diff --git a/src/sonic-pac/authmgr/mapping/auth_mgr_cfg.c b/src/sonic-pac/authmgr/mapping/auth_mgr_cfg.c
new file mode 100755
index 000000000000..3f55a3c5cebc
--- /dev/null
+++ b/src/sonic-pac/authmgr/mapping/auth_mgr_cfg.c
@@ -0,0 +1,305 @@
+/*
+ * Copyright 2024 Broadcom Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+
+#include "auth_mgr_include.h"
+#include "auth_mgr_client.h"
+#include "auth_mgr_struct.h"
+
+extern authmgrCB_t *authmgrCB;
+extern void authmgrDebugCfgUpdate(void);
+
+/*********************************************************************
+* @purpose Checks if authmgr user config data has changed
+*
+* @param void
+*
+* @returns TRUE
+* @returns FALSE
+*
+* @comments none
+*
+* @end
+*********************************************************************/
+ BOOL authmgrHasDataChanged(void)
+{
+ return authmgrCB->globalInfo->authmgrCfg->cfgHdr.dataChanged;
+}
+
+/*********************************************************************
+* @purpose Reset authmgr user config data flag
+*
+* @param void
+*
+* @returns none
+*
+* @comments none
+*
+* @end
+*********************************************************************/
+void authmgrResetDataChanged(void)
+{
+ authmgrCB->globalInfo->authmgrCfg->cfgHdr.dataChanged = FALSE;
+ return;
+}
+/*********************************************************************
+* @purpose Print the current authmgr config values to serial port
+*
+* @param none
+*
+* @returns SUCCESS
+*
+* @comments none
+*
+* @end
+*********************************************************************/
+RC_t authmgrCfgDump(void)
+{
+ char8 buf[32];
+ uint32 i;
+ uint32 intIfNum = 0;
+ authmgrPortCfg_t *pCfg;
+ nimConfigID_t configIdNull;
+
+ memset(&configIdNull, 0, sizeof(nimConfigID_t));
+
+ sysapiPrintf("\n");
+ sysapiPrintf("AUTHMGR\n");
+ sysapiPrintf("=====\n");
+
+ if (authmgrCB->globalInfo->authmgrCfg->authmgrLogTraceMode == ENABLE)
+ osapiSnprintf(buf, sizeof(buf),"Enable");
+ else
+ osapiSnprintf(buf,sizeof(buf),"Disable");
+ sysapiPrintf("Log Trace Mode - %s\n\n", buf);
+
+ if(authmgrCB->globalInfo->authmgrCfg->vlanAssignmentMode == ENABLE)
+ osapiSnprintf(buf,sizeof(buf),"Enable");
+ else
+ osapiSnprintf(buf, sizeof(buf), "Disable");
+ sysapiPrintf("Vlan Assignment Mode - %s\n\n", buf);
+
+ sysapiPrintf("Interface configuration:\n");
+ for (i = 1; i < AUTHMGR_INTF_MAX_COUNT; i++)
+ {
+ if (authmgrIntfIsConfigurable(intIfNum, &pCfg) == TRUE)
+ {
+ switch (pCfg->portControlMode)
+ {
+ case AUTHMGR_PORT_FORCE_UNAUTHORIZED:
+ osapiSnprintf(buf,sizeof(buf), "forceUnauthorized");
+ break;
+ case AUTHMGR_PORT_AUTO:
+ osapiSnprintf(buf, sizeof(buf), "auto");
+ break;
+ case AUTHMGR_PORT_FORCE_AUTHORIZED:
+ osapiSnprintf(buf, sizeof(buf), "forceAuthorized");
+ break;
+ default:
+ osapiSnprintf(buf,sizeof(buf), "N/A");
+ break;
+ }
+
+ sysapiPrintf(" Port Control Mode: %s(%d)\n", buf, pCfg->portControlMode);
+ sysapiPrintf(" Quiet Period: %d\n", pCfg->quietPeriod);
+ sysapiPrintf(" ReAuth Period: %d\n", pCfg->reAuthPeriod);
+ sysapiPrintf(" Inactivity Period: %d\n", pCfg->inActivityPeriod);
+
+ switch (pCfg->reAuthEnabled)
+ {
+ case TRUE:
+ osapiSnprintf(buf, sizeof(buf),"True");
+ break;
+ case FALSE:
+ osapiSnprintf(buf, sizeof(buf), "False");
+ break;
+ default:
+ osapiSnprintf(buf,sizeof(buf), "N/A");
+ break;
+ }
+ sysapiPrintf(" ReAuth Enabled: %s\n", buf);
+
+ sysapiPrintf("\n");
+ }
+ }
+
+ sysapiPrintf("=============\n");
+ return SUCCESS;
+}
+
+/*********************************************************************
+* @purpose Build default authmgr config data
+*
+* @param none
+*
+* @returns void
+*
+* @comments
+*
+* @end
+*********************************************************************/
+void authmgrBuildDefaultConfigData(void)
+{
+ uint32 cfgIndex;
+ nimConfigID_t configId[ AUTHMGR_INTF_MAX_COUNT];
+
+ /* Save the config IDs */
+ memset((void *)&configId[0], 0, sizeof(nimConfigID_t) * AUTHMGR_INTF_MAX_COUNT);
+ for (cfgIndex = 1; cfgIndex < AUTHMGR_INTF_MAX_COUNT; cfgIndex++)
+ NIM_CONFIG_ID_COPY(&configId[cfgIndex], &authmgrCB->globalInfo->authmgrCfg->authmgrPortCfg[cfgIndex].configId);
+
+ memset((void *)authmgrCB->globalInfo->authmgrCfg, 0, sizeof(authmgrCfg_t));
+
+ for (cfgIndex = 1; cfgIndex < AUTHMGR_INTF_MAX_COUNT; cfgIndex++)
+ {
+ authmgrBuildDefaultIntfConfigData(&configId[cfgIndex], &authmgrCB->globalInfo->authmgrCfg->authmgrPortCfg[cfgIndex]);
+ }
+ authmgrCB->globalInfo->authmgrCfg->cfgHdr.dataChanged = FALSE;
+
+ authmgrCB->globalInfo->authmgrCfg->adminMode = FD_AUTHMGR_ADMIN_MODE;
+ authmgrCB->globalInfo->authmgrCfg->authmgrLogTraceMode = FD_AUTHMGR_LOG_TRACE_MODE;
+ authmgrCB->globalInfo->authmgrCfg->vlanAssignmentMode = FD_AUTHMGR_VLAN_ASSIGN_MODE;
+ authmgrCB->globalInfo->authmgrCfg->portControlMode = FD_AUTHMGR_PORT_MODE;
+ authmgrCB->globalInfo->authmgrCfg->hostMode = FD_AUTHMGR_HOST_MODE;
+
+
+ return;
+}
+
+/*********************************************************************
+* @purpose Build default authmgr port config data
+*
+* @parms config Id, the config Id to be placed into the intf config
+* @parms pCfg, a pointer to the interface structure
+*
+* @returns none
+*
+*
+* @end
+*********************************************************************/
+void authmgrBuildDefaultIntfConfigData(nimConfigID_t *configId, authmgrPortCfg_t *pCfg)
+{
+ uint32 i = 0;
+ AUTHMGR_METHOD_t buildFdList[] = FD_AUTHMGR_LIST;
+
+ pCfg->portControlMode = FD_AUTHMGR_PORT_MODE;
+ pCfg->hostMode = FD_AUTHMGR_HOST_MODE;
+ pCfg->intfConfigMask = 0;
+ pCfg->quietPeriod = FD_AUTHMGR_RESTART_TIMER_VAL;
+ pCfg->reAuthPeriod = FD_AUTHMGR_PORT_REAUTH_PERIOD;
+ pCfg->reAuthEnabled = FD_AUTHMGR_PORT_REAUTH_ENABLED;
+ pCfg->reAuthPeriodServer = FD_AUTHMGR_PORT_REAUTH_PERIOD_FROM_SERVER;
+ pCfg->maxUsers = FD_AUTHMGR_PORT_MAX_USERS;
+ pCfg->maxAuthAttempts = FD_AUTHMGR_RADIUS_MAX_AUTH_ATTEMPTS;
+ pCfg->inActivityPeriod = FD_AUTHMGR_PORT_INACTIVITY_PERIOD;
+ pCfg->paeCapabilities = FD_AUTHMGR_PORT_PAE_CAPABILITIES;
+
+ for (i = 0; i < AUTHMGR_METHOD_MAX; i++)
+ {
+ pCfg->methodList[i] = buildFdList[i];
+ pCfg->priorityList[i] = buildFdList[i];
+ }
+
+ authmgrCB->globalInfo->authmgrCfg->cfgHdr.dataChanged = FALSE;
+}
+
+/*********************************************************************
+* @purpose Apply authmgr config data
+*
+* @param void
+*
+* @returns SUCCESS
+* @returns FAILURE
+*
+* @comments
+*
+* @end
+*********************************************************************/
+RC_t authmgrApplyConfigData(void)
+{
+ return (authmgrIssueCmd(authmgrMgmtApplyConfigData, NULL, NULLPTR));
+}
+
+/*********************************************************************
+* @purpose Apply authmgr config data to specified interface
+*
+* @param intIfNum @b{(input)) internal interface number
+*
+* @returns SUCCESS
+* @returns FAILURE
+*
+* @comments
+*
+* @end
+*********************************************************************/
+RC_t authmgrApplyPortConfigData(uint32 intIfNum)
+{
+ return (authmgrIssueCmd(authmgrMgmtApplyPortConfigData, NULL, NULLPTR));
+}
+
+/*********************************************************************
+* @purpose Fill in default values and set the port state
+*
+* @param intIfNum @b{(input)) internal interface number
+*
+* @returns SUCCESS
+* @returns FAILURE
+*
+* @comments
+*
+* @end
+*********************************************************************/
+RC_t authmgrPortReset(uint32 intIfNum)
+{
+ authmgrPortInfoInitialize(intIfNum, FALSE);
+ return SUCCESS;
+}
+
+/*********************************************************************
+* @purpose Checks if authmgr debug config data has changed
+*
+* @param void
+*
+* @returns TRUE or FALSE
+*
+* @notes none
+*
+* @end
+*********************************************************************/
+ BOOL authmgrDebugHasDataChanged(void)
+{
+ return authmgrCB->globalInfo->authmgrDebugCfg.hdr.dataChanged;
+}
+
+/*********************************************************************
+* @purpose Build default authmgr config data
+*
+* @param ver Software version of Config Data
+*
+* @returns void
+*
+* @notes
+*
+* @end
+*********************************************************************/
+void authmgrDebugBuildDefaultConfigData(uint32 ver)
+{
+ authmgrCB->globalInfo->authmgrDebugCfg.hdr.dataChanged = FALSE;
+
+ /* set all flags to FALSE */
+ memset(&authmgrCB->globalInfo->authmgrDebugCfg.cfg, 0, sizeof(authmgrCB->globalInfo->authmgrDebugCfg.cfg));
+}
+
diff --git a/src/sonic-pac/authmgr/mapping/auth_mgr_client.c b/src/sonic-pac/authmgr/mapping/auth_mgr_client.c
new file mode 100644
index 000000000000..af5a7d94c956
--- /dev/null
+++ b/src/sonic-pac/authmgr/mapping/auth_mgr_client.c
@@ -0,0 +1,1418 @@
+/*
+ * Copyright 2024 Broadcom Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "auth_mgr_include.h"
+
+#include "auth_mgr_client.h"
+#include "auth_mgr_timer.h"
+#include "auth_mgr_struct.h"
+#include "pacoper_common.h"
+#include "pac_cfg_authmgr.h"
+#include "auth_mgr_vlan_db.h"
+#include "simapi.h"
+
+extern authmgrCB_t *authmgrCB;
+
+/*********************************************************************
+* @purpose Set the authmgr physical port authorization status
+*
+* @param intIfNum @b{(input)) internal interface number
+* @param portStatus @b{(input)) port authorization status setting
+*
+* @returns SUCCESS
+* @returns FAILURE
+* @returns ERROR
+*
+* @comments none
+*
+* @end
+*********************************************************************/
+RC_t authmgrIhPhysicalPortStatusSet (uint32 intIfNum,
+ AUTHMGR_PORT_STATUS_t portStatus)
+{
+ INTF_STATES_t state;
+ uchar8 ifName[ NIM_IF_ALIAS_SIZE + 1];
+ authmgrPortCfg_t *pCfg;
+ AUTHMGR_PORT_STATUS_t status;
+
+
+ AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_PORT_STATUS, intIfNum,
+ "%s:%d: Intf %d, portStatus %d\n",
+ __FUNCTION__, __LINE__, intIfNum, portStatus);
+
+ /* Set the port status in the driver */
+ if (authmgrIntfIsConfigurable (intIfNum, &pCfg) == FALSE)
+ {
+ LOGF ( LOG_SEVERITY_INFO,
+ "Interface %s not authmgr configurable", authmgrIntfIfNameGet(intIfNum));
+ return FAILURE;
+ }
+
+ state = nimGetIntfState (intIfNum);
+ if ((state != INTF_ATTACHED)
+ && (state != INTF_ATTACHING) && (state != INTF_DETACHING))
+ {
+ AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_PORT_STATUS, intIfNum,
+ "%s:%d: Intf %s, state %d\n",
+ __FUNCTION__, __LINE__, authmgrIntfIfNameGet(intIfNum), state);
+ }
+
+ /* set the port status */
+ if ( DOT1X_PAE_PORT_NONE_CAPABLE == authmgrCB->globalInfo->authmgrPortInfo[intIfNum].paeCapabilities)
+ {
+ status = portStatus;
+ }
+ else if (( AUTHMGR_SINGLE_AUTH_MODE ==
+ authmgrCB->globalInfo->authmgrPortInfo[intIfNum].hostMode)
+ || ( AUTHMGR_MULTI_AUTH_MODE ==
+ authmgrCB->globalInfo->authmgrPortInfo[intIfNum].hostMode))
+ {
+ status = AUTHMGR_PORT_STATUS_UNAUTHORIZED;
+ }
+ else
+ {
+ status = portStatus;
+ }
+
+ AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_PORT_STATUS, intIfNum,
+ "%s:Setting the port-%d to %s\n",
+ __FUNCTION__, intIfNum,
+ ( AUTHMGR_PORT_STATUS_AUTHORIZED ==
+ portStatus) ? "Authorize" : "Unauthorize");
+
+ if (nimGetIntfName(intIfNum, ALIASNAME, ifName) != SUCCESS)
+ {
+ LOGF( LOG_SEVERITY_ERROR,
+ "Unable to get aliasName for interface %s", authmgrIntfIfNameGet(intIfNum));
+ return FAILURE;
+ }
+
+ /* apply the violation policy */
+ if ( SUCCESS != authmgrViolationPolicyApply (intIfNum))
+ {
+ AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_FAILURE, intIfNum,
+ "%s:Unable to apply port violation policy for port-%s\n",
+ __FUNCTION__, authmgrIntfIfNameGet(intIfNum));
+ return FAILURE;
+ }
+
+ /* set the learning status */
+ if ( SUCCESS != authmgrPortLearningModify (intIfNum))
+ {
+ AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_FAILURE, intIfNum,
+ "%s:Unable to modify port learning for port-%s\n",
+ __FUNCTION__, authmgrIntfIfNameGet(intIfNum));
+ return FAILURE;
+ }
+
+ return SUCCESS;
+}
+
+/*********************************************************************
+* @purpose application function to add the authenticated client
+*
+* @param physPort @b{(input)} internal interface number
+* @param macAddr @b{(input)} MAC address of authorized client
+* @param vlanId @b{(input)} set to non-zero value to assign this client
+* to a VLAN
+* @param pTLV @b{(input)} pass a non-NULL pointer to apply a policy
+* for this client
+* @param blockVlanId @b{(input)} vlan id in which the client is received
+*
+* @returns SUCCESS
+* @returns FAILURE
+* @returns ERROR
+*
+* @comments none
+*
+* @end
+*********************************************************************/
+RC_t authmgrAuthenticatedClientAdd (uint32 physPort,
+ enetMacAddr_t macAddr,
+ ushort16 vlanId,
+ ushort16 blockVlanId)
+{
+ RC_t rc = SUCCESS, rc1 = SUCCESS;
+ char8 ifName[ NIM_IF_ALIAS_SIZE + 1];
+
+ AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_CLIENT, physPort,
+ "%s:%d:adding the client %s, vlan= %d to port %s \n",
+ __FUNCTION__, __LINE__,
+ AUTHMGR_PRINT_MAC_ADDR(macAddr.addr), vlanId,
+ authmgrIntfIfNameGet(physPort));
+
+ if (nimGetIntfName (physPort, ALIASNAME, ifName) != SUCCESS)
+ {
+ LOGF ( LOG_SEVERITY_ERROR,
+ "Unable to get alias for intf %s", authmgrIntfIfNameGet(physPort));
+ rc1 = FAILURE;
+ goto fail;
+ }
+
+ if (pacCfgIntfClientAdd(ifName, macAddr.addr, vlanId) != TRUE)
+ {
+ LOGF ( LOG_SEVERITY_ERROR,
+ "Unable to add client on port %s", ifName);
+ rc1 = FAILURE;
+ goto fail;
+ }
+
+ if ( SUCCESS == rc)
+ {
+ AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_CLIENT, physPort,
+ "%s:%d Inserting the mac to fdb table as static entry \n",
+ __FUNCTION__, __LINE__);
+ if (0 != blockVlanId)
+ {
+ AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_CLIENT, physPort,
+ "%s:%d Unblocking the Client %s with vlan id- %d \n",
+ __FUNCTION__, __LINE__,
+ AUTHMGR_PRINT_MAC_ADDR(macAddr.addr), blockVlanId);
+
+ if (blockVlanId != vlanId)
+ {
+ if (pacCfgIntfClientUnblock(ifName, macAddr.addr, blockVlanId) != TRUE)
+ {
+ LOGF ( LOG_SEVERITY_ERROR,
+ "Unable to block port %s", ifName);
+ rc1 = FAILURE;
+ }
+
+fail:
+ if ( SUCCESS != rc1)
+ {
+ AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_CLIENT, physPort,
+ "%s:%d Client operation not successful \n",
+ __FUNCTION__, __LINE__);
+ }
+ }
+ }
+ }
+
+ return rc;
+}
+
+/*********************************************************************
+* @purpose Set the authmgr physical port authorization status
+*
+* @param intIfNum @b{(input)} internal interface number
+* @param macAddr @b{(input)} MAC address of authorized client
+* @param vlanId @b{(input)} set to non-zero value to assign this client
+* to a VLAN
+*
+* @returns SUCCESS
+* @returns FAILURE
+* @returns ERROR
+*
+* @comments none
+*
+* @end
+*********************************************************************/
+RC_t authmgrAuthenticatedClientDelete (uint32 physPort,
+ enetMacAddr_t macAddr,
+ ushort16 vlanId)
+{
+ RC_t rc = SUCCESS;
+ char8 ifName[ NIM_IF_ALIAS_SIZE + 1];
+
+ AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_CLIENT, physPort,
+ "%s:%d:removing the client "
+ "Mac Addr: %s from port %s \n",
+ __FUNCTION__, __LINE__, AUTHMGR_PRINT_MAC_ADDR(macAddr.addr),
+ authmgrIntfIfNameGet(physPort));
+
+ if (nimGetIntfName (physPort, ALIASNAME, ifName) != SUCCESS)
+ {
+ LOGF ( LOG_SEVERITY_ERROR,
+ "Unable to get alias for intf %s", authmgrIntfIfNameGet(physPort));
+ rc = FAILURE;
+ goto label;
+ }
+
+ if (pacCfgIntfClientRemove(ifName, macAddr.addr, vlanId) != TRUE)
+ {
+ LOGF ( LOG_SEVERITY_ERROR,
+ "Unable to add client on port %s", ifName);
+ rc = FAILURE;
+ }
+
+
+label:
+ if ( SUCCESS != rc)
+ {
+ LOGF ( LOG_SEVERITY_NOTICE,
+ "Error in removing the client details from the driver."
+ " Could not remove client details from the driver");
+ AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_CLIENT, physPort,
+ "\n%s:%d Error in removing the client details from the driver\n",
+ __FUNCTION__, __LINE__);
+ }
+
+ return rc;
+}
+
+/*********************************************************************
+* @purpose function to cleanup the client hw params such as vlan and other settings
+*
+* @param logicalPortInfo @b{(input)) client logical port info structure
+*
+* @returns SUCCESS
+* @returns FAILURE
+*
+* @comments
+*
+* @end
+*********************************************************************/
+RC_t authmgrClientHwInfoCleanup (authmgrLogicalPortInfo_t * logicalPortInfo)
+{
+ RC_t rc = FAILURE;
+ authmgrPortCfg_t *pCfg;
+ BOOL valid = FALSE;
+ authmgrVlanType_t vlanType = 0;
+ uint32 vlanId = 0;
+ uint32 physPort = 0, lPort = 0, type = 0;
+
+ AUTHMGR_IF_NULLPTR_RETURN_LOG (logicalPortInfo);
+
+ AUTHMGR_LPORT_KEY_UNPACK (physPort, lPort, type, logicalPortInfo->key.keyNum);
+
+ if (authmgrIntfIsConfigurable (physPort, &pCfg) != TRUE)
+ {
+ return SUCCESS;
+ }
+
+ if ( AUTHMGR_PORT_AUTO !=
+ authmgrCB->globalInfo->authmgrPortInfo[physPort].portControlMode)
+ {
+ return SUCCESS;
+ }
+
+ /* get the host policy for the current host mode */
+ if ( SUCCESS == authmgrStaticFdbEntryValidCheck (physPort, &valid))
+ {
+ AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_CLIENT, physPort,
+ "Initiating the HW Info cleanup for the client %d\n",
+ logicalPortInfo->key.keyNum);
+
+ if (valid)
+ {
+ AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_CLIENT, physPort,
+ "trying to remove the static fdb entry for the client %d\n",
+ logicalPortInfo->key.keyNum);
+
+ rc = SUCCESS;
+ if (logicalPortInfo->client.attrCreateMask & (1<<(AUTHMGR_HW_ATTR_STATIC_FDB)))
+ {
+ /* remove the CPU inserted client */
+ rc = authmgrAuthenticatedClientDelete (physPort,
+ logicalPortInfo->client.
+ suppMacAddr,
+ logicalPortInfo->client.vlanId);
+ logicalPortInfo->client.attrCreateMask &= ~(1<<(AUTHMGR_HW_ATTR_STATIC_FDB));
+ }
+
+ if ( SUCCESS != rc)
+ {
+ AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_FAILURE, physPort,
+ "%s:%d unable to delete client on "
+ "port %d logicalPort %d, type %d vlan %d \n",
+ __FUNCTION__, __LINE__, physPort, lPort,
+ type, logicalPortInfo->client.vlanId);
+
+ return FAILURE;
+ }
+ }
+ }
+
+ /* take a back up of vlan id and Vlan type */
+ vlanType = logicalPortInfo->client.vlanType;
+ vlanId = logicalPortInfo->client.vlanId;
+
+ /* reset the data from the logical node temporarily */
+ logicalPortInfo->client.vlanId = 0;
+ logicalPortInfo->client.vlanType = AUTHMGR_VLAN_UNASSIGNED;
+
+ /* check if no clients are on the same vlan */
+ if ( SUCCESS != authmgrVlanPortDeletionValidate (physPort, vlanId))
+ {
+ AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_PORT_STATUS, physPort,
+ "%s:%d unable to clear vlan participation "
+ "port %d is having additional clients on vlan %d \n",
+ __FUNCTION__, __LINE__, physPort, vlanId);
+ return SUCCESS;
+ }
+
+
+ rc = authmgrClientVlanInfoReset (physPort, vlanId);
+
+ if ( SUCCESS != rc)
+ {
+ AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_FAILURE, physPort,
+ "%s:%d unable to clear vlan participation "
+ "port %d from vlan %d \n",
+ __FUNCTION__, __LINE__, physPort, vlanId);
+
+ /* put back the backed up info */
+ logicalPortInfo->client.vlanType = vlanType;
+ logicalPortInfo->client.vlanId = vlanId;
+ }
+
+ return rc;
+}
+
+/*********************************************************************
+* @purpose function to add cient hw params such as vlan and other settings
+*
+* @param logicalPortInfo @b{(input)) logical port info structure
+* @param macAddr @b{(input)) mac address
+* @param vlanId @b{(input)) vlanId
+* @param policyIndex @b{(input)) policyIndex
+* @param blockVlanId @b{(input)) vlan id on which client is received
+*
+* @returns SUCCESS
+* @returns FAILURE
+*
+* @comments
+*
+* @end
+*********************************************************************/
+RC_t authmgrClientHwInfoAdd (authmgrLogicalPortInfo_t * logicalPortInfo,
+ enetMacAddr_t macAddr,
+ ushort16 vlanId,
+ ushort16 blockVlanId)
+{
+ RC_t rc = FAILURE;
+ authmgrPortCfg_t *pCfg;
+ BOOL valid = FALSE;
+ uint32 physPort = 0, lPort = 0, type = 0, mask = 0;
+ char8 ifName[ NIM_IF_ALIAS_SIZE + 1];
+
+ AUTHMGR_IF_NULLPTR_RETURN_LOG (logicalPortInfo);
+
+ AUTHMGR_LPORT_KEY_UNPACK (physPort, lPort, type, logicalPortInfo->key.keyNum);
+
+ if (nimGetIntfName (physPort, ALIASNAME, ifName) != SUCCESS)
+ {
+ LOGF ( LOG_SEVERITY_ERROR,
+ "Unable to get alias for intf %s", authmgrIntfIfNameGet(physPort));
+ return FAILURE;
+ }
+
+ if (authmgrIntfIsConfigurable (physPort, &pCfg) != TRUE)
+ {
+ return SUCCESS;
+ }
+
+ if ( AUTHMGR_PORT_AUTO !=
+ authmgrCB->globalInfo->authmgrPortInfo[physPort].portControlMode)
+ {
+ return SUCCESS;
+ }
+
+ /* see if static fdb entry is allowed */
+ if ( SUCCESS ==
+ authmgrStaticFdbEntryValidCheck (physPort, &valid))
+ {
+ if (valid)
+ {
+ rc = SUCCESS;
+ if (!((1<<(AUTHMGR_HW_ATTR_STATIC_FDB) & logicalPortInfo->client.attrCreateMask)))
+ {
+ rc = authmgrAuthenticatedClientAdd (physPort,
+ macAddr, vlanId, blockVlanId);
+ }
+
+ if ( SUCCESS != rc)
+ {
+ AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_FAILURE, physPort,
+ "%s:%d unable to add client on "
+ "port %d logicalPort %d, type %d vlan %d \n",
+ __FUNCTION__, __LINE__, physPort, lPort,
+ type, vlanId);
+
+ authmgrClientHwAddFailPostHwCleanup(logicalPortInfo, mask);
+ return FAILURE;
+ }
+
+ mask |= (1<<(AUTHMGR_HW_ATTR_STATIC_FDB));
+ logicalPortInfo->client.attrCreateMask |= (1<<(AUTHMGR_HW_ATTR_STATIC_FDB));
+
+ }
+ else
+ {
+ /* un Block traffic from this client. */
+ if ( TRUE == logicalPortInfo->client.dataBlocked)
+ {
+ if (0 != logicalPortInfo->client.blockVlanId)
+ {
+ AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_FSM_EVENTS, physPort,
+ "%s, %d, disabling the settings for logicalInterface %d to permit traffic\n",
+ __func__, __LINE__, logicalPortInfo->key.keyNum);
+ if (pacCfgIntfClientUnblock(ifName, logicalPortInfo->client.suppMacAddr.addr, logicalPortInfo->client.blockVlanId) != TRUE)
+ {
+ LOGF ( LOG_SEVERITY_ERROR,
+ "Unable to block port %s", ifName);
+ return FAILURE;
+ }
+ logicalPortInfo->client.dataBlocked = FALSE;
+ }
+ }
+ }
+
+ /* make the vlan participation */
+
+ if ( SUCCESS != authmgrClientVlanInfoSet (logicalPortInfo, vlanId))
+ {
+ if (0 == authmgrCB->processInfo.vlanId)
+ {
+ authmgrCB->processInfo.vlanId = vlanId;
+ }
+ authmgrClientHwAddFailPostHwCleanup(logicalPortInfo, mask);
+ return FAILURE;
+ }
+
+ return SUCCESS;
+ }
+
+ return FAILURE;
+}
+
+/*********************************************************************
+* @purpose Set the authmgr client info
+*
+* @param logicalPortInfo @b{(input)) logical interface structure
+* @param client_info @b{(output)) client info
+*
+* @returns void
+*
+* @comments none
+*
+* @end
+*********************************************************************/
+static
+void authmgrClientInfoPopulate(authmgrLogicalPortInfo_t *logicalPortInfo,
+ pac_authenticated_clients_oper_table_t *client_info)
+{
+ uint32 physPort = 0, lPort = 0, type = 0;
+
+ AUTHMGR_LPORT_KEY_UNPACK (physPort, lPort, type, logicalPortInfo->key.keyNum);
+
+ memset(client_info, 0, sizeof(*client_info));
+
+ client_info->currentIdL = logicalPortInfo->client.currentIdL;
+ client_info->auth_status = logicalPortInfo->client.logicalPortStatus;
+ client_info->authenticatedMethod = logicalPortInfo->client.authenticatedMethod;
+
+ memcpy(&client_info->serverState, logicalPortInfo->client.serverState,
+ logicalPortInfo->client.serverStateLen);
+ client_info->serverStateLen = logicalPortInfo->client.serverStateLen;
+
+ memcpy(&client_info->serverClass, logicalPortInfo->client.serverClass,
+ logicalPortInfo->client.serverClassLen);
+ client_info->serverClassLen = logicalPortInfo->client.serverClassLen;
+
+ client_info->sessionTimeoutRcvdFromRadius = logicalPortInfo->client.sessionTimeout;
+ if ( TRUE == authmgrCB->globalInfo->authmgrPortInfo[physPort].reAuthPeriodServer)
+ {
+ client_info->sessionTimeoutOper = logicalPortInfo->client.sessionTimeout;
+ }
+ else if ( TRUE == authmgrCB->globalInfo->authmgrPortInfo[physPort].reAuthEnabled)
+ {
+ client_info->sessionTimeoutOper = authmgrCB->globalInfo->authmgrPortInfo[physPort].reAuthPeriod;
+ }
+ else
+ {
+ client_info->sessionTimeoutOper = 0;
+ }
+
+ strcpy(client_info->userName, logicalPortInfo->client.authmgrUserName);
+
+ client_info->userNameLen = logicalPortInfo->client.authmgrUserNameLength;
+
+ client_info->terminationAction = logicalPortInfo->client.terminationAction;
+
+ client_info->vlanType = logicalPortInfo->client.vlanType;
+
+ client_info->vlanId = logicalPortInfo->client.vlanId;
+
+ client_info->sessionTime = logicalPortInfo->client.sessionTime;
+
+ client_info->lastAuthTime = logicalPortInfo->client.lastAuthTime;
+
+ client_info->backend_auth_method = logicalPortInfo->client.authMethod;
+}
+
+/*********************************************************************
+* @purpose Set the authmgr global info
+*
+* @param global_info @b{(output)) global info
+*
+* @returns void
+*
+* @comments none
+*
+* @end
+*********************************************************************/
+static
+void authmgrGlobalAuthInfoPopulate(pac_global_oper_table_t *global_info)
+{
+ memset(global_info, 0, sizeof(*global_info));
+ return;
+}
+
+/*********************************************************************
+* @purpose Set the authmgr client authorization status
+*
+* @param logicalPortInfo @b{(input)) logical interface structure
+* @param portStatus @b{(input)) port authorization status setting
+*
+* @returns SUCCESS
+* @returns FAILURE
+* @returns ERROR
+*
+* @comments none
+*
+* @end
+*********************************************************************/
+RC_t authmgrClientStatusSet (authmgrLogicalPortInfo_t * logicalPortInfo,
+ AUTHMGR_PORT_STATUS_t portStatus)
+{
+ uint32 physPort = 0, lPort = 0, type = 0;
+ AUTHMGR_PORT_STATUS_t currentStatus;
+ pac_authenticated_clients_oper_table_t client_info;
+ pac_global_oper_table_t global_info;
+
+ AUTHMGR_IF_NULLPTR_RETURN_LOG (logicalPortInfo);
+
+ AUTHMGR_LPORT_KEY_UNPACK (physPort, lPort, type, logicalPortInfo->key.keyNum);
+
+ AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_CLIENT, physPort,
+ "%s:Setting the Logical port-%d to %s\n", __FUNCTION__,
+ logicalPortInfo->key.keyNum,
+ (portStatus ==
+ AUTHMGR_PORT_STATUS_AUTHORIZED) ? "Authorize" :
+ "Unauthorize");
+
+ /* Verify port status parm value */
+ if (portStatus != AUTHMGR_PORT_STATUS_AUTHORIZED
+ && portStatus != AUTHMGR_PORT_STATUS_UNAUTHORIZED)
+ {
+ return FAILURE;
+ }
+
+ /*If setting to the same value, just return success */
+ if (portStatus == logicalPortInfo->client.logicalPortStatus)
+ {
+ /* check if the client is authenticated
+ as part of re-auth */
+ if (( AUTHMGR_PORT_STATUS_AUTHORIZED == portStatus) &&
+ (logicalPortInfo->protocol.reauth))
+ {
+ if (logicalPortInfo->client.sessionTimeout != 0)
+ logicalPortInfo->client.lastAuthTime = simSystemUpTimeGet ();
+ }
+
+ authmgrClientInfoPopulate(logicalPortInfo, &client_info);
+
+ PacAuthClientOperTblSet(physPort, logicalPortInfo->client.suppMacAddr, &client_info);
+
+ authmgrGlobalAuthInfoPopulate(&global_info);
+
+ PacGlobalOperTblSet(&global_info);
+
+ AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_CLIENT, physPort,
+ "%s:%d Status already set \n", __FUNCTION__, __LINE__);
+ return SUCCESS;
+ }
+
+ if ((( AUTHMGR_PORT_FORCE_UNAUTHORIZED ==
+ authmgrCB->globalInfo->authmgrPortInfo[physPort].portControlMode)
+ && ( AUTHMGR_PORT_STATUS_AUTHORIZED == portStatus))
+ ||
+ (( AUTHMGR_PORT_FORCE_AUTHORIZED ==
+ authmgrCB->globalInfo->authmgrPortInfo[physPort].portControlMode)
+ && ( AUTHMGR_PORT_STATUS_UNAUTHORIZED == portStatus)))
+ {
+ /* this combination is not allowed.. So just a sanity check */
+ return FAILURE;
+ }
+
+ /* */
+
+ currentStatus = logicalPortInfo->client.logicalPortStatus;
+ logicalPortInfo->client.logicalPortStatus = portStatus;
+
+ if ( AUTHMGR_PORT_STATUS_AUTHORIZED == portStatus)
+ {
+ /* set the port status to authorized */
+ authmgrCB->globalInfo->authmgrPortInfo[physPort].authCount++;
+ if (authmgrCB->globalInfo->authmgrPortInfo[physPort].portControlMode !=
+ AUTHMGR_PORT_FORCE_AUTHORIZED)
+ {
+ authmgrCtlResetLogicalPortSessionData (logicalPortInfo);
+
+ authmgrClientInfoPopulate(logicalPortInfo, &client_info);
+
+ PacAuthClientOperTblSet(physPort, logicalPortInfo->client.suppMacAddr, &client_info);
+
+ authmgrGlobalAuthInfoPopulate(&global_info);
+
+ PacGlobalOperTblSet(&global_info);
+
+ }
+ }
+ else
+ {
+ if (authmgrCB->globalInfo->authmgrPortInfo[physPort].authCount > 0)
+ {
+ if ( AUTHMGR_PORT_STATUS_AUTHORIZED == currentStatus)
+ {
+ authmgrCB->globalInfo->authmgrPortInfo[physPort].authCount--;
+ }
+ if (authmgrCB->globalInfo->authmgrPortInfo[physPort].portControlMode !=
+ AUTHMGR_PORT_FORCE_UNAUTHORIZED)
+ {
+ PacAuthClientOperTblDel(physPort, logicalPortInfo->client.suppMacAddr);
+
+ authmgrGlobalAuthInfoPopulate(&global_info);
+ PacGlobalOperTblSet(&global_info);
+ }
+ }
+ }
+
+ if (((0 == authmgrCB->globalInfo->authmgrPortInfo[physPort].authCount) &&
+ ( AUTHMGR_PORT_STATUS_UNAUTHORIZED == portStatus)) ||
+ ((1 == authmgrCB->globalInfo->authmgrPortInfo[physPort].authCount) &&
+ ( AUTHMGR_PORT_STATUS_AUTHORIZED == portStatus)))
+
+ {
+ authmgrIhPhysicalPortStatusSet (physPort, portStatus);
+ }
+
+ return SUCCESS;
+}
+
+/*********************************************************************
+* @purpose function to cleanup the client sw info
+*
+* @param logicalPortInfo @b{(input)) logical interface structure
+*
+* @returns SUCCESS
+* @returns FAILURE
+*
+* @comments
+*
+* @end
+*********************************************************************/
+RC_t authmgrClientSwInfoCleanup (authmgrLogicalPortInfo_t * logicalPortInfo)
+{
+ RC_t rc = SUCCESS, rc1 = SUCCESS, rc2 = SUCCESS, rc3 = SUCCESS;
+ authmgrPortCfg_t *pCfg;
+ uint32 physPort = 0, lPort = 0, type = 0;
+ enetMacAddr_t nullMacAddr;
+
+ memset (&nullMacAddr.addr, 0, ENET_MAC_ADDR_LEN);
+
+ AUTHMGR_IF_NULLPTR_RETURN_LOG (logicalPortInfo);
+
+ AUTHMGR_LPORT_KEY_UNPACK (physPort, lPort, type, logicalPortInfo->key.keyNum);
+
+ if (authmgrIntfIsConfigurable (physPort, &pCfg) != TRUE)
+ {
+ return SUCCESS;
+ }
+
+ if (0 != logicalPortInfo->authmgrMethodNoRespTimer.handle.timer)
+ {
+ rc =
+ authmgrTimerDestroy (authmgrCB->globalInfo->authmgrTimerCB,
+ logicalPortInfo, AUTHMGR_METHOD_NO_RESP_TMR);
+ }
+
+ if (0 != logicalPortInfo->authmgrTimer.handle.timer)
+ {
+ rc =
+ authmgrTimerDestroy (authmgrCB->globalInfo->authmgrTimerCB,
+ logicalPortInfo,
+ logicalPortInfo->authmgrTimer.cxt.type);
+ }
+
+ /* send the accounting update */
+ if ( AUTHMGR_PORT_STATUS_AUTHORIZED ==
+ logicalPortInfo->client.logicalPortStatus)
+ {
+ /* notify the associated method to disconnected client */
+
+ if ( NULLPTR !=
+ authmgrCB->globalInfo->authmgrCallbacks[logicalPortInfo->client.
+ authenticatedMethod].
+ eventNotifyFn)
+ {
+ rc =
+ authmgrCB->globalInfo->authmgrCallbacks[logicalPortInfo->client.
+ authenticatedMethod].eventNotifyFn
+ (physPort, authmgrClientDisconnect,
+ &logicalPortInfo->client.suppMacAddr);
+ }
+ }
+ else
+ {
+ /* 802.1X/MAB clients may be in the process of authenticating.
+ de-authenticate 802.1X/MAB clients */
+
+ if ( NULLPTR !=
+ authmgrCB->globalInfo->authmgrCallbacks[logicalPortInfo->client.currentMethod].
+ eventNotifyFn)
+ {
+ rc =
+ authmgrCB->globalInfo->authmgrCallbacks[logicalPortInfo->client.currentMethod].eventNotifyFn
+ (physPort, authmgrClientDisconnect,
+ &logicalPortInfo->client.suppMacAddr);
+ }
+ }
+
+ /* set the client to un-authorized */
+
+ rc1 =
+ authmgrClientStatusSet (logicalPortInfo,
+ AUTHMGR_PORT_STATUS_UNAUTHORIZED);
+
+ if ( TRUE == logicalPortInfo->protocol.eapSuccess)
+ {
+ AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_PORT_STATUS, physPort,
+ "%s:Send EAP Success instead of Failure for data client on port [%s]\n\r",
+ __FUNCTION__, authmgrIntfIfNameGet(physPort));
+
+ logicalPortInfo->protocol.eapSuccess = FALSE;
+ authmgrTxCannedSuccess (logicalPortInfo->key.keyNum, AUTHMGR_LOGICAL_PORT);
+ }
+ else
+ {
+ authmgrTxCannedFail (logicalPortInfo->key.keyNum, AUTHMGR_LOGICAL_PORT);
+ }
+
+ /*remove supplicant mac address from Mac address Database */
+ /*input check */
+ if (0 !=
+ memcmp (logicalPortInfo->client.suppMacAddr.addr, nullMacAddr.addr,
+ ENET_MAC_ADDR_LEN))
+ {
+ rc2 = authmgrMacAddrInfoRemove (&(logicalPortInfo->client.suppMacAddr));
+ }
+
+ if (authmgrCB->globalInfo->authmgrPortInfo[physPort].numUsers > 0)
+ {
+ authmgrCB->globalInfo->authmgrPortInfo[physPort].numUsers--;
+ }
+
+ if (authmgrCB->globalInfo->authmgrPortInfo[physPort].numUsers == 0)
+ {
+ authmgrIhPhysicalPortStatusSet(physPort, AUTHMGR_PORT_STATUS_UNAUTHORIZED);
+ }
+
+ /* Deallocate memory for Clients */
+ rc3 = authmgrLogicalPortInfoDeAlloc (logicalPortInfo);
+
+ if (( SUCCESS != rc) ||
+ ( SUCCESS != rc1) || ( SUCCESS != rc2) || ( SUCCESS != rc3))
+ {
+ AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_FAILURE, physPort,
+ "%s:Unable to clean up client sw info on port-%s\n",
+ __FUNCTION__, authmgrIntfIfNameGet(physPort));
+ return FAILURE;
+ }
+ else
+ {
+ return SUCCESS;
+ }
+}
+
+/*********************************************************************
+* @purpose function to cleanup the client
+*
+* @param logicalPortInfo @b{(input)) logical interface structure
+*
+* @returns SUCCESS
+* @returns FAILURE
+*
+* @comments
+*
+* @end
+*********************************************************************/
+RC_t authmgrClientInfoCleanup (authmgrLogicalPortInfo_t * logicalPortInfo)
+{
+ RC_t rc = SUCCESS, rc1 = SUCCESS;
+ authmgrPortCfg_t *pCfg;
+ uint32 physPort = 0, lPort = 0, type = 0;
+ enetMacAddr_t zeroMac;
+ BOOL valid = FALSE;
+ uchar8 ifName[ NIM_IF_ALIAS_SIZE + 1];
+
+ AUTHMGR_IF_NULLPTR_RETURN_LOG (logicalPortInfo);
+
+ AUTHMGR_LPORT_KEY_UNPACK (physPort, lPort, type, logicalPortInfo->key.keyNum);
+
+ nimGetIntfName(physPort, ALIASNAME, ifName);
+ if (authmgrIntfIsConfigurable (physPort, &pCfg) != TRUE)
+ {
+ return SUCCESS;
+ }
+
+ AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_PORT_STATUS, physPort,
+ "%s:Deleting client authenticated with method %d on Physical port-%s VLAN type %s \n",
+ __FUNCTION__, logicalPortInfo->client.authenticatedMethod, authmgrIntfIfNameGet(physPort),
+ authmgrVlanTypeStringGet(logicalPortInfo->client.vlanType));
+ LOGF ( LOG_SEVERITY_NOTICE,
+ "Client %s is getting disconnected on port (%s) with VLAN type %s.",
+ AUTHMGR_PRINT_MAC_ADDR(logicalPortInfo->client.suppMacAddr.addr),
+ ifName, authmgrVlanTypeStringGet (logicalPortInfo->client.vlanType));
+
+ authmgrCB->oldInfo.vlanId = logicalPortInfo->client.vlanId;
+
+ /* clean up the client info from hw */
+ if ( AUTHMGR_PORT_STATUS_AUTHORIZED ==
+ logicalPortInfo->client.logicalPortStatus)
+ {
+ rc = authmgrClientHwInfoCleanup (logicalPortInfo);
+ }
+ else
+ {
+ if (( SUCCESS == authmgrHostIsDynamicNodeAllocCheck
+ (authmgrCB->globalInfo->authmgrPortInfo[physPort].hostMode, &valid)) &&
+ ( TRUE == valid))
+ {
+ /* if exists unblock the client */
+ memset (&zeroMac, 0, sizeof ( enetMacAddr_t));
+
+ if ((0 != memcmp (zeroMac.addr, logicalPortInfo->client.suppMacAddr.addr,
+ ENET_MAC_ADDR_LEN)) &&
+ (0 != logicalPortInfo->client.blockVlanId))
+ {
+ if (pacCfgIntfClientUnblock(ifName, logicalPortInfo->client.suppMacAddr.addr,
+ logicalPortInfo->client.blockVlanId) != TRUE)
+ {
+ LOGF ( LOG_SEVERITY_ERROR,
+ "Unable to block port %s", ifName);
+ rc1 = FAILURE;
+ }
+
+ AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_FSM_EVENTS, physPort,
+ "%s, %d,Enabling the settings for logicalInterface %d to receive further packets to CPU\n",
+ __func__, __LINE__, logicalPortInfo->key.keyNum);
+
+ logicalPortInfo->client.dataBlocked = FALSE;
+
+ if ( SUCCESS != rc1)
+ {
+ AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_FAILURE, physPort,
+ "%s:%d unable to delete client on "
+ "port %d logicalPort %d, type %d vlan %d \n",
+ __FUNCTION__, __LINE__, physPort, logicalPortInfo->key.keyNum,
+ type, logicalPortInfo->client.vlanId);
+ }
+ }
+ }
+ else if ( FALSE == valid)
+ {
+ /* check if any blocked un-auth clients
+ are present */
+ if (0 != logicalPortInfo->client.blockVlanId)
+ {
+ /* if exists unblock the client */
+ memset (&zeroMac, 0, sizeof ( enetMacAddr_t));
+
+ if ((0 != memcmp (zeroMac.addr, logicalPortInfo->client.suppMacAddr.addr,
+ ENET_MAC_ADDR_LEN)) &&
+ (0 != logicalPortInfo->client.blockVlanId))
+ {
+ AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_FSM_EVENTS, physPort,
+ "%s, %d,Enabling the settings for logicalInterface %d to receive further packets to CPU\n",
+ __func__, __LINE__, logicalPortInfo->key.keyNum);
+
+ logicalPortInfo->client.dataBlocked = FALSE;
+
+ if ( SUCCESS != rc1)
+ {
+ AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_FAILURE, physPort,
+ "%s:%d unable to delete client on "
+ "port %s logicalPort %d, type %d vlan %d \n",
+ __FUNCTION__, __LINE__, authmgrIntfIfNameGet(physPort), lPort,
+ type, logicalPortInfo->client.vlanId);
+ }
+ }
+ }
+ }
+ }
+
+ if ( SUCCESS == rc)
+ {
+ rc = authmgrClientSwInfoCleanup (logicalPortInfo);
+ }
+
+ return rc;
+}
+
+/*********************************************************************
+* @purpose function to check and deAllocate the client
+*
+* @param logicalPortInfo @b{(input)) logical interface structure
+*
+* @returns SUCCESS
+* @returns FAILURE
+*
+* @comments
+*
+* @end
+*********************************************************************/
+RC_t authmgrClientDisconnectAction (authmgrLogicalPortInfo_t *
+ logicalPortInfo)
+{
+ RC_t rc = SUCCESS;
+ authmgrPortCfg_t *pCfg;
+ uint32 physPort = 0, lPort = 0, type = 0;
+ BOOL valid = FALSE;
+
+ AUTHMGR_IF_NULLPTR_RETURN_LOG (logicalPortInfo);
+
+ AUTHMGR_LPORT_KEY_UNPACK (physPort, lPort, type, logicalPortInfo->key.keyNum);
+
+ if (authmgrIntfIsConfigurable (physPort, &pCfg) != TRUE)
+ {
+ return SUCCESS;
+ }
+
+ /* check if the client can be de-allocated */
+
+ AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_CLIENT, physPort,
+ "checking if logicalInterface %d can be disconnected\n",
+ logicalPortInfo->key.keyNum);
+
+ if ( TRUE != logicalPortInfo->protocol.heldTimerExpired)
+ {
+ AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_CLIENT, physPort,
+ "%s:Held time not expired for client on port -%s\n",
+ __FUNCTION__, authmgrIntfIfNameGet(physPort));
+ return FAILURE;
+ }
+
+ logicalPortInfo->protocol.heldTimerExpired = FALSE;
+
+ if ( SUCCESS ==
+ authmgrHostIsDynamicNodeAllocCheck (authmgrCB->globalInfo->
+ authmgrPortInfo[physPort].hostMode,
+ &valid))
+ {
+ AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_CLIENT, physPort,
+ "logicalInterface %d is getting disconnected\n",
+ logicalPortInfo->key.keyNum);
+ rc = authmgrClientInfoCleanup (logicalPortInfo);
+ }
+ return rc;
+}
+
+/*********************************************************************
+* @purpose utility function to check if the client client params needs cleanup
+* before adding new params
+* @param logicalPortInfo
+* @param vlanId
+* @param policyId
+* @return SUCCESS/ FAILURE
+*
+* @comments
+*
+* @end
+*********************************************************************/
+RC_t authmgrClientInfoCleanupCheck (authmgrClientInfo_t * src,
+ authmgrClientInfo_t * dst)
+{
+ AUTHMGR_IF_NULLPTR_RETURN_LOG (src);
+ AUTHMGR_IF_NULLPTR_RETURN_LOG (dst);
+
+ if ((src->vlanId == dst->vlanId) &&
+ ( AUTHMGR_PORT_STATUS_AUTHORIZED ==
+ src->logicalPortStatus))
+ {
+ return SUCCESS;
+ }
+
+ return FAILURE;
+}
+
+/*********************************************************************
+* @purpose function to perform client related actions if client auth is
+* failure or timeout.
