Stop tagging on a port */ + VLAN_INITIALIZED_NOTIFY = 0x00000080, + VLAN_RESTORE_NOTIFY = 0x00000100, + VLAN_PVID_CHANGE_NOTIFY = 0x00000200, /* PVID change on a port*/ + VLAN_DOT1P_PRIORITY_CHANGE_NOTIFY = 0x00000400, /* dot1p priority change on port*/ + VLAN_DYNAMIC_TO_STATIC_NOTIFY = 0x00000800, /* Dynamic to static convert notification */ + VLAN_INGRESS_FILTER_PORT_NOTIFY = 0x00001000, /* Ingress filter notification on port */ + VLAN_SWITCHPORT_MODE_CHANGE_NOTIFY = 0x00002000, /* Switchport mode change on port notification */ + VLAN_AUTO_TRUNK_CHANGE_NOTIFY = 0x00004000, /* Change in auto-trunk configuration os a port */ + VLAN_LAST_NOTIFY = 0x00004000 /* Any time we add an event adjust this be the last in the series */ +} vlanNotifyEvent_t; + + +/* +** The Termination Action value codes +*/ +#define RADIUS_TERMINATION_ACTION_DEFAULT 0 +#define RADIUS_TERMINATION_ACTION_RADIUS 1 +#define RADIUS_ACCT_TERM_CAUSE_REAUTHENTICATION_FAILURE 20 + + +#define RADIUS_VENDOR_9_VOICE 1<<0 +#define RADIUS_VENDOR_9_DACL 1<<1 +#define RADIUS_VENDOR_9_SWITCH 1<<2 +#define RADIUS_VENDOR_9_REDIRECT_URL 1<<3 +#define RADIUS_VENDOR_9_REDIRECT_ACL 1<<4 +#define RADIUS_VENDOR_9_ACS_SEC_DACL 1<<5 +#define RADIUS_VENDOR_9_LINKSEC_POLICY 1<<6 + +#define RADIUS_VENDOR_311_MS_MPPE_SEND_KEY 1<<0 +#define RADIUS_VENDOR_311_MS_MPPE_RECV_KEY 1<<1 + +/* The type of attribute values for Tunnel Medium type attribute +*/ +#define RADIUS_TUNNEL_MEDIUM_TYPE_802 6 + +#define RADIUS_ATTR_TYPE_TUNNEL_TYPE_SPECIFIED 0x1 +#define RADIUS_ATTR_TYPE_TUNNEL_MEDIUM_TYPE_SPECIFIED 0x2 +#define RADIUS_ATTR_TYPE_TUNNEL_PRIVATE_GROUP_ID_SPECIFIED 0x4 +#define RADIUS_REQUIRED_TUNNEL_ATTRIBUTES_SPECIFIED 0x7 + +/* Downloadable ACL Fields */ +#define RADIUS_TLV_HEADER_LENGTH 2 +#define RADIUS_VALUE_LENGTH 253 + +#define RADIUS_ATTR_SIZE_SERVICE_TYPE 6 +/* +** The Service-Type value codes +*/ +#define RADIUS_SERVICE_TYPE_LOGIN 1 +#define RADIUS_SERVICE_TYPE_FRAMED 2 +#define RADIUS_SERVICE_TYPE_CALLBACK_LOGIN 3 +#define RADIUS_SERVICE_TYPE_CALLBACK_FRAMED 4 +#define RADIUS_SERVICE_TYPE_OUTBOUND 5 +#define RADIUS_SERVICE_TYPE_ADMIN 6 +#define RADIUS_SERVICE_TYPE_NAS_PROMPT 7 +#define RADIUS_SERVICE_TYPE_AUTHEN_ONLY 8 +#define RADIUS_SERVICE_TYPE_CALLBACK_NAS_PROMPT 9 +#define RADIUS_SERVICE_TYPE_CALL_CHECK 10 + + +typedef struct radiusValuePair_s +{ + struct radiusValuePair_s *nextPair; + uint32 attrId; + uint32 attrType; + uint32 vendorCode; + uint32 vsAttrId; + uint32 intValue; + char8 strValue[RADIUS_VALUE_LENGTH + 1]; + +} radiusValuePair_t; + +typedef enum +{ + ACCT_METHOD_UNDEFINED = 0, + ACCT_METHOD_TACACS, + ACCT_METHOD_RADIUS, + ACCT_METHOD_MAX +} USER_MGR_ACCT_METHOD_t; + +#define MAX_AML_NAME_LEN 15 /*Maximum length of the Accounting Method List Name*/ + +/* Port PAE capabilities bitmask values */ +#define DOT1X_PAE_PORT_NONE_CAPABLE 0x00 +#define DOT1X_PAE_PORT_AUTH_CAPABLE 0x01 +#define DOT1X_PAE_PORT_SUPP_CAPABLE 0x02 + +#define DOT1X_PAE_PORT_PROTOCOL_VERSION_2 2 +#define DOT1X_PAE_PORT_PROTOCOL_VERSION_3 3 + +#define RADIUS_ACCT_TERM_CAUSE_ADMIN_RESET 6 + +#define DS_ADMIN_MODE_NOTIFY 0x00000001 +#define DSV6_ADMIN_MODE_NOTIFY 0x00000002 + +typedef enum +{ + FDB_ADDR_FLAG_STATIC = 0, + FDB_ADDR_FLAG_LEARNED, + FDB_ADDR_FLAG_MANAGEMENT, + FDB_ADDR_FLAG_GMRP_LEARNED, + FDB_ADDR_FLAG_SELF, + FDB_ADDR_FLAG_AUTHMGR_STATIC, + FDB_ADDR_FLAG_DOT1X_STATIC, + FDB_ADDR_FLAG_DOT1AG_STATIC, + FDB_ADDR_FLAG_ETH_CFM_STATIC, + FDB_ADDR_FLAG_L3_MANAGEMENT, /* Routing Intf address */ + FDB_ADDR_FLAG_LEARNED_UNCONFIRMED, /* Address is learned, but not guaranteed + * to be in HW (relevant for SW learning). */ + FDB_ADDR_FLAG_FIP_SNOOP_LEARNED, /* MAC added by FIP snooping */ + FDB_ADDR_FLAG_CAPTIVE_PORTAL_STATIC, /* CP client MAC Addr */ + FDB_ADDR_FLAG_Y1731_STATIC, +} FDB_ADDR_FLAG_t; + +/* USE C Declarations */ +#ifdef __cplusplus +} +#endif + +#endif diff --git a/src/sonic-pac/authmgr/common/auth_mgr_exports.h b/src/sonic-pac/authmgr/common/auth_mgr_exports.h new file mode 100755 index 000000000000..311a19c64c89 --- /dev/null +++ b/src/sonic-pac/authmgr/common/auth_mgr_exports.h @@ -0,0 +1,412 @@ +/* + * Copyright 2024 Broadcom Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + + +#ifndef __AUTHMGR_EXPORTS_H_ +#define __AUTHMGR_EXPORTS_H_ + +/* USE C Declarations */ +#ifdef __cplusplus +extern "C" { +#endif + +#include "auth_mgr_common.h" +#include "pacinfra_common.h" +#include "defaultconfig.h" + +/* AUTHMGR Component Feature List */ +typedef enum +{ + AUTHMGR_FEATURE_ID = 0, /* general support statement */ + AUTHMGR_VLANASSIGN_FEATURE_ID, /* RFC 3580 VLAN Assignments via dot1x */ + AUTHMGR_DYNAMIC_VLANASSIGN_FEATURE_ID, + AUTHMGR_MAB_FEATURE_ID, + AUTHMGR_DACL_FEATURE_ID, + AUTHMGR_FEATURE_ID_TOTAL, /* total number of enum values */ +} AUTHMGR_FEATURE_IDS_t; + + + +#define AUTHMGR_USER_NAME_LEN 65 +#define AUTHMGR_CHALLENGE_LEN 32 + +#define AUTHMGR_MAC_ADDR_STR_LEN (( MAC_ADDR_LEN * 2) + ( MAC_ADDR_LEN - 1)) +#define AUTHMGR_SESSION_ID_LEN AUTHMGR_USER_NAME_LEN * 2 + + +/******************************************************************/ +/************* Start AUTHMGR types and defines *********/ +/******************************************************************/ + +#define AUTHMGR_USER_INDEX_INVALID -1 + +#define AUTHMGR_SERVER_STATE_LEN 253 +#define AUTHMGR_SERVER_CLASS_LEN 253 + + +#define AUTHMGR_RADIUS_VLAN_ASSIGNED_LEN 32 /* Radius Assigned vlan length */ + +typedef