+*
+* @param logicalPortInfo -- client logical port structure
+* @return SUCCESS/ FAILURE
+*
+* @comments
+*
+* @end
+*********************************************************************/
+RC_t authmgrClientFailTimeoutAction (authmgrLogicalPortInfo_t *
+ logicalPortInfo)
+{
+ uint32 physPort = 0, vlanId = 0;
+ RC_t rc = SUCCESS;
+ authmgrClientInfo_t client;
+ uchar8 ifName[ NIM_IF_ALIAS_SIZE + 1];
+
+ AUTHMGR_IF_NULLPTR_RETURN_LOG (logicalPortInfo);
+ AUTHMGR_PORT_GET (physPort, logicalPortInfo->key.keyNum);
+
+ memset(&client, 0 , sizeof(authmgrClientInfo_t));
+
+
+ nimGetIntfName(physPort, ALIASNAME, ifName);
+
+
+ /* check for the allowed data clients */
+
+ client = logicalPortInfo->client;
+ client.vlanId = vlanId;
+
+ if ( SUCCESS ==
+ authmgrClientInfoCleanupCheck (&logicalPortInfo->client, &client))
+ {
+ AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_FAILURE, physPort,
+ "%s:Nothing changed for logicalPort num-%d\n ",
+ __FUNCTION__, logicalPortInfo->key.keyNum);
+ return SUCCESS;
+ }
+
+ if ( AUTHMGR_PORT_STATUS_AUTHORIZED ==
+ logicalPortInfo->client.logicalPortStatus)
+ {
+ /* clean up previous data */
+ if ( SUCCESS != authmgrClientHwInfoCleanup (logicalPortInfo))
+ {
+ AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_FAILURE, physPort,
+ "%s:Unable to cleanup client hw info logicalPort num-%d\n",
+ __FUNCTION__, logicalPortInfo->key.keyNum);
+ }
+ }
+
+ return rc;
+}
+
+RC_t authmgrBlockFdbCleanup(authmgrLogicalPortInfo_t *logicalPortInfo)
+{
+ uint32 physPort = 0;
+ RC_t rc = SUCCESS;
+ enetMacAddr_t zeroMac;
+ char8 ifName[ NIM_IF_ALIAS_SIZE + 1];
+
+ AUTHMGR_IF_NULLPTR_RETURN_LOG(logicalPortInfo);
+
+ AUTHMGR_PORT_GET(physPort, logicalPortInfo->key.keyNum);
+
+ /* if exists unblock the client */
+ memset (&zeroMac, 0, sizeof ( enetMacAddr_t));
+
+ if ((0 != memcmp (zeroMac.addr, logicalPortInfo->client.suppMacAddr.addr,
+ ENET_MAC_ADDR_LEN)) &&
+ (0 != logicalPortInfo->client.blockVlanId))
+ {
+ /* mac exists */
+ if (nimGetIntfName (physPort, ALIASNAME, ifName) != SUCCESS)
+ {
+ LOGF ( LOG_SEVERITY_ERROR,
+ "Unable to get alias for intf %s", authmgrIntfIfNameGet(physPort));
+ return FAILURE;
+ }
+
+ if ((pacCfgIntfClientUnblock(ifName, logicalPortInfo->client.suppMacAddr.addr,
+ logicalPortInfo->client.blockVlanId)) != TRUE)
+ {
+ LOGF ( LOG_SEVERITY_ERROR,
+ "Unable to block port %s", ifName);
+ rc = FAILURE;
+ }
+ }
+ return rc;
+}
+
+
+RC_t authmgrStaticFdbCleanup(authmgrLogicalPortInfo_t *logicalPortInfo)
+{
+ uint32 physPort = 0;
+ RC_t rc = SUCCESS;
+
+ AUTHMGR_IF_NULLPTR_RETURN_LOG(logicalPortInfo);
+
+ AUTHMGR_PORT_GET(physPort, logicalPortInfo->key.keyNum);
+
+ if (logicalPortInfo->client.attrCreateMask & (1<<(AUTHMGR_HW_ATTR_STATIC_FDB)))
+ {
+ rc = authmgrAuthenticatedClientDelete (physPort,
+ logicalPortInfo->client.
+ suppMacAddr,
+ authmgrCB->processInfo.vlanId);
+ }
+ logicalPortInfo->client.attrCreateMask &= ~(1<<(AUTHMGR_HW_ATTR_STATIC_FDB));
+
+ return rc;
+
+}
+
+/*************************************************************************
+* @purpose utility function to get function map entry for the given event
+*
+* @param event @b{(input)} event
+* @param elem @b{(input)} Pointer to map entry
+*
+* @returns SUCCESS
+* @returns FAILURE
+*
+* @comments none
+*
+* @end
+*************************************************************************/
+RC_t authmgrHwCleanupEventFnMapGet (uint32 event,
+ authmgrHwCleanupEventMap_t * elem)
+{
+ uint32 i = 0;
+ static authmgrHwCleanupEventMap_t authmgrHwCleanupEventMapTable[] = {
+ {AUTHMGR_HW_ATTR_STATIC_FDB, authmgrStaticFdbCleanup},
+ {AUTHMGR_HW_ATTR_BLOCK_FDB, authmgrBlockFdbCleanup},
+ {AUTHMGR_HW_ATTR_PVID, NULLPTR}
+ };
+
+ for (i = 0;
+ i <
+ (sizeof (authmgrHwCleanupEventMapTable) / sizeof (authmgrHwCleanupEventMap_t));
+ i++)
+ {
+ if (event == authmgrHwCleanupEventMapTable[i].event)
+ {
+ *elem = authmgrHwCleanupEventMapTable[i];
+ return SUCCESS;
+ }
+ }
+
+ return FAILURE;
+}
+
+/*********************************************************************
+* @purpose utility function to check if the client ckpt params modified
+* @param src
+* @param dst
+* @return SUCCESS/ FAILURE
+*
+* @comments
+*
+* @end
+*********************************************************************/
+RC_t authmgrClientHwAddFailPostHwCleanup (authmgrLogicalPortInfo_t *logicalPortInfo,
+ uint32 mask)
+{
+ uint32 i = 0;
+ authmgrHwCleanupEventMap_t entry;
+ AUTHMGR_IF_NULLPTR_RETURN_LOG (logicalPortInfo);
+
+ for (i = 0; i < AUTHMGR_HW_ATTR_LAST; i++)
+ {
+ if (mask & (1<< i))
+ {
+ memset(&entry, 0, sizeof(authmgrHwCleanupEventMap_t));
+
+ authmgrHwCleanupEventFnMapGet(i, &entry);
+
+ if ( NULLPTR != entry.cleanupFn)
+ {
+ entry.cleanupFn(logicalPortInfo);
+ }
+ }
+ }
+
+ return SUCCESS;
+}
+
+/*********************************************************************
+* @purpose function to cleanup the authenticated client sw info
+*
+* @param logicalPortInfo @b{(input)) logical interface structure
+*
+* @returns SUCCESS
+* @returns FAILURE
+*
+* @comments
+*
+* @end
+*********************************************************************/
+RC_t authmgrAuthenticatedClientSwInfoCleanup (authmgrLogicalPortInfo_t * logicalPortInfo)
+{
+ RC_t rc = SUCCESS;
+ authmgrPortCfg_t *pCfg;
+ uint32 physPort = 0, lPort = 0, type = 0;
+ enetMacAddr_t macAddr;
+ uchar8 userName[AUTHMGR_USER_NAME_LEN] = {0};
+ uint32 userNameLength = 0;
+
+ memset(&macAddr, 0, sizeof( enetMacAddr_t));
+
+ AUTHMGR_IF_NULLPTR_RETURN_LOG (logicalPortInfo);
+
+ AUTHMGR_LPORT_KEY_UNPACK (physPort, lPort, type, logicalPortInfo->key.keyNum);
+
+ if (authmgrIntfIsConfigurable (physPort, &pCfg) != TRUE)
+ {
+ return SUCCESS;
+ }
+
+ if (0 != logicalPortInfo->authmgrTimer.handle.timer)
+ {
+ rc =
+ authmgrTimerDestroy (authmgrCB->globalInfo->authmgrTimerCB,
+ logicalPortInfo,
+ logicalPortInfo->authmgrTimer.cxt.type);
+ }
+
+ /* send the accounting update */
+ if ( AUTHMGR_PORT_STATUS_AUTHORIZED ==
+ logicalPortInfo->client.logicalPortStatus)
+ {
+ /* notify the associated method to disconnected client */
+
+ if ( NULLPTR !=
+ authmgrCB->globalInfo->authmgrCallbacks[logicalPortInfo->client.
+ authenticatedMethod].
+ eventNotifyFn)
+ {
+ rc =
+ authmgrCB->globalInfo->authmgrCallbacks[logicalPortInfo->client.
+ authenticatedMethod].eventNotifyFn
+ (physPort, authmgrClientDisconnect,
+ &logicalPortInfo->client.suppMacAddr);
+ }
+ }
+
+ /* set the client to un-authorized */
+
+ rc =
+ authmgrClientStatusSet (logicalPortInfo,
+ AUTHMGR_PORT_STATUS_UNAUTHORIZED);
+
+
+ if ( TRUE == logicalPortInfo->protocol.eapSuccess)
+ {
+ AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_PORT_STATUS, physPort,
+ "%s:Send EAP Success instead of Failure for data client on port [%d]\n\r",
+ __FUNCTION__, physPort);
+
+ logicalPortInfo->protocol.eapSuccess = FALSE;
+ authmgrTxCannedSuccess (logicalPortInfo->key.keyNum, AUTHMGR_LOGICAL_PORT);
+ }
+ else
+ {
+ authmgrTxCannedFail (logicalPortInfo->key.keyNum, AUTHMGR_LOGICAL_PORT);
+ }
+
+ memcpy(&macAddr, &logicalPortInfo->client.suppMacAddr, sizeof( enetMacAddr_t));
+
+ memset(&logicalPortInfo->protocol, 0, sizeof(authmgrProtocolInfo_t));
+ memset(&logicalPortInfo->client, 0, sizeof(authmgrClientInfo_t));
+ memcpy(&logicalPortInfo->client.suppMacAddr, &macAddr, sizeof( enetMacAddr_t));
+ memcpy(logicalPortInfo->client.authmgrUserName, userName, AUTHMGR_USER_NAME_LEN);
+ logicalPortInfo->client.authmgrUserNameLength = userNameLength;
+
+ return SUCCESS;
+}
+
+/*********************************************************************
+* @purpose function to cleanup the authenticated client
+*
+* @param logicalPortInfo @b{(input)) logical interface structure
+*
+* @returns SUCCESS
+* @returns FAILURE
+*
+* @comments
+*
+* @end
+*********************************************************************/
+RC_t authmgrAuthenticatedClientCleanup (authmgrLogicalPortInfo_t * logicalPortInfo)
+{
+ RC_t rc = SUCCESS;
+ authmgrPortCfg_t *pCfg;
+ uint32 physPort = 0, lPort = 0, type = 0;
+ enetMacAddr_t clientMac;
+ uchar8 ifName[ NIM_IF_ALIAS_SIZE + 1];
+ uint32 vlanId = 0;
+
+ AUTHMGR_IF_NULLPTR_RETURN_LOG (logicalPortInfo);
+
+ AUTHMGR_LPORT_KEY_UNPACK (physPort, lPort, type, logicalPortInfo->key.keyNum);
+
+ nimGetIntfName(physPort, ALIASNAME, ifName);
+ if (authmgrIntfIsConfigurable (physPort, &pCfg) != TRUE)
+ {
+ return SUCCESS;
+ }
+
+ if ( AUTHMGR_PORT_STATUS_AUTHORIZED !=
+ logicalPortInfo->client.logicalPortStatus)
+ {
+ AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_PORT_STATUS, physPort,
+ "%s:client is not in authorized state %d on Physical port-%s VLAN type %s \n",
+ __FUNCTION__, logicalPortInfo->client.logicalPortStatus, ifName,
+ authmgrVlanTypeStringGet(logicalPortInfo->client.vlanType));
+ /* return */
+ return FAILURE;
+ }
+ AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_PORT_STATUS, physPort,
+ "%s:Deleting client authenticated with method %d on Physical port-%s VLAN type %s \n",
+ __FUNCTION__, logicalPortInfo->client.authenticatedMethod, ifName,
+ authmgrVlanTypeStringGet(logicalPortInfo->client.vlanType));
+
+ memset (&clientMac, 0, sizeof ( enetMacAddr_t));
+ memcpy(&clientMac, &logicalPortInfo->client.suppMacAddr, sizeof ( enetMacAddr_t));
+
+ authmgrCB->oldInfo.vlanId = logicalPortInfo->client.vlanId;
+
+ /* clean up the client info from hw */
+ if ( AUTHMGR_PORT_STATUS_AUTHORIZED ==
+ logicalPortInfo->client.logicalPortStatus)
+ {
+ rc = authmgrClientHwInfoCleanup (logicalPortInfo);
+
+ authmgrAuthenticatedClientSwInfoCleanup(logicalPortInfo);
+ logicalPortInfo->client.blockVlanId = vlanId;
+ logicalPortInfo->client.logicalPortStatus = AUTHMGR_PORT_STATUS_UNAUTHORIZED;
+ }
+
+ return rc;
+}
+
+/*********************************************************************
+* @purpose function to check and cleanup authenticated client's params
+*
+* @param logicalPortInfo @b{(input)) logical interface structure
+*
+* @returns SUCCESS
+* @returns FAILURE
+*
+* @comments
+*
+* @end
+*********************************************************************/
+RC_t authmgrAuthenticatedClientCleanupAction (authmgrLogicalPortInfo_t *
+ logicalPortInfo)
+{
+ return authmgrAuthenticatedClientCleanup(logicalPortInfo);
+}
+
+
diff --git a/src/sonic-pac/authmgr/mapping/auth_mgr_cnfgr.c b/src/sonic-pac/authmgr/mapping/auth_mgr_cnfgr.c
new file mode 100755
index 000000000000..759250e334b8
--- /dev/null
+++ b/src/sonic-pac/authmgr/mapping/auth_mgr_cnfgr.c
@@ -0,0 +1,553 @@
+/*
+ * Copyright 2024 Broadcom Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+
+#include "auth_mgr_include.h"
+#include "auth_mgr_struct.h"
+#include "auth_mgr_debug.h"
+#include "auth_mgr_auth_method.h"
+#include "auth_mgr_ih.h"
+#include "auth_mgr_vlan_db.h"
+#include "osapi_sem.h"
+
+authmgrCB_t *authmgrCB = NULLPTR;
+
+authmgrCnfgrState_t authmgrCnfgrState;
+authMgrVlanDbData_t *authmgrVlanStateDb; /* Vlan operational state cache. */
+authMgrVlanDbData_t *authmgrVlanCfgDb; /* Vlan configured state cache. */
+
+#define platAuthMgrMaxUsersGet() (512)
+
+static uint32 platIntfMaxCountGet (void)
+{
+ return MAX_INTERFACE_COUNT;
+}
+
+/*********************************************************************
+*
+* @purpose System Initialization for authmgr component
+*
+* @param none
+
+* @returns SUCCESS, if success
+* @returns FAILURE, if other failure
+*
+* @comments none
+*
+* @end
+*********************************************************************/
+RC_t authmgrInit (void)
+{
+ /* invoke dependent libraries */
+
+ authmgrCB = osapiMalloc ( AUTHMGR_COMPONENT_ID, sizeof (authmgrCB_t));
+
+ if ( NULLPTR == authmgrCB)
+ {
+ return FAILURE;
+ }
+
+ memset (authmgrCB, 0, sizeof (authmgrCB_t));
+
+ /*semaphore creation for task protection over the common data*/
+ authmgrCB->authmgrTaskSyncSema = osapiSemaCCreate( OSAPI_SEM_Q_FIFO, OSAPI_SEM_EMPTY);
+ if (authmgrCB->authmgrTaskSyncSema == NULL)
+ {
+ LOGF( LOG_SEVERITY_NOTICE,
+ "Unable to create authmgr task semaphore");
+ return FAILURE;
+ }
+
+ authmgrCB->authmgrBulkQueue =
+ (void *) osapiMsgQueueCreate ("authmgrBulkQueue", AUTHMGR_MSG_COUNT,
+ (uint32) sizeof (authmgrBulkMsg_t));
+ if (authmgrCB->authmgrBulkQueue == NULLPTR)
+ {
+ LOGF ( LOG_SEVERITY_INFO,
+ "authmgrInit: Bulk msgQueue creation error.\n");
+ return FAILURE;
+ }
+
+ authmgrCB->authmgrVlanEventQueue =
+ (void *) osapiMsgQueueCreate ("authmgrVlanEventQueue", AUTHMGR_VLAN_MSG_COUNT,
+ (uint32) sizeof (authmgrVlanMsg_t));
+ if (authmgrCB->authmgrVlanEventQueue == NULLPTR)
+ {
+ LOGF ( LOG_SEVERITY_INFO,
+ "authmgrInit: VLAN event msgQueue creation error.\n");
+ return FAILURE;
+ }
+
+ authmgrCB->authmgrQueue =
+ (void *) osapiMsgQueueCreate ("authmgrQueue", AUTHMGR_MSG_COUNT,
+ (uint32) sizeof (authmgrMsg_t));
+ if (authmgrCB->authmgrQueue == NULLPTR)
+ {
+ LOGF ( LOG_SEVERITY_INFO,
+ "authmgrInit: msgQueue creation error.\n");
+ return FAILURE;
+ }
+
+ if (authmgrStartTasks () != SUCCESS)
+ {
+ return FAILURE;
+ }
+
+ return SUCCESS;
+}
+
+/*********************************************************************
+*
+* @purpose System Init Undo for authmgr component
+*
+* @param none
+*
+* @comments none
+*
+* @end
+*********************************************************************/
+void authmgrInitUndo ()
+{
+ if (authmgrCB->authmgrQueue != NULLPTR)
+ {
+ osapiMsgQueueDelete (authmgrCB->authmgrQueue);
+ }
+
+ if (authmgrCB->authmgrBulkQueue != NULLPTR)
+ {
+ osapiMsgQueueDelete (authmgrCB->authmgrBulkQueue);
+ }
+
+ if (authmgrCB->authmgrVlanEventQueue != NULLPTR)
+ {
+ osapiMsgQueueDelete (authmgrCB->authmgrVlanEventQueue);
+ }
+
+ if ( NULL != authmgrCB->authmgrTaskSyncSema)
+ {
+ (void)osapiSemaDelete(authmgrCB->authmgrTaskSyncSema);
+ }
+
+ if ( NULL != authmgrCB->authmgrSrvrTaskSyncSema)
+ {
+ (void)osapiSemaDelete(authmgrCB->authmgrSrvrTaskSyncSema);
+ }
+
+ (void) osapiRWLockDelete (authmgrCB->authmgrRWLock);
+ (void) osapiRWLockDelete (authmgrCB->authmgrCfgRWLock);
+
+
+ if (authmgrCB->authmgrTaskId != 0)
+ {
+ osapiTaskDelete (authmgrCB->authmgrTaskId);
+ }
+
+ if (authmgrCB->authmgrSrvrTaskId != 0)
+ {
+ osapiTaskDelete (authmgrCB->authmgrSrvrTaskId);
+ }
+
+ if ( NULLPTR != authmgrCB)
+ {
+ osapiFree ( AUTHMGR_COMPONENT_ID, authmgrCB);
+ }
+
+ authmgrCnfgrState = AUTHMGR_PHASE_INIT_0;
+}
+
+/*********************************************************************
+* @purpose This function process the configurator control commands/request
+* pair Init Phase 1.
+*
+* @param none
+
+* @param pReason - @b{(output)} Reason if ERROR.
+*
+* @returns SUCCESS - There were no errors. Response is available.
+*
+* @returns ERROR - There were errors. Reason code is available.
+*
+* @comments The following are valid response:
+* CNFGR_CMD_COMPLETE
+*
+* @commets The following are valid error reason code:
+* CNFGR_ERR_RC_FATAL
+* CNFGR_ERR_RC_LACK_OF_RESOURCES
+*
+* @end
+*********************************************************************/
+RC_t authmgrCnfgrInitPhase1Process (void)
+{
+ RC_t authmgrRC, rc;
+ RC_t rc1 = SUCCESS;
+ RC_t rc2 = SUCCESS;
+ uint32 authmgrMaxTimerNodes;
+
+ authmgrRC = SUCCESS;
+
+ printf("%s:%d\r\n", __FUNCTION__, __LINE__);
+
+ authmgrCB->globalInfo =
+ osapiMalloc ( AUTHMGR_COMPONENT_ID, sizeof (authmgrGlobalInfo_t));
+
+ if ( NULLPTR == authmgrCB->globalInfo)
+ {
+ authmgrRC = ERROR;
+ return authmgrRC;
+ }
+
+ authmgrCB->globalInfo->authmgrCfg =
+ osapiMalloc ( AUTHMGR_COMPONENT_ID, sizeof (authmgrCfg_t));
+
+ authmgrCB->globalInfo->authmgrPortInfo =
+ osapiMalloc ( AUTHMGR_COMPONENT_ID,
+ sizeof (authmgrPortInfo_t) * AUTHMGR_INTF_MAX_COUNT);
+
+ rc = authmgrLogicalPortInfoDBInit (platAuthMgrMaxUsersGet ());
+
+ authmgrCB->globalInfo->authmgrPortSessionStats =
+ osapiMalloc ( AUTHMGR_COMPONENT_ID,
+ (sizeof (authmgrPortSessionStats_t) *
+ (platIntfMaxCountGet () + 1)));
+
+ authmgrCB->globalInfo->authmgrPortStats =
+ osapiMalloc ( AUTHMGR_COMPONENT_ID,
+ sizeof (authmgrPortStats_t) * platIntfMaxCountGet ());
+
+ authmgrCB->globalInfo->authmgrMapTbl =
+ osapiMalloc ( AUTHMGR_COMPONENT_ID,
+ sizeof (uint32) * platIntfMaxCountGet ());
+
+ authmgrVlanStateDb = osapiMalloc( AUTHMGR_COMPONENT_ID,
+ sizeof (authMgrVlanDbData_t));
+
+ authmgrVlanCfgDb = osapiMalloc( AUTHMGR_COMPONENT_ID,
+ sizeof (authMgrVlanDbData_t));
+
+ if (( NULLPTR == authmgrVlanStateDb) || ( NULLPTR == authmgrVlanCfgDb))
+ {
+ authmgrRC = ERROR;
+ return authmgrRC;
+ }
+
+ /* initialize Mac address database */
+
+ rc = authmgrMacAddrInfoDBInit (platAuthMgrMaxUsersGet ());
+
+ /* Two timers per client; one for protocol and one for interim accounting.
+ 30 seconds timer needed for voice clients are not accounted for presently. */
+ authmgrMaxTimerNodes = (2 * platAuthMgrMaxUsersGet());
+
+ /* Allocate buffer pool for App Timer */
+ if (bufferPoolInit
+ ( AUTHMGR_COMPONENT_ID, authmgrMaxTimerNodes, APP_TMR_NODE_SIZE,
+ "AUTHMGR Timer Bufs",
+ &authmgrCB->globalInfo->authmgrAppTimerBufferPoolId) != SUCCESS)
+ {
+ authmgrRC = ERROR;
+
+ return authmgrRC;
+ }
+
+ if ((authmgrCB->globalInfo->authmgrCfg == NULLPTR) ||
+ (authmgrCB->globalInfo->authmgrPortInfo == NULLPTR) ||
+ (rc == FAILURE) ||
+ (rc1 == FAILURE) ||
+ (rc2 == FAILURE) ||
+ (authmgrCB->globalInfo->authmgrPortStats == NULLPTR) ||
+ (authmgrCB->globalInfo->authmgrMapTbl == NULLPTR) ||
+ (authmgrCB->globalInfo->authmgrPortSessionStats == NULLPTR))
+ {
+ authmgrRC = ERROR;
+
+ return authmgrRC;
+ }
+
+ /* Zero bitmasks to indicate no interfaces are enabled */
+ memset ((void *) authmgrCB->globalInfo->authmgrCfg, 0, sizeof (authmgrCfg_t));
+ memset ((void *) authmgrCB->globalInfo->authmgrPortInfo, 0,
+ sizeof (authmgrPortInfo_t) * AUTHMGR_INTF_MAX_COUNT);
+ memset ((void *) authmgrCB->globalInfo->authmgrPortStats, 0,
+ sizeof (authmgrPortStats_t) * platIntfMaxCountGet ());
+ memset ((void *) authmgrCB->globalInfo->authmgrMapTbl, 0,
+ sizeof (uint32) * platIntfMaxCountGet ());
+ memset ((void *) authmgrCB->globalInfo->authmgrPortSessionStats, 0,
+ sizeof (authmgrPortSessionStats_t) * ( MAX_INTERFACE_COUNT + 1));
+
+ authmgrCnfgrState = AUTHMGR_PHASE_INIT_1;
+
+ printf("%s:%d\r\n", __FUNCTION__, __LINE__);
+
+ return authmgrRC;
+}
+
+/*********************************************************************
+* @purpose This function process the configurator control commands/request
+* pair Init Phase 2.
+*
+* @param pResponse - @b{(output)} Response if SUCCESS.
+*
+* @param pReason - @b{(output)} Reason if ERROR.
+*
+* @returns SUCCESS - There were no errors. Response is available.
+*
+* @returns ERROR - There were errors. Reason code is available.
+*
+* @comments The following are valid response:
+* CNFGR_CMD_COMPLETE
+*
+* @comments The following are valid error reason code:
+* CNFGR_ERR_RC_FATAL
+* CNFGR_ERR_RC_LACK_OF_RESOURCES
+*
+* @end
+*********************************************************************/
+RC_t authmgrCnfgrInitPhase2Process (void)
+{
+ RC_t authmgrRC;
+ printf("%s:%d\r\n", __FUNCTION__, __LINE__);
+
+ authmgrRC = SUCCESS;
+
+ authmgrCnfgrState = AUTHMGR_PHASE_INIT_2;
+
+ if (nimRegisterIntfChange ( AUTHMGR_COMPONENT_ID, authmgrIntfChangeCallback,
+ authmgrIntfStartupCallback, NIM_STARTUP_PRIO_AUTHMGR)
+ != SUCCESS)
+ {
+ return FAILURE;
+ }
+
+ if ( SUCCESS != authmgrEventCallbackRegister( AUTHMGR_METHOD_8021X,
+ NULL, NULL,
+ authmgrDot1xEventSend, authmgrDot1xIntfAdminModeGet,
+ NULL))
+ {
+ return FAILURE;
+ }
+
+
+ if ( SUCCESS != authmgrEventCallbackRegister( AUTHMGR_METHOD_MAB,
+ NULL, NULL,
+ authmgrMabEventSend, authmgrMabIntfAdminModeGet,
+ NULL))
+ {
+ return FAILURE;
+ }
+
+ return authmgrRC;
+}
+
+/*********************************************************************
+* @purpose This function process the configurator control commands/request
+* pair Init Phase 3.
+*
+* @param pResponse - @b{(output)} Response if SUCCESS.
+*
+* @param pReason - @b{(output)} Reason if ERROR.
+*
+* @returns SUCCESS - There were no errors. Response is available.
+*
+* @returns ERROR - There were errors. Reason code is available.
+*
+* @comments The following are valid response:
+* CNFGR_CMD_COMPLETE
+*
+* @comments The following are valid error reason code:
+* CNFGR_ERR_RC_FATAL
+* CNFGR_ERR_RC_LACK_OF_RESOURCES
+*
+* @end
+*********************************************************************/
+RC_t authmgrCnfgrInitPhase3Process ( BOOL warmRestart)
+{
+ RC_t authmgrRC;
+
+ authmgrRC = SUCCESS;
+ printf("%s:%d\r\n", __FUNCTION__, __LINE__);
+
+ authmgrBuildDefaultConfigData();
+
+ authmgrCnfgrState = AUTHMGR_PHASE_INIT_3;
+ if (authmgrCtlApplyConfigData () != SUCCESS)
+ {
+ authmgrRC = ERROR;
+
+ return authmgrRC;
+ }
+ printf("%s:%d\r\n", __FUNCTION__, __LINE__);
+
+ return authmgrRC;
+}
+
+/*********************************************************************
+* @purpose This function undoes authmgrCnfgrInitPhase1Process
+*
+* @param none
+*
+* @returns none
+*
+* @comments none
+*
+* @end
+*********************************************************************/
+void authmgrCnfgrFiniPhase1Process ()
+{
+ if (authmgrCB->globalInfo->authmgrCfg != NULLPTR)
+ {
+ osapiFree ( AUTHMGR_COMPONENT_ID, authmgrCB->globalInfo->authmgrCfg);
+ authmgrCB->globalInfo->authmgrCfg = NULLPTR;
+ }
+
+ if (authmgrCB->globalInfo->authmgrPortInfo != NULLPTR)
+ {
+ osapiFree ( AUTHMGR_COMPONENT_ID, authmgrCB->globalInfo->authmgrPortInfo);
+ authmgrCB->globalInfo->authmgrPortInfo = NULLPTR;
+ }
+ authmgrLogicalPortInfoDBDeInit ();
+
+ if (authmgrCB->globalInfo->authmgrPortStats != NULLPTR)
+ {
+ osapiFree ( AUTHMGR_COMPONENT_ID,
+ authmgrCB->globalInfo->authmgrPortStats);
+ authmgrCB->globalInfo->authmgrPortStats = NULLPTR;
+ }
+
+ if (authmgrCB->globalInfo->authmgrMapTbl != NULLPTR)
+ {
+ osapiFree ( AUTHMGR_COMPONENT_ID, authmgrCB->globalInfo->authmgrMapTbl);
+ authmgrCB->globalInfo->authmgrMapTbl = NULLPTR;
+ }
+
+ authmgrMacAddrInfoDBDeInit ();
+
+ authmgrInitUndo ();
+
+ if (authmgrCB->globalInfo != NULLPTR)
+ {
+ osapiFree ( AUTHMGR_COMPONENT_ID, authmgrCB->globalInfo);
+ authmgrCB->globalInfo = NULLPTR;
+ }
+
+ authmgrCnfgrState = AUTHMGR_PHASE_INIT_0;
+}
+
+/*********************************************************************
+* @purpose This function undoes authmgrCnfgrInitPhase2Process
+*
+* @param none
+*
+* @returns none
+*
+* @comments none
+*
+* @end
+*********************************************************************/
+void authmgrCnfgrFiniPhase3Process ()
+{
+ CNFGR_RESPONSE_t response;
+ CNFGR_ERR_RC_t reason;
+
+ /* this func will place authmgrCnfgrState to WMU */
+ authmgrCnfgrUconfigPhase2 (&response, &reason);
+}
+
+/*********************************************************************
+* @purpose This function process the configurator control commands/request
+* pair as a NOOP.
+*
+* @param pResponse - @b{(output)} Response always command complete.
+*
+* @param pReason - @b{(output)} Always 0
+*
+* @returns SUCCESS - Always return this value. onse is available.
+*
+*
+* @comments The following are valid response:
+* CNFGR_CMD_COMPLETE
+*
+* @comments The following are valid error reason code:
+* None.
+*
+* @end
+*********************************************************************/
+RC_t authmgrCnfgrNoopProccess ( CNFGR_RESPONSE_t * pResponse,
+ CNFGR_ERR_RC_t * pReason)
+{
+ RC_t authmgrRC = SUCCESS;
+
+ /* Return Value to caller */
+ *pResponse = CNFGR_CMD_COMPLETE;
+ *pReason = 0;
+ return authmgrRC;
+}
+
+/*********************************************************************
+* @purpose This function process the configurator control commands/request
+* pair Unconfigure Phase 2.
+*
+* @param pResponse - @b{(output)} Response if SUCCESS.
+*
+* @param pReason - @b{(output)} Reason if ERROR.
+*
+* @returns SUCCESS - There were no errors. Response is available.
+*
+* @returns ERROR - There were errors. Reason code is available.
+*
+* @comments The following are valid response:
+* CNFGR_CMD_COMPLETE
+*
+* @comments The following are valid error reason code:
+* CNFGR_ERR_RC_FATAL
+*
+* @end
+*********************************************************************/
+
+RC_t authmgrCnfgrUconfigPhase2 ( CNFGR_RESPONSE_t * pResponse,
+ CNFGR_ERR_RC_t * pReason)
+{
+ RC_t authmgrRC;
+
+ *pResponse = CNFGR_CMD_COMPLETE;
+ *pReason = 0;
+ authmgrRC = SUCCESS;
+
+ memset (authmgrCB->globalInfo->authmgrCfg, 0, sizeof (authmgrCfg_t));
+
+ authmgrCnfgrState = AUTHMGR_PHASE_WMU;
+
+ return authmgrRC;
+}
+
+/***************************************************************************
+* @purpose This function process the configurator control commands/request
+* pair TERMINATE.
+*
+* @param pCmdData - @b{(input)} command data.
+*
+* @returns none.
+*
+*
+* @notes
+*
+* @end
+***************************************************************************/
+void authmgrCnfgrTerminateProcess ( CNFGR_CMD_DATA_t * pCmdData)
+{
+
+}
+
+
diff --git a/src/sonic-pac/authmgr/mapping/auth_mgr_control.c b/src/sonic-pac/authmgr/mapping/auth_mgr_control.c
new file mode 100644
index 000000000000..28f56d431bff
--- /dev/null
+++ b/src/sonic-pac/authmgr/mapping/auth_mgr_control.c
@@ -0,0 +1,5503 @@
+/*
+ * Copyright 2024 Broadcom Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#define MAC_EAPOL_PDU
+
+#include "auth_mgr_include.h"
+#include "osapi_sem.h"
+#include "auth_mgr_exports.h"
+#include "auth_mgr_client.h"
+#include "auth_mgr_timer.h"
+#include "auth_mgr_struct.h"
+#include "auth_mgr_auth_method.h"
+#include "pac_cfg_authmgr.h"
+#include "auth_mgr_vlan_db.h"
+#include "pacoper_common.h"
+
+extern authmgrCB_t *authmgrCB;
+
+extern authmgrCnfgrState_t authmgrCnfgrState;
+
+extern authmgrLogicalPortInfo_t processInfo;
+
+RC_t authmgrClientHwInfoCleanupAndReadd(authmgrLogicalPortInfo_t *logicalPortInfo,
+ authmgrClientInfo_t *processInfo);
+
+RC_t authmgrAddMac (uint32 lIntIfNum);
+
+extern int osapi_proc_set (const char *path, const char *value);
+
+#define attributeCmp(a, b) \
+ if (strlen(a) != 0) \
+ { \
+ if (memcmp(b, a, sizeof(b)) == 0) \
+ { \
+ entryFound = TRUE; \
+ } \
+ else \
+ { \
+ entryFound = FALSE; \
+ break; \
+ } \
+ }
+
+#define attributeIntCmp(a, b) \
+ if (a) \
+ { \
+ if (a == b) \
+ { \
+ entryFound = TRUE; \
+ } \
+ else \
+ { \
+ entryFound = FALSE; \
+ break; \
+ } \
+ }
+
+/*********************************************************************
+* @purpose function to compare auth mgr lists
+*
+* @param list1 auth mgr list1
+* @param list2 auth mgr list2
+* @return TRUE or FALSE
+*
+* @comments
+*
+* @end
+*********************************************************************/
+ BOOL authmgrListArrayCompare ( AUTHMGR_METHOD_t * list1,
+ AUTHMGR_METHOD_t * list2,
+ uint32 len)
+{
+ if (0 != memcmp (list1, list2, len))
+ {
+ return FALSE;
+ }
+
+ return TRUE;
+}
+
+/*********************************************************************
+* @purpose Initialize authmgr tasks and data
+*
+* @param none
+*
+* @returns SUCCESS or FAILURE
+*
+* @comments none
+*
+* @end
+*********************************************************************/
+RC_t authmgrStartTasks ()
+{
+ printf("%s:%d\r\n", __FUNCTION__, __LINE__);
+
+ if (osapiRWLockCreate (&authmgrCB->authmgrRWLock,
+ OSAPI_RWLOCK_Q_PRIORITY) == FAILURE)
+ {
+ LOGF ( LOG_SEVERITY_INFO,
+ "Error creating authmgrRWlock semaphore \n");
+ return FAILURE;
+ }
+
+ if (osapiRWLockCreate (&authmgrCB->authmgrCfgRWLock,
+ OSAPI_RWLOCK_Q_PRIORITY) == FAILURE)
+ {
+ LOGF ( LOG_SEVERITY_INFO,
+ "Error creating authmgrCfgRWlock semaphore \n");
+ return FAILURE;
+ }
+
+ /* create authmgrTask - to service authmgr message queue */
+ authmgrCB->authmgrTaskId =
+ osapiTaskCreate ("authmgrTask", (void *) authmgrTask, 0, 0,
+ 2 * authmgrSidDefaultStackSize (),
+ authmgrSidDefaultTaskPriority (),
+ authmgrSidDefaultTaskSlice ());
+
+ if (authmgrCB->authmgrTaskId == 0)
+ {
+ LOGF ( LOG_SEVERITY_INFO,
+ "Failed to create authmgr task.\n");
+ return FAILURE;
+ }
+
+ if (osapiWaitForTaskInit ( AUTHMGR_TASK_SYNC, WAIT_FOREVER) !=
+ SUCCESS)
+ {
+ LOGF ( LOG_SEVERITY_INFO,
+ "Unable to initialize authmgr task.\n");
+ return FAILURE;
+ }
+
+ /* create authmgrSrvrTask - to service authmgr message queue */
+ authmgrCB->authmgrSrvrTaskId =
+ osapiTaskCreate ("authmgrSrvrTask", (void *) authmgrSrvrTask, 0, 0,
+ 2 * authmgrSidDefaultStackSize (),
+ authmgrSidDefaultTaskPriority (),
+ authmgrSidDefaultTaskSlice ());
+
+ if (authmgrCB->authmgrSrvrTaskId == 0)
+ {
+ LOGF ( LOG_SEVERITY_INFO,
+ "Failed to create authmgr task.\n");
+ return FAILURE;
+ }
+
+ if (osapiWaitForTaskInit ( AUTHMGR_SRVR_TASK_SYNC, WAIT_FOREVER) !=
+ SUCCESS)
+ {
+ LOGF ( LOG_SEVERITY_INFO,
+ "Unable to initialize authmgr srvr task.\n");
+ return FAILURE;
+ }
+
+ return SUCCESS;
+}
+
+/*********************************************************************
+* @purpose authmgr task which serves the request queue
+*
+* @param none
+*
+* @returns void
+*
+* @comments User-interface writes and all are serviced off
+* of the authmgrQueue
+*
+* @end
+*********************************************************************/
+void authmgrTask ()
+{
+ authmgrMsg_t msg;
+ authmgrBulkMsg_t bulkMsg;
+ authmgrVlanMsg_t vlanMsg;
+
+ printf("%s:%d\r\n", __FUNCTION__, __LINE__);
+
+ (void) osapiTaskInitDone ( AUTHMGR_TASK_SYNC);
+
+ /* allocate the required data structures */
+ authmgrCnfgrInitPhase1Process();
+
+ /* do inter component registration */
+ authmgrCnfgrInitPhase2Process();
+
+ authmgrCnfgrInitPhase3Process( FALSE);
+
+ for (;;)
+ {
+ /* Since we are reading from multiple queues, we cannot wait forever
+ * on the message receive from each queue. Rather than sleep between
+ * queue reads, use a semaphore to indicate whether any queue has
+ * data. Wait until data is available. */
+
+ if (osapiSemaTake(authmgrCB->authmgrTaskSyncSema, WAIT_FOREVER) != SUCCESS)
+ {
+ LOGF( LOG_SEVERITY_ERROR,
+ "Unable to acquire AUTHMGR message queue semaphore.");
+ continue;
+ }
+
+ memset(&authmgrCB->processInfo, 0, sizeof(authmgrClientInfo_t));
+ memset(&authmgrCB->oldInfo, 0, sizeof(authmgrClientInfo_t));
+
+
+ if (osapiMessageReceive
+ (authmgrCB->authmgrVlanEventQueue, (void *) &vlanMsg,
+ (uint32) sizeof (authmgrVlanMsg_t), NO_WAIT) == SUCCESS)
+ {
+ (void) authmgrVlanDispatchCmd (&vlanMsg);
+ }
+ else if (osapiMessageReceive
+ (authmgrCB->authmgrQueue, (void *) &msg,
+ (uint32) sizeof (authmgrMsg_t), NO_WAIT) == SUCCESS)
+ {
+ (void) authmgrDispatchCmd (&msg);
+ }
+ else if (osapiMessageReceive
+ (authmgrCB->authmgrBulkQueue, (void *) &bulkMsg,
+ (uint32) sizeof (authmgrBulkMsg_t), NO_WAIT) == SUCCESS)
+ {
+ (void) authmgrBulkDispatchCmd (&bulkMsg);
+ }
+ }
+}
+
+/*********************************************************************
+* @purpose authmgr srvr task which serves the request queue
+*
+* @param none
+*
+* @returns void
+*
+* @comments external applications are serviced off
+* of the authmgrQueue
+*
+* @end
+*********************************************************************/
+void authmgrSrvrTask ()
+{
+ printf("%s:%d\r\n", __FUNCTION__, __LINE__);
+
+ (void) osapiTaskInitDone ( AUTHMGR_SRVR_TASK_SYNC);
+
+ handle_async_resp_data (&authmgrCB->listen_sock);
+ return;
+}
+
+/*********************************************************************
+* @purpose Save the data in a message to a shared memory
+*
+* @param *data @b{(input)} pointer to data
+* @param *msg @b{(input)} authmgr message
+*
+* @returns SUCCESS or FAILURE
+*
+* @comments Once the message is serviced, this variable size data will
+* be retrieved
+*
+* @end
+*********************************************************************/
+RC_t authmgrFillMsg (void *data, authmgrMsg_t * msg)
+{
+ switch (msg->event)
+ {
+
+ case authmgrMgmtAdminModeEnable:
+ case authmgrMgmtAdminModeDisable:
+ case authmgrMethodOrderModify:
+ case authmgrMethodPriorityModify:
+ break;
+
+ /* events originating from UI */
+ case authmgrMgmtPortInitializeSet:
+ case authmgrMgmtLogicalPortInitializeSet:
+ case authmgrMgmtPortReauthenticateSet:
+ case authmgrMgmtLogicalPortReauthenticateSet:
+ case authmgrMgmtPortControlModeSet:
+ case authmgrMgmtHostControlModeSet:
+ case authmgrMgmtPortQuietPeriodSet:
+ case authmgrMgmtPortInactivePeriodSet:
+ case authmgrMgmtPortReAuthEnabledSet:
+ case authmgrMgmtPortMaxUsersSet:
+ case authmgrPaeCapabilitiesEvent:
+ case authmgrViolationModeSet:
+ case authmgrCtlPortInfoReset:
+ /* add to queue uint32 size */
+ memcpy (&msg->data.msgParm, data, sizeof (uint32));
+ break;
+
+ case authmgrMgmtPortReAuthPeriodSet:
+ memcpy (&msg->data.timePeriod, data, sizeof (authmgrMgmtTimePeriod_t));
+ break;
+
+ case authmgrIntfChange:
+ /* add to queue a NIM correlator */
+ memcpy (&msg->data.authmgrIntfChangeParms, data,
+ sizeof (authmgrIntfChangeParms_t));
+ break;
+
+ case authmgrIntfStartup:
+ /* add to queue a NIM correlator */
+ memcpy (&msg->data.startupPhase, data, sizeof (NIM_STARTUP_PHASE_t));
+ break;
+
+ case authmgrClientTimeout:
+ case authmgrDelDuplicateEntry:
+ case authmgrAddMacInMacDB:
+ case authmgrTimeTick:
+ case authmgrAuthenticationStart:
+ case authmgrClientCleanup:
+ break; /* NULL data, proceed */
+
+ case authmgrAuthMethodCallbackEvent:
+ memcpy (&msg->data.authParams, data, sizeof (authmgrAuthRespParams_t));
+ break;
+
+ case authmgrAaaInfoReceived:
+ /* add to queue a char pointer */
+ memcpy (&msg->data.authmgrAaaMsg, data, sizeof (authmgrAaaMsg_t));
+ break;
+
+ default:
+ /* unmatched event */
+ return FAILURE;
+ } /* switch */
+
+ return SUCCESS;
+}
+
+/*********************************************************************
+* @purpose Save the bulk data in a message to a shared memory
+*
+* @param *data @b{(input)} pointer to data
+* @param *msg @b{(input)} authmgr message
+*
+* @returns SUCCESS or FAILURE
+*
+* @comments Once the message is serviced, this variable size data will
+* be retrieved
+*
+* @end
+*********************************************************************/
+RC_t authmgrBulkFillMsg (void *data, authmgrBulkMsg_t * msg)
+{
+ switch (msg->event)
+ {
+ case authmgrUnauthAddrCallBackEvent:
+ memcpy (&msg->data.unauthParms, data,
+ sizeof (authmgrUnauthCallbackParms_t));
+ break;
+
+ default:
+ /* unmatched event */
+ return FAILURE;
+ } /* switch */
+
+ return SUCCESS;
+}
+
+/*********************************************************************
+* @purpose Save the VLAN data in a message to a shared memory
+*
+* @param *data @b{(input)} pointer to data
+* @param *msg @b{(input)} authmgr message
+*
+* @returns SUCCESS or FAILURE
+*
+* @comments Once the message is serviced, this variable size data will
+* be retrieved
+*
+* @end
+*********************************************************************/
+RC_t authmgrVlanFillMsg (void *data, authmgrVlanMsg_t * msg)
+{
+ switch (msg->event)
+ {
+ case authmgrVlanDeleteEvent:
+ case authmgrVlanAddEvent:
+ case authmgrVlanAddPortEvent:
+ case authmgrVlanDeletePortEvent:
+ case authmgrVlanPvidChangeEvent:
+ case authmgrVlanConfDeleteEvent:
+ case authmgrVlanConfPortDeleteEvent:
+ memcpy (&msg->data.vlanData, data, sizeof (dot1qNotifyData_t));
+ break;
+
+ default:
+ /* unmatched event */
+ return FAILURE;
+ } /* switch */
+
+ return SUCCESS;
+}
+
+/*********************************************************************
+* @purpose Send a command to authmgr queue
+*
+* @param event @b{(input)} event type
+* @param intIfNum @b{(input)} internal interface number
+* @param *data @b{(input)} pointer to data
+*
+* @returns SUCCESS or FAILURE
+*
+* @comments Command is queued for service
+*
+* @end
+*********************************************************************/
+RC_t authmgrIssueCmd (uint32 event, uint32 intIfNum, void *data)
+{
+ authmgrMsg_t msg;
+ authmgrBulkMsg_t bulkMsg;
+ authmgrVlanMsg_t vlanMsg;
+
+ RC_t rc;
+
+ memset(&msg, 0, sizeof(authmgrMsg_t));
+ memset(&bulkMsg, 0, sizeof(authmgrBulkMsg_t));
+ memset(&vlanMsg, 0, sizeof(authmgrVlanMsg_t));
+
+
+ /* send message */
+ if (event == authmgrUnauthAddrCallBackEvent)
+ {
+ if (data != NULLPTR)
+ {
+ bulkMsg.event = event;
+ bulkMsg.intf = intIfNum;
+
+ (void) authmgrBulkFillMsg (data, &bulkMsg);
+ }
+
+ rc =
+ osapiMessageSend (authmgrCB->authmgrBulkQueue, &bulkMsg,
+ (uint32) sizeof (authmgrBulkMsg_t), NO_WAIT,
+ MSG_PRIORITY_NORM);
+ }
+ else if ((event == authmgrVlanDeleteEvent) ||
+ (event == authmgrVlanAddEvent) ||
+ (event == authmgrVlanAddPortEvent) ||
+ (event == authmgrVlanDeletePortEvent) ||
+ (event == authmgrVlanPvidChangeEvent) ||
+ (event == authmgrVlanConfDeleteEvent) ||
+ (event == authmgrVlanConfPortDeleteEvent))
+ {
+ if (data != NULLPTR)
+ {
+ vlanMsg.event = event;
+ vlanMsg.intf = intIfNum;
+
+ (void) authmgrVlanFillMsg (data, &vlanMsg);
+ }
+
+ rc =
+ osapiMessageSend (authmgrCB->authmgrVlanEventQueue, &vlanMsg,
+ (uint32) sizeof (authmgrVlanMsg_t), NO_WAIT,
+ MSG_PRIORITY_NORM);
+ }
+ else
+ {
+ msg.event = event;
+ msg.intf = intIfNum;
+ if (data != NULLPTR)
+ {
+ (void) authmgrFillMsg (data, &msg);
+ }
+
+ rc =
+ osapiMessageSend (authmgrCB->authmgrQueue, &msg,
+ (uint32) sizeof (authmgrMsg_t), NO_WAIT,
+ MSG_PRIORITY_NORM);
+ }
+
+ rc = osapiSemaGive(authmgrCB->authmgrTaskSyncSema);
+ if(rc != SUCCESS)
+ {
+ LOGF( LOG_SEVERITY_NOTICE,
+ "Failed to give msgQueue to Authmgr task sync semaphore.\n");
+ }
+
+
+ if (rc != SUCCESS)
+ {
+ AUTHMGR_ERROR_SEVERE
+ ("Failed to send to authmgrQueue! Event: %u, interface: %s\n", event,
+ authmgrIntfIfNameGet(intIfNum));
+ }
+
+ return rc;
+}
+
+/*********************************************************************
+* @purpose Route the event to a handling function and grab the parms
+*
+* @param msg @b{(input)} authmgr message
+*
+* @returns SUCCESS or FAILURE
+*
+* @comments
+*
+* @end
+*********************************************************************/
+RC_t authmgrDispatchCmd (authmgrMsg_t * msg)
+{
+ RC_t rc = FAILURE;
+
+ (void) osapiWriteLockTake (authmgrCB->authmgrRWLock, WAIT_FOREVER);
+
+ memset(&authmgrCB->oldInfo, 0, sizeof(authmgrClientInfo_t));
+
+ switch (msg->event)
+ {
+ case authmgrIntfChange:
+ rc = authmgrIhProcessIntfChange (msg->intf,
+ msg->data.authmgrIntfChangeParms.intfEvent,
+ msg->data.authmgrIntfChangeParms.