enum +{ + AUTHMGR_TYPE_ORDER = 1, + AUTHMGR_TYPE_PRIORITY, +} AUTHMGR_METHOD_TYPE_t; + +typedef enum +{ + AUTHMGR_METHOD_NONE = 0, + AUTHMGR_METHOD_8021X, + AUTHMGR_METHOD_MAB, + AUTHMGR_METHOD_LAST +} AUTHMGR_METHOD_t; + +typedef enum +{ + AUTHMGR_NEW_CLIENT = 1, /* fdb entry is received */ + AUTHMGR_AUTH_FAIL, + AUTHMGR_AUTH_SUCCESS, + AUTHMGR_AUTH_TIMEOUT, + AUTHMGR_AUTH_SERVER_COMM_FAILURE, + AUTHMGR_CLIENT_DISCONNECTED, + AUTHMGR_METHOD_CHANGE, +} AUTHMGR_STATUS_t; + +typedef enum +{ + AUTHMGR_INITIALIZE = 0, + AUTHMGR_AUTHENTICATING, + AUTHMGR_AUTHENTICATED, + AUTHMGR_HELD, + AUTHMGR_UNAUTHENTICATED, + AUTHMGR_STATES +} AUTHMGR_STATES_t; + +typedef enum +{ + AUTHMGR_ATTR_NA = 0, + AUTHMGR_ATTR_RADIUS +} AUTHMGR_ATTR_PROCESS_t; + +/* Port authorization status */ +typedef enum +{ + AUTHMGR_PORT_STATUS_NA = 0, + AUTHMGR_PORT_STATUS_AUTHORIZED, + AUTHMGR_PORT_STATUS_UNAUTHORIZED +} AUTHMGR_PORT_STATUS_t; + +typedef enum +{ + AUTHMGR_METHOD_8021X_ATTEMPTS = 1, + AUTHMGR_METHOD_8021X_FAILED_ATTEMPTS, + AUTHMGR_METHOD_MAB_ATTEMPTS, + AUTHMGR_METHOD_MAB_FAILED_ATTEMPTS, +} AUTHMGR_STATS_TYPE_t; + + +/* Port authorization mode */ +typedef enum +{ + AUTHMGR_PORT_CONTROL_INVALID = 0, + AUTHMGR_PORT_FORCE_UNAUTHORIZED = 1, + AUTHMGR_PORT_FORCE_AUTHORIZED, + AUTHMGR_PORT_AUTO, + AUTHMGR_PORT_NA +} AUTHMGR_PORT_CONTROL_t; + + +/* Port host mode */ +typedef enum +{ + AUTHMGR_INVALID_HOST_MODE = 0, + AUTHMGR_SINGLE_AUTH_MODE, + AUTHMGR_MULTI_HOST_MODE, + AUTHMGR_MULTI_AUTH_MODE +} AUTHMGR_HOST_CONTROL_t; + + +/* L2 learning */ +typedef enum +{ + AUTHMGR_PORT_LEARNING_NA = 0, + AUTHMGR_PORT_LEARNING_DISABLE, + AUTHMGR_PORT_LEARNING_ENABLE, + AUTHMGR_PORT_LEARNING_CPU +} AUTHMGR_PORT_LEARNING_t; + +/* violation callback */ +typedef enum +{ + AUTHMGR_PORT_VIOLATION_CALLBACK_NA = 0, + AUTHMGR_PORT_VIOLATION_CALLBACK_DISABLE, + AUTHMGR_PORT_VIOLATION_CALLBACK_ENABLE +} AUTHMGR_PORT_VIOLATION_CALLBACK_t; + +typedef enum authmgrClientType_s +{ + AUTHMGR_CLIENT_UNASSIGNED = 0, + AUTHMGR_CLIENT_AWARE, + AUTHMGR_CLIENT_UNAWARE, + AUTHMGR_CLIENT_MAB +}authmgrClientType_t; + + +typedef enum authmgrVlanType_s +{ + AUTHMGR_VLAN_UNASSIGNED = 0, + AUTHMGR_VLAN_RADIUS, + AUTHMGR_VLAN_UNAUTH, + AUTHMGR_VLAN_GUEST, + AUTHMGR_VLAN_DEFAULT, + AUTHMGR_VLAN_BLOCKED +}authmgrVlanType_t; + +/* Vlan Assignment Mode */ +typedef enum +{ + AUTHMGR_NOT_ASSIGNED = 0, + AUTHMGR_DEFAULT_ASSIGNED_VLAN, + AUTHMGR_RADIUS_ASSIGNED_VLAN, + AUTHMGR_UNAUTHENTICATED_VLAN, + AUTHMGR_GUEST_VLAN, +} AUTHMGR_VLAN_ASSIGNED_MODE_t; + + +/* Authentication violation types */ +typedef enum +{ + AUTHMGR_PORT_AUTH_VIOLATION_INVALID = 0, + AUTHMGR_PORT_AUTH_VIOLATION_PROTECT, + AUTHMGR_PORT_AUTH_VIOLATION_RESTRICT, + AUTHMGR_PORT_AUTH_VIOLATION_SHUTDOWN, + AUTHMGR_PORT_AUTH_VIOLATION_MODE_LAST +} AUTHMGR_PORT_AUTH_VIOLATION_MODE_t; + + +/* Radius Termination Action (needed by UI)*/ +typedef enum +{ + AUTHMGR_TERMINATION_ACTION_DEFAULT = 1, + AUTHMGR_TERMINATION_ACTION_RADIUS +} AUTHMGR_TERMINATION_ACTION_t; + + +/* Authentication types used for Mac-Authentication Bypass */ +typedef enum +{ + AUTHMGR_PORT_MAB_AUTH_TYPE_INVALID = 0, + AUTHMGR_PORT_MAB_AUTH_TYPE_EAP_MD5, + AUTHMGR_PORT_MAB_AUTH_TYPE_PAP, + AUTHMGR_PORT_MAB_AUTH_TYPE_CHAP, + AUTHMGR_PORT_MAB_AUTH_TYPE_LAST +} AUTHMGR_PORT_MAB_AUTH_TYPE_t; + + +typedef enum authmgrFailureReason_s +{ + AUTHMGR_FAIL_REASON_INVALID = 0, + AUTHMGR_FAIL_REASON_AUTH_FAILED = 1, + AUTHMGR_FAIL_REASON_WRONG_AUTH = 2, + AUTHMGR_FAIL_REASON_INVALID_USER = 3 + +}authmgrFailureReason_t; + +typedef enum authmgrRadiusAttrFlags_s +{ + AUTHMGR_RADIUS_ATTR_TYPE_STATE = (1 << 0), + AUTHMGR_RADIUS_ATTR_TYPE_SERVICE_TYPE = (1 << 1), + AUTHMGR_RADIUS_ATTR_TYPE_CLASS = (1 << 2), + AUTHMGR_RADIUS_ATTR_TYPE_SESSION_TIMEOUT = (1 << 3), + AUTHMGR_RADIUS_ATTR_TYPE_TERMINATION_ACTION = (1 << 4), + AUTHMGR_RADIUS_ATTR_TYPE_EAP_MESSAGE = (1 << 5), + AUTHMGR_RADIUS_ATTR_TYPE_TUNNEL_TYPE = (1 << 6), + AUTHMGR_RADIUS_ATTR_TYPE_TUNNEL_MEDIUM_TYPE = (1 << 7), + AUTHMGR_RADIUS_ATTR_TYPE_TUNNEL_PRIVATE_GROUP_ID = (1 << 8), + AUTHMGR_RADIUS_ATTR_USER_NAME = (1 << 9) +}authmgrRadiusAttrFlags_t; + + +typedef enum authmgrClientEventCode_s +{ + AUTHMGR_8021X_FIRST = (1 << 0), + AUTHMGR_8021X_HIGHER_PRIO = (1 << 1) +}authmgrClientEventCode_t; + + + +typedef struct authmgrPortSessionStats_s +{ + /* Authenticator Stats (9.4.4) */ + uint32 sessionOctetsRx; + uint32 sessionOctetsTx; + uint32 sessionOctetsGbRx; + uint32 sessionOctetsGbTx; + uint32 sessionPacketsRx; + uint32 sessionPacketsGbRx; + uint32 sessionPacketsTx; + uint32 sessionPacketsGbTx; + uint32 sessionTime; + uchar8 userName[AUTHMGR_USER_NAME_LEN]; + char8 sessionId[AUTHMGR_SESSION_ID_LEN]; +} authmgrPortSessionStats_t; + +typedef enum +{ + AUTHMGR_LOGICAL_PORT = 0, + AUTHMGR_PHYSICAL_PORT +}authmgrPortType_t; + +typedef enum authmgrNodeType_s +{ + AUTHMGR_NODE_UNASSIGNED = 0, + AUTHMGR_PHYSICAL, + AUTHMGR_LOGICAL +}authmgrNodeType_t; + + +typedef enum authmgrFilterAssignedType_s +{ + AUTHMGR_FILTER_ASSIGNED_NONE = 0, + AUTHMGR_FILTER_ASSIGNED_RADIUS = 1, + AUTHMGR_FILTER_ASSIGNED_FAILED = 2 +}authmgrFilterAssignedType_t; + + + +typedef struct authmgrAuthAttributeInfo_s +{ + uchar8 userName[AUTHMGR_USER_NAME_LEN]; + uint32 userNameLen; + + uchar8 serverState[AUTHMGR_SERVER_STATE_LEN]; + uint32 serverStateLen; + + uchar8 serverClass[AUTHMGR_SERVER_CLASS_LEN]; + uint32 serverClassLen; + + uint32 sessionTimeout; + uint32 