+ nimCorrelator);
+ break;
+
+ case authmgrIntfStartup:
+ rc = authmgrIhProcessIntfStartup (msg->data.startupPhase);
+ break;
+
+ case authmgrTimeTick:
+ rc = authmgrTimerAction ();
+ break;
+
+ case authmgrMgmtAdminModeEnable:
+ rc = authmgrCtlAdminModeEnable();
+ break;
+
+ case authmgrMgmtAdminModeDisable:
+ rc = authmgrCtlAdminModeDisable();
+ break;
+
+ case authmgrMgmtPortInitializeSet:
+ rc = authmgrCtlPortInitializeSet (msg->intf, msg->data.msgParm);
+ break;
+
+ case authmgrMgmtLogicalPortInitializeSet:
+ rc = authmgrCtlLogicalPortInitializeSet (msg->intf);
+ break;
+
+ case authmgrMgmtPortReauthenticateSet:
+ rc = authmgrCtlPortReauthenticateSet (msg->intf, msg->data.msgParm);
+ break;
+
+ case authmgrMgmtLogicalPortReauthenticateSet:
+ rc = authmgrCtlLogicalPortReauthenticateSet (msg->intf, msg->data.msgParm);
+ break;
+
+ case authmgrMgmtPortControlModeSet:
+ rc = authmgrCtlPortControlModeSet (msg->intf, msg->data.msgParm);
+ break;
+
+ case authmgrPaeCapabilitiesEvent:
+ rc = authmgrPaeCapabilitiesEventProcess (msg->intf, msg->data.msgParm);
+ break;
+
+ case authmgrViolationModeSet:
+ rc = authmgrViolationModeSetAction (msg->intf, msg->data.msgParm);
+ break;
+
+ case authmgrMgmtHostControlModeSet:
+ rc = authmgrPortCtrlHostModeSet (msg->intf, msg->data.msgParm);
+ break;
+
+ case authmgrMgmtPortQuietPeriodSet:
+ rc = authmgrCtlPortQuietPeriodSet (msg->intf, msg->data.msgParm);
+ break;
+
+ case authmgrMgmtPortReAuthPeriodSet:
+ rc = authmgrCtlPortReAuthPeriodSet (msg->intf, &msg->data.timePeriod);
+ break;
+
+ case authmgrMgmtPortReAuthEnabledSet:
+ rc = authmgrCtlPortReAuthEnabledSet (msg->intf, msg->data.msgParm);
+ break;
+
+ case authmgrMgmtPortStatsClear:
+ rc = authmgrCtlPortStatsClear (msg->intf);
+ break;
+
+ case authmgrMgmtApplyConfigData:
+ rc = authmgrCtlApplyConfigData ();
+ break;
+
+ case authmgrMgmtApplyPortConfigData:
+ rc = authmgrCtlApplyPortConfigData (msg->intf);
+ break;
+
+ case authmgrMgmtPortMaxUsersSet:
+ rc = authmgrCtlPortMaxUsersSet (msg->intf, msg->data.msgParm);
+ break;
+
+ case authmgrAuthMethodCallbackEvent:
+ rc = authmgrClientCallbackEventProcess (msg->intf, &msg->data.authParams);
+ break;
+
+ case authmgrClientTimeout:
+ case authmgrDelDuplicateEntry:
+ rc = authmgrCtlLogicalPortClientTimeout (msg->intf);
+ break;
+
+ case authmgrClientCleanup:
+ rc = authmgrCtlClientCleanup (msg->intf);
+ break;
+
+ case authmgrAddMacInMacDB:
+ rc = authmgrAddMac (msg->intf);
+ break;
+
+ case authmgrAaaInfoReceived:
+ rc = authmgrRadiusResponseProcess (msg->intf,
+ msg->data.authmgrAaaMsg.status,
+ msg->data.authmgrAaaMsg.pResponse,
+ msg->data.authmgrAaaMsg.respLen);
+ break;
+
+ case authmgrAuthenticationStart:
+ authmgrAuthenticationInitiate (msg->intf);
+ break;
+
+ case authmgrMethodOrderModify:
+ case authmgrMethodPriorityModify:
+ rc = authmgrMethodModifyAction (msg->intf);
+ break;
+
+ case authmgrCtlPortInfoReset:
+ rc = authmgrCtlPortReset(msg->intf, msg->data.msgParm);
+ break;
+
+ default:
+ rc = FAILURE;
+ }
+
+ (void) osapiWriteLockGive (authmgrCB->authmgrRWLock);
+ return rc;
+}
+
+/*********************************************************************
+* @purpose Route the event to a handling function and grab the parms
+*
+* @param msg @b{(input)} authmgr message
+*
+* @returns SUCCESS or FAILURE
+*
+* @comments
+*
+* @end
+*********************************************************************/
+RC_t authmgrBulkDispatchCmd (authmgrBulkMsg_t * msg)
+{
+ RC_t rc = FAILURE;
+
+ (void) osapiWriteLockTake (authmgrCB->authmgrRWLock, WAIT_FOREVER);
+
+ switch (msg->event)
+ {
+ case authmgrUnauthAddrCallBackEvent:
+ rc =
+ authmgrCtlPortUnauthAddrCallbackProcess (msg->intf,
+ msg->data.unauthParms.macAddr,
+ msg->data.unauthParms.vlanId);
+ break;
+ default:
+ rc = FAILURE;
+ }
+
+ (void) osapiWriteLockGive (authmgrCB->authmgrRWLock);
+ return rc;
+}
+
+/*********************************************************************
+* @purpose Route the event to a handling function and grab the parms
+*
+* @param msg @b{(input)} authmgr message
+*
+* @returns SUCCESS or FAILURE
+*
+* @comments
+*
+* @end
+*********************************************************************/
+RC_t authmgrVlanDispatchCmd (authmgrVlanMsg_t * msg)
+{
+ RC_t rc = FAILURE;
+
+ (void) osapiWriteLockTake (authmgrCB->authmgrRWLock, WAIT_FOREVER);
+
+ switch (msg->event)
+ {
+ case authmgrVlanDeleteEvent:
+ case authmgrVlanAddEvent:
+ case authmgrVlanAddPortEvent:
+ case authmgrVlanDeletePortEvent:
+ case authmgrVlanPvidChangeEvent:
+ case authmgrVlanConfDeleteEvent:
+ case authmgrVlanConfPortDeleteEvent:
+ authmgrVlanChangeProcess (msg->event, msg->intf, &(msg->data.vlanData));
+ rc = SUCCESS;
+ break;
+
+ default:
+ rc = FAILURE;
+ }
+
+ (void) osapiWriteLockGive (authmgrCB->authmgrRWLock);
+ return rc;
+}
+
+/*********************************************************************
+* @purpose Add supplicant MAC in MAC database
+*
+* @param lIntIfNum @b{(input)} logical interface number
+* on which client is received
+*
+* @returns SUCCESS or FAILURE
+*
+* @end
+*********************************************************************/
+
+RC_t authmgrAddMac (uint32 lIntIfNum)
+{
+ authmgrLogicalPortInfo_t *entry = NULLPTR;
+ RC_t rc = FAILURE;
+
+ entry = authmgrLogicalPortInfoGet (lIntIfNum);
+ if (entry != NULLPTR)
+ {
+ rc = authmgrMacAddrInfoAdd (&(entry->client.suppMacAddr), lIntIfNum);
+ }
+ return rc;
+}
+
+/*********************************************************************
+* @purpose Check if client is to be processed considering logical port
+* use and availability using dynamic allocation
+*
+* @param *srcMac @b{(input)} supplicant mac address
+* @param intIfNum @b{(input)} physical interface
+* @param existing_node @b{(output)} is already existing node
+*
+* @returns SUCCESS or FAILURE
+*
+* @comments Command is queued for service
+*
+* @end
+*********************************************************************/
+RC_t authmgrDynamicUserPduMapCheck (uint32 intIfNum, char8 * srcMac,
+ uint32 * lIntIfNum,
+ BOOL * existing_node)
+{
+ uint32 lIndex;
+ authmgrPortCfg_t *pCfg;
+ authmgrLogicalPortInfo_t *logicalPortInfo;
+ uint32 physPort = 0, lPort = 0, type = 0;
+
+#ifdef AUTHMGR_MAC_MOVE_ON
+ enetMacAddr_t macAddr;
+#endif
+
+ *existing_node = FALSE;
+
+ /* Get the port mode */
+ if ( TRUE != authmgrIntfIsConfigurable (intIfNum, &pCfg))
+ {
+ return FAILURE;
+ }
+
+ if ( AUTHMGR_PORT_AUTO == pCfg->portControlMode)
+ {
+ /* loop based on the intIfNum */
+ lIndex = AUTHMGR_LOGICAL_PORT_ITERATE;
+ while ( NULLPTR !=
+ (logicalPortInfo =
+ authmgrLogicalPortInfoGetNextNode (intIfNum, &lIndex)))
+ {
+ if (0 ==
+ memcmp (srcMac, logicalPortInfo->client.suppMacAddr.addr,
+ MAC_ADDR_LEN))
+ {
+ *lIntIfNum = lIndex;
+ *existing_node = TRUE;
+ return SUCCESS;
+ }
+ }
+
+#ifdef AUTHMGR_MAC_MOVE_ON
+ memcpy (macAddr.addr, srcMac, MAC_ADDR_LEN);
+ if ( SUCCESS == authmgrMacAddrInfoFind (&macAddr, lIntIfNum))
+ {
+ AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_CLIENT, intIfNum,
+ "\n%s:%d: Found the device : %s on interface:%s \n",
+ __FUNCTION__, __LINE__, AUTHMGR_PRINT_MAC_ADDR(srcMac),
+ authmgrIntfIfNameGet(intIfNum));
+
+ if ( NULLPTR != authmgrLogicalPortInfoGet (*lIntIfNum))
+ {
+ /* get the key and unpack */
+ AUTHMGR_LPORT_KEY_UNPACK (physPort, lPort, type, *lIntIfNum);
+
+ if (physPort != intIfNum)
+ {
+ uchar8 ifNamel[ NIM_IF_ALIAS_SIZE + 1];
+
+ nimGetIntfName (physPort, ALIASNAME, ifNamel);
+
+ /* Remove client from previous interface */
+ if ( SUCCESS != authmgrCtlLogicalPortClientTimeout(*lIntIfNum))
+ {
+ LOGF ( LOG_SEVERITY_DEBUG,
+ "Duplicate client %s detected on interface %s (intIfNum %d). Unable to remove.",
+ AUTHMGR_PRINT_MAC_ADDR(srcMac), ifNamel, physPort);
+ return FAILURE;
+ }
+ else
+ {
+ LOGF ( LOG_SEVERITY_DEBUG,
+ "Duplicate client %s detected on interface %s (intIfNum %d) and removed.",
+ AUTHMGR_PRINT_MAC_ADDR(srcMac), ifNamel, physPort);
+ }
+ }
+ }
+ }
+#endif
+ if (authmgrCB->globalInfo->authmgrPortInfo[intIfNum].numUsers >=
+ authmgrCB->globalInfo->authmgrPortInfo[intIfNum].maxUsers)
+ {
+ return FAILURE;
+ }
+
+ /* allocate a new logical port for this supplicant */
+ logicalPortInfo = authmgrLogicalPortInfoAlloc (intIfNum);
+
+ if (logicalPortInfo != NULLPTR)
+ {
+ authmgrLogicalPortInfoInit (logicalPortInfo->key.keyNum);
+
+ /* logicalPortInfo->inUse = TRUE; */
+ *existing_node = FALSE;
+ *lIntIfNum = logicalPortInfo->key.keyNum;
+
+ memcpy (logicalPortInfo->client.suppMacAddr.addr, srcMac,
+ MAC_ADDR_LEN);
+
+ /* add mac address to Mac Addr Database*/
+ if (authmgrAddMac(logicalPortInfo->key.keyNum) != SUCCESS)
+ {
+ LOGF ( LOG_SEVERITY_ERROR,
+ "Failed to add MAC entry %s"
+ " in MAC database for interface %s (intIfNum %d, logical port %d). Reason: Failed to send event authmgrAddMacInMacDB\n",
+ AUTHMGR_PRINT_MAC_ADDR(srcMac), authmgrIntfIfNameGet(intIfNum), intIfNum, logicalPortInfo->key.keyNum);
+ authmgrLogicalPortInfoDeAlloc (logicalPortInfo);
+ return FAILURE;
+ }
+
+ authmgrCB->globalInfo->authmgrPortInfo[intIfNum].numUsers++;
+ /* authmgrCtlApplyLogicalPortConfigData(logicalPortInfo->key.keyNum); */
+ return SUCCESS;
+ }
+ }
+ return FAILURE;
+}
+
+/*********************************************************************
+* @purpose Check if client is to be processed considering logical port
+* use and availability
+*
+* @param intIfNum @b{(input)} physical interface
+* @param *srcMac @b{(input)} supplicant mac address
+* @param lIntIfNum @b{(input)} logical interface
+* @param existing_node @b{(output)} is already existing node
+*
+* @returns SUCCESS or FAILURE
+*
+* @comments
+*
+* @end
+*********************************************************************/
+RC_t authmgrCheckMapPdu (uint32 intIfNum, char8 * srcMac,
+ uint32 * lIntIfNum, BOOL * existingNode)
+{
+ authmgrPortCfg_t *pCfg;
+ BOOL valid = FALSE;
+
+ *existingNode = FALSE;
+
+ if (authmgrCB->globalInfo->authmgrCfg->adminMode != ENABLE)
+ {
+ return SUCCESS;
+ }
+
+ /* Get the port mode */
+ if ( TRUE != authmgrIntfIsConfigurable (intIfNum, &pCfg))
+ {
+ return FAILURE;
+ }
+
+ /* check the host mode validity */
+ if ( SUCCESS != authmgrHostIsDynamicNodeAllocCheck
+ (authmgrCB->globalInfo->authmgrPortInfo[intIfNum].hostMode, &valid))
+ {
+ /* some thing is wrong. */
+ AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_FAILURE, intIfNum,
+ "%s:%d:Unable to get the host mode %s", __FUNCTION__,
+ __LINE__,
+ authmgrHostModeStringGet (authmgrCB->globalInfo->
+ authmgrPortInfo[intIfNum].
+ hostMode));
+ return FAILURE;
+ }
+
+ if ( FALSE == valid)
+ {
+ }
+ else
+ {
+ /* logical nodes are dynamically allocated */
+ return authmgrDynamicUserPduMapCheck (intIfNum, srcMac, lIntIfNum,
+ existingNode);
+ }
+ return FAILURE;
+}
+
+/*********************************************************************
+* @purpose This routine starts the application timer
+*
+* @param none
+*
+* @returns SUCCESS or FAILURE
+*
+* @comments
+*
+* @end
+*********************************************************************/
+RC_t authmgrTimerAction ()
+{
+ if (!AUTHMGR_IS_READY)
+ {
+ return SUCCESS;
+ }
+
+ if (authmgrCB->globalInfo->authmgrCfg->adminMode != ENABLE)
+ {
+ return SUCCESS;
+ }
+
+ appTimerProcess (authmgrCB->globalInfo->authmgrTimerCB);
+
+ return SUCCESS;
+}
+
+void authmgrIntfOperBuildDefault(uint32 intIfNum)
+{
+ authmgrPortInfo_t *pOper;
+
+ pOper = &authmgrCB->globalInfo->authmgrPortInfo[intIfNum];
+ memset(pOper, 0, sizeof(authmgrPortInfo_t));
+
+ pOper->portControlMode = FD_AUTHMGR_PORT_MODE;
+ pOper->hostMode = FD_AUTHMGR_HOST_MODE;
+ pOper->quietPeriod = FD_AUTHMGR_RESTART_TIMER_VAL;
+ pOper->reAuthPeriod = FD_AUTHMGR_PORT_REAUTH_PERIOD;
+ pOper->reAuthEnabled = FD_AUTHMGR_PORT_REAUTH_ENABLED;
+ pOper->reAuthPeriodServer = FD_AUTHMGR_PORT_REAUTH_PERIOD_FROM_SERVER;
+ pOper->maxUsers = FD_AUTHMGR_PORT_MAX_USERS;
+ pOper->authFailRetryMaxCount = FD_AUTHMGR_RADIUS_MAX_AUTH_ATTEMPTS;
+
+ pOper->paeCapabilities = FD_AUTHMGR_PORT_PAE_CAPABILITIES;
+
+}
+
+/*********************************************************************
+* @purpose Set initialize value for a port
+*
+* @param intIfNum @b{(input)) internal interface number
+* @param initialize @b{(input)) initialize value
+*
+* @returns SUCCESS
+* @returns FAILURE
+*
+* @comments This value is set to TRUE by management in order to force
+* initialization of a port. It is re-set to FALSE after
+* initialization has completed.
+*
+* @end
+*********************************************************************/
+RC_t authmgrCtlPortInitializeSet (uint32 intIfNum, BOOL initialize)
+{
+ uchar8 paeCapabilities = 0;
+ RC_t rc = SUCCESS;
+
+ if (authmgrCB->globalInfo->authmgrCfg->adminMode != ENABLE)
+ {
+ return SUCCESS;
+ }
+ AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_PORT_STATUS, intIfNum,
+ "%s:Intialize physical port-%d \n", __FUNCTION__,
+ intIfNum);
+
+ authmgrPortInfoCleanup (intIfNum);
+
+ (void)authmgrDot1xPortPaeCapabilitiesGet(intIfNum, &paeCapabilities);
+
+ if (paeCapabilities == DOT1X_PAE_PORT_AUTH_CAPABLE)
+ {
+ rc = authmgrCtlApplyPortConfigData(intIfNum);
+ }
+
+ return rc;
+}
+
+/*********************************************************************
+* @purpose Set initialize logical port
+*
+* @param lIntIfNum @b{(input)) Logical internal interface number
+*
+* @returns SUCCESS
+* @returns FAILURE
+*
+* @comments
+*
+* @end
+*********************************************************************/
+RC_t authmgrCtlLogicalPortInitializeSet (uint32 lIntIfNum)
+{
+ authmgrLogicalPortInfo_t *logicalPortInfo;
+ uint32 physPort = 0, lPort = 0, type = 0;
+
+ if (authmgrCB->globalInfo->authmgrCfg->adminMode != ENABLE)
+ {
+ return SUCCESS;
+ }
+ logicalPortInfo = authmgrLogicalPortInfoGet (lIntIfNum);
+ if (logicalPortInfo)
+ {
+ AUTHMGR_LPORT_KEY_UNPACK (physPort, lPort, type,
+ logicalPortInfo->key.keyNum);
+ AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_CLIENT, physPort,
+ "%s:Intialize Logical port-%d type %s\n", __FUNCTION__,
+ lIntIfNum, authmgrNodeTypeStringGet (type));
+
+ return authmgrCtlApplyLogicalPortConfigData (lIntIfNum);
+ }
+ return SUCCESS;
+}
+
+/*********************************************************************
+* @purpose Set reauthentication value for a port
+*
+* @param intIfNum @b{(input)) internal interface number
+* @param reauthenticate @b{(input)) reauthentication value
+*
+* @returns SUCCESS
+* @returns FAILURE
+*
+* @comments This value is set to TRUE by management in order to force
+* reauthentication of a port. It is re-set to FALSE after
+* reauthentication has completed.
+*
+* @end
+*********************************************************************/
+RC_t authmgrCtlPortReauthenticateSet (uint32 intIfNum,
+ BOOL reauthenticate)
+{
+ RC_t rc = SUCCESS;
+ uint32 lIntIfNum;
+
+ if (authmgrCB->globalInfo->authmgrCfg->adminMode != ENABLE)
+ {
+ return SUCCESS;
+ }
+
+ lIntIfNum = AUTHMGR_LOGICAL_PORT_ITERATE;
+ while (authmgrLogicalPortInfoGetNextNode (intIfNum, &lIntIfNum) != NULLPTR)
+ {
+ rc = authmgrCtlLogicalPortReauthenticateSet (lIntIfNum, reauthenticate);
+ }
+ return rc;
+}
+
+/*********************************************************************
+* @purpose Set reauthentication value for a port
+*
+* @param intIfNum @b{(input)) internal interface number
+* @param reauthenticate @b{(input)) reauthentication value
+*
+* @returns SUCCESS
+* @returns FAILURE
+*
+* @comments This value is set to TRUE by management in order to force
+* reauthentication of a port. It is re-set to FALSE after
+* reauthentication has completed.
+*
+* @end
+*********************************************************************/
+RC_t authmgrCtlLogicalPortReauthenticateSet (uint32 lIntIfNum,
+ BOOL reauthenticate)
+{
+ RC_t rc = SUCCESS;
+ uint32 physPort = 0, lPort = 0, type = 0;
+ authmgrLogicalPortInfo_t *logicalPortInfo;
+
+ if (authmgrCB->globalInfo->authmgrCfg->adminMode != ENABLE)
+ {
+ return SUCCESS;
+ }
+ logicalPortInfo = authmgrLogicalPortInfoGet (lIntIfNum);
+
+ if (logicalPortInfo != NULLPTR)
+ {
+ AUTHMGR_LPORT_KEY_UNPACK (physPort, lPort, type, lIntIfNum);
+ if (0 != logicalPortInfo->key.keyNum)
+ {
+ if (AUTHMGR_AUTHENTICATED != logicalPortInfo->protocol.authState)
+ {
+ LOGF ( LOG_SEVERITY_DEBUG,
+ "Skipping reauthentication request for clients which are not already authenticated.");
+ return SUCCESS;
+ }
+
+ logicalPortInfo->client.reAuthenticate = TRUE;
+ logicalPortInfo->protocol.reauth = TRUE;
+
+ LOGF ( LOG_SEVERITY_INFO,
+ "re-authentication triggered for client with mac address %s on port %s.",
+ AUTHMGR_PRINT_MAC_ADDR(logicalPortInfo->client.suppMacAddr.addr),
+ authmgrIntfIfNameGet(physPort));
+
+ rc = authmgrStateMachineClassifier (authmgrReauthenticate, lIntIfNum);
+ }
+ }
+ else
+ {
+ AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_FAILURE, physPort,
+ "%s:Reauth set fail for client\n", __FUNCTION__);
+
+ rc = FAILURE;
+ }
+
+ return rc;
+}
+
+/*********************************************************************
+* @purpose Set port control mode based on the control mode
+*
+* @param intIfNum @b{(input)) internal interface number
+* @param portControl @b{(input)) port control mode
+*
+* @returns SUCCESS
+* @returns FAILURE
+*
+* @comments
+*
+* @end
+*********************************************************************/
+RC_t authmgrPortCtrlModeSet (uint32 intIfNum,
+ AUTHMGR_PORT_CONTROL_t portControl)
+{
+ RC_t rc = SUCCESS;
+ authmgrPortCfg_t *pCfg;
+ uint32 i = 0;
+ char8 ifName[ NIM_IF_ALIAS_SIZE + 1];
+
+ if (authmgrIntfIsConfigurable (intIfNum, &pCfg) != TRUE)
+ {
+ return SUCCESS;
+ }
+
+ authmgrHostModeHwPolicyApply ( AUTHMGR_INVALID_HOST_MODE, intIfNum, FALSE);
+
+ switch (portControl)
+ {
+ case AUTHMGR_PORT_FORCE_UNAUTHORIZED:
+ authmgrCB->globalInfo->authmgrPortInfo[intIfNum].portControlMode =
+ portControl;
+ /* remove port from member of all vlans */
+ authmgrVlanAcquirePort(intIfNum);
+ rc = authmgrPortControlForceUnAuthActionSet (intIfNum);
+ break;
+
+ case AUTHMGR_PORT_FORCE_AUTHORIZED:
+
+ if (nimGetIntfName (intIfNum, ALIASNAME, ifName) != SUCCESS)
+ {
+ LOGF ( LOG_SEVERITY_ERROR,
+ "Unable to get alias for intf %s", authmgrIntfIfNameGet(intIfNum));
+ return FAILURE;
+ }
+
+ if ( TRUE != authmgrCB->globalInfo->authmgrPortInfo[intIfNum].portEnabled)
+ {
+ authmgrVlanReleasePort(intIfNum);
+ return SUCCESS;
+ }
+ authmgrCB->globalInfo->authmgrPortInfo[intIfNum].portControlMode =
+ portControl;
+
+ rc = authmgrPortPvidSet(intIfNum, 0);
+
+ if (rc != SUCCESS)
+ {
+ LOGF ( LOG_SEVERITY_ERROR,
+ "Unable to set PVID back to 0 for %s", ifName);
+ }
+
+ authmgrVlanReleasePort(intIfNum);
+ rc = authmgrPortControlForceAuthActionSet (intIfNum);
+ break;
+
+ case AUTHMGR_PORT_AUTO:
+ authmgrCB->globalInfo->authmgrPortInfo[intIfNum].portControlMode =
+ portControl;
+ /* remove port from member of all vlans */
+ authmgrVlanAcquirePort(intIfNum);
+ authmgrIhPhysicalPortStatusSet(intIfNum, AUTHMGR_PORT_STATUS_UNAUTHORIZED);
+ rc = authmgrPortControlAutoActionSet (intIfNum);
+ break;
+
+ default:
+ rc = FAILURE;
+ }
+
+ for (i = 0; i < AUTHMGR_METHOD_MAX; i++)
+ {
+ if ( NULLPTR != authmgrCB->globalInfo->authmgrCallbacks[i].portCtrlFn)
+ {
+ authmgrCB->globalInfo->authmgrCallbacks[i].portCtrlFn (intIfNum,
+ portControl);
+ }
+ }
+
+ return rc;
+}
+
+/*********************************************************************
+* @purpose control function to set port control mode
+*
+* @param intIfNum @b{(input)) internal interface number
+* @param portControl @b{(input)) port control mode
+*
+* @returns SUCCESS
+* @returns FAILURE
+*
+* @comments
+*
+* @end
+*********************************************************************/
+RC_t authmgrCtlPortControlModeSet (uint32 intIfNum,
+ AUTHMGR_PORT_CONTROL_t portControl)
+{
+ RC_t rc = SUCCESS;
+ authmgrPortCfg_t *pCfg;
+
+ if (authmgrCB->globalInfo->authmgrCfg->adminMode != ENABLE)
+ {
+ return SUCCESS;
+ }
+ if (authmgrIntfIsConfigurable (intIfNum, &pCfg) != TRUE)
+ {
+ return SUCCESS;
+ }
+
+ if ( DOT1X_PAE_PORT_AUTH_CAPABLE !=
+ authmgrCB->globalInfo->authmgrPortInfo[intIfNum].paeCapabilities)
+ {
+ return rc;
+ }
+ if (portControl ==
+ authmgrCB->globalInfo->authmgrPortInfo[intIfNum].portControlMode)
+ {
+ return rc;
+ }
+
+ /* clean up previous info */
+ authmgrPortInfoCleanup (intIfNum);
+ authmgrPortInfoInitialize (intIfNum, TRUE);
+ authmgrMethodOrderChangeProcess (intIfNum);
+
+ return authmgrPortCtrlModeSet (intIfNum, portControl);
+}
+
+/*********************************************************************
+* @purpose Set authentication restart period value
+*
+* @param intIfNum @b{(input)) internal interface number
+* @param quietPeriod @b{(input)) authentication restart period
+*
+* @returns SUCCESS
+*
+* @comments The quietPeriod is the initialization value for quietWhile,
+* which is a timer used by the Authenticator state machine
+* to define periods of time in which it will not attempt to
+* acquire a Supplicant.
+*
+* @end
+*********************************************************************/
+RC_t authmgrCtlPortQuietPeriodSet (uint32 intIfNum, uint32 quietPeriod)
+{
+ if (authmgrCB->globalInfo->authmgrCfg->adminMode != ENABLE)
+ {
+ return SUCCESS;
+ }
+ authmgrCB->globalInfo->authmgrPortInfo[intIfNum].quietPeriod = quietPeriod;
+ return SUCCESS;
+}
+
+/*********************************************************************
+* @purpose Set the Reauthentication period
+*
+* @param intIfNum @b{(input)) internal interface number
+* @param reAuthPeriod @b{(input)) reauthentication period
+*
+* @returns SUCCESS
+*
+* @comments The reAuthPeriod is the initialization value for reAuthWhen,
+* which is a timer used by the Authenticator state machine to
+* determine when reauthentication of the Supplicant takes place.
+*
+* @end
+*********************************************************************/
+RC_t authmgrCtlPortReAuthPeriodSet (uint32 intIfNum,
+ authmgrMgmtTimePeriod_t * params)
+{
+ authmgrLogicalPortInfo_t *logicalPortInfo;
+ uint32 lIntIfNum = 0;
+
+ if (authmgrCB->globalInfo->authmgrCfg->adminMode != ENABLE)
+ {
+ return SUCCESS;
+ }
+ authmgrCB->globalInfo->authmgrPortInfo[intIfNum].reAuthPeriodServer =
+ params->reAuthPeriodServer;
+ authmgrCB->globalInfo->authmgrPortInfo[intIfNum].reAuthPeriod = params->val;
+
+ lIntIfNum = AUTHMGR_LOGICAL_PORT_ITERATE;
+ while ((logicalPortInfo =
+ authmgrLogicalPortInfoGetNextNode(intIfNum,
+ &lIntIfNum)) != NULLPTR)
+ {
+ if ( TRUE == authmgrCB->globalInfo->authmgrPortInfo[intIfNum].reAuthEnabled)
+ {
+ authmgrTimerStart(logicalPortInfo, AUTHMGR_REAUTH_WHEN);
+ }
+ }
+ return SUCCESS;
+}
+
+/*********************************************************************
+* @purpose Set the Reauthentication mode
+*
+* @param intIfNum @b{(input)) internal interface number
+* @param reAuthEnabled @b{(input)) reauthentication mode
+*
+* @returns SUCCESS
+* @returns FAILURE
+*
+* @comments The reAuthEnabled mode determines whether reauthentication
+* of the Supplicant takes place.
+*
+* @end
+*********************************************************************/
+RC_t authmgrCtlPortReAuthEnabledSet (uint32 intIfNum,
+ BOOL reAuthEnabled)
+{
+ RC_t rc = SUCCESS;
+ uint32 lIntIfNum = 0;
+ authmgrLogicalPortInfo_t *logicalPortInfo;
+
+ if (authmgrCB->globalInfo->authmgrCfg->adminMode != ENABLE)
+ {
+ return SUCCESS;
+ }
+ if (reAuthEnabled ==
+ authmgrCB->globalInfo->authmgrPortInfo[intIfNum].reAuthEnabled)
+ {
+ return SUCCESS;
+ }
+
+ /* Whenever the reAuthEnabled setting is changed, reset the reAuthWhen timer
+ */
+
+ lIntIfNum = AUTHMGR_LOGICAL_PORT_ITERATE;
+ while ((logicalPortInfo =
+ authmgrLogicalPortInfoGetNextNode (intIfNum,
+ &lIntIfNum)) != NULLPTR)
+ {
+ logicalPortInfo->client.reAuthenticate =
+ authmgrCB->globalInfo->authmgrPortInfo[intIfNum].reAuthEnabled;
+
+ if ( AUTHMGR_PORT_STATUS_AUTHORIZED ==
+ logicalPortInfo->client.logicalPortStatus)
+ {
+ if (reAuthEnabled == FALSE)
+ {
+ if (AUTHMGR_REAUTH_WHEN == logicalPortInfo->authmgrTimer.cxt.type)
+ {
+ /* stop the timer */
+ authmgrTimerDestroy (authmgrCB->globalInfo->authmgrTimerCB,
+ logicalPortInfo, AUTHMGR_REAUTH_WHEN);
+ }
+ }
+ else
+ {
+ authmgrTimerStart (logicalPortInfo, AUTHMGR_REAUTH_WHEN);
+ }
+ }
+ }
+
+ authmgrCB->globalInfo->authmgrPortInfo[intIfNum].reAuthEnabled =
+ reAuthEnabled;
+ return rc;
+}
+
+/*********************************************************************
+* @purpose Clear authmgr stats for specified port
+*
+* @param intIfNum @b{(input)) internal interface number
+*
+* @returns SUCCESS
+*
+* @comments
+*
+* @end
+*********************************************************************/
+RC_t authmgrCtlPortStatsClear (uint32 intIfNum)
+{
+ if (authmgrCB->globalInfo->authmgrCfg->adminMode != ENABLE)
+ {
+ return SUCCESS;
+ }
+ memset (&authmgrCB->globalInfo->authmgrPortStats[intIfNum], 0,
+ sizeof (authmgrPortStats_t));
+ return SUCCESS;
+}
+
+/*********************************************************************
+* @purpose Apply authmgr config data
+*
+* @param void
+*
+* @returns SUCCESS
+* @returns FAILURE
+*
+* @comments
+*
+* @end
+*********************************************************************/
+RC_t authmgrCtlApplyConfigData (void)
+{
+
+ /* Apply the global admin mode for authmgr */
+ if (authmgrCB->globalInfo->authmgrCfg->adminMode == ENABLE)
+ {
+ authmgrCtlAdminModeEnable ();
+ }
+ else
+ {
+ authmgrCtlAdminModeDisable ();
+ }
+ return SUCCESS;
+}
+
+/*********************************************************************
+* @purpose Apply authmgr config data to specified interface
+*
+* @param intIfNum @b{(input)) internal interface number
+*
+* @returns SUCCESS
+* @returns FAILURE
+*
+* @comments
+*
+* @end
+*********************************************************************/
+RC_t authmgrCtlApplyPortConfigData (uint32 intIfNum)
+{
+ authmgrPortCfg_t *pCfg;
+ if (authmgrIntfIsConfigurable (intIfNum, &pCfg) != TRUE)
+ {
+ return SUCCESS;
+ }
+
+ authmgrPortInfoInitialize (intIfNum, TRUE);
+
+ if ( DOT1X_PAE_PORT_AUTH_CAPABLE !=
+ authmgrCB->globalInfo->authmgrPortInfo[intIfNum].paeCapabilities)
+ {
+ return SUCCESS;
+ }
+ authmgrMethodOrderChangeProcess (intIfNum);
+
+ authmgrPortCtrlModeSet (intIfNum, pCfg->portControlMode);
+ return SUCCESS;
+}
+
+/*********************************************************************
+* @purpose Notifies authmgr has released the interface.
+*
+* @param intIfNum @b{(input)} internal interface number
+* @param VlanId @b{(input)} VlanId
+*
+* @returns SUCCESS
+* @returns FAILURE
+*
+* @comments
+*
+* @end
+*********************************************************************/
+RC_t authmgrCtlPortAuthmgrRelease (uint32 intIfNum, uint32 vlanId)
+{
+ return SUCCESS;
+}
+
+/*********************************************************************
+* @purpose function to handle vlan ents
+*
+* @param event dot1q event
+* @param intIfNum interface number
+* @param vlanData vlan event data
+*
+* @comments
+*
+* @end
+*********************************************************************/
+void authmgrVlanChangeProcess (uint32 event, uint32 intIfNum,
+ dot1qNotifyData_t * vlanData)
+{
+ uint32 i = 0, vlanId = 0, numVlans = 0;
+ RC_t rc;
+ dot1qTaggingMode_t tagging = DOT1Q_MEMBER_UNTAGGED;
+
+ if (authmgrCB->globalInfo->authmgrCfg->adminMode != ENABLE)
+ {
+ AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_EVENTS, 0,
+ "Authmgr not Enabled.\r\n");
+ return;
+ }
+
+ for (i = 1; i <= VLAN_MAX_MASK_BIT; i++)
+ {
+ {
+ vlanId = vlanData->data.vlanId;
+ /* For any continue, we will break out */
+ i = VLAN_MAX_MASK_BIT + 1;
+
+ AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_EVENTS, 0,
+ "authmgrEvent %d port %s vlan %d", event, authmgrIntfIfNameGet(intIfNum), vlanId);
+ }
+ switch (event)
+ {
+ case authmgrVlanDeleteEvent:
+ authmgrVlanDeleteProcess (vlanId);
+ break;
+
+ case authmgrVlanDeletePortEvent:
+ if ( TRUE == vlanData->tagged)
+ {
+ tagging = DOT1Q_MEMBER_TAGGED;
+ }
+ authmgrVlanPortDeleteProcess (intIfNum, vlanId, tagging);
+
+ break;
+
+ case authmgrVlanAddEvent:
+ rc = authmgrVlanAddProcess (vlanId);
+ break;
+
+ case authmgrVlanAddPortEvent:
+ if ( TRUE == vlanData->tagged)
+ {
+ tagging = DOT1Q_MEMBER_TAGGED;
+ }
+ rc = authmgrVlanPortAddProcess (intIfNum, vlanId, tagging);
+ break;
+
+ case authmgrVlanPvidChangeEvent:
+ rc = authmgrVlanPVIDChangeEventProcess (intIfNum, vlanId);
+ break;
+
+ case authmgrVlanConfDeleteEvent:
+ authmgrVlanConfDeleteProcess (vlanId);
+ break;
+
+ case authmgrVlanConfPortDeleteEvent:
+ authmgrVlanConfPortDeleteProcess (intIfNum, vlanId);
+ break;
+
+ }
+ numVlans++;
+ }
+}
+
+/*********************************************************************
+* @purpose Set max users value
+*
+* @param intIfNum @b{(input)) internal interface number
+* @param maxUsers @b{(input)) max users
+*
+* @returns SUCCESS
+*
+* @comments The maxUsers is the maximum number of hosts that can be
+* authenticated on a port using mac based authentication
+*
+* @end
+*********************************************************************/
+RC_t authmgrCtlPortMaxUsersSet (uint32 intIfNum, uint32 maxUsers)
+{
+ RC_t rc = SUCCESS;
+
+ if (authmgrCB->globalInfo->authmgrCfg->adminMode != ENABLE)
+ {
+ return SUCCESS;
+ }
+
+ /* Check the operating host mode.
+ Max users are applicable for multi-auth mode only.
+ Ignore if mode is different. */
+
+ if ( AUTHMGR_MULTI_AUTH_MODE == authmgrCB->globalInfo->authmgrPortInfo[intIfNum].hostMode)
+ {
+ authmgrCB->globalInfo->authmgrPortInfo[intIfNum].maxUsers = maxUsers;
+
+ if ( AUTHMGR_PORT_AUTO == authmgrCB->globalInfo->authmgrPortInfo[intIfNum].portControlMode)
+ {
+ if (maxUsers < authmgrCB->globalInfo->authmgrPortInfo[intIfNum].numUsers)
+ {
+ LOGF ( LOG_SEVERITY_INFO,
+ "Cleaning all clients on port as new max user cfg [%d] < current no. of users [%d].",
+ maxUsers, authmgrCB->globalInfo->authmgrPortInfo[intIfNum].numUsers);
+ authmgrPortInfoCleanup(intIfNum);
+ rc = authmgrCtlApplyPortConfigData (intIfNum);
+ }
+ }
+ }
+
+ return rc;
+}
+
+/*********************************************************************
+* @purpose Apply authmgr logical config data to specified interface
+*
+* @param lIntIfNum @b{(input)) Logical internal interface number
+*
+* @returns SUCCESS
+* @returns FAILURE
+*
+* @comments
+*
+* @end
+*********************************************************************/
+RC_t authmgrCtlApplyLogicalPortConfigData (uint32 lIntIfNum)
+{
+ uint32 physPort;
+
+ AUTHMGR_PORT_GET (physPort, lIntIfNum);
+
+ /* Initialize state machines */
+ if (authmgrCB->globalInfo->authmgrPortInfo[physPort].portControlMode ==
+ AUTHMGR_PORT_AUTO
+ || authmgrCB->globalInfo->authmgrPortInfo[physPort].portEnabled ==
+ FALSE)
+ {
+ authmgrLogicalPortInfoInit (lIntIfNum);
+ }
+
+ return SUCCESS;
+}
+
+/*********************************************************************
+* @purpose Reset authmgr session data to specified interface
+*
+* @param logicalPortInfo @b{(input)) Logical Port Info node
+*
+* @returns SUCCESS
+* @returns FAILURE
+*
+* @comments
+*
+* @end
+*********************************************************************/
+RC_t authmgrCtlResetLogicalPortSessionData (authmgrLogicalPortInfo_t *
+ logicalPortInfo)
+{
+ /* logicalPortInfo->client.sessionTime = simSystemUpTimeGet ();*/
+ if (logicalPortInfo->client.sessionTimeout != 0)
+ logicalPortInfo->client.lastAuthTime = logicalPortInfo->client.sessionTime;
+ return SUCCESS;
+}
+
+/*********************************************************************
+* @purpose Reset authmgr session data to specified interface
+*
+* @param logicalPortInfo @b{(input)) Logical Port Info node
+*
+* @returns SUCCESS
+* @returns FAILURE
+*
+* @comments
+*
+* @end
+*********************************************************************/
+RC_t authmgrCtlStopLogicalPortSessionData (authmgrLogicalPortInfo_t *
+ logicalPortInfo)
+{
+ uint32 tempU32 = 0;
+ if (tempU32 > logicalPortInfo->client.sessionTime)
+ {
+ logicalPortInfo->client.sessionTime =
+ tempU32 - logicalPortInfo->client.sessionTime;
+ }
+ else
+ {
+ logicalPortInfo->client.sessionTime = 0xffffffff -
+ logicalPortInfo->client.sessionTime + tempU32;
+ }
+
+ return SUCCESS;
+}
+
+/*********************************************************************
+* @purpose Disable radius assigned vlan on a specified interface
+*
+* @param intIfNum @b{(input)) internal interface number
+*
+* @returns SUCCESS
+* @returns FAILURE
+*
+* @comments
+*
+* @end
+*********************************************************************/
+RC_t authmgrCtlLogicalPortVlanAssignedReset (uint32 lIntIfNum)
+{
+ RC_t rc = FAILURE;
+ authmgrLogicalPortInfo_t *logicalPortInfo = NULLPTR;
+
+ logicalPortInfo = authmgrLogicalPortInfoGet (lIntIfNum);
+ rc = authmgrClientInfoCleanup (logicalPortInfo);
+
+ return rc;
+}
+
+
+/*********************************************************************
+* @purpose Process the unauthenticated Users on the port
+*
+* @param intIfNum @b{(input)) internal interface number
+* @param macAddr @b{(input)) mac address
+* @param vlanId @b{(input)} vlan id
+*
+* @returns SUCCESS
+* @returns FAILURE
+*
+* @comments
+*
+* @end
+*********************************************************************/
+RC_t authmgrCtlPortUnauthAddrCallbackProcess (uint32 intIfNum,
+ enetMacAddr_t macAddr,
+ ushort16 vlanId)
+{
+ uint32 lIntIfNum = 0;
+ BOOL exists;
+ authmgrPortCfg_t *pCfg;
+ authmgrLogicalPortInfo_t *logicalPortInfo;
+ authmgrLogicalPortInfo_t *lPortInfo;
+ char8 ifName[ NIM_IF_ALIAS_SIZE + 1];
+
+ if (nimGetIntfName (intIfNum, ALIASNAME, ifName) != SUCCESS)
+ {
+ LOGF ( LOG_SEVERITY_ERROR,
+ "Unable to get alias for intf %d", intIfNum);
+ return FAILURE;
+ }
+
+ if (authmgrCB->globalInfo->authmgrCfg->adminMode != ENABLE)
+ {
+ AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_CLIENT, intIfNum,
+ "%s, %d, PAC not enabled on interface %s \n",
+ __func__, __LINE__, ifName);
+ return SUCCESS;
+ }
+
+ if (authmgrIntfIsConfigurable (intIfNum, &pCfg) != TRUE)
+ {
+ AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_CLIENT, intIfNum,
+ "%s, %d, PAC not configurable on interface %s \n",
+ __func__, __LINE__, ifName);
+ return SUCCESS;
+ }
+
+ if ( TRUE != authmgrCB->globalInfo->authmgrPortInfo[intIfNum].portEnabled)
+ {
+ AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_CLIENT, intIfNum,
+ "%s, %d, PAC not operational on interface %s \n",
+ __func__, __LINE__, ifName);
+ return SUCCESS;
+ }
+
+ if ( TRUE!= authmgrCB->globalInfo->authmgrPortInfo[intIfNum].unLearnMacPolicy)
+ {
+ AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_CLIENT, intIfNum,
+ "%s, %d, PAC unlearnt policy not enabled on interface %s \n",
+ __func__, __LINE__, ifName);
+ return SUCCESS;
+ }
+
+ if (0 == authmgrCB->globalInfo->authmgrPortInfo[intIfNum].enabledMethodCount)
+ {
+ AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_CLIENT, intIfNum,
+ "%s, %d, PAC enabled method count is Zero on interface %s \n",
+ __func__, __LINE__, ifName);
+ return SUCCESS;
+ }
+
+ AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_CLIENT, intIfNum,
+ "\n%s:%d: Check Source Mac: %s Interface: %s Vlan: %d \n",
+ __FUNCTION__, __LINE__, AUTHMGR_PRINT_MAC_ADDR(macAddr.addr),
+ ifName, vlanId);
+
+ /* search the Mac address in the list of clients on the port */
+ if (authmgrCheckMapPdu (intIfNum, macAddr.addr, &lIntIfNum, &exists) !=
+ SUCCESS)
+ {
+ AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_FAILURE, intIfNum,
+ "Failed to Process the unauth Addr Callback \n");
+ return SUCCESS;
+ }
+
+ if (exists == FALSE)
+ {
+ if (authmgrCB->globalInfo->authmgrPortInfo[intIfNum].numUsers >
+ authmgrCB->globalInfo->authmgrPortInfo[intIfNum].maxUsers)
+ {
+ return FAILURE;
+ }
+
+ logicalPortInfo = authmgrLogicalPortInfoGet (lIntIfNum);
+ if (logicalPortInfo == NULLPTR)
+ {
+ /*Coverity 88470 fix: Should not come here as logical port would have been
+ created and assigned in authmgrCheckMapPdu function */
+ AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_FAILURE, intIfNum,
+ "Failed to create logiucal port %d \n", lIntIfNum);
+ return SUCCESS;
+ }
+
+ logicalPortInfo->client.vlanId = vlanId;
+ logicalPortInfo->client.vlanType = AUTHMGR_VLAN_DEFAULT;
+ logicalPortInfo->client.blockVlanId = vlanId;
+
+ if (!logicalPortInfo->protocol.authenticate)
+ {
+ AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_FSM_EVENTS, intIfNum,
+ "%s, %d, triggering event authmgrAuthenticationStart for logicalInterface %d \n",
+ __func__, __LINE__, lIntIfNum);
+ authmgrIssueCmd (authmgrAuthenticationStart, lIntIfNum, NULLPTR);
+ }
+ }
+
+ lPortInfo = authmgrLogicalPortInfoGet (lIntIfNum);
+ AUTHMGR_IF_NULLPTR_RETURN_LOG(lPortInfo);
+
+ /* nothing to do if the client is already authenticated */
+ if ( AUTHMGR_PORT_STATUS_AUTHORIZED ==
+ lPortInfo->client.logicalPortStatus)
+ {
+ /* client already authenticated. */
+ AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_FSM_EVENTS, intIfNum,
+ "%s, %d, client with logicalInterface %d to is already authenticated.\n",
+ __func__, __LINE__, lIntIfNum);
+ return SUCCESS;
+ }
+ /* Block further traffic from this client. */
+ if ( FALSE == lPortInfo->client.dataBlocked)
+ {
+ AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_FSM_EVENTS, intIfNum,
+ "%s, %d, disabling the settings for logicalInterface %d to receive further packets to CPU\n",
+ __func__, __LINE__, lIntIfNum);
+
+ if (pacCfgIntfClientBlock(ifName, macAddr.addr, vlanId) != TRUE)
+ {
+ LOGF ( LOG_SEVERITY_ERROR,
+ "Unable to block port %s", ifName);
+ return FAILURE;
+ }
+
+ lPortInfo->client.dataBlocked = TRUE;
+ lPortInfo->client.blockVlanId = vlanId;
+ }
+
+ return SUCCESS;
+}
+
+/*********************************************************************
+* @purpose Disconnect the client interface on expiry of client timer
+*
+* @param intIfNum @b{(input)) internal interface number
+*
+* @returns SUCCESS
+* @returns FAILURE
+*
+* @comments
+*
+* @end
+*********************************************************************/
+RC_t authmgrCtlLogicalPortClientTimeout (uint32 lIntIfNum)
+{
+ RC_t rc = FAILURE;
+ authmgrLogicalPortInfo_t *logicalPortInfo;
+
+ if (authmgrCB->globalInfo->authmgrCfg->adminMode != ENABLE)
+ {
+ return SUCCESS;
+ }
+ logicalPortInfo = authmgrLogicalPortInfoGet (lIntIfNum);
+
+ if ((logicalPortInfo != NULLPTR)
+ && (logicalPortInfo->key.keyNum != 0))
+ {
+ if (logicalPortInfo->protocol.authState == AUTHMGR_AUTHENTICATED)
+ {
+ rc = authmgrClientInfoCleanup (logicalPortInfo);
+ }
+ }
+
+ return rc;
+}
+
+/*********************************************************************
+* @purpose Disconnect the client
+*
+* @param intIfNum @b{(input)) internal interface number
+*
+* @returns SUCCESS
+* @returns FAILURE
+*
+* @comments
+*
+* @end
+*********************************************************************/
+RC_t authmgrCtlClientCleanup (uint32 lIntIfNum)
+{
+ RC_t rc = FAILURE;
+ authmgrLogicalPortInfo_t *logicalPortInfo;
+
+ if (authmgrCB->globalInfo->authmgrCfg->adminMode != ENABLE)
+ {
+ return SUCCESS;
+ }
+
+ logicalPortInfo = authmgrLogicalPortInfoGet (lIntIfNum);
+
+ if ((logicalPortInfo != NULLPTR)
+ && (logicalPortInfo->key.keyNum != 0))
+ {
+ rc = authmgrClientInfoCleanup (logicalPortInfo);
+ }
+
+ return rc;
+}
+
+
+/*********************************************************************
+* @purpose Used to get method no response timeout
+*
+* @param val @b{(input)) periodic timeout in seconds
+*
+* @returns SUCCESS
+*
+* @comments
+*
+* @end
+*********************************************************************/
+RC_t authmgrCtlPortMethodNoRespPeriodGet (uint32 intIfNum,
+ uint32 * val)
+{
+ if ( NULLPTR == val)
+ {
+ return FAILURE;
+ }
+
+ *val = FD_AUTHMGR_PORT_METHOD_NO_RESP_PERIOD;
+
+ return SUCCESS;
+}
+
+/*********************************************************************
+* @purpose control mode function to set the port control mode to auto
+*
+* @param intIfNum @b{(input)) internal interface number
+*
+* @returns SUCCESS
+* @returns FAILURE
+*
+* @comments
+*
+* @end
+*********************************************************************/
+RC_t authmgrPortControlAutoActionSet (uint32 intIfNum)
+{
+ RC_t rc = SUCCESS;
+ authmgrPortCfg_t *pCfg;
+ authmgrHostModeMap_t entry;
+ uint32 i = 0;
+ AUTHMGR_HOST_CONTROL_t hostMode = AUTHMGR_INVALID_HOST_MODE;
+
+ if (authmgrIntfIsConfigurable (intIfNum, &pCfg) != TRUE)
+ {
+ return SUCCESS;
+ }
+
+ /* check the configured host mode
+ and set the port accordingly */
+
+ memset (&entry, 0, sizeof (authmgrHostModeMap_t));
+
+ authmgrCB->globalInfo->authmgrPortInfo[intIfNum].portControlMode = AUTHMGR_PORT_AUTO;
+ if ( SUCCESS != authmgrHostModeMapInfoGet (pCfg->hostMode, &entry))
+ {
+ /* failed to get the handler for the host mode */
+ return FAILURE;
+ }
+
+
+ rc = entry.hostModeFn (intIfNum);
+
+ for (i = 0; i < AUTHMGR_METHOD_MAX; i++)
+ {
+ if ( NULLPTR != authmgrCB->globalInfo->authmgrCallbacks[i].hostCtrlFn)
+ {
+ authmgrCB->globalInfo->authmgrCallbacks[i].hostCtrlFn (intIfNum,
+ hostMode);
+ }
+ }
+ return rc;
+}
+
+/*********************************************************************
+* @purpose control mode function to set the port host mode
+*
+* @param intIfNum @b{(input)) internal interface number
+* @param hostMode @b{(input)) host mode
+*
+* @returns SUCCESS
+* @returns FAILURE
+*
+* @comments
+*
+* @end
+*********************************************************************/
+RC_t authmgrPortCtrlHostModeSet (uint32 intIfNum,
+ AUTHMGR_HOST_CONTROL_t hostMode)
+{
+ RC_t rc = SUCCESS;
+ authmgrPortCfg_t *pCfg;
+ authmgrHostModeMap_t entry;
+ uint32 i = 0;
+
+ if (authmgrCB->globalInfo->authmgrCfg->adminMode != ENABLE)
+ {
+ return SUCCESS;
+ }
+ if (authmgrIntfIsConfigurable (intIfNum, &pCfg) != TRUE)
+ {
+ return SUCCESS;
+ }
+
+ if ( AUTHMGR_PORT_AUTO !=
+ authmgrCB->globalInfo->authmgrPortInfo[intIfNum].portControlMode)
+ {
+ return FAILURE;
+ }
+
+ if (hostMode == authmgrCB->globalInfo->authmgrPortInfo[intIfNum].hostMode)
+ {
+ if (hostMode == AUTHMGR_MULTI_AUTH_MODE)
+ {
+ authmgrCB->globalInfo->authmgrPortInfo[intIfNum].maxUsers = pCfg->maxUsers;
+ }
+ return SUCCESS;
+ }
+
+ authmgrHostModeHwPolicyApply ( AUTHMGR_INVALID_HOST_MODE, intIfNum,
+ FALSE);
+ authmgrPortInfoCleanup (intIfNum);
+ authmgrPortInfoInitialize (intIfNum, TRUE);
+ authmgrMethodOrderChangeProcess (intIfNum);
+ authmgrCB->globalInfo->authmgrPortInfo[intIfNum].portControlMode =
+ AUTHMGR_PORT_AUTO;
+
+ /* check the configured host mode
+ and set the port accordingly */
+ memset (&entry, 0, sizeof (authmgrHostModeMap_t));
+ if ( SUCCESS != authmgrHostModeMapInfoGet (hostMode, &entry))
+ {
+ /* failed to get the handler for the host mode */
+ return FAILURE;
+ }
+
+ rc = entry.hostModeFn (intIfNum);
+
+ for (i = 0; i < AUTHMGR_METHOD_MAX; i++)
+ {
+ if ( NULLPTR != authmgrCB->globalInfo->authmgrCallbacks[i].hostCtrlFn)
+ {
+ authmgrCB->globalInfo->authmgrCallbacks[i].hostCtrlFn (intIfNum,
+ hostMode);
+ }
+ }
+
+ return rc;
+}
+
+/*********************************************************************
+* @purpose control function to set the host mode to multi host
+*
+* @param intIfNum @b{(input)) internal interface number
+*
+* @returns SUCCESS
+* @returns FAILURE
+*
+* @comments
+*
+* @end
+*********************************************************************/
+RC_t authmgrControlMultiHostActionSet (uint32 intIfNum)
+{
+ RC_t rc = SUCCESS;
+ authmgrPortCfg_t *pCfg;
+
+ if (authmgrIntfIsConfigurable (intIfNum, &pCfg) != TRUE)
+ {
+ return SUCCESS;
+ }
+
+ /* Set the operating host mode */
+ authmgrCB->globalInfo->authmgrPortInfo[intIfNum].hostMode =
+ AUTHMGR_MULTI_HOST_MODE;
+
+ rc = authmgrIhPhysicalPortStatusSet(intIfNum, AUTHMGR_PORT_STATUS_UNAUTHORIZED);
+
+ if ( SUCCESS != rc)
+ {
+ LOGF ( LOG_SEVERITY_WARNING,
+ "Could not set status of Interface %u", intIfNum);
+ }
+
+ return rc;
+}
+
+/*********************************************************************
+* @purpose control function to set the host mode to single host mode
+*
+* @param intIfNum @b{(input)) internal interface number
+*
+* @returns SUCCESS
+* @returns FAILURE
+*
+* @comments
+*
+* @end
+*********************************************************************/
+RC_t authmgrControlSingleAuthActionSet (uint32 intIfNum)
+{
+ RC_t rc = SUCCESS;
+ authmgrPortCfg_t *pCfg;
+
+ if (authmgrIntfIsConfigurable (intIfNum, &pCfg) != TRUE)
+ {
+ return SUCCESS;
+ }
+
+ /* Set the operating host mode */
+ authmgrCB->globalInfo->authmgrPortInfo[intIfNum].hostMode =
+ AUTHMGR_SINGLE_AUTH_MODE;
+
+ rc = authmgrIhPhysicalPortStatusSet(intIfNum, AUTHMGR_PORT_STATUS_UNAUTHORIZED);
+
+ if ( SUCCESS != rc)
+ {
+ LOGF ( LOG_SEVERITY_WARNING,
+ "Could not set status of Interface %u", intIfNum);
+ }
+ return rc;
+}
+
+/*********************************************************************
+* @purpose control function to set the host mode to multi auth
+*
+* @param intIfNum @b{(input)) internal interface number
+*
+* @returns SUCCESS
+* @returns FAILURE
+*
+* @comments
+*
+* @end
+*********************************************************************/
+RC_t authmgrControlMultAuthActionSet (uint32 intIfNum)
+{
+ RC_t rc = SUCCESS;
+ authmgrPortCfg_t *pCfg;
+
+ if (authmgrIntfIsConfigurable (intIfNum, &pCfg) != TRUE)
+ {
+ return SUCCESS;
+ }
+
+ /* Set the operating host mode */
+ authmgrCB->globalInfo->authmgrPortInfo[intIfNum].hostMode =
+ AUTHMGR_MULTI_AUTH_MODE;
+
+ rc = authmgrIhPhysicalPortStatusSet(intIfNum, AUTHMGR_PORT_STATUS_UNAUTHORIZED);
+
+ if ( SUCCESS != rc)
+ {
+ LOGF ( LOG_SEVERITY_WARNING,
+ "Could not set status of Interface %u", intIfNum);
+ }
+
+ return rc;
+}
+
+/*********************************************************************
+* @purpose control function to set the to force authorized
+*
+* @param intIfNum @b{(input)) internal interface number
+*
+* @returns SUCCESS
+* @returns FAILURE
+*
+* @comments
+*
+* @end
+*********************************************************************/
+RC_t authmgrPortControlForceAuthActionSet (uint32 intIfNum)
+{
+ RC_t rc = SUCCESS;
+ authmgrPortCfg_t *pCfg;
+ authmgrLogicalPortInfo_t *logicalPortInfo;
+
+ if (authmgrIntfIsConfigurable (intIfNum, &pCfg) != TRUE)
+ {
+ return SUCCESS;
+ }
+
+ /* Set the operating host mode */
+ authmgrCB->globalInfo->authmgrPortInfo[intIfNum].hostMode =
+ AUTHMGR_INVALID_HOST_MODE;
+
+ if ( NULLPTR == (logicalPortInfo = authmgrLogicalPortInfoAlloc (intIfNum)))
+ {
+ AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_FAILURE, 0,
+ "%s:Logical port alloc failure\n", __FUNCTION__);
+ return FAILURE;
+ }
+
+ /* Call the api to set the port to authorized */
+ authmgrClientStatusSet (logicalPortInfo, AUTHMGR_PORT_STATUS_AUTHORIZED);
+
+ /* call the api to send EAP success */
+ authmgrTxCannedSuccess (logicalPortInfo->key.keyNum, AUTHMGR_LOGICAL_PORT);
+ return rc;
+}
+
+/*********************************************************************
+* @purpose control function to set the to force un-authorized
+*
+* @param intIfNum @b{(input)) internal interface number
+*
+* @returns SUCCESS
+* @returns FAILURE
+*
+* @comments
+*
+* @end
+*********************************************************************/
+RC_t authmgrPortControlForceUnAuthActionSet (uint32 intIfNum)
+{
+ RC_t rc = SUCCESS;
+ authmgrPortCfg_t *pCfg;
+ authmgrLogicalPortInfo_t *logicalPortInfo;
+
+ if (authmgrIntfIsConfigurable (intIfNum, &pCfg) != TRUE)
+ {
+ return SUCCESS;
+ }
+
+ /* Set the operating host mode */
+ authmgrCB->globalInfo->authmgrPortInfo[intIfNum].hostMode =
+ AUTHMGR_INVALID_HOST_MODE;
+
+ if ( NULLPTR == (logicalPortInfo = authmgrLogicalPortInfoAlloc (intIfNum)))
+ {
+ AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_FAILURE, 0,
+ "%s:Logical port alloc failure\n", __FUNCTION__);
+ return FAILURE;
+ }
+
+ /* Call the api to set the port to unauthorized */
+ authmgrClientStatusSet (logicalPortInfo, AUTHMGR_PORT_STATUS_UNAUTHORIZED);
+
+ /* call the api to send EAP failure */
+ authmgrTxCannedFail (logicalPortInfo->key.keyNum, AUTHMGR_LOGICAL_PORT);
+
+ return rc;
+}
+
+/*********************************************************************
+* @purpose function to clean up authmgr port oper info
+*
+* @param intIfNum @b{(input)) internal interface number
+*
+* @returns SUCCESS
+* @returns FAILURE
+*
+* @comments
+*
+* @end
+*********************************************************************/
+RC_t authmgrPortInfoCleanup (uint32 intIfNum)
+{
+ RC_t rc = SUCCESS;
+ uint32 lIntIfNum;
+ authmgrPortCfg_t *pCfg;
+ authmgrLogicalPortInfo_t *logicalPortInfo;
+/* BOOL valid = FALSE; */
+
+ if (authmgrIntfIsConfigurable (intIfNum, &pCfg) != TRUE)
+ {
+ return SUCCESS;
+ }
+
+ /* reset all the clients associated with the port */
+ lIntIfNum = AUTHMGR_LOGICAL_PORT_ITERATE;
+ while ( NULLPTR !=
+ (logicalPortInfo =
+ authmgrLogicalPortInfoGetNextNode (intIfNum, &lIntIfNum)))
+ {
+ if (0 != logicalPortInfo->key.keyNum)
+ {
+ authmgrClientInfoCleanup (logicalPortInfo);
+ }
+ }
+ return rc;
+}
+
+/*********************************************************************
+* @purpose function to check policy validation based on host mode
+*
+* @param hostMode @b{(input)) hostmode
+* @param intIfNum @b{(input)) interface number
+* @param *appyPolicy @b{(input)) bool value
+*
+* @returns SUCCESS
+* @returns FAILURE
+*
+* @comments
+*
+* @end
+*********************************************************************/
+RC_t authmgrHostModeHwPolicyApply ( AUTHMGR_HOST_CONTROL_t hostMode,
+ uint32 intIfNum, BOOL install)
+{
+ RC_t rc = SUCCESS;
+ BOOL valid = FALSE;
+
+ switch (hostMode)
+ {
+ case AUTHMGR_INVALID_HOST_MODE:
+ valid = FALSE;
+ break;
+
+ case AUTHMGR_MULTI_HOST_MODE:
+ case AUTHMGR_SINGLE_AUTH_MODE:
+ case AUTHMGR_MULTI_AUTH_MODE:
+ valid = TRUE;
+ break;
+
+ default:
+ rc = FAILURE;
+ }
+
+ if ( SUCCESS == rc)
+ {
+ if (( TRUE == install) && ( TRUE == valid))
+ {
+ /* apply the policy */
+ authmgrIhPhyPortViolationCallbackSet (intIfNum,
+ AUTHMGR_PORT_VIOLATION_CALLBACK_ENABLE);
+ }
+ else
+ {
+ /* remove policy */
+ authmgrIhPhyPortViolationCallbackSet (intIfNum,
+ AUTHMGR_PORT_VIOLATION_CALLBACK_DISABLE);
+ }
+ }
+
+ return rc;
+}
+
+/*********************************************************************
+* @purpose function to get the auth restart timer value
+*
+* @param intIfNum internal interface number
+* @param val timeout value
+* @return SUCCESS or FAILURE
+*
+* @comments
+*
+* @end
+*********************************************************************/
+RC_t authmgrQuietPeriodGet (uint32 intIfNum, uint32 * val)
+{
+ if ( NULLPTR == val)
+ {
+ return FAILURE;
+ }
+
+ *val = authmgrCB->globalInfo->authmgrPortInfo[intIfNum].quietPeriod;
+
+ return SUCCESS;
+}
+
+/*********************************************************************
+* @purpose function to get the reauth period on interface
+*
+* @param intIfNum interface number
+* @param val value of the reauth period
+* @return SUCCESS or FAILURE
+*
+* @comments
+*
+* @end
+*********************************************************************/
+RC_t authmgrReAuthPeriodGet (uint32 intIfNum, uint32 * val)
+{
+ if ( NULLPTR == val)
+ {
+ return FAILURE;
+ }
+
+ *val = authmgrCB->globalInfo->authmgrPortInfo[intIfNum].reAuthPeriod;
+
+ return SUCCESS;
+}
+
+/*********************************************************************
+* @purpose Processes Authmgr-related event initiated by Dot1Q
+*
+* @param (in) vlanId Virtual LAN Id
+* @param (in) intIfNum Interface Number
+* @param (in) event
+*
+* @returns SUCCESS or FAILURE
+*
+* @end
+*********************************************************************/
+RC_t authmgrVlanChangeCallback (dot1qNotifyData_t *vlanData,
+ uint32 intIfNum, uint32 event)
+{
+ AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_EVENTS, 0,
+ "Received Vlan event %d for interface %s, vlan %d\n",
+ event, authmgrIntfIfNameGet(intIfNum), vlanData->data.vlanId);
+
+ /* Vlan Change callbacks can be called during unconfig phase when dot1q is
+ trying
+ to restore the vlan config. */
+
+ INTF_TYPES_t intfType;
+
+ if (!((AUTHMGR_IS_READY) || authmgrCnfgrState == AUTHMGR_PHASE_UNCONFIG_2))
+ {
+ LOGF ( LOG_SEVERITY_INFO,
+ "Received an VLAN change callback while DOT1Q is not ready to receive it during unconfig state.");
+ return FAILURE;
+ }
+
+ /* before performing any operations with interfaces,
+ check if NIM is ready to handle requests */
+ if ((nimPhaseStatusCheck () == TRUE)
+ && (nimGetIntfType (intIfNum, &intfType) == SUCCESS))
+ {
+ if (authmgrIsValidIntfType (intfType) != TRUE)
+ {
+ /* if AUTHMGR is not interested in this interface,
+ * inform event issuer that we have completed processing.
+ */
+ AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_EVENTS, intIfNum,
+ "Interface %s is not AUTHMGR configurable\n",
+ authmgrIntfIfNameGet(intIfNum));
+ return SUCCESS;
+ }
+ }
+
+ if ((intIfNum != 0)
+ && (authmgrCB->globalInfo->authmgrPortInfo[intIfNum].portEnabled !=
+ TRUE) && (event != VLAN_DELETE_PORT_NOTIFY))
+ {
+ AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_EVENTS, intIfNum,
+ "Interface %s is not enabled \n",
+ authmgrIntfIfNameGet(intIfNum));
+ return SUCCESS;
+ }
+
+ switch (event)
+ {
+ case VLAN_DELETE_PENDING_NOTIFY:
+ authmgrIssueCmd (authmgrVlanDeleteEvent, intIfNum, vlanData);
+ break;
+
+ case VLAN_ADD_NOTIFY:
+ if ( NOT_EXIST == authmgrVlanCheckValid(vlanData->data.vlanId))
+ {
+ AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_EVENTS, 0,
+ "Adding vlan %d\n", vlanData->data.vlanId);
+ authmgrIssueCmd (authmgrVlanAddEvent, intIfNum, vlanData);
+ }
+ break;
+
+ case VLAN_ADD_PORT_NOTIFY:
+ if (authmgrCB->globalInfo->authmgrPortInfo[intIfNum].portControlMode ==
+ AUTHMGR_PORT_AUTO)
+ {
+ authmgrIssueCmd (authmgrVlanAddPortEvent, intIfNum, vlanData);
+ }
+ break;
+
+ case VLAN_DELETE_PORT_NOTIFY:
+ authmgrIssueCmd (authmgrVlanDeletePortEvent, intIfNum, vlanData);
+ break;
+
+ case VLAN_PVID_CHANGE_NOTIFY:
+ authmgrIssueCmd (authmgrVlanPvidChangeEvent, intIfNum, vlanData);
+
+ default:
+ break;
+ }
+ return SUCCESS;
+}
+
+/*********************************************************************
+* @purpose function to get hostmode map entry function entry
+*
+* @param type host control mode
+* @param elem associated entry for the host mode
+* @return SUCCESS or FAILURE
+*
+* @comments
+*
+* @end
+*********************************************************************/
+RC_t authmgrHostModeMapInfoGet ( AUTHMGR_HOST_CONTROL_t type,
+ authmgrHostModeMap_t * elem)
+{
+ uint32 i = 0;
+ static authmgrHostModeMap_t authmgrHostModeHandlerTable[] = {
+ { AUTHMGR_SINGLE_AUTH_MODE, authmgrControlSingleAuthActionSet},
+ { AUTHMGR_MULTI_HOST_MODE, authmgrControlMultiHostActionSet},
+ { AUTHMGR_MULTI_AUTH_MODE, authmgrControlMultAuthActionSet},
+ };
+
+ for (i = 0;
+ i <
+ (sizeof (authmgrHostModeHandlerTable) / sizeof (authmgrHostModeMap_t));
+ i++)
+ {
+ if (type == authmgrHostModeHandlerTable[i].hostMode)
+ {
+ *elem = authmgrHostModeHandlerTable[i];
+ return SUCCESS;
+ }
+ }
+ return FAILURE;
+}
+
+/*********************************************************************
+* @purpose function to check whether attributes are changed,
+* if changed, clean up the hardware info and readd the new info.
+*
+* @param logicalPortInfo @b{(inout)} Pointer to the Logical Port Info
+* @param processInfo @b{(inout)} Pointer to the process Info
+*
+* @return SUCCESS or FAILURE
+*
+* @comments
+*
+* @end
+*********************************************************************/
+RC_t authmgrClientHwInfoCleanupAndReadd(authmgrLogicalPortInfo_t *logicalPortInfo,
+ authmgrClientInfo_t *processInfo)
+{
+ uint32 physPort = 0;
+
+ AUTHMGR_PORT_GET (physPort, logicalPortInfo->key.keyNum);
+
+
+ /* check if the client params have been changed */
+
+ if ( SUCCESS != authmgrClientInfoCleanupCheck
+ (&logicalPortInfo->client, &authmgrCB->processInfo))
+ {
+ if ( AUTHMGR_PORT_STATUS_AUTHORIZED ==
+ logicalPortInfo->client.logicalPortStatus)
+ {
+ /* clean up previous data */
+ if ( SUCCESS != authmgrClientHwInfoCleanup (logicalPortInfo))
+ {
+ AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_FAILURE, physPort,
+ "%s:Unable to cleanup client hw info logicalPort num-%d\n",
+ __FUNCTION__, logicalPortInfo->key.keyNum);
+ return FAILURE;
+ }
+ }
+
+ /* push the client info to hw */
+ if ( SUCCESS != authmgrClientHwInfoAdd (logicalPortInfo,
+ logicalPortInfo->client.suppMacAddr,
+ authmgrCB->processInfo.vlanId,
+ logicalPortInfo->client.blockVlanId))
+ {
+ AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_FAILURE, physPort,
+ "%s:Unable to add client hw info logicalPort num-%d\n",
+ __FUNCTION__, logicalPortInfo->key.keyNum);
+ return FAILURE;
+ }
+ }
+
+ return SUCCESS;
+}
+
+/*********************************************************************
+* @purpose function to handle update of new client
+*
+* @param lIntIfNum client logical interface number
+* @param callbackParams authentication callback params
+* @return SUCCESS or FAILURE
+*
+* @comments
+*
+* @end
+*********************************************************************/
+RC_t authmgrNewClientAction (uint32 lIntIfNum,
+ authmgrAuthRespParams_t * callbackParams)
+{
+ authmgrLogicalPortInfo_t *logicalPortInfo = NULLPTR;
+ uint32 physPort = 0;
+
+ logicalPortInfo = authmgrLogicalPortInfoGet (lIntIfNum);
+ /* Coverity Fix to handle the possible NULLL ptr from the
+ authmgrLogicalPortInfoGet */
+ if (logicalPortInfo == NULLPTR)
+ {
+ /* Coverity defect fix. should never come here as authmgrCheckMapPdu would
+ have assigned a new node if a new client is detected
+ or returned existing logical interface number */
+ return FAILURE;
+ }
+
+ AUTHMGR_PORT_GET (physPort, lIntIfNum);
+
+ if (AUTHMGR_UNAUTHENTICATED == logicalPortInfo->protocol.authState)
+ {
+ AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_FSM_EVENTS, physPort,
+ "%s, %d, triggering event authmgrAuthenticationStart for logicalInterface %d \n",
+ __func__, __LINE__, lIntIfNum);
+
+ authmgrIssueCmd (authmgrAuthenticationStart, lIntIfNum, NULLPTR);
+ authmgrStatsUpdate (physPort, callbackParams->method, authmgrStatsAuthEnter);
+ }
+ else
+ {
+ /* check if the client received is already authenticated */
+
+ if ( AUTHMGR_PORT_STATUS_AUTHORIZED ==
+ logicalPortInfo->client.logicalPortStatus)
+ {
+ if (logicalPortInfo->client.authenticatedMethod !=
+ callbackParams->method)
+ {
+ /* check if the received method is of higher priority than the existing one */
+
+ if (( AUTHMGR_METHOD_NONE != logicalPortInfo->client.authenticatedMethod) &&
+ ( SUCCESS == authmgrPriorityPrecedenceValidate(physPort,
+ logicalPortInfo->client.authenticatedMethod,
+ callbackParams->method)))
+ {
+
+ if (AUTHMGR_AUTHENTICATED == logicalPortInfo->protocol.authState)
+ {
+ AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_FSM_EVENTS, physPort,
+ "%s, %d, Trigger from method %s received. "
+ "Client already authenticated with method %s for logicalInterface %d \n"
+ "Try to authenticate again as higher priority method is received\n",
+ __func__, __LINE__, authmgrMethodStringGet(callbackParams->method),
+ authmgrMethodStringGet(logicalPortInfo->client.authenticatedMethod),lIntIfNum);
+ logicalPortInfo->protocol.authenticatedRcvdStartAuth = TRUE;
+ logicalPortInfo->client.currentMethod = callbackParams->method;
+ authmgrGenerateEvents (lIntIfNum);
+ return SUCCESS;
+ }
+ else
+ {
+ /* ignore the trigger */
+ AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_FSM_EVENTS, physPort,
+ "%s, %d, Trigger from method %s received. "
+ "Client already authenticated with method %s for logicalInterface %d \n"
+ "ignoring trigger as the client auth state is in %s\n",
+ __func__, __LINE__, authmgrMethodStringGet(callbackParams->method),
+ authmgrMethodStringGet(logicalPortInfo->client.authenticatedMethod),lIntIfNum,
+ authmgrAuthStateStringGet(logicalPortInfo->protocol.authState));
+ return SUCCESS;
+ }
+ }
+ else if ( AUTHMGR_METHOD_NONE == logicalPortInfo->client.authenticatedMethod)
+ {
+ AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_FSM_EVENTS, physPort,
+ "%s, %d, Trigger from method %s received. "
+ "Client already authenticated with method %s for logicalInterface %d \n"
+ "Initiate authentication\n",
+ __func__, __LINE__, authmgrMethodStringGet(callbackParams->method),
+ authmgrMethodStringGet(logicalPortInfo->client.authenticatedMethod),lIntIfNum);
+
+ /* mimic authentication restart, if client state is not authenticating.
+ Using existing event to generate the same */
+ if(AUTHMGR_AUTHENTICATING != logicalPortInfo->protocol.authState)
+ {
+ logicalPortInfo->protocol.authenticatedRcvdStartAuth = TRUE;
+
+ AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_CLIENT, physPort,
+ "Current auth method is none. Marking the current method with first method %s "
+ "for logicalInterface %d for new authentication on interface %s \n",
+ authmgrMethodStringGet(authmgrCB->globalInfo->authmgrPortInfo[physPort].enabledMethods[0]),
+ logicalPortInfo->key.keyNum, authmgrIntfIfNameGet(physPort));
+
+ /* Restart with the first enabled method */
+ logicalPortInfo->client.currentMethod = authmgrCB->globalInfo->authmgrPortInfo[physPort].enabledMethods[0];
+ authmgrGenerateEvents (lIntIfNum);
+ }
+ }
+ }
+ else
+ {
+ if ( AUTHMGR_METHOD_8021X == callbackParams->method)
+ {
+ AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_FSM_EVENTS, physPort,
+ "%s, %d, Trigger from method %s received. "
+ "Client already authenticated with method %s for logicalInterface %d \n"
+ "since client is authenticated and received start generating further events\n",
+ __func__, __LINE__, authmgrMethodStringGet(callbackParams->method),
+ authmgrMethodStringGet(logicalPortInfo->client.authenticatedMethod),lIntIfNum);
+
+ if(AUTHMGR_AUTHENTICATING != logicalPortInfo->protocol.authState)
+ {
+ logicalPortInfo->protocol.authenticatedRcvdStartAuth = TRUE;
+ authmgrGenerateEvents (lIntIfNum);
+ }
+ }
+ else
+ {
+
+ /* just ignore */
+ AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_FSM_EVENTS, physPort,
+ "%s, %d, Trigger from method %s received. "
+ "Client already authenticated with method %s for logicalInterface %d \n"
+ "Ignoring the request as the client already authenticated\n",
+ __func__, __LINE__, authmgrMethodStringGet(callbackParams->method),
+ authmgrMethodStringGet(logicalPortInfo->client.authenticatedMethod),lIntIfNum);
+ }
+ }
+ }
+ else
+ {
+
+ if ((AUTHMGR_AUTHENTICATING == logicalPortInfo->protocol.authState) &&
+ ( AUTHMGR_METHOD_8021X == callbackParams->method)&&
+ (logicalPortInfo->client.currentMethod == callbackParams->method))
+ {
+ AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_FSM_EVENTS, physPort,
+ "%s, %d, Triggering authetication for method %s. "
+ "for logicalInterface %d , current auth state of client is %s\n",
+ __func__, __LINE__, authmgrMethodStringGet(callbackParams->method), lIntIfNum,
+ authmgrAuthStateStringGet(logicalPortInfo->protocol.authState));
+
+ authmgrAuthenticationTrigger(logicalPortInfo);
+ }
+ else
+ {
+ AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_FSM_EVENTS, physPort,
+ "%s, %d, Cannot trigger event authmgrAuthenticationStart "
+ "for logicalInterface %d authState %d\n",
+ __func__, __LINE__, lIntIfNum, logicalPortInfo->protocol.authState);
+
+ if (AUTHMGR_AUTHENTICATING != logicalPortInfo->protocol.authState)
+ {
+ LOGF ( LOG_SEVERITY_INFO,
+ "Client not ready for authentication.");
+ }
+ }
+ }
+ }
+
+
+ return SUCCESS;
+}
+
+/*********************************************************************
+* @purpose function to handle RADIUS comm failure response from client
+*
+* @param lIntIfNum client logical interface number
+* @param callbackParams authentication callback params
+* @return SUCCESS or FAILURE
+*
+* @comments
+*
+* @end
+*********************************************************************/
+RC_t authmgrStatusServerCommFailAction (uint32 lIntIfNum,
+ authmgrAuthRespParams_t * callbackParams)
+{
+ authmgrLogicalPortInfo_t *logicalPortInfo = NULLPTR;
+ uint32 physPort = 0;
+ authmgrStatsUpdate_t status = authmgrStatsAuthFail;
+
+ AUTHMGR_IF_NULLPTR_RETURN_LOG (callbackParams);
+
+ logicalPortInfo = authmgrLogicalPortInfoGet (lIntIfNum);
+ AUTHMGR_IF_NULLPTR_RETURN_LOG (logicalPortInfo);
+
+ AUTHMGR_PORT_GET (physPort, lIntIfNum);
+
+ /* update statistics */
+ status = authmgrStatsAuthFail;
+ authmgrStatsUpdate (physPort, callbackParams->method, status);
+
+ AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_PORT_STATUS, physPort,
+ "%s:RADIUS server comm failure for logicalPort num-%d\n",
+ __FUNCTION__, logicalPortInfo->key.keyNum);
+
+ if (0 !=
+ strlen (callbackParams->clientParams.info.authInfo.authmgrUserName))
+ {
+ memcpy (logicalPortInfo->client.authmgrUserName,
+ callbackParams->clientParams.info.authInfo.authmgrUserName,
+ AUTHMGR_USER_NAME_LEN);
+ logicalPortInfo->client.authmgrUserNameLength =
+ callbackParams->clientParams.info.authInfo.authmgrUserNameLength;
+ }
+
+ AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_PORT_STATUS, physPort,
+ "%s:logicalPort num %d currentIdL %d\n",
+ __FUNCTION__, logicalPortInfo->key.keyNum,
+ callbackParams->clientParams.info.authInfo.attrInfo.idFromServer);
+
+ logicalPortInfo->client.currentIdL = callbackParams->clientParams.info.authInfo.attrInfo.idFromServer;
+
+ authmgrClientInfoCleanup (logicalPortInfo);
+ return SUCCESS;
+}
+
+/*********************************************************************
+* @purpose function to handle failure or timeout response from client
+*
+* @param lIntIfNum client logical interface number
+* @param callbackParams authentication callback params
+* @return SUCCESS or FAILURE
+*
+* @comments
+*
+* @end
+*********************************************************************/
+RC_t authmgrStatusNotSuccessAction (uint32 lIntIfNum,
+ authmgrAuthRespParams_t * callbackParams)
+{
+ authmgrLogicalPortInfo_t *logicalPortInfo = NULLPTR;
+ uint32 physPort = 0;
+ authmgrStatsUpdate_t status = authmgrStatsAuthFail; /* Need to check - TBD */
+ authmgrClientType_t clientType = AUTHMGR_CLIENT_UNAWARE;
+
+ AUTHMGR_IF_NULLPTR_RETURN_LOG (callbackParams);
+ /* update statistics */
+
+ logicalPortInfo = authmgrLogicalPortInfoGet (lIntIfNum);
+ AUTHMGR_IF_NULLPTR_RETURN_LOG (logicalPortInfo);
+
+ AUTHMGR_PORT_GET (physPort, lIntIfNum);
+
+ authmgrTimerDestroy (authmgrCB->globalInfo->authmgrTimerCB,
+ logicalPortInfo, AUTHMGR_METHOD_NO_RESP_TMR);
+
+ authmgrCB->oldInfo = logicalPortInfo->client;
+
+ if (0 !=
+ strlen (callbackParams->clientParams.info.authInfo.authmgrUserName))
+ {
+ memcpy (logicalPortInfo->client.authmgrUserName,
+ callbackParams->clientParams.info.authInfo.authmgrUserName,
+ AUTHMGR_USER_NAME_LEN);
+ logicalPortInfo->client.authmgrUserNameLength =
+ callbackParams->clientParams.info.authInfo.authmgrUserNameLength;
+ }
+
+ AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_PORT_STATUS, physPort,
+ "%s:logicalPort num %d currentIdL %d\n",
+ __FUNCTION__, logicalPortInfo->key.keyNum,
+ callbackParams->clientParams.info.authInfo.attrInfo.idFromServer);
+
+ logicalPortInfo->client.currentIdL = callbackParams->clientParams.info.authInfo.attrInfo.idFromServer;
+
+ if (callbackParams->status == AUTHMGR_AUTH_FAIL)
+ {
+ logicalPortInfo->protocol.authFail = TRUE;
+ logicalPortInfo->client.reAuthCount++;
+ status = authmgrStatsAuthFail;
+ clientType =
+ (callbackParams->method ==
+ AUTHMGR_METHOD_8021X ? AUTHMGR_CLIENT_AWARE : AUTHMGR_CLIENT_UNAWARE);
+ }
+ else if (callbackParams->status == AUTHMGR_AUTH_TIMEOUT)
+ {
+ logicalPortInfo->protocol.authTimeout = TRUE;
+ status = authmgrStatsAuthTimeout;
+ }
+
+ if ((AUTHMGR_CLIENT_AWARE != logicalPortInfo->client.clientType) ||
+ (AUTHMGR_CLIENT_UNASSIGNED == logicalPortInfo->client.clientType))
+ {
+ logicalPortInfo->client.clientType = clientType;
+ }
+
+ authmgrStatsUpdate (physPort, callbackParams->method, status);
+
+ logicalPortInfo->protocol.authSuccess = FALSE;
+
+ return authmgrGenerateEvents (lIntIfNum);
+}
+
+/*********************************************************************
+* @purpose function to handle auth disconnect of the client
+*
+* @param lIntIfNum client logical interface number
+* @param callbackParams authentication callback params
+* @return SUCCESS or FAILURE
+*
+* @comments
+*
+* @end
+*********************************************************************/
+RC_t authmgrStatusDisconnectAction (uint32 lIntIfNum,
+ authmgrAuthRespParams_t * callbackParams)
+{
+ authmgrLogicalPortInfo_t *logicalPortInfo = NULLPTR;
+ uint32 physPort = 0;
+
+ AUTHMGR_IF_NULLPTR_RETURN_LOG (callbackParams);
+ /* update statistics */
+
+ logicalPortInfo = authmgrLogicalPortInfoGet (lIntIfNum);
+ AUTHMGR_IF_NULLPTR_RETURN_LOG (logicalPortInfo);
+
+ AUTHMGR_PORT_GET (physPort, lIntIfNum);
+
+ logicalPortInfo->client.currentIdL = callbackParams->clientParams.info.authInfo.attrInfo.idFromServer;
+
+ /* check if the client is already authenticated using the same method.