terminationAction; + + uint32 accessLevel; + uchar8 idFromServer; /* Most recent ID in EAP pkt received from Auth Server (0-255) */ + uchar8 vlanString[AUTHMGR_RADIUS_VLAN_ASSIGNED_LEN+1]; + uint32 vlanId; /* parsed VLAN id from vlan string */ + uint32 attrFlags; + uint32 vlanAttrFlags; + BOOL rcvdEapAttr; +}authmgrAuthAttributeInfo_t; + + +typedef struct authmgrClientAuthInfo_s +{ + enetMacAddr_t macAddr; + uint32 eapolVersion; + uint32 authMethod; + authmgrAuthAttributeInfo_t attrInfo; + uint32 sessionId; + char8 authmgrUserName[AUTHMGR_USER_NAME_LEN]; + uint32 authmgrUserNameLength; +}authmgrClientAuthInfo_t; + +typedef struct authmgrClientStatusInfo_s +{ + union + { + authmgrClientAuthInfo_t authInfo; + uint32 enableStatus; + }info; +}authmgrClientStatusInfo_t; + +typedef struct authmgrClientStatusReply_s +{ + char intf[16]; + char addr[6]; + unsigned int method; + unsigned int status; + union + { + unsigned int vlanId; + unsigned int enableStatus; + }info; +}authmgrClientStatusReply_t; + +typedef enum authmgrNotifyEvent_s +{ + authmgrClientReAuthenticate = 1, + authmgrClientAuthStart, +// authmgrClientReqIdTx, + authmgrClientDisconnect +}authmgrNotifyEvent_t; + + +#define AUTHMGR_MULTI_HOST_MODE_MAX_USERS 1 +#define AUTHMGR_SINGLE_AUTH_MODE_MAX_USERS 1 + + +#define AUTHMGR_RADIUS_MAX_AUTH_ATTEMPTS 1 +#define AUTHMGR_RADIUS_MAX_AUTH_ATTEMPTS_RANGE_MIN 1 +#define AUTHMGR_RADIUS_MAX_AUTH_ATTEMPTS_RANGE_MAX 5 + +#define AUTHMGR_AUTHENTICATION_MAX_EVENTS 1024 + +#define AUTHMGR_AUTHENTICATION_MAX_INTF_EVENTS 20 + + +#define AUTHMGR_RESTART_TIMER_MIN 10 +#define AUTHMGR_RESTART_TIMER_MAX 65535 + +#define AUTHMGR_PORT_MIN_MAC_USERS 1 +#define AUTHMGR_PORT_MAX_MAC_USERS FD_AUTHMGR_PORT_MAX_USERS + + +#define AUTHMGR_PORT_MIN_QUIET_PERIOD 0 +#define AUTHMGR_PORT_MAX_QUIET_PERIOD 65535 + +#define AUTHMGR_PORT_MIN_TX_PERIOD 1 +#define AUTHMGR_PORT_MAX_TX_PERIOD 65535 + +#define AUTHMGR_PORT_MIN_SUPP_TIMEOUT 1 +#define AUTHMGR_PORT_MAX_SUPP_TIMEOUT 65535 + +#define AUTHMGR_PORT_MIN_SERVER_TIMEOUT 1 +#define AUTHMGR_PORT_MAX_SERVER_TIMEOUT 65535 + +#define AUTHMGR_PORT_MIN_MAX_REQ 1 +#define AUTHMGR_PORT_MAX_MAX_REQ 20 + +#define AUTHMGR_PORT_MIN_MAX_REQ_IDENTITY 1 +#define AUTHMGR_PORT_MAX_MAX_REQ_IDENTITY 20 + +#define AUTHMGR_PORT_MIN_REAUTH_PERIOD 1 +#define AUTHMGR_PORT_MAX_REAUTH_PERIOD 65535 + +#define AUTHMGR_MAX_USERS_PER_PORT FD_AUTHMGR_PORT_MAX_USERS + +/* Get the re-authentication timeout value from the server */ +#define AUTHMGR_PORT_REAUTH_PERIOD_FROM_SERVER TRUE + +/******************** conditional Override *****************************/ + +#ifdef INCLUDE_AUTH_MGR_EXPORTS_OVERRIDES +#include "auth_mgr_exports_overrides.h" +#endif + +/* USE C Declarations */ +#ifdef __cplusplus +} +#endif + +#endif /* __AUTHMGR_EXPORTS_H_*/ diff --git a/src/sonic-pac/authmgr/common/comm_mask.h b/src/sonic-pac/authmgr/common/comm_mask.h new file mode 100755 index 000000000000..b09fa49fcc0e --- /dev/null +++ b/src/sonic-pac/authmgr/common/comm_mask.h @@ -0,0 +1,704 @@ +/* + * Copyright 2024 Broadcom Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + + +#ifndef INCLUDE_COMM_MASK +#define INCLUDE_COMM_MASK + +/* USE C Declarations */ +#ifdef __cplusplus +extern "C" { +#endif + +//#include "default_cnfgr.h" // shiva check with amit +#include "auth_mgr_common.h" +#include "pacinfra_common.h" + + +/*--------------------------------------*/ +/* Common Mask Macros & Defines */ +/* Generic Mask Macros & Defines */ +/*--------------------------------------*/ + +/* + * Note that these macros are for one-based masks, not zero-based. + */ + +typedef uchar8 mask_values_t; + +/* Number of entries per mask unit */ +#define MASK_UNIT (sizeof( mask_values_t) * 8) + +/* + * + * Number of elements of mask_values_t in mask. + * + * Declare a mask using this macro where _size is the number of bits to be + * used, starting with bit 1. + * + * E.g., for a mask for interfaces: + * + * mask_values_t myMask[ MASK_LEN( MAX_INTERFACE_COUNT)]; + * + */ +#define MASK_LEN(_size) ((((_size) - 1) / MASK_UNIT) + 1) + +#define MASK_BYTE_NUM(j) (sizeof((j)) / sizeof((j)[0])) + +/* + * NONZEROMASK returns 1 if any bit in word mask of NUM length + * is turned-on. The result, 1 or 0 is stored in result. + */ +#define NONZEROMASK(_mask, _result, _size) \ + do \ + { \ + uint32 _i_; \ + mask_values_t *_p_ = ( mask_values_t *)&(_mask); \ + \ + (_result) = 0; \ + for (_i_ = 0; _i_ < MASK_LEN(_size); _i_++) \ + { \ + if (_p_[_i_] != 0) \ + { \ + (_result) = 1; \ + break; \ + } \ + } \ + } while (0) + + +/* SETMASKBIT turns on bit index # k in mask j. Note: k is one-based. */ +#define SETMASKBIT(j, k) \ + ((j)[((k) - 1) / MASK_UNIT] |= 1 << (((k) - 1) % MASK_UNIT)) + +/* CLRMASKBIT turns off bit index # k in mask j. Note: k is one-based. */ +#define CLRMASKBIT(j, k) \ + ((j)[((k) - 1) / MASK_UNIT] &= ~(1 << (((k)-1) % MASK_UNIT))) + +/* SETMASKBITVAL sets bit index # k in mask j to value. Any non-zero value is + * converted to 1. Note: k is one-based. + */ +#define SETMASKBITVAL(j, k, v) \ + ((j)[((k) - 1) / MASK_UNIT] = \ + (((j)[((k) - 1) / MASK_UNIT] & ~(1 << (((k)-1) % MASK_UNIT))) | \ + (!!