+ If yes, remove the client details */
+ if (( AUTHMGR_PORT_STATUS_AUTHORIZED ==
+ logicalPortInfo->client.logicalPortStatus)
+ && (logicalPortInfo->client.authenticatedMethod ==
+ logicalPortInfo->client.currentMethod))
+ {
+ authmgrClientInfoCleanup (logicalPortInfo);
+ }
+ return SUCCESS;
+}
+
+/*********************************************************************
+* @purpose function to handle auth success of the client
+*
+* @param lIntIfNum client logical interface number
+* @param callbackParams authentication callback params
+* @return SUCCESS or FAILURE
+*
+* @comments
+*
+* @end
+*********************************************************************/
+RC_t authmgrStatusSuccessAction (uint32 lIntIfNum,
+ authmgrAuthRespParams_t * callbackParams)
+{
+ authmgrLogicalPortInfo_t *logicalPortInfo = NULLPTR;
+ uint32 physPort = 0;
+ authmgrClientType_t clientType = 0;
+
+ logicalPortInfo = authmgrLogicalPortInfoGet (lIntIfNum);
+
+ AUTHMGR_IF_NULLPTR_RETURN_LOG (logicalPortInfo);
+ AUTHMGR_IF_NULLPTR_RETURN_LOG (callbackParams);
+
+ AUTHMGR_PORT_GET (physPort, logicalPortInfo->key.keyNum);
+
+ authmgrTimerDestroy (authmgrCB->globalInfo->authmgrTimerCB,
+ logicalPortInfo, AUTHMGR_METHOD_NO_RESP_TMR);
+
+ /* Received auth success.
+ Parse the received attributes and program
+ accordingly */
+
+ memset(&authmgrCB->processInfo, 0, sizeof(authmgrClientInfo_t));
+ memset(&authmgrCB->oldInfo, 0, sizeof(authmgrClientInfo_t));
+ memset(&authmgrCB->attrInfo, 0, sizeof(authmgrAuthAttributeInfo_t));
+
+ authmgrCB->oldInfo = logicalPortInfo->client;
+ memcpy(&authmgrCB->attrInfo,
+ &callbackParams->clientParams.info.authInfo.attrInfo,
+ sizeof(authmgrAuthAttributeInfo_t));
+
+ if (0 != strlen (callbackParams->clientParams.info.authInfo.authmgrUserName))
+ {
+ memcpy (logicalPortInfo->client.authmgrUserName,
+ callbackParams->clientParams.info.authInfo.authmgrUserName,
+ AUTHMGR_USER_NAME_LEN);
+ logicalPortInfo->client.authmgrUserNameLength =
+ callbackParams->clientParams.info.authInfo.authmgrUserNameLength;
+ }
+
+ if ( SUCCESS != authmgrRadiusAcceptPostProcess (logicalPortInfo, &authmgrCB->processInfo, AUTHMGR_ATTR_RADIUS))
+ {
+ /* update failure stats and move further */
+ authmgrStatsUpdate (physPort, callbackParams->method, authmgrStatsAuthFail);
+
+ if ( AUTHMGR_METHOD_NONE != callbackParams->method)
+ {
+ /* clean up the info at the caller */
+ if ( NULLPTR != authmgrCB->globalInfo->authmgrCallbacks[callbackParams->method].eventNotifyFn)
+ {
+ authmgrCB->globalInfo->authmgrCallbacks[callbackParams->method].eventNotifyFn
+ (physPort, authmgrClientDisconnect, &logicalPortInfo->client.suppMacAddr);
+ }
+ }
+
+ logicalPortInfo->protocol.authSuccess = FALSE;
+ logicalPortInfo->protocol.authFail = TRUE;
+
+ return authmgrGenerateEvents (logicalPortInfo->key.keyNum);
+ }
+ /* Update Session timeout and terminate action */
+ authmgrCB->processInfo.sessionTimeout = authmgrCB->attrInfo.sessionTimeout;
+ authmgrCB->processInfo.terminationAction = RADIUS_TERMINATION_ACTION_DEFAULT;
+ if ((RADIUS_TERMINATION_ACTION_DEFAULT == authmgrCB->attrInfo.terminationAction) ||
+ (RADIUS_TERMINATION_ACTION_RADIUS == authmgrCB->attrInfo.terminationAction))
+ {
+ authmgrCB->processInfo.terminationAction = authmgrCB->attrInfo.terminationAction ;
+ }
+
+ memcpy(&(logicalPortInfo->client.serverClass),
+ &(authmgrCB->attrInfo.serverClass), authmgrCB->attrInfo.serverClassLen);
+ logicalPortInfo->client.serverClassLen = authmgrCB->attrInfo.serverClassLen;
+
+ if ( SUCCESS != authmgrClientHwInfoCleanupAndReadd(logicalPortInfo,
+ &authmgrCB->processInfo))
+ {
+ if ( AUTHMGR_METHOD_NONE != callbackParams->method)
+ {
+ /* clean up the info at the caller */
+ if ( NULLPTR != authmgrCB->globalInfo->authmgrCallbacks[callbackParams->method].eventNotifyFn)
+ {
+ authmgrCB->globalInfo->authmgrCallbacks[callbackParams->method].eventNotifyFn
+ (physPort, authmgrClientDisconnect, &logicalPortInfo->client.suppMacAddr);
+ }
+ }
+
+ logicalPortInfo->protocol.authSuccess = FALSE;
+ logicalPortInfo->protocol.authFail = TRUE;
+ return authmgrGenerateEvents (lIntIfNum);
+ }
+
+ logicalPortInfo->protocol.authSuccess = TRUE;
+ logicalPortInfo->protocol.authFail = FALSE;
+
+ clientType =
+ (callbackParams->method ==
+ AUTHMGR_METHOD_8021X ? AUTHMGR_CLIENT_AWARE : AUTHMGR_CLIENT_UNAWARE);
+ logicalPortInfo->client.clientType = clientType;
+
+ if ( AUTH_METHOD_RADIUS ==
+ callbackParams->clientParams.info.authInfo.authMethod)
+ {
+ logicalPortInfo->client.vlanType = AUTHMGR_VLAN_RADIUS;
+ }
+ else
+ {
+ logicalPortInfo->client.vlanType = AUTHMGR_VLAN_DEFAULT;
+ }
+
+ logicalPortInfo->client.authenticatedMethod = callbackParams->method;
+ logicalPortInfo->client.authMethod =
+ callbackParams->clientParams.info.authInfo.authMethod;
+
+ logicalPortInfo->client.vlanId = authmgrCB->processInfo.vlanId;
+
+ logicalPortInfo->client.sessionTimeout =
+ authmgrCB->processInfo.sessionTimeout;
+ logicalPortInfo->client.terminationAction =
+ authmgrCB->processInfo.terminationAction;
+
+ AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_PORT_STATUS, physPort,
+ "%s:logicalPort num %d currentIdL %d\n",
+ __FUNCTION__, logicalPortInfo->key.keyNum,
+ authmgrCB->attrInfo.idFromServer);
+
+ logicalPortInfo->client.currentIdL = authmgrCB->attrInfo.idFromServer;
+
+ /* update statistics */
+ authmgrStatsUpdate (physPort, callbackParams->method,
+ authmgrStatsAuthSuccess);
+ return authmgrGenerateEvents (lIntIfNum);
+}
+
+/*********************************************************************
+* @purpose deletes all the authenticated clients using the method
+*
+* @param intIfNum @b{(input)) internal interface number
+* @param method @b{(input)) method for which entris are to be deleted
+*
+* @returns SUCCESS
+* @returns FAILURE
+*
+* @comments
+*
+* @end
+*********************************************************************/
+RC_t authmgrClientsByMethodDelete (uint32 intIfNum,
+ AUTHMGR_METHOD_t method)
+{
+ /* This function purges all the clients who are
+ authenticated using this method */
+ uint32 lIndex;
+ authmgrLogicalPortInfo_t *logicalPortInfo;
+
+ if (authmgrIsValidIntf (intIfNum) != TRUE)
+ {
+ return FAILURE;
+ }
+
+ AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_PORT_STATUS, intIfNum,
+ "%s:Deleting clients authenticated with method %d on Physical port-%d \n",
+ __FUNCTION__, method, intIfNum);
+
+ lIndex = AUTHMGR_LOGICAL_PORT_ITERATE;
+ while ((logicalPortInfo =
+ authmgrLogicalPortInfoGetNextNode (intIfNum, &lIndex)) != NULLPTR)
+ {
+ if (logicalPortInfo->client.authenticatedMethod == method)
+ {
+ /* cleanup the client */
+ authmgrClientInfoCleanup (logicalPortInfo);
+ }
+ }
+
+ return SUCCESS;
+}
+
+/*********************************************************************
+* @purpose interface function to hanlde auth method change event
+*
+* @param intIfNum internal interface number
+* @param callbackParams authentication callback params
+* @return SUCCESS or FAILURE
+*
+* @comments
+*
+* @end
+*********************************************************************/
+RC_t authmgrStatusAuthModifyAction (uint32 intIfNum,
+ authmgrAuthRespParams_t * callbackParams)
+{
+ AUTHMGR_METHOD_t orderList[ AUTHMGR_METHOD_LAST];
+ AUTHMGR_IF_NULLPTR_RETURN_LOG (callbackParams);
+
+ /* see if the method is disabled */
+
+ if ( FALSE == callbackParams->clientParams.info.enableStatus)
+ {
+ /* method is disabled. If enabled in the order,
+ delete all the authenticated clients and
+ remove the method from the order */
+ authmgrClientsByMethodDelete (intIfNum, callbackParams->method);
+ }
+
+ memcpy (orderList, authmgrCB->globalInfo->authmgrPortInfo[intIfNum].enabledPriority,
+ sizeof (orderList));
+ authmgrMethodModifyAction (intIfNum);
+
+ if (( AUTHMGR_METHOD_MAB == callbackParams->method) &&
+ ( AUTHMGR_PORT_AUTO == authmgrCB->globalInfo->authmgrPortInfo[intIfNum].portControlMode) &&
+ ( AUTHMGR_MULTI_HOST_MODE == authmgrCB->globalInfo->authmgrPortInfo[intIfNum].hostMode) &&
+ (0 == authmgrCB->globalInfo->authmgrPortInfo[intIfNum].authCount))
+ {
+ if ( TRUE !=
+ authmgrListArrayCompare (authmgrCB->globalInfo->authmgrPortInfo[intIfNum].
+ enabledMethods, orderList, sizeof(orderList)))
+ {
+ authmgrPortLearningModify(intIfNum);
+ }
+ }
+ return SUCCESS;
+}
+
+/*********************************************************************
+* @purpose function to handle auth status of all clients
+*
+* @param callbackParams authentication callback param
+* @return SUCCESS or FAILURE
+*
+* @comments
+*
+* @end
+*********************************************************************/
+RC_t authmgrStatusAuthModifyAllAction (authmgrAuthRespParams_t *
+ callbackParams)
+{
+ RC_t nimRc;
+ uint32 phyIntf;
+
+ AUTHMGR_IF_NULLPTR_RETURN_LOG (callbackParams);
+
+ /* loop through all the interfaces and initiate the changes */
+ nimRc = authmgrFirstValidIntfNumber (&phyIntf);
+ while (nimRc == SUCCESS)
+ {
+ /* clean up the hw info */
+ authmgrMethodModifyAction (phyIntf);
+
+ if ( DISABLE == callbackParams->clientParams.info.enableStatus)
+ {
+ authmgrClientsByMethodDelete (phyIntf, callbackParams->method);
+ }
+
+ nimRc = authmgrNextValidIntf (phyIntf, &phyIntf);
+ }
+ return SUCCESS;
+}
+
+/*************************************************************************
+* @purpose function to get function map entry for the given method
+*
+* @param type @b{(input)} method type
+* @param elem @b{(input)} Pointer to map entry
+*
+* @returns SUCCESS
+* @returns FAILURE
+*
+* @comments none
+*
+* @end
+*************************************************************************/
+RC_t authmgrStatusCalbackMapEntryGet ( AUTHMGR_STATUS_t type,
+ authmgrStatusMap_t * elem)
+{
+ uint32 i = 0;
+ static authmgrStatusMap_t authmgrStatusMap[] = {
+ { AUTHMGR_NEW_CLIENT, authmgrNewClientAction},
+ { AUTHMGR_AUTH_FAIL, authmgrStatusNotSuccessAction},
+ { AUTHMGR_AUTH_SUCCESS, authmgrStatusSuccessAction},
+ { AUTHMGR_AUTH_TIMEOUT, authmgrStatusNotSuccessAction},
+ { AUTHMGR_AUTH_SERVER_COMM_FAILURE, authmgrStatusServerCommFailAction},
+ { AUTHMGR_CLIENT_DISCONNECTED, authmgrStatusDisconnectAction},
+ { AUTHMGR_METHOD_CHANGE, authmgrStatusAuthModifyAction}
+ };
+
+ for (i = 0; i < (sizeof (authmgrStatusMap) / sizeof (authmgrStatusMap_t));
+ i++)
+ {
+ if (type == authmgrStatusMap[i].type)
+ {
+ *elem = authmgrStatusMap[i];
+ return SUCCESS;
+ }
+ }
+
+ return FAILURE;
+}
+
+/*********************************************************************
+* @purpose Control function to handle the events received from methods
+*
+* @param intIfNum @b{(input)) internal interface number
+* @param callbackParams @b{(input)) status from the calling applications like
+ 802.1X/MAB/CP
+*
+* @returns SUCCESS
+* @returns FAILURE
+*
+* @comments
+*
+* @end
+*********************************************************************/
+RC_t authmgrClientCallbackEventProcess (uint32 intIfNum,
+ authmgrAuthRespParams_t *
+ callbackParams)
+{
+ uint32 lIntIfNum = 0;
+ BOOL exists = FALSE;
+ authmgrStatusMap_t entry;
+ authmgrLogicalPortInfo_t *logicalPortInfo = NULLPTR;
+ uint32 physPort = 0, lPort = 0, type = 0;
+
+ if (authmgrCB->globalInfo->authmgrCfg->adminMode != ENABLE)
+ {
+ return SUCCESS;
+ }
+ if ( NULLPTR == callbackParams)
+ {
+ return FAILURE;
+ }
+
+ if ( AUTHMGR_METHOD_CHANGE == callbackParams->status)
+ {
+ if ( FALSE == callbackParams->clientParams.info.enableStatus)
+ {
+ /* Allow some time for methods to disable. Otherwise Ping-Pong will return "enabled" for
+ disabled methods. However Ping-Pong should be optimized going forward and then this
+ delay should be taken out. */
+ osapiSleepMSec(100);
+ }
+
+ if ( ALL_INTERFACES == intIfNum)
+ {
+ authmgrStatusAuthModifyAllAction (callbackParams);
+ }
+ else
+ {
+ authmgrStatusAuthModifyAction (intIfNum, callbackParams);
+ }
+ return SUCCESS;
+ }
+
+ if (authmgrIsValidIntf (intIfNum) != TRUE)
+ {
+ return FAILURE;
+ }
+
+ if ( DOT1X_PAE_PORT_AUTH_CAPABLE != authmgrCB->globalInfo->authmgrPortInfo[intIfNum].paeCapabilities)
+ {
+ AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_EVENTS, intIfNum,
+ "Interface %d is not PAE capable port. Hence No action \n", intIfNum);
+ return SUCCESS;
+ }
+
+ AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_EVENTS, intIfNum,
+ "%s Received Event - %s and mac address(%2.2x:%2.2x:%2.2x:%2.2x:%2.2x:%2.2x)for method- %s \n",
+ __FUNCTION__,
+ authmgrMethodStatusStringGet (callbackParams->status),
+ callbackParams->clientParams.info.authInfo.macAddr.
+ addr[0],
+ callbackParams->clientParams.info.authInfo.macAddr.
+ addr[1],
+ callbackParams->clientParams.info.authInfo.macAddr.
+ addr[2],
+ callbackParams->clientParams.info.authInfo.macAddr.
+ addr[3],
+ callbackParams->clientParams.info.authInfo.macAddr.
+ addr[4],
+ callbackParams->clientParams.info.authInfo.macAddr.
+ addr[5], authmgrMethodStringGet (callbackParams->method));
+
+ lIntIfNum = 0;
+ if (( AUTHMGR_AUTH_FAIL == callbackParams->status) ||
+ ( AUTHMGR_AUTH_TIMEOUT == callbackParams->status) ||
+ ( AUTHMGR_CLIENT_DISCONNECTED == callbackParams->status))
+ {
+ if (( SUCCESS != authmgrMacAddrInfoFind (&callbackParams->clientParams.info.authInfo.macAddr,
+ &lIntIfNum)) ||
+ (0 == lIntIfNum))
+ {
+ AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_EVENTS, intIfNum,
+ "%s client is not present. Ignoring the result \n",
+ __FUNCTION__);
+
+ /* client doesn't exist, ignoring the result
+ for non existing client */
+ return SUCCESS;
+ }
+ else
+ {
+ if ( NULLPTR != authmgrLogicalPortInfoGet (lIntIfNum))
+ {
+ /* get the key and unpack */
+ AUTHMGR_LPORT_KEY_UNPACK (physPort, lPort, type, lIntIfNum);
+
+ if (physPort != intIfNum)
+ {
+ /* Event is received for a client on differnt interface. Hence return FAILURE. */
+ uchar8 ifNameEvent[ NIM_IF_ALIAS_SIZE + 1];
+ uchar8 ifNameClient[ NIM_IF_ALIAS_SIZE + 1];
+
+ nimGetIntfName (physPort, ALIASNAME, ifNameClient);
+ nimGetIntfName (intIfNum, ALIASNAME, ifNameEvent);
+
+ AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_EVENTS, intIfNum,
+ "Event %s for the client %s is received on interface %s (intIfNum %d) but this client exists on the interface %s (intIfNum %d). "
+ "Hence ignoring.", authmgrMethodStatusStringGet (callbackParams->status),
+ AUTHMGR_PRINT_MAC_ADDR(callbackParams->clientParams.info.authInfo.macAddr.addr),
+ ifNameEvent, intIfNum, ifNameClient, physPort);
+ LOGF ( LOG_SEVERITY_NOTICE,
+ "Update for the client %s is received on interface %s (intIfNum %d) but this client exists on the interface %s (intIfNum %d).",
+ AUTHMGR_PRINT_MAC_ADDR(callbackParams->clientParams.info.authInfo.macAddr.addr),
+ ifNameEvent, intIfNum, ifNameClient, physPort);
+ return FAILURE;
+ }
+ else
+ {
+ AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_EVENTS, intIfNum,
+ "Received client is present on %d port. \n", intIfNum);
+ }
+ }
+ }
+ }
+
+ lIntIfNum = 0;
+
+ if ( AUTHMGR_CLIENT_DISCONNECTED == callbackParams->status)
+ {
+ if ( SUCCESS == authmgrMacAddrInfoFind (&callbackParams->clientParams.info.authInfo.macAddr,
+ &lIntIfNum))
+ {
+ logicalPortInfo = authmgrLogicalPortInfoGet (lIntIfNum);
+ AUTHMGR_IF_NULLPTR_RETURN_LOG (logicalPortInfo);
+
+
+
+ /* check if the client received is already authenticated */
+ if ( AUTHMGR_PORT_STATUS_AUTHORIZED ==
+ logicalPortInfo->client.logicalPortStatus)
+ {
+ {
+
+ if (logicalPortInfo->client.authenticatedMethod !=
+ callbackParams->method)
+ {
+ /* check if the received method is of higher priority than the existing one */
+
+ if (( AUTHMGR_METHOD_NONE != logicalPortInfo->client.authenticatedMethod) &&
+ ( SUCCESS != authmgrPriorityPrecedenceValidate(intIfNum,
+ logicalPortInfo->client.authenticatedMethod,
+ callbackParams->method)))
+ {
+ /* ignore the message for authentication
+ priority over rules */
+ AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_FSM_EVENTS, intIfNum,
+ "%s, %d, Trigger from method %s received. "
+ "Client already authenticated with method %s for logicalInterface %d \n"
+ "Ignoring the request as client current auth method has higher priority than received\n",
+ __func__, __LINE__, authmgrMethodStringGet(callbackParams->method),
+ authmgrMethodStringGet(logicalPortInfo->client.authenticatedMethod),lIntIfNum);
+ return SUCCESS;
+ }
+ }
+ }
+ }
+ authmgrClientInfoCleanup (logicalPortInfo);
+ }
+ else
+ {
+ AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_PORT_STATUS, intIfNum,
+ "%s:Client not found in AuthMgr. Calling Disconnect "
+ "for client with method %d on Physical port-%d \n",
+ __FUNCTION__, callbackParams->method, intIfNum);
+ if ( NULLPTR !=
+ authmgrCB->globalInfo->authmgrCallbacks[callbackParams->method].eventNotifyFn)
+ {
+ (void)authmgrCB->globalInfo->authmgrCallbacks[callbackParams->method].eventNotifyFn
+ (intIfNum, authmgrClientDisconnect,
+ &callbackParams->clientParams.info.authInfo.macAddr);
+ }
+ }
+ return SUCCESS;
+ }
+
+ AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_CLIENT, intIfNum,
+ "\n%s:%d: Check Source Mac: %s Interface: %s \n",
+ __FUNCTION__, __LINE__,
+ AUTHMGR_PRINT_MAC_ADDR(callbackParams->clientParams.info.authInfo.macAddr.addr),
+ authmgrIntfIfNameGet(intIfNum));
+
+ /* check for the associated node */
+ /* search the Mac address in the list of clients on the port */
+ if (authmgrCheckMapPdu
+ (intIfNum, callbackParams->clientParams.info.authInfo.macAddr.addr,
+ &lIntIfNum, &exists) != SUCCESS)
+ {
+ AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_FAILURE, intIfNum,
+ "Failed to Process the authmgrClientCallbackEvent \n");
+ if ( NULLPTR !=
+ authmgrCB->globalInfo->authmgrCallbacks[callbackParams->method].eventNotifyFn)
+ {
+ (void)authmgrCB->globalInfo->authmgrCallbacks[callbackParams->method].eventNotifyFn
+ (intIfNum, authmgrClientDisconnect,
+ &callbackParams->clientParams.info.authInfo.macAddr);
+ }
+ return SUCCESS;
+ }
+
+ if ( TRUE == exists)
+ {
+ logicalPortInfo = authmgrLogicalPortInfoGet(lIntIfNum);
+ AUTHMGR_IF_NULLPTR_RETURN_LOG(logicalPortInfo);
+ }
+ else
+ {
+ logicalPortInfo = authmgrLogicalPortInfoGet(lIntIfNum);
+ AUTHMGR_IF_NULLPTR_RETURN_LOG(logicalPortInfo);
+ authmgrGenerateEvents (logicalPortInfo->key.keyNum);
+ }
+
+ if (0 != callbackParams->clientParams.info.authInfo.eapolVersion)
+ {
+ logicalPortInfo = NULLPTR;
+
+ logicalPortInfo = authmgrLogicalPortInfoGet(lIntIfNum);
+ AUTHMGR_IF_NULLPTR_RETURN_LOG(logicalPortInfo);
+
+ AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_EVENTS, intIfNum,
+ "%s Status %s Received EAPoL version for mac address(%2.2x:%2.2x:%2.2x:%2.2x:%2.2x:%2.2x)using method- %s EAPoL Version - %d \n",
+ __FUNCTION__,
+ authmgrMethodStatusStringGet (callbackParams->status),
+ callbackParams->clientParams.info.authInfo.macAddr.
+ addr[0],
+ callbackParams->clientParams.info.authInfo.macAddr.
+ addr[1],
+ callbackParams->clientParams.info.authInfo.macAddr.
+ addr[2],
+ callbackParams->clientParams.info.authInfo.macAddr.
+ addr[3],
+ callbackParams->clientParams.info.authInfo.macAddr.
+ addr[4],
+ callbackParams->clientParams.info.authInfo.macAddr.
+ addr[5], authmgrMethodStringGet (callbackParams->method),
+ callbackParams->clientParams.info.authInfo.eapolVersion);
+
+ if (logicalPortInfo->client.rcvdEapolVersion != callbackParams->clientParams.info.authInfo.eapolVersion)
+ {
+
+ AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_EVENTS, intIfNum,
+ "%s Updating EAPoL version for mac address(%2.2x:%2.2x:%2.2x:%2.2x:%2.2x:%2.2x) from version %d to version - %d \n",
+ __FUNCTION__,
+ callbackParams->clientParams.info.authInfo.macAddr.
+ addr[0],
+ callbackParams->clientParams.info.authInfo.macAddr.
+ addr[1],
+ callbackParams->clientParams.info.authInfo.macAddr.
+ addr[2],
+ callbackParams->clientParams.info.authInfo.macAddr.
+ addr[3],
+ callbackParams->clientParams.info.authInfo.macAddr.
+ addr[4],
+ callbackParams->clientParams.info.authInfo.macAddr.
+ addr[5],
+ logicalPortInfo->client.rcvdEapolVersion,
+ callbackParams->clientParams.info.authInfo.eapolVersion);
+
+ logicalPortInfo->client.rcvdEapolVersion = callbackParams->clientParams.info.authInfo.eapolVersion;
+ }
+ }
+
+ if (( AUTHMGR_AUTH_SUCCESS == callbackParams->status) ||
+ ( AUTHMGR_AUTH_FAIL == callbackParams->status) ||
+ ( AUTHMGR_AUTH_TIMEOUT == callbackParams->status))
+ {
+ uchar8 ifNameEvent[ NIM_IFNAME_SIZE + 1];
+ nimGetIntfName (intIfNum, ALIASNAME, ifNameEvent);
+
+ if (AUTHMGR_HELD == logicalPortInfo->protocol.authState)
+ {
+ AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_EVENTS, intIfNum,
+ "Event %s for the client %s is received on interface %s (intIfNum %d) but this client is in HELD state. "
+ "Hence ignoring.", authmgrMethodStatusStringGet (callbackParams->status),
+ AUTHMGR_PRINT_MAC_ADDR(callbackParams->clientParams.info.authInfo.macAddr.addr),
+ ifNameEvent, intIfNum);
+
+ return SUCCESS;
+ }
+
+ if ((AUTHMGR_AUTHENTICATED == logicalPortInfo->protocol.authState) &&
+ (logicalPortInfo->client.authenticatedMethod != callbackParams->method))
+ {
+ AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_EVENTS, intIfNum,
+ "Event %s for the client %s is received on interface %s (intIfNum %d) "
+ "but this client's authenticated method (%s) is different from callback method (%s). "
+ "Hence ignoring.", authmgrMethodStatusStringGet (callbackParams->status),
+ AUTHMGR_PRINT_MAC_ADDR(callbackParams->clientParams.info.authInfo.macAddr.addr),
+ ifNameEvent, intIfNum, authmgrMethodStringGet (logicalPortInfo->client.authenticatedMethod),
+ authmgrMethodStringGet (callbackParams->method));
+
+ return SUCCESS;
+ }
+ }
+
+ memset (&entry, 0, sizeof (authmgrStatusMap_t));
+ if ( SUCCESS !=
+ authmgrStatusCalbackMapEntryGet (callbackParams->status, &entry))
+ {
+ return FAILURE;
+ }
+
+ return entry.statusFn (lIntIfNum, callbackParams);
+}
+
+/*********************************************************************
+* @purpose Get the first operationally enabled method on a interface
+*
+* @param intIfNum @b{(input)) internal interface number
+* @param nextMethod @b{(output)) pointer to the next method
+*
+* @returns SUCCESS
+* @returns FAILURE
+*
+* @comments
+*
+* @end
+*********************************************************************/
+RC_t authmgrFirstMethodGet (uint32 intIfNum,
+ AUTHMGR_METHOD_t * nextMethod)
+{
+ uint32 j;
+
+ if (authmgrIsValidIntf (intIfNum) != TRUE)
+ {
+ return FAILURE;
+ }
+
+ if ( AUTHMGR_METHOD_NONE ==
+ authmgrCB->globalInfo->authmgrPortInfo[intIfNum].enabledMethods[0])
+ {
+ return FAILURE;
+ }
+
+ j = 0;
+ for (j = AUTHMGR_METHOD_MIN; j < AUTHMGR_METHOD_MAX; j++)
+ {
+ if (authmgrCB->globalInfo->authmgrPortInfo[intIfNum].enabledMethods[j] !=
+ AUTHMGR_METHOD_NONE)
+ {
+ *nextMethod =
+ authmgrCB->globalInfo->authmgrPortInfo[intIfNum].enabledMethods[j];
+ return SUCCESS;
+ }
+ }
+ return FAILURE;
+}
+
+/*********************************************************************
+* @purpose Get the next operationally enabled method on a interface
+*
+* @param intIfNum @b{(input)) internal interface number
+* @param nextMethod @b{(output)) pointer to the next method
+*
+* @returns SUCCESS
+* @returns FAILURE
+*
+* @comments
+*
+* @end
+*********************************************************************/
+RC_t authmgrNextMethodGet (uint32 intIfNum,
+ AUTHMGR_METHOD_t * nextMethod)
+{
+ uint32 j;
+
+ if (authmgrIsValidIntf (intIfNum) != TRUE)
+ {
+ return FAILURE;
+ }
+
+ if ( AUTHMGR_METHOD_NONE ==
+ authmgrCB->globalInfo->authmgrPortInfo[intIfNum].enabledMethods[0])
+ {
+ return FAILURE;
+ }
+
+ for (j = AUTHMGR_METHOD_MIN; j < AUTHMGR_METHOD_MAX; j++)
+ {
+ if (authmgrCB->globalInfo->authmgrPortInfo[intIfNum].enabledMethods[j] ==
+ AUTHMGR_METHOD_NONE)
+ {
+ return FAILURE;
+ }
+ if ((*nextMethod ==
+ authmgrCB->globalInfo->authmgrPortInfo[intIfNum].enabledMethods[j])
+ && ((j + 1) < AUTHMGR_METHOD_MAX))
+ {
+ if ( AUTHMGR_METHOD_NONE !=
+ authmgrCB->globalInfo->authmgrPortInfo[intIfNum].enabledMethods[j +
+ 1])
+ {
+ *nextMethod =
+ authmgrCB->globalInfo->authmgrPortInfo[intIfNum].enabledMethods[j +
+ 1];
+ return SUCCESS;
+ }
+ else
+ {
+ return FAILURE;
+ }
+ }
+ }
+ return FAILURE;
+}
+
+/*********************************************************************
+* @purpose Get the next operationally enabled method on a interface
+*
+* @param intIfNum @b{(input)) internal interface number
+* @param nextMethod @b{(output)) pointer to the next method
+*
+* @returns SUCCESS
+* @returns FAILURE
+*
+* @comments
+*
+* @end
+*********************************************************************/
+
+RC_t authmgrEnabledMethodNextGet (uint32 intIfNum,
+ AUTHMGR_METHOD_t * nextMethod)
+{
+ if (authmgrIsValidIntf (intIfNum) != TRUE)
+ {
+ return FAILURE;
+ }
+
+ if ( AUTHMGR_METHOD_NONE ==
+ authmgrCB->globalInfo->authmgrPortInfo[intIfNum].enabledMethods[0])
+ {
+ return FAILURE;
+ }
+
+ if ( AUTHMGR_METHOD_NONE == *nextMethod)
+ {
+ /* get the first method */
+ return authmgrFirstMethodGet (intIfNum, nextMethod);
+ }
+ else
+ {
+ return authmgrNextMethodGet (intIfNum, nextMethod);
+ }
+}
+
+/*********************************************************************
+* @purpose Get the first operationally enabled method on a interface
+*
+* @param intIfNum @b{(input)) internal interface number
+* @param nextPriority @b{(output)) pointer to the next method
+*
+* @returns SUCCESS
+* @returns FAILURE
+*
+* @comments
+*
+* @end
+*********************************************************************/
+
+RC_t authmgrFirstPriorityGet (uint32 intIfNum,
+ AUTHMGR_METHOD_t * nextPriority)
+{
+ uint32 j;
+
+ if (authmgrIsValidIntf (intIfNum) != TRUE)
+ {
+ return FAILURE;
+ }
+
+ if ( AUTHMGR_METHOD_NONE ==
+ authmgrCB->globalInfo->authmgrPortInfo[intIfNum].enabledPriority[0])
+ {
+ return FAILURE;
+ }
+
+ j = 0;
+ for (j = AUTHMGR_METHOD_MIN; j < AUTHMGR_METHOD_MAX; j++)
+ {
+ if (authmgrCB->globalInfo->authmgrPortInfo[intIfNum].enabledPriority[j] !=
+ AUTHMGR_METHOD_NONE)
+ {
+ *nextPriority =
+ authmgrCB->globalInfo->authmgrPortInfo[intIfNum].enabledPriority[j];
+ return SUCCESS;
+ }
+ }
+ return FAILURE;
+}
+
+/*********************************************************************
+* @purpose Get the next operationally enabled method on a interface
+*
+* @param intIfNum @b{(input)) internal interface number
+* @param method @b{(input)) input method for which next method is needed.
+* @param nextPriority @b{(output)) pointer to the next method
+*
+* @returns SUCCESS
+* @returns FAILURE
+*
+* @comments
+*
+* @end
+*********************************************************************/
+
+RC_t authmgrNextPriorityGet (uint32 intIfNum,
+ AUTHMGR_METHOD_t * nextPriority)
+{
+ uint32 j;
+
+ if (authmgrIsValidIntf (intIfNum) != TRUE)
+ {
+ return FAILURE;
+ }
+
+ if ( AUTHMGR_METHOD_NONE ==
+ authmgrCB->globalInfo->authmgrPortInfo[intIfNum].enabledPriority[0])
+ {
+ return FAILURE;
+ }
+
+ j = 0;
+ for (j = AUTHMGR_METHOD_MIN; j < AUTHMGR_METHOD_MAX; j++)
+ {
+ if (authmgrCB->globalInfo->authmgrPortInfo[intIfNum].enabledPriority[j] ==
+ AUTHMGR_METHOD_NONE)
+ {
+ return FAILURE;
+ }
+ if ((*nextPriority ==
+ authmgrCB->globalInfo->authmgrPortInfo[intIfNum].enabledPriority[j])
+ && ((j + 1) < AUTHMGR_METHOD_MAX))
+ {
+ if ( AUTHMGR_METHOD_NONE !=
+ authmgrCB->globalInfo->authmgrPortInfo[intIfNum].enabledPriority[j +
+ 1])
+ {
+ *nextPriority =
+ authmgrCB->globalInfo->authmgrPortInfo[intIfNum].enabledPriority[j +
+ 1];
+ return SUCCESS;
+ }
+ else
+ {
+ return FAILURE;
+ }
+ }
+ }
+ return FAILURE;
+}
+
+/*********************************************************************
+* @purpose Get the next operationally enabled method on a interface
+*
+* @param intIfNum @b{(input)) internal interface number
+* @param method @b{(input)) input method for which next method is needed.
+* @param nextPriority @b{(output)) pointer to the next method
+*
+* @returns SUCCESS
+* @returns FAILURE
+*
+* @comments
+*
+* @end
+*********************************************************************/
+
+RC_t authmgrEnabledPriorityNextGet (uint32 intIfNum,
+ AUTHMGR_METHOD_t * nextPriority)
+{
+ if (authmgrIsValidIntf (intIfNum) != TRUE)
+ {
+ return FAILURE;
+ }
+
+ if ( AUTHMGR_METHOD_NONE ==
+ authmgrCB->globalInfo->authmgrPortInfo[intIfNum].enabledPriority[0])
+ {
+ return FAILURE;
+ }
+
+ if ( AUTHMGR_METHOD_NONE == *nextPriority)
+ {
+ /* get the first method */
+ return authmgrFirstPriorityGet (intIfNum, nextPriority);
+ }
+ else
+ {
+ return authmgrNextPriorityGet (intIfNum, nextPriority);
+ }
+}
+
+/*********************************************************************
+* @purpose status function to update dot1x stats
+*
+* @param intIfNum interface number
+* @param status
+* @return SUCCESS or FAILURE
+*
+* @comments
+*
+* @end
+*********************************************************************/
+RC_t authmgrDot1xStatsUpdate (uint32 intIfNum,
+ authmgrStatsUpdate_t status)
+{
+ if (authmgrIsValidIntf (intIfNum) != TRUE)
+ {
+ return FAILURE;
+ }
+
+ switch (status)
+ {
+ case authmgrStatsAuthEnter:
+ authmgrCB->globalInfo->authmgrPortStats[intIfNum].dot1x.
+ authEntersAuthenticating++;
+ break;
+
+ case authmgrStatsAuthSuccess:
+ authmgrCB->globalInfo->authmgrPortStats[intIfNum].dot1x.authSuccess++;
+ break;
+
+ case authmgrStatsAuthFail:
+ authmgrCB->globalInfo->authmgrPortStats[intIfNum].dot1x.authFailure++;
+ break;
+
+ case authmgrStatsAuthTimeout:
+ authmgrCB->globalInfo->authmgrPortStats[intIfNum].dot1x.authTimeout++;
+ break;
+
+ default:
+ break;
+ }
+ return SUCCESS;
+}
+
+/*********************************************************************
+* @purpose status function to update mab stats
+*
+* @param intIfNum interface number
+* @param status
+* @return SUCCESS or FAILURE
+*
+* @comments
+*
+* @end
+*********************************************************************/
+RC_t authmgrMabStatsUpdate (uint32 intIfNum, authmgrStatsUpdate_t status)
+{
+ if (authmgrIsValidIntf (intIfNum) != TRUE)
+ {
+ return FAILURE;
+ }
+ switch (status)
+ {
+ case authmgrStatsAuthEnter:
+ authmgrCB->globalInfo->authmgrPortStats[intIfNum].mab.
+ authEntersAuthenticating++;
+ break;
+
+ case authmgrStatsAuthSuccess:
+ authmgrCB->globalInfo->authmgrPortStats[intIfNum].mab.authSuccess++;
+ break;
+
+ case authmgrStatsAuthFail:
+ authmgrCB->globalInfo->authmgrPortStats[intIfNum].mab.authFailure++;
+ break;
+
+ case authmgrStatsAuthTimeout:
+ authmgrCB->globalInfo->authmgrPortStats[intIfNum].mab.authTimeout++;
+ break;
+
+ default:
+ break;
+ }
+
+ return SUCCESS;
+}
+
+/*********************************************************************
+* @purpose status function to update captive portal stats
+*
+* @param intIfNum interface number
+* @param status
+* @return SUCCESS or FAILURE
+*
+* @comments
+*
+* @end
+*********************************************************************/
+RC_t authmgrCpStatsUpdate (uint32 intIfNum, authmgrStatsUpdate_t status)
+{
+ if (authmgrIsValidIntf (intIfNum) != TRUE)
+ {
+ return FAILURE;
+ }
+ switch (status)
+ {
+ case authmgrStatsAuthEnter:
+ authmgrCB->globalInfo->authmgrPortStats[intIfNum].cp.
+ authEntersAuthenticating++;
+ break;
+
+ case authmgrStatsAuthSuccess:
+ authmgrCB->globalInfo->authmgrPortStats[intIfNum].cp.authSuccess++;
+ break;
+
+ case authmgrStatsAuthFail:
+ authmgrCB->globalInfo->authmgrPortStats[intIfNum].cp.authFailure++;
+ break;
+
+ case authmgrStatsAuthTimeout:
+ authmgrCB->globalInfo->authmgrPortStats[intIfNum].cp.authTimeout++;
+ break;
+
+ default:
+ break;
+ }
+ return SUCCESS;
+}
+
+/*************************************************************************
+* @purpose function to get function map entry for the given method
+*
+* @param type @b{(input)} method type
+* @param elem @b{(input)} Pointer to map entry
+*
+* @returns SUCCESS
+* @returns FAILURE
+*
+* @comments none
+*
+* @end
+*************************************************************************/
+RC_t authmgrAuthStatsMapEntryGet ( AUTHMGR_METHOD_t type,
+ authmgrStatsMap_t * elem)
+{
+ uint32 i = 0;
+ static authmgrStatsMap_t authmgrStatsMap[] = {
+ { AUTHMGR_METHOD_8021X, authmgrDot1xStatsUpdate},
+ { AUTHMGR_METHOD_MAB, authmgrMabStatsUpdate}
+ };
+
+ for (i = 0; i < (sizeof (authmgrStatsMap) / sizeof (authmgrStatsMap_t)); i++)
+ {
+ if (type == authmgrStatsMap[i].type)
+ {
+ *elem = authmgrStatsMap[i];
+ return SUCCESS;
+ }
+ }
+
+ return FAILURE;
+}
+
+/*********************************************************************
+* @purpose Function to Update the statistics
+*
+* @param intIfNum @b{(input)) internal interface number
+* @param method @b{(input)) 802.1x/mab/cp
+* @param status @b{(input)) status
+*
+* @returns SUCCESS
+* @returns FAILURE
+*
+* @comments
+*
+* @end
+*********************************************************************/
+RC_t authmgrStatsUpdate (uint32 intIfNum,
+ AUTHMGR_METHOD_t method,
+ authmgrStatsUpdate_t status)
+{
+ authmgrStatsMap_t entry;
+
+ if (authmgrIsValidIntf (intIfNum) != TRUE)
+ {
+ return FAILURE;
+ }
+
+ if ( SUCCESS != authmgrAuthStatsMapEntryGet (method, &entry))
+ {
+ return FAILURE;
+ }
+
+ if ( NULLPTR != entry.statsFn)
+ {
+ return entry.statsFn (intIfNum, status);
+ }
+
+ return FAILURE;
+}
+
+/*********************************************************************
+* @purpose function to map callbacks for the given method
+*
+* @param method authentication method
+* @param entry auth mgr callback function map entry
+* @return SUCCESS or FAILURE
+*
+* @comments
+*
+* @end
+*********************************************************************/
+RC_t authmgrRegisteredEntryFnMapGet ( AUTHMGR_METHOD_t method,
+ authmgrMethodCallbackNotifyMap_t *
+ entry)
+{
+ uint32 i = 0;
+
+ if ( AUTHMGR_METHOD_NONE == method)
+ {
+ return FAILURE;
+ }
+
+ for (i = 0; i < AUTHMGR_METHOD_LAST; i++)
+ {
+ if (method == authmgrCB->globalInfo->authmgrCallbacks[i].method)
+ {
+ *entry = authmgrCB->globalInfo->authmgrCallbacks[i];
+ return SUCCESS;
+ }
+ }
+ return FAILURE;
+}
+
+/*********************************************************************
+* @purpose function to check the entry and populate in the list
+*
+* @param intIfNum interface number
+* @param method authentication method
+* @param methodEnabled TRUE if method is enabled
+* @param out mehod value, if method is emabled
+* @return SUCCESS or FAILURE
+*
+* @comments
+*
+* @end
+*********************************************************************/
+RC_t authmgrOperListEntryPopulate (uint32 intIfNum,
+ AUTHMGR_METHOD_t method,
+ BOOL * methodEnabled,
+ AUTHMGR_METHOD_t * out)
+{
+ authmgrMethodCallbackNotifyMap_t entry;
+ uint32 enabled = DISABLE;
+
+ memset (&entry, 0, sizeof (authmgrMethodCallbackNotifyMap_t));
+
+ AUTHMGR_IF_NULLPTR_RETURN_LOG (methodEnabled);
+ AUTHMGR_IF_NULLPTR_RETURN_LOG (out);
+
+ if ( SUCCESS != authmgrRegisteredEntryFnMapGet (method, &entry))
+ {
+ return FAILURE;
+ }
+
+ if ( NULLPTR == entry.enableGetFn)
+ {
+ return FAILURE;
+ }
+
+ /* Explicitly releasing the locks temporarily
+ since , query is done for another component API
+ which contains readlocks. */
+
+ (void) osapiReadLockGive (authmgrCB->authmgrCfgRWLock);
+ (void) osapiWriteLockGive (authmgrCB->authmgrRWLock);
+ if (( SUCCESS == entry.enableGetFn (intIfNum, &enabled)) &&
+ ( ENABLE != enabled))
+ {
+ (void) osapiReadLockTake (authmgrCB->authmgrCfgRWLock, WAIT_FOREVER);
+ (void) osapiWriteLockTake (authmgrCB->authmgrRWLock, WAIT_FOREVER);
+ *methodEnabled = FALSE;
+ return SUCCESS;
+ }
+
+ (void) osapiReadLockTake (authmgrCB->authmgrCfgRWLock, WAIT_FOREVER);
+ (void) osapiWriteLockTake (authmgrCB->authmgrRWLock, WAIT_FOREVER);
+ *methodEnabled = TRUE;
+
+ *out = method;
+ return SUCCESS;
+}
+
+/*********************************************************************
+* @purpose function to populate the oper enabled methods
+*
+* @param intIfNum @b{(input)) internal interface number
+* @param inArray @b{(input)) input list
+* @param outArray @b{(output)) output list
+* @param count @b{(output)) enabled count
+*
+* @returns SUCCESS
+* @returns FAILURE
+*
+* @comments The outArray should be memset before passing to the function
+*
+* @end
+*********************************************************************/
+RC_t authmgrEnabledListPopulate (uint32 intIfNum,
+ AUTHMGR_METHOD_t * inArray,
+ AUTHMGR_METHOD_t * outArray,
+ uint32 * count)
+{
+ BOOL flag = FALSE;
+ uint32 i = 0, cnt = 0;
+ AUTHMGR_METHOD_t *pIn, *pOut;
+
+ if (authmgrIsValidIntf (intIfNum) != TRUE)
+ {
+ return FAILURE;
+ }
+
+ AUTHMGR_IF_NULLPTR_RETURN_LOG (inArray);
+ AUTHMGR_IF_NULLPTR_RETURN_LOG (outArray);
+
+ pIn = inArray;
+ pOut = outArray;
+
+ AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_EVENTS, intIfNum,
+ "%s repopulating the enabled methods list\n",
+ __FUNCTION__);
+
+ /* Loop through the configured methods
+ and maintain an oper list */
+
+ for (i = 0; i < AUTHMGR_METHOD_MAX; i++)
+ {
+ if ( AUTHMGR_METHOD_NONE == *inArray)
+ {
+ break;
+ }
+
+ flag = FALSE;
+
+ if ( SUCCESS !=
+ authmgrOperListEntryPopulate (intIfNum, *inArray, &flag, outArray))
+ {
+ break;
+ }
+
+ if (flag)
+ {
+ outArray++;
+ cnt++;
+ }
+ inArray++;
+ }
+
+ *count = cnt;
+ outArray = pOut;
+ inArray = pIn;
+
+ return SUCCESS;
+}
+
+/*********************************************************************
+* @purpose function to handle changes in enabled auth method list
+*
+* @param intIfNum internal interface number
+* @param old old list
+* @param new updated list
+* @return SUCCESS or FAILURE
+*
+* @comments
+*
+* @end
+*********************************************************************/
+RC_t authmgrEnableListChangeAction (uint32 intIfNum,
+ AUTHMGR_METHOD_t * old,
+ AUTHMGR_METHOD_t * new)
+{
+ uint32 i = 0, j = 0;
+ BOOL exists = FALSE;
+ AUTHMGR_METHOD_t *temp = NULLPTR;
+
+ AUTHMGR_IF_NULLPTR_RETURN_LOG (old);
+ AUTHMGR_IF_NULLPTR_RETURN_LOG (new);
+
+ /* no lists in the order */
+ while ((i < AUTHMGR_METHOD_MAX) && ( AUTHMGR_METHOD_NONE != *old))
+ {
+ temp = old;
+ exists = FALSE;
+ for (j = 0; j < AUTHMGR_METHOD_MAX; j++)
+ {
+ if (*new == *old)
+ {
+ /* method is still present */
+ exists = TRUE;
+ break;
+ }
+ temp++;
+ }
+ if (!(exists))
+ {
+ /* clean up all the clients in the list by method */
+ authmgrClientsByMethodDelete (intIfNum,
+ authmgrCB->globalInfo->
+ authmgrPortInfo[intIfNum].
+ enabledMethods[i]);
+ }
+ old++;
+ i++;
+ }
+
+ return SUCCESS;
+}
+
+/*********************************************************************
+* @purpose Control function to populate the oper enabled methods
+*
+* @param intIfNum @b{(input)) internal interface number
+*
+* @returns SUCCESS
+* @returns FAILURE
+*
+* @comments
+*
+* @end
+*********************************************************************/
+RC_t authmgrPortEnabledListPopulate (uint32 intIfNum)
+{
+ authmgrPortCfg_t *pCfg = NULLPTR;
+ BOOL orderChanged = FALSE, priorityChanged = FALSE;
+ uint32 count = 0, count1 = 0;
+ uchar8 ifName[ NIM_IF_ALIAS_SIZE + 1];
+
+ AUTHMGR_METHOD_t orderList[ AUTHMGR_METHOD_LAST];
+ AUTHMGR_METHOD_t priorityList[ AUTHMGR_METHOD_LAST];
+ AUTHMGR_METHOD_t zeroList[ AUTHMGR_METHOD_LAST];
+
+ if (authmgrIsValidIntf (intIfNum) != TRUE)
+ {
+ return FAILURE;
+ }
+
+ if (authmgrIntfIsConfigurable (intIfNum, &pCfg) != TRUE)
+ {
+ return FAILURE;
+ }
+
+ AUTHMGR_IF_NULLPTR_RETURN_LOG (pCfg);
+
+ if (nimGetIntfName (intIfNum, ALIASNAME, ifName) != SUCCESS)
+ {
+ AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_EVENTS, intIfNum,
+ "Unable to get alias for intf %d", intIfNum);
+ return FAILURE;
+ }
+
+ AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_EVENTS, intIfNum,
+ "%s repopulating the oper methods list for intf %s\n",
+ __FUNCTION__, ifName);
+
+ /* take the read lock */
+ (void) osapiReadLockTake (authmgrCB->authmgrCfgRWLock, WAIT_FOREVER);
+ /* Loop through the configured methods
+ and maintain an oper list */
+
+ memset (orderList, 0, sizeof (orderList));
+ memset (priorityList, 0, sizeof (priorityList));
+ memset (zeroList, 0, sizeof (zeroList));
+
+ /* get the enabled order list */
+
+ if ( SUCCESS !=
+ authmgrEnabledListPopulate (intIfNum, &pCfg->methodList[0], &orderList[0],
+ &count))
+ {
+ (void) osapiReadLockGive (authmgrCB->authmgrCfgRWLock);
+ return FAILURE;
+ }
+
+ if ( SUCCESS !=
+ authmgrEnabledListPopulate (intIfNum, &pCfg->priorityList[0],
+ &priorityList[0], &count1))
+ {
+ (void) osapiReadLockGive (authmgrCB->authmgrCfgRWLock);
+ return FAILURE;
+ }
+
+ /* check if there is any change in the oper values */
+
+ if ( TRUE !=
+ authmgrListArrayCompare (authmgrCB->globalInfo->authmgrPortInfo[intIfNum].
+ enabledMethods, orderList, sizeof(orderList)))
+ {
+ orderChanged = TRUE;
+ }
+
+ if ( TRUE !=
+ authmgrListArrayCompare (authmgrCB->globalInfo->authmgrPortInfo[intIfNum].
+ enabledPriority, priorityList, sizeof(priorityList)))
+ {
+ priorityChanged = TRUE;
+ }
+
+ (void) osapiReadLockGive (authmgrCB->authmgrCfgRWLock);
+
+ AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_EVENTS, intIfNum,
+ "%s intf %s, orderChanged %d, priorityChanged %d\n",
+ __FUNCTION__, ifName, orderChanged, priorityChanged);
+
+ AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_EVENTS, intIfNum,
+ "%s %s -- cfgMethods[0] %d, cfgMethods[1] %d\n",
+ __FUNCTION__, ifName, pCfg->methodList[0],
+ pCfg->methodList[1]);
+
+ AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_EVENTS, intIfNum,
+ "%s %s -- generated list- methods[0] %d, methods[1] %d\n",
+ __FUNCTION__, ifName, orderList[0],
+ orderList[1]);
+
+ AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_EVENTS, intIfNum,
+ "%s %s current list- methods[0] %d, methods[1] %d\n",
+ __FUNCTION__, ifName, authmgrCB->globalInfo->authmgrPortInfo[intIfNum].enabledMethods[0],
+ authmgrCB->globalInfo->authmgrPortInfo[intIfNum].enabledMethods[1]);
+
+ if (orderChanged)
+ {
+ if ( SUCCESS !=
+ authmgrEnableListChangeAction (intIfNum,
+ authmgrCB->globalInfo->
+ authmgrPortInfo[intIfNum].enabledMethods,
+ orderList))
+ {
+ return FAILURE;
+ }
+
+ memcpy (authmgrCB->globalInfo->authmgrPortInfo[intIfNum].enabledMethods,
+ orderList, sizeof (orderList));
+
+ AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_EVENTS, intIfNum,
+ "%s enabledMethods[0] %d, enabledMethods[1] %d\n",
+ __FUNCTION__, authmgrCB->globalInfo->authmgrPortInfo[intIfNum].enabledMethods[0],
+ authmgrCB->globalInfo->authmgrPortInfo[intIfNum].enabledMethods[1]);
+
+ /* we may need to alter the violation policy
+ based on the new list */
+ AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_EVENTS, intIfNum,
+ "%s Updating learn mode of %s\n", __FUNCTION__, ifName);
+
+ authmgrViolationPolicyApply(intIfNum);
+ authmgrPortLearningModify(intIfNum);
+
+ if ( TRUE == authmgrListArrayCompare (priorityList, zeroList, sizeof(priorityList)))
+ {
+ memcpy (authmgrCB->globalInfo->authmgrPortInfo[intIfNum].enabledPriority,
+ orderList, sizeof (orderList));
+ }
+ else if (priorityChanged)
+ {
+ memcpy (authmgrCB->globalInfo->authmgrPortInfo[intIfNum].enabledPriority,
+ priorityList, sizeof (priorityList));
+ }
+
+ authmgrCB->globalInfo->authmgrPortInfo[intIfNum].enabledMethodCount = count;
+ authmgrCB->globalInfo->authmgrPortInfo[intIfNum].enabledPriorityCount =
+ count1;
+ }
+ else if (priorityChanged)
+ {
+ memcpy (authmgrCB->globalInfo->authmgrPortInfo[intIfNum].enabledPriority,
+ priorityList, sizeof (priorityList));
+ }
+
+ AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_EVENTS, intIfNum,
+ "%s Updating DB: enabledMethods[0] %d, enabledMethods[1] %d\n",
+ __FUNCTION__, authmgrCB->globalInfo->authmgrPortInfo[intIfNum].enabledMethods[0],
+ authmgrCB->globalInfo->authmgrPortInfo[intIfNum].enabledMethods[1]);
+
+ /* Update Oper DB */
+
+ PacPortOperTblSet(intIfNum,
+ authmgrCB->globalInfo->authmgrPortInfo[intIfNum].enabledMethods,
+ authmgrCB->globalInfo->authmgrPortInfo[intIfNum].enabledPriority);
+
+ return SUCCESS;
+}
+
+/*********************************************************************
+* @purpose Control function to handle the authentication method order changes
+*
+* @param intIfNum @b{(input)) internal interface number
+*
+* @returns SUCCESS
+* @returns FAILURE
+*
+* @comments
+*
+* @end
+*********************************************************************/
+RC_t authmgrMethodOrderChangeProcess (uint32 intIfNum)
+{
+ authmgrPortCfg_t *pCfg;
+
+ if ( TRUE != authmgrIntfIsConfigurable (intIfNum, &pCfg))
+ {
+ return FAILURE;
+ }
+
+ /* populate the methods if and only if
+ the control mode is valid */
+
+ if ( AUTHMGR_PORT_AUTO == pCfg->portControlMode)
+ {
+ /* Just re-populate the interface enabled list */
+ authmgrPortEnabledListPopulate (intIfNum);
+ }
+ else
+ {
+ AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_EVENTS, intIfNum,
+ "%s intf %d, Zeroing out methods for portControlMode %d\n",
+ __FUNCTION__, intIfNum, pCfg->portControlMode);
+ /* just memset the methods */
+ memset (&authmgrCB->globalInfo->authmgrPortInfo[intIfNum].enabledMethods, 0,
+ sizeof (authmgrCB->globalInfo->authmgrPortInfo[intIfNum].
+ enabledMethods));
+ memset (&authmgrCB->globalInfo->authmgrPortInfo[intIfNum].enabledPriority,
+ 0,
+ sizeof (authmgrCB->globalInfo->authmgrPortInfo[intIfNum].
+ enabledPriority));
+ authmgrCB->globalInfo->authmgrPortInfo[intIfNum].enabledMethodCount = 0;
+ authmgrCB->globalInfo->authmgrPortInfo[intIfNum].enabledPriorityCount = 0;
+ }
+ return SUCCESS;
+}
+
+/*********************************************************************
+* @purpose function to trigger authentication for a client.
+*
+* @param logicalPortInfo logical port structure
+* @return SUCCESS or FAILURE
+*
+* @comments
+*
+* @end
+*********************************************************************/
+RC_t authmgrAuthenticationTrigger (authmgrLogicalPortInfo_t *
+ logicalPortInfo)
+{
+ RC_t rc = SUCCESS;
+ uint32 physPort = 0;
+ enetMacAddr_t zeroMac;
+
+ AUTHMGR_IF_NULLPTR_RETURN_LOG (logicalPortInfo);
+ AUTHMGR_PORT_GET (physPort, logicalPortInfo->key.keyNum);
+
+ if ( AUTHMGR_METHOD_NONE == logicalPortInfo->client.currentMethod)
+ {
+ AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_FAILURE, physPort,
+ "logicalInterface %d failed to update %s to start authentication\n",
+ logicalPortInfo->key.keyNum,
+ authmgrMethodStringGet (logicalPortInfo->client.
+ currentMethod));
+ rc = FAILURE;
+ }
+
+ if (logicalPortInfo->client.currentMethod !=
+ authmgrCB->globalInfo->authmgrCallbacks[logicalPortInfo->client.
+ currentMethod].method)
+ {
+ AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_FAILURE, physPort,
+ "logicalInterface %d failed to update %s to start authentication\n"
+ "since the registered method is %s\n",
+ logicalPortInfo->key.keyNum,
+ authmgrMethodStringGet (logicalPortInfo->client.
+ currentMethod),
+ authmgrMethodStringGet (authmgrCB->globalInfo->
+ authmgrCallbacks
+ [logicalPortInfo->client.
+ currentMethod].method));
+ rc = FAILURE;
+ }
+
+ if ( NULLPTR ==
+ authmgrCB->globalInfo->authmgrCallbacks[logicalPortInfo->client.
+ currentMethod].eventNotifyFn)
+ {
+ AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_FAILURE, physPort,
+ "logicalInterface %d failed to update %s to start authentication\n"
+ "since the callback function is not registered method\n",
+ logicalPortInfo->key.keyNum,
+ authmgrMethodStringGet (logicalPortInfo->client.
+ currentMethod));
+ rc = FAILURE;
+ }
+
+ /* check if the client mac is all 0s.
+ If yes, no need to validate against MAB */
+
+ memset (&zeroMac, 0, sizeof ( enetMacAddr_t));
+ if ((0 ==
+ memcmp (zeroMac.addr,
+ logicalPortInfo->client.suppMacAddr.
+ addr, ENET_MAC_ADDR_LEN)) &&
+ ( AUTHMGR_METHOD_MAB ==
+ logicalPortInfo->client.currentMethod))
+ {
+ rc = FAILURE;
+ }
+
+ if (AUTHMGR_AUTHENTICATING != logicalPortInfo->protocol.authState)
+ {
+ AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_EVENTS, physPort,
+ "client with logicalInterface %d is in state %s.\n",
+ logicalPortInfo->key.keyNum, authmgrAuthStateStringGet(logicalPortInfo->protocol.authState));
+ return SUCCESS;
+ }
+
+ if (( SUCCESS == rc) && ( NULLPTR !=
+ authmgrCB->globalInfo->authmgrCallbacks[logicalPortInfo->client.
+ currentMethod].eventNotifyFn))
+ {
+ rc =
+ authmgrCB->globalInfo->authmgrCallbacks[logicalPortInfo->client.
+ currentMethod].eventNotifyFn
+ (physPort, authmgrClientAuthStart,
+ &logicalPortInfo->client.suppMacAddr);
+ authmgrStatsUpdate (physPort, logicalPortInfo->client.currentMethod,
+ authmgrStatsAuthEnter);
+
+ if ( SUCCESS == rc)
+ {
+ /* start the method_no_response timer. If this method doesn't
+ report back the result, we will move to next method */
+ authmgrTimerStart (logicalPortInfo, AUTHMGR_METHOD_NO_RESP_TMR);
+ }
+ }
+ return rc;
+}
+
+/*********************************************************************
+* @purpose function to get the operationally enabled method count on an interface
+*
+* @param physPort internal interface number
+* @param count count
+* @return SUCCESS or FAILURE
+*
+* @comments
+*
+* @end
+*********************************************************************/
+RC_t authmgrPortEnabledMethodCountGet (uint32 physPort, uint32 * count)
+{
+ *count = authmgrCB->globalInfo->authmgrPortInfo[physPort].enabledMethodCount;
+ return SUCCESS;
+}
+
+/*********************************************************************
+* @purpose updates the port pae capabilities
+*
+* @param intIfNum
+* @param mode pae capabilities
+*
+* @returns SUCCESS
+* @returns FAILURE
+*
+* @comments
+*
+* @end
+*********************************************************************/
+RC_t authmgrPaeCapabilitiesEventProcess (uint32 intIfNum, uint32 mode)
+{
+ uchar8 ifName[ NIM_IF_ALIAS_SIZE + 1];
+ RC_t rc = FAILURE;
+
+ if (!(AUTHMGR_IS_READY))
+ {
+ return SUCCESS;
+ }
+
+ if (authmgrIsValidIntf (intIfNum) != TRUE)
+ {
+ return FAILURE;
+ }
+
+ if (mode == authmgrCB->globalInfo->authmgrPortInfo[intIfNum].paeCapabilities)
+ {
+ return SUCCESS;
+ }
+
+ if (authmgrCB->globalInfo->authmgrPortInfo[intIfNum].paeCapabilities == DOT1X_PAE_PORT_AUTH_CAPABLE)
+ {
+ /* cleanup the clients on this port */
+ authmgrPortInfoCleanup (intIfNum);
+ }
+
+ authmgrCB->globalInfo->authmgrPortInfo[intIfNum].paeCapabilities = mode;
+
+ if ( DOT1X_PAE_PORT_AUTH_CAPABLE == mode)
+ {
+ /* enable authentication on this interface */
+ (void)authmgrCtlApplyPortConfigData(intIfNum);
+ }
+ else
+ {
+ authmgrIhPhysicalPortStatusSet(intIfNum, AUTHMGR_PORT_STATUS_AUTHORIZED);
+ if (nimGetIntfName (intIfNum, ALIASNAME, ifName) != SUCCESS)
+ {
+ LOGF ( LOG_SEVERITY_ERROR,
+ "Unable to get alias for intf %d", intIfNum);
+ return FAILURE;
+ }
+
+ rc = authmgrPortPvidSet(intIfNum, 0);
+ if (rc != SUCCESS)
+ {
+ LOGF ( LOG_SEVERITY_ERROR,
+ "Unable to set PVID back to 0 for %d", intIfNum);
+ }
+
+ authmgrVlanReleasePort(intIfNum);
+
+ /* disable authentication on this interface */
+ if ( TRUE == authmgrCB->globalInfo->authmgrPortInfo[intIfNum].portEnabled)
+ {
+ authmgrPhysicalPortStatusOpenSet(intIfNum);
+ }
+ else
+ {
+ authmgrPhysicalPortStatusBlockSet(intIfNum);
+ }
+
+ pacCfgVlanMemberRemove(1, ifName);
+ }
+
+ return SUCCESS;
+}
+
+/*********************************************************************
+* @purpose updates the port violation mode
+*
+* @param intIfNum
+* @param mode violation mode
+*
+* @returns SUCCESS
+* @returns FAILURE
+*
+* @comments
+*
+* @end
+*********************************************************************/
+RC_t authmgrViolationModeSetAction (uint32 intIfNum,
+ AUTHMGR_PORT_AUTH_VIOLATION_MODE_t mode)
+{
+ if (!(AUTHMGR_IS_READY))
+ {
+ return SUCCESS;
+ }
+
+ if (authmgrIsValidIntf (intIfNum) != TRUE)
+ {
+ return FAILURE;
+ }
+
+ if (mode == authmgrCB->globalInfo->authmgrPortInfo[intIfNum].violationMode)
+ {
+ return SUCCESS;
+ }
+
+ authmgrCB->globalInfo->authmgrPortInfo[intIfNum].violationMode = mode;
+
+ return SUCCESS;
+}
+
+/*********************************************************************
+* @purpose set max auth retry attempts on port
+*
+* @param intIfNum
+* @param intIfNum
+*
+* @returns SUCCESS
+* @returns FAILURE
+*
+* @comments
+*
+* @end
+*********************************************************************/
+RC_t authmgrAuthFailMaxRetryCountSetAction (uint32 intIfNum,
+ uint32 count)
+{
+ if (!(AUTHMGR_IS_READY))
+ {
+ return SUCCESS;
+ }
+
+ if (authmgrIsValidIntf (intIfNum) != TRUE)
+ {
+ return FAILURE;
+ }
+
+ if (count ==
+ authmgrCB->globalInfo->authmgrPortInfo[intIfNum].authFailRetryMaxCount)
+ {
+ return SUCCESS;
+ }
+
+ authmgrCB->globalInfo->authmgrPortInfo[intIfNum].authFailRetryMaxCount =
+ count;
+
+ return SUCCESS;
+}
+
+/*********************************************************************
+* @purpose interface function to clear all timers of specified type
+*
+* @param physIntf internal interface number
+* @param type timer type
+* @return SUCCESS or FAILURE
+*
+* @comments
+*
+* @end
+*********************************************************************/
+RC_t authmgrInterfaceTimerReset (uint32 physIntf, authmgrTimerType_t type)
+{
+ uint32 lIndex = 0;
+ authmgrLogicalPortInfo_t *logicalPortInfo;
+
+ lIndex = AUTHMGR_LOGICAL_PORT_ITERATE;
+ while ((logicalPortInfo =
+ authmgrLogicalPortInfoGetNextNode (physIntf, &lIndex)) != NULLPTR)
+ {
+ authmgrTimerDestroy (authmgrCB->globalInfo->authmgrTimerCB, logicalPortInfo,
+ type);
+ }
+
+ return SUCCESS;
+}
+
+/*********************************************************************
+* @purpose function to clear all timers of specified type
+*
+* @param type timer type
+* @return SUCCESS or FAILURE
+*
+* @comments
+*
+* @end
+*********************************************************************/
+RC_t authmgrTimerReset (authmgrTimerType_t type)
+{
+ RC_t nimRc;
+ uint32 phyIntf = 0;
+
+ /* loop through all the interfaces and initiate the changes */
+ nimRc = authmgrFirstValidIntfNumber (&phyIntf);
+ while (nimRc == SUCCESS)
+ {
+ /* clean up the timers on this interface info */
+ authmgrInterfaceTimerReset (phyIntf, type);
+ nimRc = authmgrNextValidIntf (phyIntf, &phyIntf);
+ }
+
+ return SUCCESS;
+}
+
+/*********************************************************************
+* @purpose interface funtion to handle the auth method changes
+*
+* @param intIfNum internal interface number
+* @return SUCCESS or FAILURE
+*
+* @comments
+*
+* @end
+*********************************************************************/
+RC_t authmgrMethodModifyAction (uint32 intIfNum)
+{
+ if (authmgrCB->globalInfo->authmgrCfg->adminMode != ENABLE)
+ {
+ return SUCCESS;
+ }
+
+ authmgrMethodOrderChangeProcess (intIfNum);
+ return SUCCESS;
+}
+
+/*********************************************************************
+* @purpose function to get the reauthentication period of client
+*
+* @param lIntfNum client interface number
+* @param val value
+* @return SUCCESS or FAILURE
+*
+* @comments
+*
+* @end
+*********************************************************************/
+RC_t authmgrLogicalPortReAuthPeriodGet (uint32 lIntfNum, uint32 * val)
+{
+ uint32 physPort = 0;
+ authmgrLogicalPortInfo_t *logicalPortInfo;
+
+ AUTHMGR_IF_NULLPTR_RETURN_LOG (val);
+
+ logicalPortInfo = authmgrLogicalPortInfoGet (lIntfNum);
+ AUTHMGR_IF_NULLPTR_RETURN_LOG (logicalPortInfo);
+
+ AUTHMGR_PORT_GET (physPort, lIntfNum);
+
+ if ( FALSE == authmgrCB->globalInfo->authmgrPortInfo[physPort].reAuthEnabled)
+ {
+ *val = 0;
+ }
+
+ if (authmgrCB->globalInfo->authmgrPortInfo[physPort].reAuthPeriodServer)
+ {
+ *val = logicalPortInfo->client.sessionTimeout;
+ }
+ else
+ {
+ authmgrReAuthPeriodGet (physPort, val);
+ }
+
+ return SUCCESS;
+}
+
+/*********************************************************************
+* @purpose interface level function to restart timers
+*
+* @param phyIntf interface number
+*
+* @comments
+*
+* @end
+*********************************************************************/
+void authmgrIntfAuthClientsTimersRestart (uint32 phyIntf)
+{
+ uint32 lIntIfNum;
+ authmgrLogicalPortInfo_t *logicalPortInfo;
+ /* Authenticator timer actions */
+ if (authmgrCB->globalInfo->authmgrPortInfo[phyIntf].paeCapabilities ==
+ DOT1X_PAE_PORT_AUTH_CAPABLE)
+ {
+ lIntIfNum = AUTHMGR_LOGICAL_PORT_ITERATE;
+ while ((logicalPortInfo =
+ authmgrLogicalPortInfoGetNextNode (phyIntf,
+ &lIntIfNum)) != NULLPTR)
+ {
+ if ((logicalPortInfo->key.keyNum != 0) &&
+ ( AUTHMGR_PORT_STATUS_AUTHORIZED ==
+ logicalPortInfo->client.logicalPortStatus))
+ {
+ if (authmgrCB->globalInfo->authmgrPortInfo[phyIntf].portEnabled ==
+ TRUE
+ && (authmgrCB->globalInfo->authmgrPortInfo[phyIntf].
+ portControlMode == AUTHMGR_PORT_AUTO))
+ {
+ if ( TRUE == authmgrCB->globalInfo->authmgrPortInfo[phyIntf].reAuthEnabled)
+ {
+ /* Start the reauthentication timer */
+ authmgrTimerStart (logicalPortInfo, AUTHMGR_REAUTH_WHEN);
+ }
+ }
+ }
+ }
+ }
+}
+
+/*********************************************************************
+* @purpose function to restart all the timers
+*
+* @param none
+* @returns none
+*
+*
+* @comments
+*
+* @end
+*********************************************************************/
+void authmgrAuthClientsTimersRestart ()
+{
+ RC_t nimRc = SUCCESS;
+ uint32 phyIntf = 0;
+
+ nimRc = authmgrFirstValidIntfNumber (&phyIntf);
+ while (nimRc == SUCCESS)
+ {
+ /* Authenticator timer actions */
+ if (authmgrCB->globalInfo->authmgrPortInfo[phyIntf].paeCapabilities ==
+ DOT1X_PAE_PORT_AUTH_CAPABLE)
+ {
+ authmgrIntfAuthClientsTimersRestart (phyIntf);
+ }
+ nimRc = authmgrNextValidIntf (phyIntf, &phyIntf);
+ }
+}
+
+/*********************************************************************
+* @purpose function to start timers on an interface
+*
+* @param phyIntf interface number
+* @param type timer type
+* @param flag start or stop
+*
+* @comments
+*
+* @end
+*********************************************************************/
+void authmgrIntfClientsTimerStart (uint32 phyIntf, authmgrTimerType_t type,
+ BOOL flag)
+{
+ uint32 lIntIfNum;
+ authmgrLogicalPortInfo_t *logicalPortInfo;
+ /* Authenticator timer actions */
+ if (authmgrCB->globalInfo->authmgrPortInfo[phyIntf].paeCapabilities ==
+ DOT1X_PAE_PORT_AUTH_CAPABLE)
+ {
+ lIntIfNum = AUTHMGR_LOGICAL_PORT_ITERATE;
+ while ((logicalPortInfo =
+ authmgrLogicalPortInfoGetNextNode (phyIntf,
+ &lIntIfNum)) != NULLPTR)
+ {
+ if (logicalPortInfo->key.keyNum != 0)
+ {
+ if (authmgrCB->globalInfo->authmgrPortInfo[phyIntf].portEnabled ==
+ TRUE
+ && (authmgrCB->globalInfo->authmgrPortInfo[phyIntf].
+ portControlMode == AUTHMGR_PORT_AUTO))
+ {
+ if ( TRUE == flag)
+ {
+ authmgrTimerStart (logicalPortInfo, type);
+ }
+ else
+ {
+ authmgrTimerDestroy (authmgrCB->globalInfo->authmgrTimerCB,
+ logicalPortInfo, type);
+ }
+ }
+ }
+ }
+ }
+}
+
+/*********************************************************************
+* @purpose Function to start all timers of the given type
+*
+* @param type timer type
+* @param flag start or stop
+*
+* @comments
+*
+* @end
+*********************************************************************/
+void authmgrAllTimersStart (authmgrTimerType_t type, BOOL flag)
+{
+ RC_t nimRc = SUCCESS;
+ uint32 phyIntf = 0;
+
+ nimRc = authmgrFirstValidIntfNumber (&phyIntf);
+ while (nimRc == SUCCESS)
+ {
+ /* Authenticator timer actions */
+
+ if (authmgrCB->globalInfo->authmgrPortInfo[phyIntf].paeCapabilities ==
+ DOT1X_PAE_PORT_AUTH_CAPABLE)
+ {
+ authmgrIntfClientsTimerStart (phyIntf, type, flag);
+ }
+ nimRc = authmgrNextValidIntf (phyIntf, &phyIntf);
+ }
+}
+
+/*********************************************************************
+ * @purpose Enable administrative mode setting for authmgr
+ *
+ * @param none
+ *
+ * @returns SUCCESS
+ * @returns FAILURE
+ *
+ * @comments
+ *
+ * @end
+ *********************************************************************/
+RC_t authmgrCtlAdminModeEnable()
+{
+ uint32 intIfNum;
+/* uchar8 paeCapabilities = 0; */
+ RC_t nimRc;
+ authmgrPortCfg_t *pCfg;
+
+ if (!(AUTHMGR_IS_READY))
+ return SUCCESS;
+
+ /* Initialize the auth mgr global data */
+ authmgrGlobalInfoPopulate();
+
+ /* Register for time ticks with appTimer */
+ authmgrCB->globalInfo->authmgrTimerCB =
+ appTimerInit ( AUTHMGR_COMPONENT_ID, authmgrTimerExpiryHdlr, NULLPTR,
+ APP_TMR_1SEC,
+ authmgrCB->globalInfo->authmgrAppTimerBufferPoolId);
+
+ auth_mgr_eap_socket_create(&authmgrCB->globalInfo->eap_socket);
+
+ nimRc = authmgrFirstValidIntfNumber(&intIfNum);
+ while (nimRc == SUCCESS)
+ {
+ if (authmgrIntfIsConfigurable(intIfNum, &pCfg) != TRUE)
+ return FAILURE;
+
+
+ (void)authmgrPortInfoInitialize(intIfNum, TRUE);
+ if (authmgrCB->globalInfo->authmgrPortInfo[intIfNum].paeCapabilities == DOT1X_PAE_PORT_AUTH_CAPABLE)
+ {
+ (void)authmgrCtlApplyPortConfigData(intIfNum);
+ }
+ else
+ {
+ if ( TRUE == authmgrCB->globalInfo->authmgrPortInfo[intIfNum].portEnabled)
+ {
+ authmgrPhysicalPortStatusOpenSet(intIfNum);
+ }
+ else
+ {
+ authmgrPhysicalPortStatusBlockSet(intIfNum);
+ }
+ }
+ nimRc = authmgrNextValidIntf( intIfNum, &intIfNum);
+ }
+ return SUCCESS;
+}
+
+/*********************************************************************
+ * @purpose Disable administrative mode setting for authmgr
+ *
+ * @param none
+ *
+ * @returns SUCCESS
+ * @returns FAILURE
+ *
+ * @comments
+ *
+ * @end
+ *********************************************************************/
+RC_t authmgrCtlAdminModeDisable()
+{
+ uint32 phyIntf;
+ RC_t nimRc;
+
+ if (!(AUTHMGR_IS_READY))
+ {
+ return SUCCESS;
+ }
+
+ nimRc = authmgrFirstValidIntfNumber(&phyIntf);
+
+ while (nimRc == SUCCESS)
+ {
+ authmgrPortInfoCleanup(phyIntf);
+ authmgrPhysicalPortAccessSet(phyIntf);
+ memset(&authmgrCB->globalInfo->authmgrPortInfo[phyIntf].enabledMethods[0],
+ 0, sizeof(authmgrCB->globalInfo->authmgrPortInfo[phyIntf].enabledMethods));
+
+ nimRc = authmgrNextValidIntf(phyIntf, &phyIntf);
+ }
+
+ /* stop the timer */
+ if ( NULLPTR != authmgrCB->globalInfo->authmgrTimerCB)
+ {
+ (void) appTimerDeInit (authmgrCB->globalInfo->authmgrTimerCB);
+ authmgrCB->globalInfo->authmgrTimerCB = NULLPTR;
+ }
+
+ memset(&authmgrCB->globalInfo->authmgrVlanMask, 0, sizeof( VLAN_MASK_t));
+
+ return SUCCESS;
+}
+
+/*********************************************************************
+* @purpose Initialize the Authmgr Port Structure with Default Values
+*
+* @param intIfNum @b{(input)) internal interface number
+*
+* @returns SUCCESS
+* @returns FAILURE
+*
+* @comments
+*
+* @end
+*********************************************************************/
+RC_t authmgrPortInfoInitialize(uint32 intIfNum, BOOL flag)
+{
+ authmgrPortCfg_t *pCfg;
+ uint32 linkState, adminState, maxUsers = 0;
+ ushort16 oldPvid = 0;
+ char8 ifName[ NIM_IF_ALIAS_SIZE + 1];
+ RC_t rc;
+ AUTHMGR_PORT_CONTROL_t cfgPortControlMode = AUTHMGR_PORT_CONTROL_INVALID;
+ AUTHMGR_HOST_CONTROL_t cfgHostMode = AUTHMGR_INVALID_HOST_MODE;
+ uchar8 capabilities = DOT1X_PAE_PORT_NONE_CAPABLE;
+
+ if (authmgrIntfIsConfigurable(intIfNum, &pCfg) != TRUE)
+ return SUCCESS;
+
+ /* clean up previous info */
+ oldPvid = authmgrCB->globalInfo->authmgrPortInfo[intIfNum].pvid;
+ if (oldPvid)
+ {
+ rc = authmgrPortPvidSet(intIfNum, 0);
+ if (rc != SUCCESS)
+ {
+ if (nimGetIntfName (intIfNum, ALIASNAME, ifName) != SUCCESS)
+ {
+ LOGF ( LOG_SEVERITY_ERROR,
+ "Unable to get alias for intf %s", authmgrIntfIfNameGet(intIfNum));
+ return FAILURE;
+ }
+ LOGF ( LOG_SEVERITY_INFO,
+ "Unable to set PVID back to 0 for %s", ifName);
+ }
+ }
+
+ memset(&authmgrCB->globalInfo->authmgrPortInfo[intIfNum], 0, sizeof(authmgrPortInfo_t));
+
+ authmgrCB->globalInfo->authmgrPortInfo[intIfNum].maxUsers = AUTHMGR_MAX_USERS_PER_PORT;
+ authmgrCB->globalInfo->authmgrPortInfo[intIfNum].numUsers = 0;
+
+ authmgrCB->globalInfo->authmgrPortInfo[intIfNum].initialize = FALSE;
+ authmgrCB->globalInfo->authmgrPortInfo[intIfNum].authVlan = 0;
+
+ if ( (nimGetIntfLinkState(intIfNum, &linkState) == SUCCESS) && (linkState == UP) &&
+ (nimGetIntfAdminState(intIfNum, &adminState) == SUCCESS) && (adminState == ENABLE) )
+ authmgrCB->globalInfo->authmgrPortInfo[intIfNum].portEnabled = TRUE;
+ else
+ authmgrCB->globalInfo->authmgrPortInfo[intIfNum].portEnabled = FALSE;
+
+ authmgrCB->globalInfo->authmgrPortInfo[intIfNum].authCount = 0;
+ authmgrCB->globalInfo->authmgrPortInfo[intIfNum].portStatus = AUTHMGR_PORT_STATUS_UNAUTHORIZED;
+
+ (void)osapiReadLockTake(authmgrCB->authmgrCfgRWLock, WAIT_FOREVER);
+ cfgPortControlMode = pCfg->portControlMode;
+ cfgHostMode = pCfg->hostMode;
+ capabilities = pCfg->paeCapabilities;
+ (void)osapiReadLockGive(authmgrCB->authmgrCfgRWLock);
+
+ /* Copy config data into operational data */
+ if (cfgPortControlMode != AUTHMGR_PORT_AUTO)
+ {
+ AUTHMGR_EVENT_TRACE(AUTHMGR_TRACE_EVENTS,intIfNum,
+ "Setting the max users to %d on interface %d. Current port control mode is not Auto \n",
+ 1, intIfNum);
+ authmgrCB->globalInfo->authmgrPortInfo[intIfNum].maxUsers = 1;
+ }
+ else
+ {
+ if ( SUCCESS != authmgrMaxUsersGet(intIfNum, &maxUsers))
+ {
+ AUTHMGR_EVENT_TRACE(AUTHMGR_TRACE_FAILURE,intIfNum,
+ "Unable to retrieve the max users. Current host mode is %s \n",
+ authmgrHostModeStringGet(cfgHostMode));
+ }
+ else
+ {
+ AUTHMGR_EVENT_TRACE(AUTHMGR_TRACE_EVENTS,intIfNum,
+ "Setting the max users to %d on interface %d. Current host mode is %s \n",
+ maxUsers, intIfNum, authmgrHostModeStringGet(cfgHostMode));
+ authmgrCB->globalInfo->authmgrPortInfo[intIfNum].maxUsers = maxUsers;
+ }
+ }
+
+ (void)osapiReadLockTake(authmgrCB->authmgrCfgRWLock, WAIT_FOREVER);
+ authmgrCB->globalInfo->authmgrPortInfo[intIfNum].quietPeriod = pCfg->quietPeriod;
+ authmgrCB->globalInfo->authmgrPortInfo[intIfNum].reAuthPeriod = pCfg->reAuthPeriod;
+ authmgrCB->globalInfo->authmgrPortInfo[intIfNum].reAuthPeriodServer = pCfg->reAuthPeriodServer;
+ authmgrCB->globalInfo->authmgrPortInfo[intIfNum].reAuthEnabled = pCfg->reAuthEnabled;
+ authmgrCB->globalInfo->authmgrPortInfo[intIfNum].authFailRetryMaxCount = pCfg->maxAuthAttempts;
+
+ (void)osapiReadLockGive(authmgrCB->authmgrCfgRWLock);
+
+ /* Get the PAE capabilities */
+ authmgrCB->globalInfo->authmgrPortInfo[intIfNum].paeCapabilities = capabilities;
+
+ return SUCCESS;
+}
+
+/*********************************************************************
+* @purpose Set values of the Logical Authmgr Port Structure
+* with Default Values of port it belongs to
+*
+* @param logicalPortInfo @b{(input)) Logical port Info
+*
+* @returns SUCCESS
+* @returns FAILURE
+*
+* @comments
+*
+* @end
+*********************************************************************/
+RC_t authmgrLogicalPortInfoInit(uint32 lIntIfNum)
+{
+ authmgrLogicalPortInfo_t *logicalPortInfo = NULLPTR;
+ uint32 physPort = 0, lPort = 0, type = 0, vlanId = 0;
+
+ logicalPortInfo = authmgrLogicalPortInfoGet(lIntIfNum);
+
+ AUTHMGR_IF_NULLPTR_RETURN_LOG(logicalPortInfo);
+
+ AUTHMGR_LPORT_KEY_UNPACK(physPort, lPort, type, logicalPortInfo->key.keyNum);
+ AUTHMGR_EVENT_TRACE(AUTHMGR_TRACE_CLIENT, physPort,
+ "%s:Resetting information for linterface = %d . \n",
+ __FUNCTION__, lPort);
+
+ if ( AUTHMGR_PORT_STATUS_AUTHORIZED == logicalPortInfo->client.logicalPortStatus)
+ {
+ /* Clean up the client hw info */
+ AUTHMGR_EVENT_TRACE(AUTHMGR_TRACE_CLIENT,physPort,
+ "\n%s:Cleaning up hw info for linterface = %d\n",
+ __FUNCTION__,lIntIfNum);
+
+ if ( SUCCESS != authmgrClientHwInfoCleanup(logicalPortInfo))
+ {
+ AUTHMGR_EVENT_TRACE(AUTHMGR_TRACE_FAILURE,physPort,
+ "\n%s:Resetting client hw settings for linterface = %d failed. \n",
+ __FUNCTION__, lIntIfNum);
+ }
+ }
+
+ memset(&logicalPortInfo->protocol, 0, sizeof(authmgrProtocolInfo_t));
+ memset(&logicalPortInfo->client, 0, sizeof(authmgrClientInfo_t));
+
+ uchar8 ifName[ NIM_IF_ALIAS_SIZE + 1] = {'\0'};
+
+ if (nimGetIntfName(physPort, ALIASNAME, ifName) == SUCCESS)
+ {
+ pacCfgPortPVIDGet(ifName, &vlanId);
+ }
+
+
+ logicalPortInfo->client.vlanId = vlanId;
+ logicalPortInfo->client.vlanType = AUTHMGR_VLAN_DEFAULT;
+ logicalPortInfo->client.rcvdEapolVersion = DOT1X_PAE_PORT_PROTOCOL_VERSION_2;
+ authmgrStateMachineClassifier(authmgrInitialize, logicalPortInfo->key.keyNum);
+
+ return SUCCESS;
+}
+
+/*********************************************************************
+* @purpose Populate Auth Manager Global Info structure
+*
+* @param none
+*
+* @returns none
+*
+* @comments
+*
+* @end
+*********************************************************************/
+void authmgrGlobalInfoPopulate()
+{
+ memset(&authmgrCB->globalInfo->authmgrVlanMask, 0, sizeof( VLAN_MASK_t));
+}
+
+
+RC_t authmgrVlanClientsCleanup(uint32 vlanId)
+{
+ uint32 intIfNum = 0, lIntIfNum = 0;
+ authmgrLogicalPortInfo_t *logicalPortInfo = NULLPTR;
+ RC_t nimRc = SUCCESS;
+
+ nimRc = authmgrFirstValidIntfNumber (&intIfNum);
+ while (nimRc == SUCCESS)
+ {
+ if ((0 != authmgrCB->globalInfo->authmgrPortInfo[intIfNum].authCount)
+ && ( AUTHMGR_PORT_AUTO ==
+ authmgrCB->globalInfo->authmgrPortInfo[intIfNum].portControlMode))
+ {
+ lIntIfNum = AUTHMGR_LOGICAL_PORT_ITERATE;
+ while ((logicalPortInfo =
+ authmgrLogicalPortInfoGetNextNode (intIfNum,
+ &lIntIfNum)) != NULLPTR)
+ {
+ if (vlanId == logicalPortInfo->client.vlanId)
+ {
+ authmgrClientInfoCleanup(logicalPortInfo);
+ }
+ }
+ }
+ nimRc = authmgrNextValidIntf (intIfNum, &intIfNum);
+ }
+ return SUCCESS;
+}
+
+/*********************************************************************
+* @purpose To close the authenticated sessions gracefully.
+*
+*
+* @returns SUCCESS
+* @returns FAILURE
+*
+* @comments
+*
+* @end
+*********************************************************************/
+RC_t authmgrTerminateAuthSessions()
+{
+ uint32 intIfNum = 0, lIntIfNum = 0, mgmtUnit = 0;
+ RC_t rc = SUCCESS;
+ authmgrLogicalPortInfo_t *logicalPortInfo;
+ nimUSP_t usp;
+
+ /* Get the first Valid Interface and cleanup the authentication sessions
+ * belongs to this unit.
+ */
+ rc = authmgrFirstValidIntfNumber(&intIfNum);
+ while (rc == SUCCESS)
+ {
+ memset((void *)&usp, 0, sizeof(nimUSP_t));
+ if(nimGetUnitSlotPort(intIfNum, &usp) == SUCCESS)
+ {
+ if (usp.unit != ( uchar8)mgmtUnit)
+ {
+ rc = authmgrNextValidIntf(intIfNum, &intIfNum);
+ continue;
+ }
+ }
+ else
+ {
+ rc = authmgrNextValidIntf(intIfNum, &intIfNum);
+ continue;
+ }
+
+ lIntIfNum = AUTHMGR_LOGICAL_PORT_ITERATE;
+ authmgrCB->globalInfo->authmgrPortInfo[intIfNum].portEnabled = FALSE;
+ while ( NULLPTR !=
+ (logicalPortInfo = authmgrLogicalPortInfoGetNextNode (intIfNum, &lIntIfNum)))
+ {
+ if (0 != logicalPortInfo->key.keyNum)
+ {
+ if ( AUTHMGR_PORT_STATUS_AUTHORIZED == logicalPortInfo->client.logicalPortStatus)
+ {
+ AUTHMGR_EVENT_TRACE(AUTHMGR_TRACE_API_CALLS,intIfNum,
+ "%s Auth Manager Cleanup the client session %d on port %s\n",
+ __FUNCTION__, logicalPortInfo->key.keyNum, authmgrIntfIfNameGet(intIfNum));
+
+ (void)authmgrClientInfoCleanup(logicalPortInfo);
+ }
+ }
+ }
+ rc = authmgrNextValidIntf(intIfNum, &intIfNum);
+ }
+ return SUCCESS;
+}
+
+/*********************************************************************
+* @purpose Reset port information
+*
+* @param intIfNum @b{(input)) internal interface number
+* @param initialize @b{(input)) initialize value
+*
+* @returns SUCCESS
+* @returns FAILURE
+*
+* @comments This value is set to TRUE by management in order to force
+* initialization of a port. It is re-set to FALSE after
+* initialization has completed.