(v) << (((k) - 1) % MASK_UNIT)))) + + + +/* MASKEQ sets mask j equal to mask k. */ +#define MASKEQ(j, k, _size) \ + do \ + { \ + uint32 x; \ + \ + for (x = 0; x < MASK_LEN(_size); x++) \ + { \ + (j)[x] = (k)[x]; \ + } \ + } while (0) + +/* MASKOREQ or's on the bits in mask j that are on in either mask j or k. */ +#define MASKOREQ(j, k, _size) \ + do \ + { \ + uint32 x; \ + \ + for (x = 0; x < MASK_LEN(_size); x++) \ + { \ + (j)[x] |= (k)[x]; \ + } \ + } while (0) + +/* MASKOR or's two masks on per byte basis */ +#define MASKOR(j, k) \ + do \ + { \ + uint32 x; \ + \ + for (x = 0; x < MASK_BYTE_NUM(j); x++) \ + { \ + (j)[x] |= (k)[x]; \ + } \ + } while (0) + + +/* MASKEXOREQ turns-on the bits in mask j that are on in either mask j and k but not in both. */ +#define MASKEXOREQ(j, k, _size) \ + do \ + { \ + uint32 x; \ + \ + for (x = 0; x < MASK_LEN(_size); x++) \ + { \ + (j)[x] ^= (k)[x]; \ + } \ + } while (0) + +/* MASKANDEQ turns-on the bits in mask j that are on in both mask j and k. */ +#define MASKANDEQ(j, k, _size) \ + do \ + { \ + uint32 x; \ + \ + for (x = 0; x < MASK_LEN(_size); x++) \ + { \ + (j)[x] &= (k)[x]; \ + } \ + } while (0) + +/* MASKAND turns-on the bits in mask j that are on in both mask j and k. */ +#define MASKAND(j, k) \ + do \ + { \ + uint32 x; \ + \ + for (x = 0; x < MASK_BYTE_NUM(j); x++) \ + { \ + (j)[x] &= (k)[x]; \ + } \ + } while (0) + +/* MASKINV inverts the bits in mask j. */ +#define MASKINV(j, _size) \ + do \ + { \ + uint32 x; \ + \ + for (x = 0; x < MASK_LEN(_size); x++) \ + { \ + (j)[x] = ~((j)[x]); \ + } \ + } while (0) + +/* MASKANDEQINV turns on the bits in mask j that are on in both mask j + and the bitwise-inverse of mask k. */ +#define MASKANDEQINV(j, k, _size) \ + do \ + { \ + uint32 x; \ + \ + for (x = 0; x < MASK_LEN(_size); x++) \ + { \ + (j)[x] &= ~((k)[x]); \ + } \ + } while (0) + +/* MASKBITSCLR clears bits in mask j that are on in mask k */ +#define MASKBITSCLR(j, k) \ + do \ + { \ + uint32 x; \ + \ + for (x = 0; x < MASK_BYTE_NUM((j)); x++) \ + { \ + (j)[x] &= ~((k)[x]); \ + } \ + } while (0) + +/* FHMASKBIT finds the index of the most-significant bit turned-on in + mask j and returns that index in k. Since this is a 1-based + mask, 0 is returned for "no bits set". */ +#define FHMASKBIT(j, k, _size) \ + do \ + { \ + int32 x; \ + \ + for (x = ( MASK_LEN(_size) - 1); x >= 0; x--) \ + { \ + if ( (j)[x] ) \ + { \ + break; \ + } \ + } \ + \ + k = 0; \ + if (x >= 0) \ + { \ + int32 i; \ + for (i = MASK_UNIT - 1; i >= 0; i--) \ + { \ + if ( (j)[x] & (1 << i)) \ + { \ + k = i + 1 + (x * MASK_UNIT); \ + break; \ + } \ + } \ + } \ + } while (0) + +/* ISMASKBITSET returns 0 if the interface k is not set in mask j */ +#define ISMASKBITSET(j, k) \ + ((j)[(((k) - 1) / MASK_UNIT)] & ( 1 << ((k-1) % MASK_UNIT))) + +/* MASKREV reverses the bits in within each byte of mask j. */ +#define MASKREV(j, _size) \ + do \ + { \ + uint32 x,y; \ + uchar8 b=0; \ + \ + for (x = 0; x < MASK_LEN(_size); x++) \ + { \ + b = 0; \ + for (y=0; y<8; y++) \ + { \ + if ((j).value[x] & (0x80 >> y)) \ + { \ + b |= 0x1 << y; \ + } \ + } \ + (j).value[x] = b; \ + } \ + } while (0) + +/* FLCLEARMASKBIT finds the index of the least-significant bit turned-off in + * mask _mask and returns that index in _result. Since this is a 1-based + * mask, 0 is returned for "no bits set". */ +#define FLCLEARMASKBIT(_mask, _result, _size) \ + do \ + { \ + int32 x; \ + mask_values_t *_p_ = ( mask_values_t *)&(_mask); \ + \ + for (x = 0; x < MASK_LEN(_size); x++) \ + { \ + if ( (_p_)[x] != 0xFF) \ + { \ + break; \ + } \ + } \ + \ + if(x < MASK_LEN(_size)) \ + { \ + int32 i; \ + for (i = 0; i < MASK_UNIT; i++) \ + { \ + if ( ((_p_)[x] & (1 << i)) == 0) \ + { \ + _result = i + 1 + (x * MASK_UNIT); \ + break; \ + } \ + } \ + } \ + else \ + { \ + _result = 0; \ + } \ + } while (0) + +/* FSCMASKBIT finds the number of bits turned-on in mask _mask and + * returns that count in _result. */ +#define FSCMASKBIT(_mask, _result, _size) \ + do \ + { \ + int32 x; \ + int32 i; \ + mask_values_t *_p_ = ( mask_values_t *)&(_mask); \ + \ + _result = 0; \ + for (x = 0; x < MASK_LEN(_size); x++) \ + { \ + if ( (_p_)[x] != 0) \ + { \ + for (i = 0; i < MASK_UNIT; i++) \ + { \ + if ( ((_p_)[x] & (1 << i)) != 0) \ + { \ + _result++; \ + } \ + } \ + } \ + } \ + \ + } while (0) + + +/*--------------------------------------*/ +/* Interface Mask Macros & Defines */ +/*--------------------------------------*/ + +/* Number of entries per mask byte */ +#define INTF_MASK_UNIT (sizeof( uchar8) * 8) + +/* Number of bytes in mask */ +#define INTF_INDICES (( MAX_INTERFACE_COUNT - 1) / INTF_MASK_UNIT + 1) + +/* Interface storage */ +typedef struct +{ + uchar8 value[ INTF_INDICES]; +} INTF_MASK_t; + + +/* + * NONZEROMASK returns 1 if any bit in word mask of NUM length + * is turned-on. The result, 1 or 0 is stored in result. + */ +#define INTF_NONZEROMASK(mask, result){ \ + uint32 _i_; \ + INTF_MASK_t *_p_; \ + \ + _p_ = ( INTF_MASK_t *)&mask; \ + for(_i_ = 0; _i_ < INTF_INDICES; _i_++) \ + if(_p_->value[_i_] != 0){ \ + result = 1; \ + break; \ + } \ + else \ + result = 0; \ +} + + +/* Least significant bit/rightmost bit is lowest interface # */ +/* this is opposite of what SNMP wants */ + +/* SETMASKBIT turns on bit index # k in mask j. */ +#define INTF_SETMASKBIT(j, k) \ + ((j).value[((k-1)/(8*sizeof( uchar8)))] \ + |= 1 << ((k-1) % (8*sizeof( uchar8)))) + + +/* CLRMASKBIT turns off bit index # k in mask j. */ +#define INTF_CLRMASKBIT(j, k) \ + ((j).value[((k-1)/(8*sizeof( uchar8)))] \ + &= ~(1 << ((k-1) % (8*sizeof( uchar8))))) + + +/* MASKEQ sets mask j equal to mask k. */ +#define INTF_MASKEQ(j, k) { \ + uint32 x; \ + \ + for (x = 0; x < INTF_INDICES; x++) { \ + (j).value[x] = (k).value[x]; \ + } \ +} + + +/* MASKOREQ or's on the bits in mask j that are on in either mask j or k. */ +#define INTF_MASKOREQ(j, k) { \ + uint32 x; \ + \ + for (x = 0; x < INTF_INDICES; x++) { \ + (j).value[x] |= (k).value[x]; \ + } \ +} + + +/* MASKEXOREQ turns-on the bits in mask j that are on in either mask j and k but not in both. */ +#define INTF_MASKEXOREQ(j, k) { \ + uint32 x; \ + \ + for (x = 0; x < INTF_INDICES; x++) { \ + j.value[x] ^= k.value[x]; \ + } \ +} + + +/* MASKANDEQ turns-on the bits in mask j that are on in both mask j and k. */ +#define INTF_MASKANDEQ(j, k) { \ + uint32 x; \ + \ + for (x = 0; x < INTF_INDICES; x++) { \ + (j).value[x] &= (k).value[x]; \ + } \ +} + + +/* MASKINV inverts the bits in mask j. */ +#define INTF_MASKINV(j) { \ + uint32 x; \ + \ + for (x = 0; x < INTF_INDICES; x++) { \ + j.value[x] = ~(j.value[x]); \ + } \ +} + + +/* MASKANDEQINV turns on the bits in mask j that are on in both mask j + and the bitwise-inverse of mask k. */ +#define INTF_MASKANDEQINV(j, k) { \ + uint32 x; \ + \ + for (x = 0; x < INTF_INDICES; x++) { \ + (j).value[x] &= ~((k).value[x]); \ + } \ +} + + +/* FHMASKBIT finds the index of the most-significant bit turned-on in + mask j and returns that index in k. Since this is a 1-based + mask, 0 is returned for "no bits set". */ +#define INTF_FHMASKBIT(j, k) { \ + int32 x; \ + \ + for (x = ( INTF_INDICES - 1); x >= 0; x--) { \ + if ( j.value[x] ) \ + break; \ + }; \ + k = 0; \ + if (x >= 0) { \ +/* This is for i960 + asm volatile ("scanbit %1,%0" : "=d"(k) : "d"(j.value[x])); */ \ +/* This is not */ \ + int32 i; \ + for (i = 7; i >= 0; i--) { \ + if ( j.value[x] & (1 << i)) { \ + k = i + 1 + (x * (8 * sizeof( uchar8))); \ + break; \ + } \ + } \ +/* End non-i960 */ \ + }; \ +} + +/* FLMASKBIT finds the index of the least-significant bit turned-on in + mask j and returns that index in k. Since this is a 1-based + mask, 0 is returned for "no bits set". */ +#define INTF_FLMASKBIT(j, k) { \ + int32 x; \ + \ + for (x = 0; x <= ( INTF_INDICES - 1); x++) { \ + if ( j.value[x] ) \ + break; \ + }; \ + k = 0; \ + if (x < INTF_INDICES) { \ +/* This is for i960 + asm volatile ("scanbit %1,%0" : "=d"(k) : "d"(j.value[x])); */ \ +/* This is not */ \ + int32 i; \ + for (i = 0; i <= 7; i++) { \ + if ( j.value[x] & (1 << i)) { \ + k = i + 1 + (x * (8 * sizeof( uchar8))); \ + break; \ + } \ + } \ +/* End non-i960 */ \ + }; \ +} + + +/* ISMASKBITSET returns 0 if the interface k is not set in mask j */ +#define INTF_ISMASKBITSET(j, k) \ + ((j).value[((k-1)/(8*sizeof( uchar8)))] \ + & ( 1 << ((k-1) % (8*sizeof( char8)))) ) + + +/* MASKREV reverses the bits in within each byte of mask j. */ +#define INTF_MASKREV(j) { \ + uint32 x,y; \ + uchar8 b=0; \ + \ + for (x = 0; x < INTF_INDICES; x++) { \ + b = 0; \ + for (y=0; y<8; y++) \ + { \ + if ((j).value[x] & (0x80 >> y)) \ + b |= 0x1 << y; \ + } \ + (j).value[x] = b; \ + } \ +} + + + +/* Macro definitions for VLAN MASK operations */ +/* + * NONZEROMASK returns 1 if any bit in word mask of NUM length + * is turned-on. The result, 1 or 0 is stored in result. + */ +#define VLAN_NONZEROMASK(mask, result){ \ + uint32 _i_; \ + VLAN_MASK_t *_p_; \ + \ + _p_ = ( VLAN_MASK_t *)&mask; \ + for(_i_ = 0; _i_ < VLAN_INDICES; _i_++) \ + if(_p_->value[_i_] != 0){ \ + result = 1; \ + break; \ + } \ + else \ + result = 0; \ +} + +#define VLAN_NONZEROMASK_POINTER(mask, result){ \ + uint32 _i_; \ + VLAN_MASK_t *_p_; \ + \ + _p_ = mask; \ + for(_i_ = 0; _i_ < VLAN_INDICES; _i_++) \ + if(_p_->value[_i_] != 0){ \ + result = 1; \ + break; \ + } \ + else \ + result = 0; \ + } + +/* Least significant bit/rightmost bit is lowest interface # */ +/* this is opposite of what SNMP wants */ + +/* SETMASKBIT turns on bit index # k in mask j. */ +#define VLAN_SETMASKBIT(j, k) \ + ((j).value[((k-1)/(8*sizeof( uchar8)))] \ + |= 1 << ((k-1) % (8*sizeof( uchar8)))) + + +/* CLRMASKBIT turns off bit index # k in mask j. */ +#define VLAN_CLRMASKBIT(j, k) \ + ((j).value[((k-1)/(8*sizeof( uchar8)))] \ + &= ~(1 << ((k-1) % (8*sizeof( uchar8))))) +#define VLAN_CLRMASKBIT_POINTER(j, k) \ + ((j)->value[((k-1)/(8*sizeof( uchar8)))] \ + &= ~(1 << ((k-1) % (8*sizeof( uchar8))))) + +/* MASKEQ sets mask j equal to mask k. */ +#define VLAN_MASKEQ(j, k) { \ + uint32 x; \ + \ + for (x = 0; x < VLAN_INDICES; x++) { \ + (j).value[x] = (k).value[x]; \ + } \ +} + + +/* MASKOREQ or's on the bits in mask j that are on in either mask j or k. */ +#define VLAN_MASKOREQ(j, k) { \ + uint32 x; \ + \ + for (x = 0; x < VLAN_INDICES; x++) { \ + (j).value[x] |= (k).value[x]; \ + } \ +} + + +/* MASKEXOREQ turns-on the bits in mask j that are on in either mask j and k but not in both. */ +#define VLAN_MASKEXOREQ(j, k) { \ + uint32 x; \ + \ + for (x = 0; x < VLAN_INDICES; x++) { \ + j.value[x] ^= k.value[x]; \ + } \ +} + + +/* MASKANDEQ turns-on the bits in mask j that are on in both mask j and k. */ +#define VLAN_MASKANDEQ(j, k) { \ + uint32 x; \ + \ + for (x = 0; x < VLAN_INDICES; x++) { \ + j.value[x] &= k.value[x]; \ + } \ +} + + +/* MASKINV inverts the bits in mask j. */ +#define VLAN_MASKINV(j) { \ + uint32 x; \ + \ + for (x = 0; x < VLAN_INDICES; x++) { \ + j.value[x] = ~(j.value[x]); \ + } \ +} + + +/* MASKANDEQINV turns on the bits in mask j that are on in both mask j + and the bitwise-inverse of mask k. */ +#define VLAN_MASKANDEQINV(j, k) { \ + uint32 x; \ + \ + for (x = 0; x < VLAN_INDICES; x++) { \ + j.value[x] &= ~(k.value[x]); \ + } \ +} +#define VLAN_MASKANDEQINV_POINTER(j, k) { \ + uint32 x; \ + \ + for (x = 0; x < VLAN_INDICES; x++) { \ + j->value[x] &= ~(k.value[x]); \ + } \ +} + + + +/* ISMASKBITSET returns 0 if the interface k is not set in mask j */ +#define VLAN_ISMASKBITSET(j, k) \ + ((j).value[((k-1)/(8*sizeof( uchar8)))] \ + & ( 1 << ((k-1) % (8*sizeof( char8)))) ) + +#define VLAN_ISMASKBITSET_POINTER(j, k) \ + ((j)->value[((k-1)/(8*sizeof( uchar8)))] \ + & ( 1 << ((k-1) % (8*sizeof( char8)))) ) + + +/* FHMASKBIT finds the index of the most-significant bit turned-on in + mask j and returns that index in k. Since this is a 1-based + mask, 0 is returned for "no bits set". */ +#define VLAN_FHMASKBIT(j, k) { \ + int32 x; \ + \ + for (x = ( VLAN_INDICES - 1); x >= 0; x--) { \ + if ( j.value[x] ) \ + break; \ + }; \ + k = 0; \ + if (x >= 0) { \ +/* This is for i960 + asm volatile ("scanbit %1,%0" : "=d"(k) : "d"(j.value[x])); */ \ +/* This is not */ \ + int32 i; \ + for (i = 7; i >= 0; i--) { \ + if ( j.value[x] & (1 << i)) { \ + k = i + 1 + (x * (8 * sizeof( uchar8))); \ + break; \ + } \ + } \ +/* End non-i960 */ \ + }; \ +} + +/* FLMASKBIT finds the index of the least-significant bit turned-on in + mask j and returns that index in k. Since this is a 1-based + mask, 0 is returned for "no bits set". */ +#define VLAN_FLMASKBIT(j, k) { \ + int32 x; \ + \ + for (x = 0; x <= ( VLAN_INDICES - 1); x++) { \ + if ( j.value[x] ) \ + break; \ + }; \ + k = 0; \ + if (x < VLAN_INDICES) { \ +/* This is for i960 + asm volatile ("scanbit %1,%0" : "=d"(k) : "d"(j.value[x])); */ \ +/* This is not */ \ + int32 i; \ + for (i = 0; i <= 7; i++) { \ + if ( j.value[x] & (1 << i)) { \ + k = i + 1 + (x * (8 * sizeof( uchar8))); \ + break; \ + } \ + } \ +/* End non-i960 */ \ + }; \ +} + +/* USE C Declarations */ +#ifdef __cplusplus +} +#endif + +#endif diff --git a/src/sonic-pac/authmgr/common/component_mask.h b/src/sonic-pac/authmgr/common/component_mask.h new file mode 100755 index 000000000000..6175963fbc7c --- /dev/null +++ b/src/sonic-pac/authmgr/common/component_mask.h @@ -0,0 +1,116 @@ +/* + * Copyright 2024 Broadcom Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + + +#ifndef COMPONENT_MASK_H +#define COMPONENT_MASK_H + +/*-----------------------*/ +/* Component Mask Macros */ +/*-----------------------*/ + +/* Number of bytes in mask */ +#define COMPONENT_INDICES (( LAST_COMPONENT_ID - 1) / (sizeof( uchar8) * 8) + 1) + +/* Component Mask Storage */ +typedef struct { + uchar8 value[COMPONENT_INDICES]; +} COMPONENT_MASK_t; + + +typedef COMPONENT_MASK_t ComponentMask; + +/* + * NONZEROMASK returns true if any bit in word mask of NUM length + * is turned-on. The result, TRUE or FALSE is stored in + * result. + */ +#define COMPONENT_NONZEROMASK(mask, result){ \ + uint32 _i_; \ + COMPONENT_MASK_t *_p_; \ + \ + _p_ = (COMPONENT_MASK_t *)&(mask); \ + for(_i_ = 0; _i_ < COMPONENT_INDICES; _i_++) \ + if(_p_ -> value[_i_]){ \ + result = TRUE; \ + break; \ + } \ + else \ + result = FALSE; \ +} + + +#define COMPONENT_MASKNUMBITSETGET(mask, result){ \ + uint32 _i_; \ + COMPONENT_MASK_t *_p_; \ + \ + _p_ = (COMPONENT_MASK_t *)&(mask);result=0; \ + for(_i_ = 0; _i_ < COMPONENT_INDICES; _i_++) \ + if(_p_ -> value[_i_]){ \ + result++; \ + break; \ + } \ +} + + +/* Least significant bit/rightmost bit is lowest interface # */ + +/* SETMASKBIT turns on bit index # k in mask j. */ +#define COMPONENT_SETMASKBIT(j, k) \ + ((j).value[((k-1)/(8*sizeof( uchar8)))] \ + |= 1 << ((k-1) % (8*sizeof( uchar8)))) + + + +/* CLRMASKBIT turns off bit index # k in mask j. */ +#define COMPONENT_CLRMASKBIT(j, k) \ + ((j).value[((k-1)/(8*sizeof( uchar8)))] \ + &= ~(1 << ((k-1) % (8*sizeof( uchar8))))) + + +/* ISMASKBITSET returns 0 if the interface k is not set in mask j */ +#define COMPONENT_ISMASKBITSET(j, k) \ + ((j).value[((k-1)/(8*sizeof( uchar8)))] \ + & ( 1 << ((k-1) % (8*sizeof( char8)))) ) + + + + + +/*--------------------------------------------*/ +/* COMPONENT ACQUISITION MACROS */ +/* + Used for managing masks of components + which have acquired an interface +*/ +/*--------------------------------------------*/ + +/* Number of bytes in mask */ +#define COMPONENT_ACQ_INDICES COMPONENT_INDICES} +#define COMPONENT_ACQUIRED_MASK_t COMPONENT_MASK_t + + +typedef COMPONENT_ACQUIRED_MASK_t AcquiredMask; /* Mask of components which have + "acquired" an interface */ + +#define COMPONENT_ACQ_NONZEROMASK COMPONENT_NONZEROMASK +#define COMPONENT_ACQ_SETMASKBIT COMPONENT_SETMASKBIT +#define COMPONENT_ACQ_CLRMASKBIT COMPONENT_CLRMASKBIT +#define COMPONENT_ACQ_ISMASKBITSET COMPONENT_ISMASKBITSET + + +#endif /* COMPONENT_MASK_H */ + diff --git a/src/sonic-pac/authmgr/common/mab_api.h b/src/sonic-pac/authmgr/common/mab_api.h new file mode 100755 index 000000000000..976b1a5185fb --- /dev/null +++ b/src/sonic-pac/authmgr/common/mab_api.h @@ -0,0 +1,310 @@ +/* + * Copyright 2024 Broadcom Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + + +#ifndef INCLUDE_MAB_API_H +#define INCLUDE_MAB_API_H + +/* USE C Declarations */ +#ifdef __cplusplus +extern "C" { +#endif + +#include "pacinfra_common.h" +#include "auth_mgr_exports.h" +#include "mab_exports.h" + +/********************************************************************* +* @purpose Set initialize value for a port +* +* @param intIfNum @b{(input)} internal interface number +* @param initialize @b{(input)} initialize value +* +* @returns SUCCESS +* @returns FAILURE +* +* @comments This value is set to TRUE by management in order to force +* initialization of a port. It is re-set to FALSE after +* initialization has completed. +* +* @end +*********************************************************************/ +RC_t mabPortInitializeSet(uint32 intIfNum, BOOL initialize); + +/********************************************************************* +* @purpose Clear mab stats for specified port +* +* @param intIfNum @b{(input)} internal interface number +* +* @returns SUCCESS +* @returns FAILURE +* +* @comments +* +* @end +*********************************************************************/ +RC_t mabPortStatsClear(uint32 intIfNum); + +/********************************************************************* +* @purpose Get the configured MAB value on the port. +* +* @param intIfNum @b{(input)} internal interface number +* @param mabEnable @b{(output)} value detrmining if MAB +* has been enabled on the port +* +* @returns SUCCESS +* @returns FAILURE +* +* @comments +* +* @end +*********************************************************************/ +RC_t mabPortMABEnableGet(uint32 intIfNum, uint32 *mabEnable); + +/********************************************************************* +* @purpose Set the MAB value on the port. +* +* @param intIfNum @b{(input)} internal interface number +* @param mabEnable @b{(output)} boolean value detrmining if MAB +* has been configured on the port +* +* @returns SUCCESS +* @returns FAILURE +* @results REQUEST_DENIED if port control mode of the port is +* not mac-based +* +* @comments +* +* @end +*********************************************************************/ +RC_t mabPortMABEnableSet(uint32 intIfNum, uint32 mabEnable); + +/********************************************************************* +* @purpose Get the operational MAB value on the port. +* +* @param intIfNum @b{(input)} internal interface number +* @param mabEnabled @b{(output)} value detrmining if MAB +* has been operationally +* enabled on the port +* +* @returns SUCCESS +* @returns FAILURE +* +* @comments +* +* @end +*********************************************************************/ +RC_t mabPortOperMABEnabledGet(uint32 intIfNum, uint32 *mabEnabled); + +/********************************************************************* +* @purpose Get the configured authentication type on the port to be used by MAB. +* +* @param intIfNum @b{(input)} internal interface number +* @param auth_type @b{(output)} Pointer to the authentication type {EAP-MD5 or PAP} +* +* @returns SUCCESS +* @returns FAILURE +* +* @comments +* +* @end +*********************************************************************/ +RC_t mabPortMABAuthTypeGet(uint32 intIfNum, + AUTHMGR_PORT_MAB_AUTH_TYPE_t *auth_type); + +/********************************************************************* +* @purpose Set the authentication type on the port to be used by MAB. +* +* @param intIfNum @b{(input)} internal interface number +* @param auth_type @b{(input)} Authentication type {EAP-MD5 or PAP} +* +* @returns SUCCESS if able to set the auth_type successfully +* @results REQUEST_DENIED if MAB is not enabled on that port +* @returns FAILURE otherwise +* +* @comments +* +* @end +*********************************************************************/ +RC_t mabPortMABAuthTypeSet(uint32 intIfNum, + AUTHMGR_PORT_MAB_AUTH_TYPE_t auth_type); + +/********************************************************************* +* @purpose Determine if the interface is valid to participate in mab +* +* @param intIfNum @b{(input)} internal interface number +* +* @returns TRUE +* @returns FALSE +* +* @comments +* +* @end +*********************************************************************/ + BOOL mabIsValidIntf(uint32 intIfNum); + +/********************************************************************* +* @purpose Determine if the interface type is valid to participate in mab +* +* @param sysIntfType @b{(input)} interface type +* +* @returns TRUE +* @returns FALSE +* +* @comments +* +* @end +*********************************************************************/ + BOOL mabIsValidIntfType(uint32 sysIntfType); + +/********************************************************************* +* @purpose Set port control mode +* +* @param intIfNum @b{(input)} internal interface number +* @param portControl @b{(input)} port control mode +* +* @returns SUCCESS +* @returns FAILURE +* +* @comments +* +* @end +*********************************************************************/ +RC_t mabPortControlModeSet(uint32 intIfNum, AUTHMGR_PORT_CONTROL_t portControl); + +/********************************************************************* +* @purpose Set host control mode +* +* @param intIfNum @b{(input)} internal interface number +* @param hostControl @b{(input)} host control mode +* +* @returns SUCCESS +* @returns FAILURE +* +* @comments +* +* @end +*********************************************************************/ +RC_t mabPortControlHostModeSet(uint32 intIfNum, AUTHMGR_HOST_CONTROL_t hostMode); + +/********************************************************************* + * @purpose Handle Auth Manager event + * + * @param intIfNum @b{(input)} internal interface number + * @param event @b{(input)} event + * @param macAddr @b{(input)} client mac address + * + * @returns SUCCESS + * @returns FAILURE + * + * @comments + * + * @end + *********************************************************************/ +RC_t mabClientEventUpdate(uint32 intIfNum, uint32 event, enetMacAddr_t *macAddr); + +/********************************************************************* +* @purpose Return Internal Interface Number of the first valid interface for +* mab. +* +* @param pFirstIntIfNum @b{(output)} pointer to first internal interface number +* +* @returns SUCCESS if success +* @returns ERROR if interface does not exist +* @returns FAILURE if other failure +* +* @comments none +* +* @end +*********************************************************************/ +RC_t mabFirstValidIntfNumber(uint32 *pFirstIntIfNum); + +/********************************************************************* +* @purpose Return Internal Interface Number of next valid interface for +* mab. +* +* @param intIfNum @b{(input)} Internal Interface Number +* @param pNextintIfNum @b{(output)} pointer to Next Internal Interface Number, +* +* @returns SUCCESS if success +* @returns ERROR if interface does not exist +* @returns FAILURE if other failure +* +* @comments none +* +* @end +*********************************************************************/ +RC_t mabNextValidIntf(uint32 intIfNum, uint32 *pNextIntIfNum); + +/********************************************************************* +* @purpose Get if RADIUS is configured as one of the authentication methods +* for MAB. +* +* @param intIfNum @b{(input)} interface number +* @param intIfNum @b{(output)} enabled/disabled +* +* @returns SUCCESS if success +* @returns FAILURE if other failure +* +* @comments none +* +* @end +*********************************************************************/ +RC_t mabAuthmethodRadiusEnabled(uint32 intIfNum, uint32 *enabled); + +/********************************************************************* +* @purpose Update the RADIUS server configuration +* +* @param add @b{(input)} whether server should be added or deleted +* @param radius_type @b{(input)} radius server type +* @param serv_addr @b{(input)} radius server address +* @param serv_priority @b{(input)} radius server priority +* @param radius_key @b{(input)} radius server key +* @param serv_port @b{(input)} radius server port +* +* @returns SUCCESS values are valid and are updated successfully +* @returns FAILURE otherwise +* +* @comments +* +* @end +*********************************************************************/ +RC_t mabRadiusServerUpdate(uint32 cmd, const char *radius_type, + const char *serv_addr, const char *serv_priority, + const char *radius_key, const char *serv_port); + +/********************************************************************* +* @purpose Get RADIUS stats from MAB +* +* @param buf @b{(output)} Buffer to store stats. +* @param buflen @b{(output)} Length of buffer. +* +* @returns SUCCESS Stats retrieved successfully. +* @returns FAILURE Stats could not be retrieved. +* +* @comments +* +* @end +*********************************************************************/ +RC_t mabRadiusClientGetStats(char *buf, int buflen); + + +/* USE C Declarations */ +#ifdef __cplusplus +} +#endif + +#endif /* INCLUDE_MAB_API_H */ diff --git a/src/sonic-pac/authmgr/common/mab_exports.h b/src/sonic-pac/authmgr/common/mab_exports.h new file mode 100755 index 000000000000..6486db6012f5 --- /dev/null +++ b/src/sonic-pac/authmgr/common/mab_exports.h @@ -0,0 +1,93 @@ +/* + * Copyright 2024 Broadcom Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef __MAB_EXPORTS_H_ +#define __MAB_EXPORTS_H_ + +/* USE C Declarations */ +#ifdef __cplusplus +extern "C" { +#endif + +/* MAB Component Feature List */ +typedef enum +{ + MAB_FEATURE_ID = 0, /* general support statement */ + MAB_FEATURE_ID_TOTAL, /* total number of enum values */ +} MAB_FEATURE_IDS_t; + +#define MAB_MAX_USERS_PER_PORT FD_AUTHMGR_PORT_MAX_USERS + +#define MAB_USER_NAME_LEN 65 +#define MAB_CHALLENGE_LEN 32 + +#define MAB_CHAP_CHALLENGE_LEN 16 +#define MAB_FILTER_NAME_LEN 256 + +/******************************************************************/ +/************* Start MAB types and defines *********/ +/******************************************************************/ + +/* Port protocol version */ +typedef enum +{ + MAB_PAE_PORT_PROTOCOL_VERSION_1 = 1 +} MAB_PAE_PORT_PROTOCOL_VERSION_t; + + +/* MAB Request Attribute1 Group Size types */ +typedef enum +{ + MAB_REQUEST_ATTRIBUTE1_GROUP_SIZE_INVALID = 0, + MAB_REQUEST_ATTRIBUTE1_GROUP_SIZE_1 = 1, + MAB_REQUEST_ATTRIBUTE1_GROUP_SIZE_2 = 2, + MAB_REQUEST_ATTRIBUTE1_GROUP_SIZE_4 = 4, + MAB_REQUEST_ATTRIBUTE1_GROUP_SIZE_12 = 12 +} MAB_REQUEST_ATTRIBUTE1_GROUP_SIZE_t; + +/* MAB Request Attribute1 Separator types */ +typedef enum +{ + MAB_REQUEST_ATTRIBUTE1_SEPARATOR_INVALID = 0, + MAB_REQUEST_ATTRIBUTE1_SEPARATOR_IETF, /* '-' is used as a separator */ + MAB_REQUEST_ATTRIBUTE1_SEPARATOR_LEGACY, /* ':' is used as a separator */ + MAB_REQUEST_ATTRIBUTE1_SEPARATOR_DOT /* '.' is used as a separator */ +} MAB_REQUEST_ATTRIBUTE1_SEPARATOR_t; + +/* MAB Request Attribute1 Case types */ +typedef enum +{ + MAB_REQUEST_ATTRIBUTE1_CASE_INVALID = 0, + MAB_REQUEST_ATTRIBUTE1_CASE_UPPER, + MAB_REQUEST_ATTRIBUTE1_CASE_LOWER +} MAB_REQUEST_ATTRIBUTE1_CASE_t; + + + + + +/******************** conditional Override *****************************/ + +#ifdef INCLUDE_MAB_EXPORTS_OVERRIDES +#include "mab_exports_overrides.h" +#endif + +/* USE C Declarations */ +#ifdef __cplusplus +} +#endif + +#endif /* __MAB_EXPORTS_H_*/