+*
+* @end
+*********************************************************************/
+RC_t authmgrCtlPortReset(uint32 intIfNum, BOOL initialize)
+{
+ RC_t rc = SUCCESS;
+
+ if (authmgrCB->globalInfo->authmgrCfg->adminMode != ENABLE)
+ {
+ return SUCCESS;
+ }
+ AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_PORT_STATUS, intIfNum,
+ "%s:Intialize physical port's oper values with default -%d \n", __FUNCTION__,
+ intIfNum);
+
+ authmgrPortInfoCleanup (intIfNum);
+ authmgrPortCtrlModeSet (intIfNum, FD_AUTHMGR_PORT_MODE);
+ authmgrIntfOperBuildDefault(intIfNum);
+
+ return rc;
+}
diff --git a/src/sonic-pac/authmgr/mapping/auth_mgr_debug.c b/src/sonic-pac/authmgr/mapping/auth_mgr_debug.c
new file mode 100755
index 000000000000..cc1cb8df2c5d
--- /dev/null
+++ b/src/sonic-pac/authmgr/mapping/auth_mgr_debug.c
@@ -0,0 +1,1409 @@
+/*
+ * Copyright 2024 Broadcom Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+
+#include "auth_mgr_include.h"
+#include <netinet/in.h>
+#include <arpa/inet.h>
+#include "auth_mgr_struct.h"
+#include "auth_mgr_api.h"
+#include "auth_mgr_timer.h"
+
+extern authmgrCB_t *authmgrCB;
+
+#define AUTHMGR_DEBUG_PACKET_RX_FORMAT "Pkt RX - Intf: %s (%d,%s),SrcMac: %s DestMac: %s Type: %s\n"
+#define AUTHMGR_DEBUG_PACKET_RX_EAP_FORMAT "Pkt RX - Intf: %s (%d,%s),SrcMac: %s DestMac: %s Type: %s Code: %s Id:%d\n"
+#define AUTHMGR_DEBUG_PACKET_TX_FORMAT "Pkt TX - Intf: %s (%d,%s),SrcMac: %s DestMac: %s Type: %s Code: %s\n"
+#define AUTHMGR_DEBUG_PACKET_TX_EAP_FORMAT "Pkt TX - Intf: %s (%d,%s),SrcMac: %s DestMac: %s Type: %s Code: %s Id:%d\n"
+
+ BOOL authmgrDebugPacketTraceTxFlag = FALSE;
+ BOOL authmgrDebugPacketTraceRxFlag = FALSE;
+uint32 authmgrDebugTraceFlag = 0;
+uint32 authmgrDebugTraceIntf = 0;
+
+/* Function prototypes */
+void authmgrBuildTestIntfConfigData (authmgrPortCfg_t * pCfg, ushort16 seed);
+void authmgrConfigDataTestShow (void);
+
+
+/*********************************************************************
+* @purpose Display the number of messages in the authmgr message queues
+*
+* @param none
+*
+* @returns void
+*
+* @comments devshell command
+*
+* @end
+*********************************************************************/
+void authmgrDebugMsgQueue ()
+{
+ int32 num;
+
+ if (osapiMsgQueueGetNumMsgs (authmgrCB->authmgrBulkQueue, &num) == SUCCESS)
+ {
+ SYSAPI_PRINTF (
+ "Authmgr Messages in bulk queue: %d\n", num);
+ }
+
+ if (osapiMsgQueueGetNumMsgs (authmgrCB->authmgrQueue, &num) == SUCCESS)
+ {
+ SYSAPI_PRINTF (
+ "Authmgr Messages in queue: %d\n", num);
+ }
+}
+
+/*********************************************************************
+* @purpose Display the ID of the authmgr Trace Buffer
+*
+* @param none
+*
+* @returns void
+*
+* @comments devshell command
+*
+* @end
+*********************************************************************/
+void authmgrDebugTraceIdGet ()
+{
+ SYSAPI_PRINTF (
+ "Trace Id in use for authmgr is %d\n",
+ authmgrCB->globalInfo->authmgrInfo.traceId);
+ SYSAPI_PRINTF (
+ "Use devshell traceBlockStart(traceId) and traceBlockStop(traceId)\n");
+}
+
+/*********************************************************************
+* @purpose Display the sizes of the authmgr structures
+*
+* @param none
+*
+* @returns void
+*
+* @comments devshell command
+*
+* @end
+*********************************************************************/
+void authmgrDebugSizesShow ()
+{
+ SYSAPI_PRINTF (
+ "AUTHMGR Data Structures:\r\n");
+ SYSAPI_PRINTF (
+ "----------------------\r\n");
+ SYSAPI_PRINTF (
+ "sizeof authmgrCB->globalInfo = %zd\r\n",
+ sizeof (authmgrGlobalInfo_t));
+ SYSAPI_PRINTF (
+ "sizeof authmgrPortInfo_t = %zd\r\n",
+ sizeof (authmgrPortInfo_t));
+ SYSAPI_PRINTF (
+ "sizeof authmgrPortStats_t = %zd\r\n",
+ sizeof (authmgrPortStats_t));
+ SYSAPI_PRINTF (
+ "sizeof authmgrCfg_t = %zd\r\n", sizeof (authmgrCfg_t));
+ SYSAPI_PRINTF (
+ " MAX_PORT_COUNT = %d\r\n", MAX_PORT_COUNT);
+ SYSAPI_PRINTF (
+ " AUTHMGR_INTF_MAX_COUNT = %d\r\n",
+ AUTHMGR_INTF_MAX_COUNT);
+}
+
+/*********************************************************************
+* @purpose Display the config info for the specified port
+*
+* @param intIfNum @b{(input)) internal interface number
+*
+* @returns void
+*
+* @comments devshell command
+*
+* @end
+*********************************************************************/
+void authmgrDebugPortCfgShow (uint32 intIfNum)
+{
+ authmgrPortCfg_t *pCfg;
+
+ if (authmgrIsValidIntf (intIfNum) != TRUE)
+ {
+ SYSAPI_PRINTF (
+ "intIfNum(%d) is not a valid authmgr interface\r\n",
+ intIfNum);
+ return;
+ }
+
+ if (authmgrIntfIsConfigurable (intIfNum, &pCfg) != TRUE)
+ {
+ SYSAPI_PRINTF (
+ "intIfNum(%d) is not a valid authmgr interface\r\n",
+ intIfNum);
+ return;
+ }
+
+ SYSAPI_PRINTF (
+ "AUTHMGR Cfg Info for port %d:\r\n", intIfNum);
+ SYSAPI_PRINTF (
+ "--------------------------\r\n");
+
+ SYSAPI_PRINTF (
+ "portControlMode = %d", pCfg->portControlMode);
+ switch (pCfg->portControlMode)
+ {
+ case AUTHMGR_PORT_FORCE_UNAUTHORIZED:
+ {
+ SYSAPI_PRINTF (
+ " Force Unauthorized\r\n");
+ }
+ break;
+ case AUTHMGR_PORT_AUTO:
+ {
+ SYSAPI_PRINTF (" Auto\r\n");
+ }
+ break;
+ case AUTHMGR_PORT_FORCE_AUTHORIZED:
+ {
+ SYSAPI_PRINTF (
+ " Force Authorized\r\n");
+ }
+ break;
+ default:
+ {
+ SYSAPI_PRINTF (" Unknown\r\n");
+ }
+ break;
+ }
+
+ SYSAPI_PRINTF (
+ "hostMode = %s\r\n",
+ authmgrHostModeStringGet (pCfg->hostMode));
+
+ SYSAPI_PRINTF (
+ "quietPeriod = %d\r\n", pCfg->quietPeriod);
+ SYSAPI_PRINTF (
+ "reAuthPeriod = %d\r\n", pCfg->reAuthPeriod);
+
+ SYSAPI_PRINTF (
+ "reAuthEnabled = %d\r\n", pCfg->reAuthEnabled);
+
+ SYSAPI_PRINTF (
+ "reAuthServerEnabled = %d", pCfg->reAuthPeriodServer);
+ if (authmgrCB->globalInfo->authmgrCfg->authmgrPortCfg[intIfNum].
+ reAuthEnabled == TRUE)
+ {
+ SYSAPI_PRINTF (" True\r\n");
+ }
+ else if (pCfg->reAuthEnabled == FALSE)
+ {
+ SYSAPI_PRINTF (" False\r\n");
+ }
+ else
+ {
+ SYSAPI_PRINTF (" Unknown\r\n");
+ }
+
+
+ SYSAPI_PRINTF (
+ "Auth Server port Max Auth attempts = %d\r\n", pCfg->maxAuthAttempts);
+
+}
+
+/*********************************************************************
+* @purpose Display the status info for the specified port
+*
+* @param lIntIfNum @b{(input)) Logical internal interface number
+*
+* @returns void
+*
+* @comments devshell command
+*
+* @end
+*********************************************************************/
+void authmgrDebugPortMacInfoShow (uint32 lIntIfNum)
+{
+ uchar8 buf[64];
+ uchar8 zeroV6[16];
+ authmgrLogicalPortInfo_t *logicalPortInfo;
+ uint32 physPort = 0, lPort = 0, type = 0;
+
+ authmgrLogicalPortInfoTakeLock ();
+ logicalPortInfo = authmgrLogicalPortInfoGet (lIntIfNum);
+ if (logicalPortInfo == NULLPTR)
+ {
+ authmgrLogicalPortInfoGiveLock ();
+ return;
+ }
+
+ AUTHMGR_LPORT_KEY_UNPACK (physPort, lPort, type, lIntIfNum);
+
+ if (authmgrIsValidIntf (physPort) != TRUE)
+ {
+ SYSAPI_PRINTF (
+ "intIfNum is not a valid authmgr interface(%d)\r\n",
+ physPort);
+ authmgrLogicalPortInfoGiveLock ();
+ return;
+ }
+
+ SYSAPI_PRINTF (
+ "AUTHMGR Info for port %d Phy port(%d) :\r\n", lIntIfNum,
+ physPort);
+ SYSAPI_PRINTF (
+ "------------------------------\r\n");
+
+ if (0 == logicalPortInfo->key.keyNum)
+ {
+ SYSAPI_PRINTF ("Port is in Use\r\n");
+ }
+ else
+ {
+ SYSAPI_PRINTF ("Port Not in Use\r\n");
+ }
+
+ SYSAPI_PRINTF (
+ "Port Status = %d\n",
+ logicalPortInfo->client.logicalPortStatus);
+
+ SYSAPI_PRINTF (
+ "\n\rTimers operational \n\r");
+
+ SYSAPI_PRINTF (
+ "---------- --------------- --------------- ---------- --------------\n\r");
+
+ SYSAPI_PRINTF (
+ "%s\n",
+ authmgrTimerTypeStringGet (logicalPortInfo->authmgrTimer.cxt.
+ type));
+
+ SYSAPI_PRINTF (
+ "auth state %s \r\n",
+ authmgrAuthStateStringGet (logicalPortInfo->protocol.
+ authState));
+
+ if (logicalPortInfo->client.serverStateLen > 0)
+ {
+ uint32 i;
+ SYSAPI_PRINTF (
+ "serverState = ");
+ for (i = 0; i < logicalPortInfo->client.serverStateLen; i++)
+ {
+ SYSAPI_PRINTF (
+ "%02X", logicalPortInfo->client.serverState[i]);
+ }
+ SYSAPI_PRINTF ("\r\n");
+ }
+ else
+ {
+ SYSAPI_PRINTF (
+ "serverState = NULL\r\n");
+ }
+
+ if (logicalPortInfo->client.serverClassLen > 0)
+ {
+ uint32 i;
+ SYSAPI_PRINTF (
+ "serverClass = ");
+ for (i = 0; i < logicalPortInfo->client.serverClassLen; i++)
+ {
+ SYSAPI_PRINTF (
+ "%02X", logicalPortInfo->client.serverClass[i]);
+ }
+ SYSAPI_PRINTF ("\r\n");
+ }
+ else
+ {
+ SYSAPI_PRINTF (
+ "serverClass = NULL\r\n");
+ }
+
+ SYSAPI_PRINTF (
+ "sessionTimeout = %d\r\n",
+ logicalPortInfo->client.sessionTimeout);
+
+ SYSAPI_PRINTF (
+ "terminationAction = %d\r\n",
+ logicalPortInfo->client.terminationAction);
+
+ memset (buf, 0, 32);
+ osapiSnprintf (( char8 *) buf, sizeof (buf),
+ "%02X:%02X:%02X:%02X:%02X:%02X",
+ logicalPortInfo->client.suppMacAddr.addr[0],
+ logicalPortInfo->client.suppMacAddr.addr[1],
+ logicalPortInfo->client.suppMacAddr.addr[2],
+ logicalPortInfo->client.suppMacAddr.addr[3],
+ logicalPortInfo->client.suppMacAddr.addr[4],
+ logicalPortInfo->client.suppMacAddr.addr[5]);
+ SYSAPI_PRINTF (
+ "suppMacAddr = %s\r\n", buf);
+
+ SYSAPI_PRINTF (
+ "reAuthenticating = %d",
+ logicalPortInfo->client.reAuthenticating);
+ if (logicalPortInfo->client.reAuthenticating == TRUE)
+ {
+ SYSAPI_PRINTF (" True\r\n");
+ }
+ else if (logicalPortInfo->client.reAuthenticating == FALSE)
+ {
+ SYSAPI_PRINTF (" False\r\n");
+ }
+ else
+ {
+ SYSAPI_PRINTF (" Unknown\r\n");
+ }
+
+ SYSAPI_PRINTF (
+ "Reauthentication count = %d\r\n",
+ logicalPortInfo->client.reAuthCount);
+
+ SYSAPI_PRINTF (
+ "suppRestarting = %d",
+ logicalPortInfo->client.suppRestarting);
+ if (logicalPortInfo->client.suppRestarting == TRUE)
+ {
+ SYSAPI_PRINTF (" True\r\n");
+ }
+ else if (logicalPortInfo->client.suppRestarting == FALSE)
+ {
+ SYSAPI_PRINTF (" False\r\n");
+ }
+ else
+ {
+ SYSAPI_PRINTF (" Unknown\r\n");
+ }
+
+ SYSAPI_PRINTF (
+ "authMethod = %d",
+ logicalPortInfo->client.authMethod);
+ switch (logicalPortInfo->client.authMethod)
+ {
+ case AUTH_METHOD_UNDEFINED:
+ {
+ SYSAPI_PRINTF (" Undefined\r\n");
+ }
+ break;
+ case AUTH_METHOD_LOCAL:
+ {
+ SYSAPI_PRINTF (" Local\r\n");
+ }
+ break;
+ case AUTH_METHOD_RADIUS:
+ {
+ SYSAPI_PRINTF (" Radius\r\n");
+ }
+ break;
+ case AUTH_METHOD_REJECT:
+ {
+ SYSAPI_PRINTF (" Reject\r\n");
+ }
+ break;
+ default:
+ {
+ SYSAPI_PRINTF (" Unknown\r\n");
+ }
+ break;
+ }
+
+ SYSAPI_PRINTF (
+ "Vlan type %s vlan Id = %d\r\n",
+ authmgrVlanTypeStringGet (logicalPortInfo->client.vlanType),
+ logicalPortInfo->client.vlanId);
+
+ SYSAPI_PRINTF (
+ "Client Session Timeout = %d\r\n",
+ logicalPortInfo->client.clientTimeout);
+
+ SYSAPI_PRINTF (
+ "Blocked Vlan Id = %d\r\n",
+ logicalPortInfo->client.blockVlanId);
+
+ memset(buf, 0, sizeof(buf));
+ memset(zeroV6, 0, 16);
+
+ authmgrLogicalPortInfoGiveLock ();
+}
+
+/*********************************************************************
+* @purpose Display the status info for the specified port
+*
+* @param intIfNum @b{(input)) internal interface number
+*
+* @returns void
+*
+* @comments devshell command
+*
+* @end
+*********************************************************************/
+void authmgrDebugPortInfoShow (uint32 intIfNum)
+{
+ if (authmgrIsValidIntf (intIfNum) != TRUE)
+ {
+ SYSAPI_PRINTF (
+ "intIfNum is not a valid authmgr interface(%d)\r\n",
+ intIfNum);
+ return;
+ }
+
+ SYSAPI_PRINTF (
+ "AUTHMGR Status Info for port %d:\r\n", intIfNum);
+ SYSAPI_PRINTF (
+ "------------------------------\r\n");
+
+ SYSAPI_PRINTF (
+ "initialize = %d",
+ authmgrCB->globalInfo->authmgrPortInfo[intIfNum].initialize);
+ if (authmgrCB->globalInfo->authmgrPortInfo[intIfNum].initialize == TRUE)
+ {
+ SYSAPI_PRINTF (" True\r\n");
+ }
+ else if (authmgrCB->globalInfo->authmgrPortInfo[intIfNum].initialize ==
+ FALSE)
+ {
+ SYSAPI_PRINTF (" False\r\n");
+ }
+ else
+ {
+ SYSAPI_PRINTF (" Unknown\r\n");
+ }
+
+ SYSAPI_PRINTF (
+ "portControlMode = %d",
+ authmgrCB->globalInfo->authmgrPortInfo[intIfNum].
+ portControlMode);
+ switch (authmgrCB->globalInfo->authmgrPortInfo[intIfNum].portControlMode)
+ {
+ case AUTHMGR_PORT_FORCE_UNAUTHORIZED:
+ {
+ SYSAPI_PRINTF (
+ " Force Unauthorized\r\n");
+ }
+ break;
+ case AUTHMGR_PORT_AUTO:
+ {
+ SYSAPI_PRINTF (" Auto\r\n");
+ }
+ break;
+ case AUTHMGR_PORT_FORCE_AUTHORIZED:
+ {
+ SYSAPI_PRINTF (
+ " Force Authorized\r\n");
+ }
+ break;
+ default:
+ {
+ SYSAPI_PRINTF (" Unknown\r\n");
+ }
+ break;
+ }
+
+ SYSAPI_PRINTF (
+ "hostMode = %s\r\n",
+ authmgrHostModeStringGet (authmgrCB->globalInfo->
+ authmgrPortInfo[intIfNum].hostMode));
+
+ SYSAPI_PRINTF (
+ "portEnabled = %d",
+ authmgrCB->globalInfo->authmgrPortInfo[intIfNum].portEnabled);
+ if (authmgrCB->globalInfo->authmgrPortInfo[intIfNum].portEnabled == TRUE)
+ {
+ SYSAPI_PRINTF (" True\r\n");
+ }
+ else if (authmgrCB->globalInfo->authmgrPortInfo[intIfNum].portEnabled ==
+ FALSE)
+ {
+ SYSAPI_PRINTF (" False\r\n");
+ }
+ else
+ {
+ SYSAPI_PRINTF (" Unknown\r\n");
+ }
+
+ SYSAPI_PRINTF (
+ "portStatus = %d",
+ authmgrCB->globalInfo->authmgrPortInfo[intIfNum].portStatus);
+ if (authmgrCB->globalInfo->authmgrPortInfo[intIfNum].portStatus ==
+ AUTHMGR_PORT_STATUS_AUTHORIZED)
+ {
+ SYSAPI_PRINTF (" Authorized\r\n");
+ }
+ else if (authmgrCB->globalInfo->authmgrPortInfo[intIfNum].portStatus ==
+ AUTHMGR_PORT_STATUS_UNAUTHORIZED)
+ {
+ SYSAPI_PRINTF (" Unauthorized\r\n");
+ }
+ else
+ {
+ SYSAPI_PRINTF (" Unknown\r\n");
+ }
+
+ SYSAPI_PRINTF (
+ "nimStatus = %d \n",
+ authmgrCB->globalInfo->authmgrPortInfo[intIfNum].nimStatus);
+
+ SYSAPI_PRINTF (
+ "quietPeriod = %d\r\n",
+ authmgrCB->globalInfo->authmgrPortInfo[intIfNum].quietPeriod);
+
+ SYSAPI_PRINTF (
+ "reAuthPeriod = %d\r\n",
+ authmgrCB->globalInfo->authmgrPortInfo[intIfNum].reAuthPeriod);
+
+ SYSAPI_PRINTF (
+ "reAuthEnabled = %d",
+ authmgrCB->globalInfo->authmgrPortInfo[intIfNum].
+ reAuthEnabled);
+ if (authmgrCB->globalInfo->authmgrPortInfo[intIfNum].reAuthEnabled == TRUE)
+ {
+ SYSAPI_PRINTF (" True\r\n");
+ }
+ else if (authmgrCB->globalInfo->authmgrPortInfo[intIfNum].reAuthEnabled ==
+ FALSE)
+ {
+ SYSAPI_PRINTF (" False\r\n");
+ }
+ else
+ {
+ SYSAPI_PRINTF (" Unknown\r\n");
+ }
+
+
+ SYSAPI_PRINTF (
+ "Number of Authorizations = %d\r\n",
+ authmgrCB->globalInfo->authmgrPortInfo[intIfNum].authCount);
+
+ SYSAPI_PRINTF (
+ "Auth Fail retry count = %d\r\n",
+ authmgrCB->globalInfo->authmgrPortInfo[intIfNum].authFailRetryMaxCount);
+}
+
+/*********************************************************************
+* @purpose Display the status for the specified port
+*
+* @param intIfNum @b{(input)) internal interface number
+*
+* @returns void
+*
+* @comments devshell command
+*
+* @end
+*********************************************************************/
+void authmgrDebugPortStatsShow (uint32 intIfNum)
+{
+ if (authmgrIsValidIntf (intIfNum) != TRUE)
+ {
+ SYSAPI_PRINTF (
+ "intIfNum is not a valid interface(%d)\r\n", intIfNum);
+ return;
+ }
+
+ SYSAPI_PRINTF (
+ "AUTHMGR Stats for port %d:\r\n", intIfNum);
+ SYSAPI_PRINTF (
+ "-----------------------\r\n");
+
+ SYSAPI_PRINTF ("\r\n");
+
+ SYSAPI_PRINTF (
+ "AUTHMGR Debug Stats for port %d:\r\n", intIfNum);
+
+ SYSAPI_PRINTF (
+ "-----------------------------\r\n");
+ SYSAPI_PRINTF (
+ "dot1x authEntersAuthenticating = %d\r\n",
+ authmgrCB->globalInfo->authmgrPortStats[intIfNum].dot1x.
+ authEntersAuthenticating);
+ SYSAPI_PRINTF (
+ "dot1x authAuthSuccess = %d\r\n",
+ authmgrCB->globalInfo->authmgrPortStats[intIfNum].dot1x.
+ authSuccess);
+ SYSAPI_PRINTF (
+ "dot1x authFailure = %d\r\n",
+ authmgrCB->globalInfo->authmgrPortStats[intIfNum].dot1x.
+ authFailure);
+ SYSAPI_PRINTF (
+ "auth authTimeout = %d\r\n",
+ authmgrCB->globalInfo->authmgrPortStats[intIfNum].dot1x.
+ authTimeout);
+}
+
+/*********************************************************************
+* @purpose Set the authmgr log trace mode
+*
+* @param mode @b{(input)) log trace mode
+*
+* @returns SUCCESS
+* @returns FAILURE
+*
+* @comments none
+*
+* @end
+*********************************************************************/
+RC_t authmgrDebugLogTraceModeSet (uint32 mode)
+{
+ /* Validate input parm */
+ if (mode != ENABLE && mode != DISABLE)
+ {
+ return FAILURE;
+ }
+
+ /* If not changing mode, just return success */
+ if (mode == authmgrCB->globalInfo->authmgrCfg->authmgrLogTraceMode)
+ {
+ return SUCCESS;
+ }
+
+ authmgrCB->globalInfo->authmgrCfg->authmgrLogTraceMode = mode;
+
+ authmgrCB->globalInfo->authmgrCfg->cfgHdr.dataChanged = TRUE;
+ return SUCCESS;
+}
+
+/*********************************************************************
+* @purpose Return the authmgr log trace mode
+*
+* @param mode @b{(input)) log trace mode
+*
+* @returns SUCCESS
+*
+* @comments none
+*
+* @end
+*********************************************************************/
+uint32 authmgrDebugLogTraceModeGet ()
+{
+ return authmgrCB->globalInfo->authmgrCfg->authmgrLogTraceMode;
+}
+
+/*********************************************************************
+* @purpose Trace authmgr events
+*
+* @param 0 - disable tracing
+* 1 - enable port status events
+* 2 - enable port events tracing
+*
+*
+* @returns void
+*
+* @notes
+*
+* @end
+*
+*********************************************************************/
+void authmgrDebugTraceEvent (uint32 debug, uint32 intfNum)
+{
+ authmgrDebugTraceFlag = debug;
+ authmgrDebugTraceIntf = intfNum;
+}
+
+/*********************************************************************
+* @purpose show authmgr trace events help
+*
+* @param
+*
+*
+* @returns void
+*
+* @notes
+*
+* @end
+*
+*********************************************************************/
+void authmgrDebugTraceEventHelp ()
+{
+ SYSAPI_PRINTF (
+ "\n Use authmgrDebugTraceEvent(<debug>,<interface Number>) to trace various events");
+ SYSAPI_PRINTF (
+ "\n Specify internal interface number to trace events for specific interface or 0 for all interfaces.");
+
+ SYSAPI_PRINTF ("\n Trace Event Flags");
+ SYSAPI_PRINTF ("\n-------------------");
+
+ SYSAPI_PRINTF (
+ "\n Flag Description Value");
+ SYSAPI_PRINTF (
+ "\n ------------------------------- ----------------------------------------------------- -------");
+ SYSAPI_PRINTF (
+ "\n AUTHMGR_TRACE_PORT_STATUS Traces port authorization events %u",
+ AUTHMGR_TRACE_PORT_STATUS);
+ SYSAPI_PRINTF (
+ "\n AUTHMGR_TRACE_EVENTS Traces callback events %u",
+ AUTHMGR_TRACE_EVENTS);
+ SYSAPI_PRINTF (
+ "\n AUTHMGR_TRACE_API_CALLS Traces authmgr send packet events %u",
+ AUTHMGR_TRACE_API_CALLS);
+ SYSAPI_PRINTF (
+ "\n AUTHMGR_TRACE_FSM_EVENTS Traces state machine events %u",
+ AUTHMGR_TRACE_FSM_EVENTS);
+ SYSAPI_PRINTF (
+ "\n AUTHMGR_TRACE_FAILURE Traces failure events such as authentication failure %u",
+ AUTHMGR_TRACE_FAILURE);
+ SYSAPI_PRINTF (
+ "\n AUTHMGR_TRACE_RADIUS Traces RADIUS related events %u",
+ AUTHMGR_TRACE_RADIUS);
+ SYSAPI_PRINTF (
+ "\n AUTHMGR_TRACE_TIMER Traces Authmgr Timer Events %u",
+ AUTHMGR_TRACE_TIMER);
+ SYSAPI_PRINTF (
+ "\n AUTHMGR_TRACE_MAC_ADDR_DB Traces Mac Address Database related events %u",
+ AUTHMGR_TRACE_MAC_ADDR_DB);
+}
+
+/*********************************************************************
+* @purpose Return Logical port Debug info
+*
+* @param intIfNum @b{(input)) interface number
+* @param lIntIfNum @b{(input)) Logical internal interface number
+* @param debugInfo @b{(output)) debug info
+*
+* @returns SUCCESS or FAILURE
+*
+* @comments
+*
+* @end
+*********************************************************************/
+RC_t authmgrDebugLogicalPortInfoNextGet (uint32 intIfNum, uint32 *lIntIfNum,
+ authmgrLogicalPortDebugInfo_t *debugInfo)
+{
+ authmgrLogicalPortInfo_t *logicalPortInfo = NULLPTR;
+ RC_t rc = SUCCESS;
+ authmgrPortCfg_t *pCfg;
+ AUTHMGR_PORT_CONTROL_t portControl = AUTHMGR_PORT_CONTROL_INVALID;
+
+ if (authmgrIntfIsConfigurable(intIfNum, &pCfg) != TRUE)
+ return FAILURE;
+
+ (void)osapiReadLockTake(authmgrCB->authmgrCfgRWLock, WAIT_FOREVER);
+ portControl = pCfg->portControlMode;
+ (void)osapiReadLockGive(authmgrCB->authmgrCfgRWLock);
+
+ if ( AUTHMGR_PORT_AUTO != portControl)
+ {
+ return FAILURE;
+ }
+
+ memset(debugInfo, 0, sizeof(*debugInfo));
+
+ authmgrLogicalPortInfoTakeLock ();
+
+ if ((logicalPortInfo = authmgrLogicalPortInfoGetNextNode (intIfNum,
+ lIntIfNum)) != NULLPTR)
+ {
+ debugInfo->key = logicalPortInfo->key;
+ memcpy(&debugInfo->client, &logicalPortInfo->client, sizeof(debugInfo->client));
+ memcpy(&debugInfo->protocol, &logicalPortInfo->protocol, sizeof(debugInfo->protocol));
+ }
+ else
+ {
+ rc = FAILURE;
+ }
+
+ authmgrLogicalPortInfoGiveLock ();
+ return rc;
+}
+
+/*********************************************************************
+* @purpose Display the status info for the specified port
+*
+* @param lIntIfNum @b{(input)) Logical internal interface number
+*
+* @returns void
+*
+* @comments devshell command
+*
+* @end
+*********************************************************************/
+void authmgrDebugLogicalPortInfoShow (uint32 intIfNum, uint32 lIntIfNum)
+{
+ authmgrLogicalPortInfo_t *logicalPortInfo;
+ uint32 physPort = 0, lPort = 0, type = 0;
+ BOOL all = FALSE;
+
+ if (lIntIfNum == 0)
+ {
+ all = TRUE;
+ logicalPortInfo = authmgrLogicalPortInfoFirstGet (intIfNum, &lIntIfNum);
+ }
+ else
+ {
+ authmgrLogicalPortInfoTakeLock ();
+ logicalPortInfo = authmgrLogicalPortInfoGet (lIntIfNum);
+ }
+
+ if (logicalPortInfo == NULLPTR)
+ {
+ if (all == FALSE)
+ {
+ authmgrLogicalPortInfoGiveLock ();
+ }
+ printf ("Cannot get logical port info for this log interface %d \n",
+ lIntIfNum);
+ return;
+ }
+
+ AUTHMGR_LPORT_KEY_UNPACK (physPort, lPort, type, logicalPortInfo->key.keyNum);
+
+ if (authmgrIsValidIntf (physPort) != TRUE)
+ {
+ SYSAPI_PRINTF (
+ "intIfNum is not a valid authmgr interface(%d)\r\n",
+ physPort);
+ if (all == FALSE)
+ {
+ authmgrLogicalPortInfoGiveLock ();
+ }
+ return;
+ }
+
+ if (intIfNum != physPort)
+ {
+ sysapiPrintf ("Error! LogicalPort[%d] not belongs to Port[%d] \n\r",
+ logicalPortInfo->key.keyNum, intIfNum);
+ if (all == FALSE)
+ {
+ authmgrLogicalPortInfoGiveLock ();
+ }
+ return;
+ }
+
+ SYSAPI_PRINTF (
+ "Port Control Mode = %s\n\n\r",
+ (authmgrCB->globalInfo->authmgrPortInfo[intIfNum].
+ portControlMode ==
+ AUTHMGR_PORT_AUTO) ? "Auto" : "non-auto Based");
+
+ SYSAPI_PRINTF (
+ "host Mode = %s\n\n\r",
+ authmgrHostModeStringGet (authmgrCB->globalInfo->
+ authmgrPortInfo[intIfNum].hostMode));
+ while (lIntIfNum != 0)
+ {
+ if (all == FALSE)
+ {
+ authmgrLogicalPortInfoGiveLock ();
+ }
+
+ authmgrDebugPortMacInfoShow (lIntIfNum);
+
+ if (all == TRUE)
+ {
+ logicalPortInfo =
+ authmgrLogicalPortInfoGetNextNode (intIfNum, &lIntIfNum);
+ if (logicalPortInfo == NULLPTR)
+ {
+ lIntIfNum = 0;
+ }
+ }
+ else
+ {
+ lIntIfNum = 0;
+ }
+ } /*While */
+}
+
+/*********************************************************************
+* @purpose get the hostmode string from hostmode
+*
+* @param hostMode -- auth mgr host modes
+* @return hostmode string
+*
+* @comments
+*
+* @end
+*********************************************************************/
+char *authmgrHostModeStringGet ( AUTHMGR_HOST_CONTROL_t hostMode)
+{
+ switch (hostMode)
+ {
+ case AUTHMGR_SINGLE_AUTH_MODE:
+ return "AUTHMGR_SINGLE_AUTH_MODE";
+ case AUTHMGR_MULTI_HOST_MODE:
+ return "AUTHMGR_MULTI_HOST_MODE";
+ case AUTHMGR_MULTI_AUTH_MODE:
+ return "AUTHMGR_MULTI_AUTH_MODE";
+ default:
+ return "Unknown host mode";
+ }
+}
+
+/*********************************************************************
+* @purpose get the auth mgr port status string
+*
+* @param status -- auth mgr port status
+* @return port status string
+*
+* @comments
+*
+* @end
+*********************************************************************/
+char *authmgrAuthStatusStringGet ( AUTHMGR_PORT_STATUS_t status)
+{
+ switch (status)
+ {
+ case AUTHMGR_PORT_STATUS_AUTHORIZED:
+ return " AUTHMGR_PORT_STATUS_AUTHORIZED";
+ case AUTHMGR_PORT_STATUS_UNAUTHORIZED:
+ return " AUTHMGR_PORT_STATUS_UNAUTHORIZED";
+ case AUTHMGR_PORT_STATUS_NA:
+ return " AUTHMGR_PORT_STATUS_NA";
+ default:
+ return "Unknown status";
+ }
+}
+
+/*********************************************************************
+* @purpose get the client allocated node type string
+*
+* @param type client allocation node type
+* @return node type string
+*
+* @comments
+*
+* @end
+*********************************************************************/
+char *authmgrNodeTypeStringGet (authmgrNodeType_t type)
+{
+ switch (type)
+ {
+ case AUTHMGR_PHYSICAL:
+ return "AUTHMGR_PHYSICAL";
+ case AUTHMGR_LOGICAL:
+ return "AUTHMGR_LOGICAL";
+ default:
+ return "Undefined";
+ }
+}
+
+/*********************************************************************
+* @purpose get the timer type string
+*
+* @param type -- auth mgr timer type
+* @return timer type string
+*
+* @comments
+*
+* @end
+*********************************************************************/
+char *authmgrTimerTypeStringGet (authmgrTimerType_t type)
+{
+ switch (type)
+ {
+ case AUTHMGR_QWHILE:
+ return "AUTHMGR_QWHILE";
+ case AUTHMGR_REAUTH_WHEN:
+ return "AUTHMGR_REAUTH_WHEN";
+ case AUTHMGR_METHOD_NO_RESP_TMR:
+ return "AUTHMGR_METHOD_NO_RESP_TMR";
+ default:
+ return "Undefined";
+ }
+}
+
+/*********************************************************************
+* @purpose get the vlan type string
+*
+* @param type -- vlan type
+* @return vlan string
+*
+* @comments
+*
+* @end
+*********************************************************************/
+char *authmgrVlanTypeStringGet (authmgrVlanType_t type)
+{
+ switch (type)
+ {
+ case AUTHMGR_VLAN_RADIUS:
+ return "RADIUS";
+ case AUTHMGR_VLAN_BLOCKED:
+ return "BLOCKED";
+ default:
+ return "Undefined";
+ }
+}
+
+/*********************************************************************
+* @purpose get the client type string
+*
+* @param type -- auth mgr client type
+* @return client type string
+*
+* @comments
+*
+* @end
+*********************************************************************/
+char *authmgrClientTypeStringGet (authmgrClientType_t type)
+{
+ switch (type)
+ {
+ case AUTHMGR_CLIENT_AWARE:
+ return "AUTHMGR_CLIENT_AWARE";
+ case AUTHMGR_CLIENT_UNAWARE:
+ return "AUTHMGR_CLIENT_UNAWARE";
+ case AUTHMGR_CLIENT_MAB:
+ return "AUTHMGR_CLIENT_MAB";
+ default:
+ return "Undefined";
+ }
+}
+
+/*********************************************************************
+* @purpose get the authentication manager state string
+*
+* @param state authentication manager SM state
+* @return state string
+*
+* @comments
+*
+* @end
+*********************************************************************/
+char *authmgrAuthStateStringGet (AUTHMGR_STATES_t state)
+{
+ switch (state)
+ {
+ case AUTHMGR_INITIALIZE:
+ return "AUTHMGR_INITIALIZE";
+ case AUTHMGR_AUTHENTICATING:
+ return "AUTHMGR_AUTHENTICATING";
+ case AUTHMGR_AUTHENTICATED:
+ return "AUTHMGR_AUTHENTICATED";
+ case AUTHMGR_UNAUTHENTICATED:
+ return "AUTHMGR_UNAUTHENTICATED";
+ case AUTHMGR_HELD:
+ return "AUTHMGR_HELD";
+ default:
+ return "Undefined";
+ }
+}
+
+/*********************************************************************
+* @purpose get the authentication method string
+*
+* @param method -- authentication method
+* @return method string
+*
+* @comments
+*
+* @end
+*********************************************************************/
+char *authmgrMethodStringGet ( AUTHMGR_METHOD_t method)
+{
+ switch (method)
+ {
+ case AUTHMGR_METHOD_NONE:
+ return " AUTHMGR_METHOD_NONE";
+ case AUTHMGR_METHOD_8021X:
+ return " AUTHMGR_METHOD_8021X";
+ case AUTHMGR_METHOD_MAB:
+ return " AUTHMGR_METHOD_MAB";
+ default:
+ return "Undefined";
+ }
+}
+
+/*********************************************************************
+* @purpose get the client auth response event string
+*
+* @param status client response event
+* @return event string
+*
+* @comments
+*
+* @end
+*********************************************************************/
+char *authmgrMethodStatusStringGet ( AUTHMGR_STATUS_t status)
+{
+ switch (status)
+ {
+ case AUTHMGR_NEW_CLIENT:
+ return " AUTHMGR_NEW_CLIENT";
+ case AUTHMGR_AUTH_FAIL:
+ return " AUTHMGR_AUTH_FAIL";
+ case AUTHMGR_AUTH_SUCCESS:
+ return " AUTHMGR_AUTH_SUCCESS";
+ case AUTHMGR_AUTH_TIMEOUT:
+ return " AUTHMGR_AUTH_TIMEOUT";
+ case AUTHMGR_AUTH_SERVER_COMM_FAILURE:
+ return " AUTHMGR_AUTH_SERVER_COMM_FAILURE";
+ case AUTHMGR_METHOD_CHANGE:
+ return " AUTHMGR_METHOD_CHANGE";
+ case AUTHMGR_CLIENT_DISCONNECTED:
+ return " AUTHMGR_CLIENT_DISCONNECTED";
+ default:
+ return "Undefined";
+ }
+}
+
+/*********************************************************************
+* @purpose get the state machine event string
+*
+* @param event authmgr state machine event
+* @return state machine event string
+*
+* @comments
+*
+* @end
+*********************************************************************/
+char *authmgrSmEventStringGet (authmgrSmEvents_t event)
+{
+ switch (event)
+ {
+ case authmgrInitialize:
+ return "authmgrInitialize";
+ case authmgrStartAuthenticate:
+ return "authmgrStartAuthenticate";
+ case authmgrAuthSuccess:
+ return "authmgrAuthSuccess";
+ case authmgrNotAuthSuccessNoNextMethod:
+ return "authmgrNotAuthSuccessNoNextMethod";
+ case authmgrNotAuthSuccessNextMethod:
+ return "authmgrNotAuthSuccessNextMethod";
+ case authmgrHeldTimerEqualsZero:
+ return "authmgrHeldTimerEqualsZero";
+ case authmgrStopAuthenticate:
+ return "authmgrStopAuthenticate";
+ case authmgrHigherAuthMethodAdded:
+ return "authmgrHigherAuthMethodAdded";
+ case authmgrReauthenticate:
+ return "authmgrReauthenticate";
+ case authmgrAuthFail:
+ return "authmgrAuthFail";
+ case authmgrAuthenticatedRxEapolStart:
+ return "authenticatedRcvdEapolStart";
+ case authmgrAbortAndRestartAuth:
+ return "authmgrAbortAndRestartAuth";
+ default:
+ return "Undefined";
+ }
+}
+
+/*********************************************************************
+* @purpose get the authentication list type string
+*
+* @param status list type
+* @return string for the list type
+*
+* @comments
+*
+* @end
+*********************************************************************/
+char *authmgrListTypeStringGet ( AUTHMGR_METHOD_TYPE_t status)
+{
+ switch (status)
+ {
+ case AUTHMGR_TYPE_ORDER:
+ return "Order";
+ case AUTHMGR_TYPE_PRIORITY:
+ return "Priority";
+ default:
+ return "Undefined";
+ }
+}
+
+/*********************************************************************
+* @purpose get the authentication Back end method string
+*
+* @param authMethod BAM method
+* @return method string
+*
+* @comments
+*
+* @end
+*********************************************************************/
+char *authmgrAuthMethodStringGet (uint32 authMethod)
+{
+ switch (authMethod)
+ {
+ case AUTH_METHOD_UNDEFINED:
+ return " AUTH_METHOD_UNDEFINED";
+ case AUTH_METHOD_RADIUS:
+ return " AUTH_METHOD_RADIUS";
+ case AUTH_METHOD_LOCAL:
+ return " AUTH_METHOD_LOCAL";
+ case AUTH_METHOD_REJECT:
+ return " AUTH_METHOD_REJECT";
+ default:
+ return "Unknown";
+ }
+}
+
+/*********************************************************************
+* @purpose function to print the supp mac address
+*
+* @param suppMacAddr -- mac address
+*
+* @comments
+*
+* @end
+*********************************************************************/
+void authmgrSuppMacStringGet ( enetMacAddr_t * suppMacAddr)
+{
+ uchar8 buf[32];
+
+ memset (buf, 0, sizeof (buf));
+ osapiSnprintf (( char8 *) buf, sizeof (buf),
+ "%02X:%02X:%02X:%02X:%02X:%02X", suppMacAddr->addr[0],
+ suppMacAddr->addr[1], suppMacAddr->addr[2],
+ suppMacAddr->addr[3], suppMacAddr->addr[4],
+ suppMacAddr->addr[5]);
+ sysapiPrintf ("%s\n", buf);
+}
+
+/*********************************************************************
+* @purpose debug function to dump attr info
+*
+* @param attrInfo -- received client attr info
+*
+* @comments
+*
+* @end
+*********************************************************************/
+void authmgrAttrInfoDump (authmgrAuthAttributeInfo_t * attrInfo)
+{
+ if ( NULLPTR == attrInfo)
+ {
+ return;
+ }
+
+ sysapiPrintf ("serverState = %s\n", attrInfo->serverState);
+ sysapiPrintf ("serverStateLen = %u\n", attrInfo->serverStateLen);
+
+ sysapiPrintf ("serverClass = %s\n", attrInfo->serverClass);
+ sysapiPrintf ("serverClassLen = %u\n", attrInfo->serverClassLen);
+ sysapiPrintf ("sessionTimeout = %u\n", attrInfo->sessionTimeout);
+ sysapiPrintf ("terminationAction = %u\n", attrInfo->terminationAction);
+ sysapiPrintf ("accessLevel = %u\n", attrInfo->accessLevel);
+ sysapiPrintf ("idFromServer = %u\n", attrInfo->idFromServer);
+ sysapiPrintf ("vlanString = %s\n", attrInfo->vlanString);
+ sysapiPrintf ("vlanId = %u\n", attrInfo->vlanId);
+}
+
+/*********************************************************************
+* @purpose debug function to dump client info
+*
+* @param info -- client info of the logical port
+*
+* @comments
+*
+* @end
+*********************************************************************/
+void authmgrLogicalPortClientInfoDump (authmgrClientInfo_t * info)
+{
+ uint32 i = 0;
+
+ if ( NULLPTR == info)
+ {
+ return;
+ }
+ sysapiPrintf ("clientType = %s\n",
+ authmgrClientTypeStringGet (info->clientType));
+ sysapiPrintf ("retryCount = %u\n", info->retryCount);
+ sysapiPrintf ("reAuthCount = %u\n", info->reAuthCount);
+ sysapiPrintf ("reAuthenticate = %u\n", info->reAuthenticate);
+ sysapiPrintf ("currentMethod = %s\n",
+ authmgrMethodStringGet (info->currentMethod));
+ sysapiPrintf ("authenticatedMethod = %s\n",
+ authmgrMethodStringGet (info->authenticatedMethod));
+ sysapiPrintf ("Executed Methods \n");
+
+ for (i = 0; i < AUTHMGR_METHOD_LAST; i++)
+ {
+ sysapiPrintf ("%s \n", authmgrMethodStringGet (info->executedMethod[i]));
+ }
+ sysapiPrintf ("\n");
+ sysapiPrintf ("logicalPortStatus = %s\n",
+ authmgrAuthStatusStringGet (info->logicalPortStatus));
+ sysapiPrintf ("authmgrUserName = %s\n", info->authmgrUserName);
+ sysapiPrintf ("authmgrUserNameLength = %u\n", info->authmgrUserNameLength);
+ sysapiPrintf ("currentIdL = %u\n", info->currentIdL);
+ sysapiPrintf ("supp mac addr ");
+ authmgrSuppMacStringGet (&info->suppMacAddr);
+ sysapiPrintf ("\n");
+ sysapiPrintf ("vlanType = %s\n", authmgrVlanTypeStringGet (info->vlanType));
+ sysapiPrintf ("vlanId = %u\n", (info->vlanId));
+ sysapiPrintf ("blockvlanId = %u\n", (info->blockVlanId));
+
+ sysapiPrintf ("suppRestarting = %u\n", (info->suppRestarting));
+ sysapiPrintf ("authMethod = %s\n",
+ authmgrAuthMethodStringGet (info->authMethod));
+ sysapiPrintf ("sessionTime = %u\n", (info->sessionTime));
+ sysapiPrintf ("clientTimeout = %u\n", (info->clientTimeout));
+ sysapiPrintf ("sessionTimeout = %u\n", (info->sessionTimeout));
+ sysapiPrintf ("terminationAction = %u\n", (info->terminationAction));
+ sysapiPrintf ("\n");
+}
+
+/*********************************************************************
+* @purpose function to get port from the key
+*
+* @param intIfNum -- interface number
+* @param lIntIfNum -- key
+* @return SUCCCESS
+*
+* @comments
+*
+* @end
+*********************************************************************/
+RC_t authmgrLportPortGet (uint32 * intIfNum, uint32 * lIntIfNum)
+{
+ AUTHMGR_IF_NULLPTR_RETURN_LOG (intIfNum);
+ AUTHMGR_IF_NULLPTR_RETURN_LOG (lIntIfNum);
+ AUTHMGR_PORT_GET (*intIfNum, *lIntIfNum);
+ return SUCCESS;
+}
+
+/*********************************************************************
+* @purpose debug function for auth count
+*
+* @param intIfNum -- interface number
+* @param flag -- TRUE incerment/ FALSE -- decrement
+*
+* @comments
+*
+* @end
+*********************************************************************/
+void authmgrAuthCountTest (uint32 intIfNum, BOOL flag)
+{
+ sysapiPrintf ("IntIf Num = %u, authCount %u \n", intIfNum,
+ authmgrCB->globalInfo->authmgrPortInfo[intIfNum].authCount);
+ if (flag)
+ {
+ authmgrCB->globalInfo->authmgrPortInfo[intIfNum].authCount++;
+ }
+ else
+ {
+ if (0 != authmgrCB->globalInfo->authmgrPortInfo[intIfNum].authCount)
+ {
+ authmgrCB->globalInfo->authmgrPortInfo[intIfNum].authCount--;
+ }
+ }
+}
+
+/*********************************************************************
+* @purpose debug function to print User count on an interface
+*
+* @param intfIfNum
+*
+*
+* @comments
+*
+* @end
+*********************************************************************/
+void authmgrUserCountDump(uint32 intIfNum)
+{
+ sysapiPrintf ("Number of current users = %d\n\r", authmgrCB->globalInfo->authmgrPortInfo[intIfNum].numUsers);
+ sysapiPrintf ("Max users allowed = %d\n\r", authmgrCB->globalInfo->authmgrPortInfo[intIfNum].maxUsers);
+ return;
+}
+
diff --git a/src/sonic-pac/authmgr/mapping/auth_mgr_dot1x.c b/src/sonic-pac/authmgr/mapping/auth_mgr_dot1x.c
new file mode 100644
index 000000000000..13831934c079
--- /dev/null
+++ b/src/sonic-pac/authmgr/mapping/auth_mgr_dot1x.c
@@ -0,0 +1,200 @@
+/*
+ * Copyright 2024 Broadcom Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+
+#include "auth_mgr_include.h"
+#include "auth_mgr_auth_method.h"
+#include "auth_mgr_struct.h"
+#include "fpSonicUtils.h"
+
+extern authmgrCB_t *authmgrCB;
+
+static authmgrMethodEvent_t authmgrMethodEventTbl[] = {
+ {authmgrClientReAuthenticate, "EAPOL_REAUTH"},
+ {authmgrClientAuthStart, "NEW_STA"},
+ {authmgrClientDisconnect, "DEAUTHENTICATE"}
+};
+
+/*********************************************************************
+* @purpose function to send auth mgr events to dot1x daemon
+*
+* @param intIfNum interface number
+* @param event authmgr event
+* @param macAddr client mac
+* @return SUCCESS or FAILURE
+*
+* @comments
+*
+* @end
+*********************************************************************/
+RC_t authmgrDot1xEventSend (uint32 intIfNum, uint32 event, enetMacAddr_t *macAddr)
+{
+ size_t len = 0;
+ char8 ctrl_ifname[16] = {};
+ char8 buf[1024] = {};
+ char8 reply[1024] = {};
+
+ fpGetHostIntfName(intIfNum, ctrl_ifname);
+
+ snprintf(buf, sizeof(buf), "%s %02X:%02X:%02X:%02X:%02X:%02X", authmgrMethodEventTbl[event-1].eventStr,
+ macAddr->addr[0], macAddr->addr[1], macAddr->addr[2], macAddr->addr[3],
+ macAddr->addr[4], macAddr->addr[5]);
+
+ AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_EVENTS, intIfNum,
+ "authmgrDot1xEventSend sending %s on %s\n", buf, ctrl_ifname);
+
+ memset(&reply, 0, sizeof(reply));
+
+ if (0 == wpa_sync_send(ctrl_ifname, buf, reply, &len))
+ {
+ AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_EVENTS, intIfNum,
+ "%s:%d reply = %s on %s\n", __func__, __LINE__, reply, ctrl_ifname);
+
+ if (0 == strncmp("OK", reply, strlen("OK")))
+ {
+ AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_EVENTS, intIfNum,
+ "%s:%d success iface %s\n", __func__, __LINE__, ctrl_ifname);
+ return SUCCESS;
+ }
+ else
+ {
+ AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_EVENTS, intIfNum,
+ "%s:%d failure iface %s\n", __func__, __LINE__, ctrl_ifname);
+ }
+ }
+
+ return FAILURE;
+}
+
+/*********************************************************************
+* @purpose function to get dot1x admin mode
+*
+* @param intIfNum interface number
+* @param event authmgr event
+* @param macAddr client mac
+* @return SUCCESS or FAILURE
+*
+* @comments
+*
+* @end
+*********************************************************************/
+RC_t authmgrDot1xIntfAdminModeGet (uint32 intIfNum, BOOL *enabled)
+{
+ size_t len = 0;
+ char8 ctrl_ifname[16] = {};
+ char8 buf[128] = {};
+
+ *enabled = FALSE;
+
+ fpGetHostIntfName(intIfNum, ctrl_ifname);
+
+ AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_EVENTS, intIfNum,
+ "sending PING on %s\n", ctrl_ifname);
+
+ if (0 == wpa_sync_send(ctrl_ifname, "PING", buf, &len))
+ {
+ if (0 == strncmp("PONG", buf, strlen("PONG")))
+ {
+ *enabled = TRUE;
+ AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_EVENTS, intIfNum,
+ "Received PONG on %s\n", ctrl_ifname);
+ }
+ }
+ else
+ {
+ AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_EVENTS, intIfNum,
+ "wpa_sync_send not successful on %s\n", ctrl_ifname);
+ }
+
+ AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_EVENTS, intIfNum,
+ "received buf = %s on %s \n", buf, ctrl_ifname);
+ return SUCCESS;
+}
+
+/*********************************************************************
+* @purpose function to set port control mode of the dot1x daemon
+*
+* @param intIfNum interface number
+* @param event authmgr event
+* @return SUCCESS or FAILURE
+*
+* @comments
+*
+* @end
+*********************************************************************/
+RC_t authmgrDot1xIntfPortControlModeSet (uint32 intIfNum, AUTHMGR_PORT_CONTROL_t portControl)
+{
+#define PORT_CNTRL_MODE_SET_STR "EAPOL_SET AdminControlledPortControl"
+ size_t len = 0;
+ char8 ctrl_ifname[16] = {};
+ char8 buf[128] = {};
+ char8 cmd[128] = {};
+
+ switch (portControl)
+ {
+ case AUTHMGR_PORT_AUTO:
+ snprintf(cmd, sizeof(cmd), "%s %s", PORT_CNTRL_MODE_SET_STR, "Auto");
+ break;
+ case AUTHMGR_PORT_FORCE_AUTHORIZED:
+ snprintf(cmd, sizeof(cmd), "%s %s", PORT_CNTRL_MODE_SET_STR, "ForceAuthorized");
+ break;
+ case AUTHMGR_PORT_FORCE_UNAUTHORIZED:
+ snprintf(cmd, sizeof(cmd), "%s %s", PORT_CNTRL_MODE_SET_STR, "ForceUnAuthorized");
+ break;
+ default:
+ printf("invalid mode..\n");
+ return FAILURE;
+
+ }
+
+ fpGetHostIntfName(intIfNum, ctrl_ifname);
+
+ if (0 == wpa_sync_send(ctrl_ifname, cmd, buf, &len))
+ {
+ if (0 == strncmp("OK", buf, strlen("OK")))
+ {
+ printf("successfull\n");
+ }
+ }
+ else
+ {
+ printf("wpa_sync_send not successful\n");
+ }
+
+ printf("buf = %s\n", buf);
+ return SUCCESS;
+}
+
+/*********************************************************************
+* @purpose Get the port's dot1x capabilities (Supplicant and/or Authenticator)
+*
+* @param intIfNum @b{(input)} internal interface number
+* @param *capabilities @b{(output)} dot1x capabilities bitmask
+*
+* @returns SUCCESS
+* @returns FAILURE
+*
+* @comments
+*
+* @end
+*********************************************************************/
+RC_t authmgrDot1xPortPaeCapabilitiesGet (uint32 intIfNum,
+ uchar8 * capabilities)
+{
+ *capabilities = authmgrCB->globalInfo->authmgrPortInfo[intIfNum].paeCapabilities;
+ return SUCCESS;
+}
+
diff --git a/src/sonic-pac/authmgr/mapping/auth_mgr_ih.c b/src/sonic-pac/authmgr/mapping/auth_mgr_ih.c
new file mode 100755
index 000000000000..f22d2fe61a66
--- /dev/null
+++ b/src/sonic-pac/authmgr/mapping/auth_mgr_ih.c
@@ -0,0 +1,754 @@
+/*
+ * Copyright 2024 Broadcom Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "auth_mgr_include.h"
+#include "auth_mgr_client.h"
+#include "auth_mgr_struct.h"
+#include "pac_cfg_authmgr.h"
+
+extern authmgrCB_t *authmgrCB;
+
+extern authmgrCnfgrState_t authmgrCnfgrState;
+
+/*********************************************************************
+* @purpose Handles events generated by NIM
+*
+* @param intIfNum @b{(input)) internal interface number
+* @param intfEvent @b{(input)) interface event
+* @param correlator @b{(input)) Correlator for the event
+* @param eventData @b((input)) Additional event specific data
+*
+* @returns SUCCESS on a successful operation
+* @returns FAILURE for any error
+*
+* @comments
+*
+* @end
+*********************************************************************/
+RC_t authmgrIntfChangeCallback (uint32 intIfNum, uint32 intfEvent,
+ NIM_CORRELATOR_t correlator,
+ NIM_EVENT_SPECIFIC_DATA_t eventData)
+{
+ authmgrIntfChangeParms_t parms;
+
+ parms.intfEvent = intfEvent;
+ parms.nimCorrelator = correlator;
+
+ return authmgrIssueCmd (authmgrIntfChange, intIfNum, &parms);
+}
+
+/*********************************************************************
+* @purpose Handles startup notification from NIM
+*
+* @param startupPhase @b{(input)) startupPhase
+*
+* @returns SUCCESS on a successful operation
+* @returns FAILURE for any error
+*
+* @comments
+*
+* @end
+*********************************************************************/
+void authmgrIntfStartupCallback (NIM_STARTUP_PHASE_t startupPhase)
+{
+
+ /* hold NIM till authmgr is ready */
+ while (!(AUTHMGR_IS_READY))
+ {
+ LOGF ( LOG_SEVERITY_ERROR,
+ "Received an interface startup callback while AUTHMGR is not ready(startup phase=%d). waiting..",
+ startupPhase);
+ osapiSleep(1);
+ }
+ authmgrIssueCmd (authmgrIntfStartup, NULL, &startupPhase);
+}
+
+/*********************************************************************
+* @purpose Process NIM startup callback
+*
+* @param startupPhase @b{(input)) CREATE or ACTIVATE
+*
+* @returns SUCCESS
+* @returns FAILURE
+*
+* @comments none
+*
+* @end
+*********************************************************************/
+RC_t authmgrIhProcessIntfStartup (NIM_STARTUP_PHASE_t startup_phase)
+{
+ RC_t rc;
+ uint32 intIfNum = 0;
+ PORTEVENT_MASK_t nimEventMask;
+ uint32 startTime, endTime;
+
+ AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_EVENTS, 0,
+ "%s:%d Received event %d from NIM \n",
+ __FUNCTION__, __LINE__, startup_phase);
+
+ startTime = osapiTimeMillisecondsGet ();
+ switch (startup_phase)
+ {
+ case NIM_INTERFACE_CREATE_STARTUP:
+ rc = nimFirstValidIntfNumber (&intIfNum);
+
+ while (rc == SUCCESS)
+ {
+ if (authmgrIsValidIntf (intIfNum) == TRUE)
+ {
+ if (authmgrIntfCreate (intIfNum) != SUCCESS)
+ {
+ LOGF ( LOG_SEVERITY_ERROR,
+ "Error in creating interface %s.", authmgrIntfIfNameGet(intIfNum));
+ }
+ }
+ rc = nimNextValidIntfNumber (intIfNum, &intIfNum);
+ }
+
+
+ /* Now ask NIM to send any future changes for these event types */
+ memset (&nimEventMask, 0, sizeof (PORTEVENT_MASK_t));
+ PORTEVENT_SETMASKBIT (nimEventMask, CREATE);
+ PORTEVENT_SETMASKBIT (nimEventMask, DELETE);
+ nimRegisterIntfEvents ( AUTHMGR_COMPONENT_ID, nimEventMask);
+ break;
+
+ case NIM_INTERFACE_ACTIVATE_STARTUP:
+
+ rc = authmgrIntfActivateStartup ();
+
+ /* Now ask NIM to send any future changes for these event types */
+ memset (&nimEventMask, 0, sizeof (PORTEVENT_MASK_t));
+ PORTEVENT_SETMASKBIT (nimEventMask, CREATE);
+ PORTEVENT_SETMASKBIT (nimEventMask, DELETE);
+ PORTEVENT_SETMASKBIT (nimEventMask, ATTACH);
+ PORTEVENT_SETMASKBIT (nimEventMask, DETACH);
+ PORTEVENT_SETMASKBIT (nimEventMask, PORT_ENABLE);
+ PORTEVENT_SETMASKBIT (nimEventMask, PORT_DISABLE);
+ PORTEVENT_SETMASKBIT (nimEventMask, UP);
+ PORTEVENT_SETMASKBIT (nimEventMask, DOWN);
+ PORTEVENT_SETMASKBIT (nimEventMask, AUTHMGR_ACQUIRE);
+ nimRegisterIntfEvents ( AUTHMGR_COMPONENT_ID, nimEventMask);
+
+ (void) osapiTaskInitDone ( AUTHMGR_DB_TASK_SYNC);
+
+ break;
+
+ default:
+ break;
+ }
+
+ endTime = osapiTimeMillisecondsGet ();
+
+ nimStartupEventDone ( AUTHMGR_COMPONENT_ID);
+
+ return SUCCESS;
+}
+
+/*********************************************************************
+* @purpose Process Link state changes
+*
+* @param intIfNum @b{(input)) internal interface number
+* @param intIfEvent @b{(input)) interface event
+* @param correlator @b{(input)) correlator
+*
+* @returns SUCCESS
+* @returns FAILURE
+*
+* @comments none
+*
+* @end
+*********************************************************************/
+RC_t authmgrIhProcessIntfChange (uint32 intIfNum, uint32 intfEvent,
+ NIM_CORRELATOR_t correlator)
+{
+ uint32 linkState, adminState;
+ RC_t rc = SUCCESS;
+ NIM_EVENT_COMPLETE_INFO_t status;
+ authmgrPortCfg_t *pCfg;
+ uint32 lIntIfNum;
+ authmgrLogicalPortInfo_t *logicalPortInfo;
+ BOOL portEnabled = FALSE;
+
+ status.intIfNum = intIfNum;
+ status.component = AUTHMGR_COMPONENT_ID;
+ status.event = intfEvent;
+ status.correlator = correlator;
+
+ if (!(AUTHMGR_IS_READY))
+ {
+ LOGF ( LOG_SEVERITY_INFO,
+ "Received an interface change callback while AUTHMGR not ready to receive it.");
+ AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_FAILURE, intIfNum,
+ "%s:%d Nim Event %d received for %s when authmgr is not ready \n",
+ __FUNCTION__, __LINE__, intfEvent, authmgrIntfIfNameGet(intIfNum));
+ rc = FAILURE;
+ status.response.rc = rc;
+ nimEventStatusCallback (status);
+ return rc;
+ }
+
+ AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_EVENTS, intIfNum,
+ "%s:%d Nim Event %d received for %s \n", __FUNCTION__,
+ __LINE__, intfEvent, authmgrIntfIfNameGet(intIfNum));
+
+ if (authmgrIsValidIntf (intIfNum) != TRUE)
+ {
+ rc = SUCCESS;
+ status.response.rc = rc;
+ nimEventStatusCallback (status);
+ return rc;
+ }
+
+ switch (intfEvent)
+ {
+ case UP:
+ case PORT_ENABLE:
+ if (authmgrIntfIsConfigurable (intIfNum, &pCfg) == TRUE)
+ {
+ portEnabled = FALSE;
+ authmgrCB->globalInfo->authmgrPortInfo[intIfNum].portEnabled = FALSE;
+ if (nimGetIntfLinkState (intIfNum, &linkState) == SUCCESS)
+ {
+ if ((nimGetIntfAdminState (intIfNum, &adminState) == SUCCESS) &&
+ (adminState == ENABLE) &&
+ (nimGetIntfLinkState (intIfNum, &linkState) == SUCCESS) &&
+ (linkState == UP))
+ {
+ portEnabled = TRUE;
+ }
+ }
+
+ if ( DOT1X_PAE_PORT_AUTH_CAPABLE != pCfg->paeCapabilities)
+ {
+ authmgrCB->globalInfo->authmgrPortInfo[intIfNum].portEnabled = portEnabled;
+ if ( TRUE == authmgrCB->globalInfo->authmgrPortInfo[intIfNum].portEnabled)
+ {
+ authmgrPhysicalPortStatusOpenSet(intIfNum);
+ }
+ else
+ {
+ authmgrPhysicalPortStatusBlockSet(intIfNum);
+ }
+ }
+ else
+ {
+ if (authmgrCB->globalInfo->authmgrPortInfo[intIfNum].paeCapabilities ==
+ DOT1X_PAE_PORT_AUTH_CAPABLE)
+ {
+ if (( TRUE == portEnabled) &&
+ (portEnabled != authmgrCB->globalInfo->authmgrPortInfo[intIfNum].portEnabled))
+ {
+ authmgrCB->globalInfo->authmgrPortInfo[intIfNum].portEnabled = TRUE;
+
+ /* Cleanup any existing clients on the port before reset */
+ authmgrPortInfoCleanup (intIfNum);
+ (void) authmgrPortReset (intIfNum);
+ (void) authmgrCtlApplyPortConfigData (intIfNum);
+ }
+ }
+ }
+ }
+ break;
+
+ case DOWN:
+ case PORT_DISABLE:
+ if ( TRUE == authmgrIntfIsConfigurable (intIfNum, &pCfg))
+ {
+ if ( DOT1X_PAE_PORT_AUTH_CAPABLE != pCfg->paeCapabilities)
+ {
+ authmgrPhysicalPortStatusBlockSet(intIfNum);
+ }
+ else
+ {
+ if (authmgrCB->globalInfo->authmgrPortInfo[intIfNum].portEnabled ==
+ TRUE)
+ {
+ authmgrCB->globalInfo->authmgrPortInfo[intIfNum].portEnabled = FALSE;
+
+ lIntIfNum = AUTHMGR_LOGICAL_PORT_ITERATE;
+ while ((logicalPortInfo =
+ authmgrLogicalPortInfoGetNextNode (intIfNum,
+ &lIntIfNum)) != NULLPTR)
+ {
+ if (0 == logicalPortInfo->key.keyNum)
+ {
+ continue;
+ }
+ }
+
+ if (authmgrCB->globalInfo->authmgrPortInfo[intIfNum].portControlMode ==
+ AUTHMGR_PORT_AUTO)
+ {
+ authmgrPortInfoCleanup (intIfNum);
+ }
+ }
+ authmgrPhysicalPortStatusBlockSet(intIfNum);
+ }
+ }
+ break;
+
+ case CREATE:
+ rc = authmgrIntfCreate (intIfNum);
+ break;
+
+ case ATTACH:
+ if (authmgrIntfIsConfigurable (intIfNum, &pCfg) == TRUE)
+ {
+ if ( DOT1X_PAE_PORT_AUTH_CAPABLE != pCfg->paeCapabilities)
+ {
+ /*authmgrPhysicalPortStatusOpenSet(intIfNum); */
+ }
+ else
+ {
+ (void) authmgrPortReset (intIfNum);
+ /*rc = authmgrCtlApplyPortConfigData(intIfNum); */
+ }
+ }
+ else
+ {
+ rc = FAILURE;
+ }
+ break;
+
+ case DETACH:
+ rc = authmgrIntfDetach (intIfNum);
+ break;
+
+ case DELETE:
+ rc = authmgrIntfDelete (intIfNum);
+ break;
+
+ default:
+ break;
+ }
+
+ status.response.rc = rc;
+ nimEventStatusCallback (status);
+
+ return rc;
+}
+
+/*********************************************************************
+* @purpose bring up the individual interface
+*
+* @param intIfNum -- interface number
+* @param warmRestart BOOL true if restart type is warm
+*
+* @returns SUCCESS
+* @returns FAILURE
+*
+* @comments Handle the events ATTACH, UP, Acquire etc
+*
+* @end
+*********************************************************************/
+RC_t authmgrIntfStart (uint32 intIfNum, BOOL warmRestart)
+{
+ authmgrPortCfg_t *pCfg;
+ RC_t rc = FAILURE;
+ uint32 portLinkState;
+ uint32 adminState, count = 0;
+ BOOL restore = FALSE;
+ BOOL needCleanup = TRUE, skipFlag = FALSE;
+
+ do
+ {
+ if (authmgrIntfIsConfigurable (intIfNum, &pCfg) != TRUE)
+ {
+ return rc;
+ }
+
+ if ( DOT1X_PAE_PORT_AUTH_CAPABLE != pCfg->paeCapabilities)
+ {
+ authmgrPhysicalPortAccessSet(intIfNum);
+ return SUCCESS;
+ }
+
+ /* Link state */
+ rc = nimGetIntfLinkState (intIfNum, &portLinkState);
+ if (rc != SUCCESS)
+ {
+ break;
+ }
+ rc = nimGetIntfAdminState (intIfNum, &adminState);
+ if (rc != SUCCESS)
+ {
+ break;
+ }
+
+ if (( TRUE != warmRestart) ||
+ (0 == count))
+ {
+ (void) authmgrPortReset (intIfNum);
+ if (authmgrCB->globalInfo->authmgrPortInfo[intIfNum].paeCapabilities ==
+ DOT1X_PAE_PORT_AUTH_CAPABLE)
+ {
+ rc = authmgrCtlApplyPortConfigData (intIfNum);
+ }
+ else
+ {
+ rc = SUCCESS;
+ }
+ }
+
+
+ if ((portLinkState == UP) &&
+ ( ENABLE == adminState))
+ {
+ if ((warmRestart == TRUE) && (restore) && (skipFlag == TRUE) &&
+ (authmgrCB->globalInfo->authmgrPortInfo[intIfNum].portControlMode ==
+ AUTHMGR_PORT_AUTO))
+ {
+ count = 0;
+ if (0 != count)
+ {
+ needCleanup = FALSE;
+ }
+ }
+ } /* end if link state is up */
+ }
+
+ while ( FALSE);
+
+ if ((0 == authmgrCB->globalInfo->authmgrPortInfo[intIfNum].authCount) &&
+ (portLinkState == DOWN))
+ {
+ authmgrPhysicalPortStatusBlockSet(intIfNum);
+ }
+ return rc;
+}
+
+/*********************************************************************
+* @purpose Process the activate startup callback from NIM
+*
+* @param -- none
+*
+* @returns SUCCESS
+* @returns FAILURE
+*
+* @comments none
+*
+* @end
+*********************************************************************/
+RC_t authmgrIntfActivateStartup ()
+{
+ RC_t rc;
+ uint32 intIfNum = 0;
+
+ rc = nimFirstValidIntfNumber (&intIfNum);
+
+ while (rc == SUCCESS)
+ {
+ if (authmgrIsValidIntf (intIfNum) == TRUE)
+ {
+ authmgrIntfStart (intIfNum, FALSE);
+ }
+
+ rc = nimNextValidIntfNumber (intIfNum, &intIfNum);
+ }
+
+ return SUCCESS;
+}
+
+/*********************************************************************
+* @purpose Make sure this is a valid interface for authmgr
+*
+* @param intIfNum @b{(input)) internal interface number
+*
+* @returns SUCCESS
+* @returns FAILURE
+*
+* @comments none
+*
+* @end
+*********************************************************************/
+RC_t authmgrIhIntfValidate (uint32 intIfNum)
+{
+ /* Check for valid interface number */
+ if (nimCheckIfNumber (intIfNum) != SUCCESS)
+ {
+ return FAILURE;
+ }
+
+ /* Check for physical interface interface */
+ if (authmgrIsValidIntf (intIfNum) != TRUE)
+ {
+ return FAILURE;
+ }
+
+ return SUCCESS;
+}
+
+/*********************************************************************
+* @purpose Obtain a pointer to the specified interface configuration data
+* for this interface
+*
+* @param intIfNum @b{(input)} Internal Interface Number
+* @param **pCfg @b{(output)} Ptr to authmgr port config structure
+* or NULL if not needed
+*
+* @returns TRUE
+* @returns FALSE
+*
+*
+* @comments Facilitates pre-configuration, as it checks if the NIM
+* interface exists and whether the component is in a state to
+* be configured (regardless of whether the component is enabled
+* or not).
+*
+* @comments The caller can set the pCfg parm to NULL if it does not
+* want the value output from this function.
+*
+* @end
+*********************************************************************/
+ BOOL authmgrIntfIsConfigurable (uint32 intIfNum, authmgrPortCfg_t ** pCfg)
+{
+ nimConfigID_t configId;
+
+ if (!(AUTHMGR_IS_READY))
+ {
+ return FALSE;
+ }
+
+ /* Check boundary conditions */
+ if (intIfNum <= 0 || intIfNum >= AUTHMGR_INTF_MAX_COUNT)
+ {
+ return FALSE;
+ }
+
+ /* verify that the configId in the config data table entry matches the
+ configId that NIM maps to
+ ** the intIfNum we are considering
+ */
+ if (nimConfigIdGet (intIfNum, &configId) == SUCCESS)
+ {
+ if (NIM_CONFIG_ID_IS_EQUAL
+ (&configId,
+ &(authmgrCB->globalInfo->authmgrCfg->authmgrPortCfg[intIfNum].
+ configId)) == TRUE)
+ {
+ *pCfg = &authmgrCB->globalInfo->authmgrCfg->authmgrPortCfg[intIfNum];
+ return TRUE;
+ }
+ }
+
+ /* if we get here, either we have a table management error between authmgrCfg
+ and authmgrMapTbl or
+ ** there is synchronization issue between NIM and components w.r.t. interface
+ **creation/deletion
+ */
+ LOGF ( LOG_SEVERITY_INFO,
+ "Error accessing AUTHMGR config data for interface %s in AUTHMGR interface configuration.\n",
+ authmgrIntfIfNameGet(intIfNum));
+ return FALSE;
+}
+
+/*********************************************************************
+* @purpose Obtain a pointer to the first free interface config struct
+*
+* @param intIfNum @b{(input)} Internal Interface Number
+* @param **pCfg @b{(output)} Ptr to authmgr port config structure
+* or NULL if not needed
+*
+* @returns TRUE
+* @returns FALSE
+*
+*
+* @comments Facilitates pre-configuration, as it checks if the NIM
+* interface exists and whether the component is in a state to
+* be configured (regardless of whether the component is enabled
+* or not).
+*
+* @end
+*********************************************************************/
+ BOOL authmgrIntfConfigEntryGet (uint32 intIfNum, authmgrPortCfg_t ** pCfg)
+{
+ uint32 i;
+ nimConfigID_t configId;
+ nimConfigID_t configIdNull;
+ RC_t rc;
+
+ memset (&configIdNull, 0, sizeof (nimConfigID_t));
+
+ if (!(AUTHMGR_IS_READY))
+ {
+ return FALSE;
+ }
+
+ if ((rc = nimConfigIdGet (intIfNum, &configId)) == SUCCESS)
+ {
+ for (i = 1; i < AUTHMGR_INTF_MAX_COUNT; i++)
+ {
+ if (NIM_CONFIG_ID_IS_EQUAL
+ (&authmgrCB->globalInfo->authmgrCfg->authmgrPortCfg[i].configId,
+ &configIdNull))
+ {
+ authmgrCB->globalInfo->authmgrMapTbl[intIfNum] = i;
+ *pCfg = &authmgrCB->globalInfo->authmgrCfg->authmgrPortCfg[i];
+ return TRUE;
+ }
+ }
+ }
+
+ return FALSE;
+}
+
+/*********************************************************************
+*
+* @purpose To process the Callback for CREATE
+*
+* @param uint32 intIfNum internal interface number
+*
+* @returns SUCCESS
+* @returns FAILURE
+*
+* @comments none
+*
+* @end
+*
+*********************************************************************/
+RC_t authmgrIntfCreate (uint32 intIfNum)
+{
+ nimConfigID_t configId;
+ authmgrPortCfg_t *pCfg;
+
+ if (authmgrIsValidIntf (intIfNum) != TRUE)
+ {
+ return FAILURE;
+ }
+
+ if (nimConfigIdGet (intIfNum, &configId) != SUCCESS)
+ {
+ return FAILURE;
+ }
+
+ pCfg = &authmgrCB->globalInfo->authmgrCfg->authmgrPortCfg[intIfNum];
+
+ if (!(NIM_CONFIG_ID_IS_EQUAL (&configId, &pCfg->configId)))
+ {
+ NIM_CONFIG_ID_COPY (&pCfg->configId, &configId);
+ /* If an interface configuration entry is not already assigned to the
+ interface, assign one */
+ /* Update the configuration structure with the config id */
+ authmgrBuildDefaultIntfConfigData (&configId, pCfg);
+ }
+
+ /* Initialize the port info and clear the stats for this interface */
+ authmgrCB->globalInfo->authmgrPortInfo[intIfNum].nimStatus =
+ AUTHMGR_PORT_STATUS_NA;
+ (void) authmgrCtlPortStatsClear (intIfNum);
+
+ return SUCCESS;
+}
+
+/*********************************************************************
+*
+* @purpose To process the Callback for DETACH
+*
+* @param uint32 intIfNum internal interface number
+*
+* @returns SUCCESS
+* @returns FAILURE
+*
+* @comments none
+*
+* @end
+*
+*********************************************************************/
+RC_t authmgrIntfDetach (uint32 intIfNum)
+{
+ authmgrPortCfg_t *pCfg;
+
+ if (authmgrIntfIsConfigurable (intIfNum, &pCfg) == TRUE)
+ {
+ authmgrPortInfoCleanup (intIfNum);
+ if (authmgrCB->globalInfo->authmgrPortInfo[intIfNum].paeCapabilities ==
+ DOT1X_PAE_PORT_AUTH_CAPABLE)
+ {
+ (void) authmgrCtlApplyPortConfigData (intIfNum);
+ }
+ }
+
+ return SUCCESS;
+}
+
+/*********************************************************************
+*
+* @purpose To process the Callback for DELETE
+*
+* @param uint32 intIfNum internal interface number
+*
+* @returns SUCCESS
+* @returns FAILURE
+*
+* @comments none
+*
+* @end
+*
+*********************************************************************/
+RC_t authmgrIntfDelete (uint32 intIfNum)
+{
+ authmgrPortCfg_t *pCfg;
+
+ if (authmgrIntfIsConfigurable (intIfNum, &pCfg) == TRUE)
+ {
+ authmgrPortInfoCleanup (intIfNum);
+
+ memset ((void *) &pCfg->configId, 0, sizeof (nimConfigID_t));
+ memset ((void *) &authmgrCB->globalInfo->authmgrMapTbl[intIfNum], 0,
+ sizeof (uint32));
+ memset ((void *) &authmgrCB->globalInfo->authmgrPortInfo[intIfNum], 0,
+ sizeof (authmgrPortInfo_t));
+ memset ((void *) &authmgrCB->globalInfo->authmgrPortStats[intIfNum], 0,
+ sizeof (authmgrPortStats_t));
+ }
+
+ return SUCCESS;
+}
+
+
+/*********************************************************************
+* @purpose Set the Violation Callback in the driver
+*
+* @param intIfNum @b{(input)) internal interface number
+* @param flag @b{(input)) True to set the value
+*
+* @returns SUCCESS
+* @returns FAILURE
+* @returns ERROR
+*
+* @comments none
+*
+* @end
+*********************************************************************/
+RC_t authmgrIhPhyPortViolationCallbackSet (uint32 intIfNum,
+ AUTHMGR_PORT_VIOLATION_CALLBACK_t
+ flag)
+{
+ RC_t rc = SUCCESS;
+
+ if ( AUTHMGR_PORT_VIOLATION_CALLBACK_ENABLE == flag)
+ {
+ authmgrCB->globalInfo->authmgrPortInfo[intIfNum].unLearnMacPolicy = TRUE;
+ }
+ else
+ {
+ authmgrCB->globalInfo->authmgrPortInfo[intIfNum].unLearnMacPolicy = FALSE;
+ }
+
+ return rc;
+}
+
diff --git a/src/sonic-pac/authmgr/mapping/auth_mgr_mab.c b/src/sonic-pac/authmgr/mapping/auth_mgr_mab.c
new file mode 100644
index 000000000000..76de095ffef5
--- /dev/null
+++ b/src/sonic-pac/authmgr/mapping/auth_mgr_mab.c
@@ -0,0 +1,134 @@
+/*
+ * Copyright 2024 Broadcom Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+
+#include "auth_mgr_include.h"
+#include "auth_mgr_auth_method.h"
+#include <unistd.h>
+
+/*********************************************************************
+ * * @purpose function to send auth mgr events to dot1x daemon
+ * *
+ * * @param intIfNum interface number
+ * * @param event authmgr event
+ * * @param macAddr client mac
+ * * @return SUCCESS or FAILURE
+ * *
+ * * @comments
+ * *
+ * * @end
+ * *********************************************************************/
+RC_t authmgrMabEventSend (uint32 intIfNum, uint32 event, enetMacAddr_t *macAddr)
+{
+ uchar8 ctrl_ifname[ NIM_IF_ALIAS_SIZE + 1];
+ char8 reply[1024] = {};
+ mab_pac_cmd_t cmd_buf;
+ unsigned int reply_len = sizeof(reply);
+ unsigned int retryCnt = 3;
+
+ nimGetIntfName (intIfNum, ALIASNAME, ctrl_ifname);
+
+ memset(&cmd_buf, 0, sizeof(cmd_buf));
+
+ strncpy(cmd_buf.intf, ctrl_ifname, sizeof(cmd_buf.intf)-1);
+ strncpy(cmd_buf.cmd, "event-notify", strlen("event-notify")+1);
+
+ memcpy(cmd_buf.mac_addr, macAddr->addr, 6);
+
+ cmd_buf.notif_event = event;
+
+retry:
+
+ if (retryCnt)
+ {
+ AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_EVENTS, intIfNum,
+ "authmgrMabEventSend sending %s for interface %s\n", cmd_buf.cmd, ctrl_ifname);
+
+ memset(&reply, 0, sizeof(reply));
+
+ if (0 == authmgrMabDataSend(&cmd_buf, reply, &reply_len))
+ {
+ AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_EVENTS, intIfNum,
+ "%s:%d reply = %s\n", __func__, __LINE__, reply);
+
+ if ((reply_len ) && (0 == strncmp("OK", reply, strlen("OK"))))
+ {
+ AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_EVENTS, intIfNum,
+ "%s:%d success\n", __func__, __LINE__);
+ return SUCCESS;
+ }
+ else
+ {
+ AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_EVENTS, intIfNum,
+ "%s:%d failure\n", __func__, __LINE__);
+ usleep(10*1000);
+ }
+ }
+ retryCnt--;
+ AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_EVENTS, intIfNum,
+ "%s:%d retrying again (%d)", __func__, __LINE__, retryCnt);
+ goto retry;
+ }
+
+ return FAILURE;
+}
+
+/*********************************************************************
+ * * @purpose function to get dot1x admin mode
+ * *
+ * * @param intIfNum interface number
+ * * @param event authmgr event
+ * * @param macAddr client mac
+ * * @return SUCCESS or FAILURE
+ * *
+ * * @comments
+ * *
+ * * @end
+ * *********************************************************************/
+RC_t authmgrMabIntfAdminModeGet (uint32 intIfNum, BOOL *enabled)
+{
+ mab_pac_cmd_t cmd_buf;
+ char8 ctrl_ifname[16] = {};
+ char8 buf[128] = {};
+ unsigned int len = sizeof(buf);
+
+ *enabled = FALSE;
+ nimGetIntfName (intIfNum, ALIASNAME, ctrl_ifname);
+
+ memset(&cmd_buf, 0, sizeof(cmd_buf));
+
+ strncpy(cmd_buf.intf, ctrl_ifname, sizeof(cmd_buf.intf)-1);
+ strncpy(cmd_buf.cmd, "PING", strlen("PING")+1);
+
+ AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_EVENTS, intIfNum,
+ "authmgrMabDataSend PING for %s start \n", ctrl_ifname);
+ if (0 == authmgrMabDataSend(&cmd_buf, buf, &len))
+ {
+ if (0 == strncmp("PONG", buf, strlen("PONG")))
+ {
+ *enabled = TRUE;
+ }
+ }
+ else
+ {
+ AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_EVENTS, intIfNum,
+ "authmgrMabDataSend not successful\n");
+ }
+
+ AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_EVENTS, intIfNum,
+ " Mab reply buf = %s\n", buf);
+ return SUCCESS;
+}
diff --git a/src/sonic-pac/authmgr/mapping/auth_mgr_socket.c b/src/sonic-pac/authmgr/mapping/auth_mgr_socket.c
new file mode 100644
index 000000000000..1af178a1f0bd
--- /dev/null
+++ b/src/sonic-pac/authmgr/mapping/auth_mgr_socket.c
@@ -0,0 +1,844 @@
+/*
+ * Copyright 2024 Broadcom Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <stdbool.h>
+#include <pthread.h>
+#include <sys/socket.h>
+#include <unistd.h>
+#include <errno.h>
+#include <arpa/inet.h>
+#include <netdb.h>
+#include "auth_mgr_include.h"
+#include "auth_mgr_auth_method.h"
+#include "wpa_ctrl.h"
+#include "radius_attr_parse.h"
+#include "fpSonicUtils.h"
+
+#define MAX_CLIENTS 1024
+#define NO_SOCKET -1
+#define TID_INIT -1
+#define SERVER_IPV4_ADDR "127.0.0.1"
+#define SERVER_LISTEN_PORT 3434
+#define MAX_SEND_SIZE 1024
+
+#define AUTH_MGR_COPY(_a) static int _a##_##COPY(void *in, void *out)
+#define AUTH_MGR_ENTER(_a, _b, _c, _rc) _rc = _a##_##COPY(_b, _c)
+
+#define AUTH_MGR_STR_COPY(_dst_, _src_) memcpy(_dst_, _src_, min(sizeof(_src_), sizeof(_dst_)))
+
+#define ETH_P_PAE 0x888E
+
+typedef struct connection_list_e
+{
+ int socket;
+ pthread_t tid;
+}connection_list_t;
+
+static connection_list_t connection_list[MAX_CLIENTS] = {};
+
+unsigned int extra_detail_logs = 0;
+
+AUTH_MGR_COPY(INTERFACE)
+{
+
+ char *intfStr = (char *)in;
+ unsigned int intf = 0;
+
+ fpGetIntIfNumFromHostIfName(intfStr, &intf);
+ (*(unsigned int *)out) = intf;
+
+ return 0;
+}
+
+AUTH_MGR_COPY(BAM_METHOD)
+{
+ char *methodStr = ((clientStatusReply_t *)in)->info.authInfo.bam_used;
+ int retVal = 0;
+
+ if (0 == strncmp("radius", methodStr, strlen("radius")))
+ {
+ ((authmgrClientStatusInfo_t *)out)->info.authInfo.authMethod = AUTH_METHOD_RADIUS;
+ }
+ else if (0 == strncmp("local", methodStr, strlen("local")))
+ {
+ ((authmgrClientStatusInfo_t *)out)->info.authInfo.authMethod = AUTH_METHOD_LOCAL;
+ }
+ else
+ {
+ retVal = -1;
+ }
+
+ return retVal;
+}
+
+
+AUTH_MGR_COPY(METHOD_CHANGE)
+{
+ authmgrClientStatusInfo_t *cInfo = (authmgrClientStatusInfo_t *)out;
+ clientStatusReply_t *cReply = (clientStatusReply_t *)in;
+ int retVal = 0;
+
+ if (0 == strncmp("enable", cReply->info.enableStatus, strlen("enable")))
+ {
+ cInfo->info.enableStatus = ENABLE;
+ }
+ else if (0 == strncmp("disable", cReply->info.enableStatus, strlen("disable")))
+ {
+ cInfo->info.enableStatus = DISABLE;
+ }
+ else
+ {
+ retVal = -1;
+ }
+
+ return retVal;
+}
+
+AUTH_MGR_COPY(METHOD)
+{
+ char *methodStr = (char *)in;
+ int retVal = 0;
+
+ if (0 == strncmp("802.1X", methodStr, strlen("802.1X")))
+ {
+ (*(unsigned int *)out) = AUTHMGR_METHOD_8021X;
+ }
+ else if (0 == strncmp("mab", methodStr, strlen("mab")))
+ {
+ (*(unsigned int *)out) = AUTHMGR_METHOD_MAB;
+ }
+ else
+ {
+ retVal = -1;
+ }
+
+ return retVal;
+}
+
+AUTH_MGR_COPY(COMMON_PARAMS)
+{
+ authmgrClientStatusInfo_t *cInfo = (authmgrClientStatusInfo_t *)out;
+ clientStatusReply_t *cReply = (clientStatusReply_t *)in;
+
+ AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_CLIENT, 0,
+ "Received update for user %02X:%02X:%02X:%02X:%02X:%02X ",
+ (unsigned int)cReply->info.authInfo.addr[0], (unsigned int)cReply->info.authInfo.addr[1], (unsigned int)cReply->info.authInfo.addr[2],
+ (unsigned int)cReply->info.authInfo.addr[3], (unsigned int)cReply->info.authInfo.addr[4], (unsigned int)cReply->info.authInfo.addr[5]);
+ /* copy mac address */
+ memcpy(cInfo->info.authInfo.macAddr.addr, cReply->info.authInfo.addr, 6);
+ /* copy eapol version */
+ cInfo->info.authInfo.eapolVersion = cReply->info.authInfo.eapolVersion;
+ return 0;
+}
+
+AUTH_MGR_COPY(NEW_CLIENT)
+{
+ int rc = 0;
+
+ AUTH_MGR_ENTER(COMMON_PARAMS, in, out, rc);
+ return rc;
+}
+
+AUTH_MGR_COPY(ATTR_INFO)
+{
+
+ authmgrClientStatusInfo_t *cInfo = (authmgrClientStatusInfo_t *)out;
+ clientStatusReply_t *cReply = (clientStatusReply_t *)in;
+
+ if (cReply->info.authInfo.attrInfo.userNameLen)
+ {
+ memcpy(cInfo->info.authInfo.attrInfo.userName, cReply->info.authInfo.attrInfo.userName, cReply->info.authInfo.attrInfo.userNameLen);
+ cInfo->info.authInfo.attrInfo.userNameLen = cReply->info.authInfo.attrInfo.userNameLen;
+ }
+
+ if (cReply->info.authInfo.attrInfo.serverStateLen)
+ {
+ memcpy(cInfo->info.authInfo.attrInfo.serverState, cReply->info.authInfo.attrInfo.serverState, cReply->info.authInfo.attrInfo.serverStateLen);
+ cInfo->info.authInfo.attrInfo.serverStateLen = cReply->info.authInfo.attrInfo.serverStateLen;
+ }
+
+ if (cReply->info.authInfo.attrInfo.serverClassLen)
+ {
+ memcpy(cInfo->info.authInfo.attrInfo.serverClass, cReply->info.authInfo.attrInfo.serverClass, cReply->info.authInfo.attrInfo.serverClassLen);
+ cInfo->info.authInfo.attrInfo.serverClassLen = cReply->info.authInfo.attrInfo.serverClassLen;
+ }
+
+ cInfo->info.authInfo.attrInfo.sessionTimeout = cReply->info.authInfo.attrInfo.sessionTimeout;
+ cInfo->info.authInfo.attrInfo.terminationAction = cReply->info.authInfo.attrInfo.terminationAction;
+ cInfo->info.authInfo.attrInfo.idFromServer = cReply->info.authInfo.attrInfo.idFromServer;
+ strcpy(cInfo->info.authInfo.attrInfo.vlanString, cReply->info.authInfo.attrInfo.vlanString);
+ cInfo->info.authInfo.attrInfo.attrFlags = cReply->info.authInfo.attrInfo.attrFlags;
+ cInfo->info.authInfo.attrInfo.vlanAttrFlags = cReply->info.authInfo.attrInfo.vlanAttrFlags;
+
+#if 0
+ memcpy(&cInfo->info.authInfo.attrInfo, &cReply->info.authInfo.attrInfo,
+ sizeof(cInfo->info.authInfo.attrInfo));
+#endif
+ return 0;
+}
+
+
+AUTH_MGR_COPY(AUTH_SUCCESS)
+{
+ int rc = 0;
+
+ authmgrClientStatusInfo_t *cInfo = (authmgrClientStatusInfo_t *)out;
+ clientStatusReply_t *cReply = (clientStatusReply_t *)in;
+ /* copy the bam if the bam method is one of the supported */
+ AUTH_MGR_ENTER(BAM_METHOD, in, out, rc);
+
+ if (0 != rc)
+ goto fail;
+
+ AUTH_MGR_ENTER(COMMON_PARAMS, in, out, rc);
+
+ /* copy other auth-success related params */
+
+ /* user name */
+ AUTH_MGR_STR_COPY(cInfo->info.authInfo.authmgrUserName, cReply->info.authInfo.userName);
+ cInfo->info.authInfo.authmgrUserNameLength = cReply->info.authInfo.userNameLength;
+
+ AUTH_MGR_ENTER(ATTR_INFO, in, out, rc);
+
+ return 0;
+
+fail:
+ return -1;
+}
+
+
+
+AUTH_MGR_COPY(COMMON_FAIL)
+{
+ int rc = 0;
+
+
+ authmgrClientStatusInfo_t *cInfo = (authmgrClientStatusInfo_t *)out;
+ clientStatusReply_t *cReply = (clientStatusReply_t *)in;
+
+ /* copy the bam if the bam method is one of the supported */
+ AUTH_MGR_ENTER(BAM_METHOD, in, out, rc);
+
+ AUTH_MGR_ENTER(COMMON_PARAMS, in, out, rc);
+
+ /* user name */
+ AUTH_MGR_STR_COPY(cInfo->info.authInfo.authmgrUserName, cReply->info.authInfo.userName);
+ cInfo->info.authInfo.authmgrUserNameLength = cReply->info.authInfo.userNameLength;
+
+ return 0;
+}
+
+
+AUTH_MGR_COPY(AUTH_FAIL)
+{
+ int rc = 0;
+
+ AUTH_MGR_ENTER(COMMON_FAIL, in, out, rc);
+ return rc;
+}
+
+AUTH_MGR_COPY(AUTH_TIMEOUT)
+{
+ int rc = 0;
+
+ AUTH_MGR_ENTER(COMMON_FAIL, in, out, rc);
+ return rc;
+}
+
+AUTH_MGR_COPY(AUTH_SERVER_COMM_FAILURE)
+{
+ int rc = 0;
+
+ AUTH_MGR_ENTER(COMMON_FAIL, in, out, rc);
+ return rc;
+}
+
+AUTH_MGR_COPY(RADIUS_SERVERS_DEAD)
+{
+ int rc = 0;
+
+ AUTH_MGR_ENTER(COMMON_FAIL, in, out, rc);
+ return rc;
+}
+
+AUTH_MGR_COPY(CLIENT_DISCONNECTED)
+{
+ int rc = 0;
+
+ AUTH_MGR_ENTER(COMMON_PARAMS, in, out, rc);
+ return rc;
+}
+
+
+AUTH_MGR_COPY(RADIUS_DACL_INFO)
+{
+return 0;
+}
+
+
+AUTH_MGR_COPY(RADIUS_FIRST_PASS_DACL_DATA)
+{
+return 0;
+}
+
+AUTH_MGR_COPY(MKA_PEER_TIMEOUT)
+{
+return 0;
+}
+
+int auth_mgr_status_params_copy(authmgrClientStatusInfo_t *clientInfo, clientStatusReply_t *reply)
+{
+ void *in = (void *)reply;
+ void *out = (void *)clientInfo;
+ int rc = 0;
+
+ switch (reply->status)
+ {
+ case NEW_CLIENT:
+ AUTH_MGR_ENTER(NEW_CLIENT, in, out, rc);
+ break;
+
+ case AUTH_FAIL:
+ AUTH_MGR_ENTER(AUTH_FAIL, in, out, rc);
+ break;
+
+ case AUTH_SUCCESS:
+ AUTH_MGR_ENTER(AUTH_SUCCESS, in, out, rc);
+ break;
+
+ case AUTH_TIMEOUT:
+ AUTH_MGR_ENTER(AUTH_TIMEOUT, in, out, rc);
+ break;
+
+ case AUTH_SERVER_COMM_FAILURE:
+ AUTH_MGR_ENTER(AUTH_SERVER_COMM_FAILURE, in, out, rc);
+ break;
+
+ case CLIENT_DISCONNECTED:
+ AUTH_MGR_ENTER(CLIENT_DISCONNECTED, in, out, rc);
+ break;
+
+ case METHOD_CHANGE:
+ AUTH_MGR_ENTER(METHOD_CHANGE, in, out, rc);
+ break;
+
+ case RADIUS_SERVERS_DEAD:
+ AUTH_MGR_ENTER(RADIUS_SERVERS_DEAD, in, out, rc);
+ break;
+
+ case RADIUS_FIRST_PASS_DACL_DATA:
+ AUTH_MGR_ENTER(RADIUS_FIRST_PASS_DACL_DATA, in, out, rc);
+ break;
+
+ case RADIUS_DACL_INFO:
+ AUTH_MGR_ENTER(RADIUS_DACL_INFO, in, out, rc);
+ break;
+
+ case MKA_PEER_TIMEOUT:
+ AUTH_MGR_ENTER(MKA_PEER_TIMEOUT, in, out, rc);
+ break;
+
+ default:
+ rc = -1;
+
+ }
+return rc;
+}
+
+int wpa_sync_send(char *ctrl_ifname, char * cmd, char *buf, size_t *len)
+{
+ static struct wpa_ctrl *ctrl_conn;
+ int ret;
+ char sock_file[128];
+
+ memset(sock_file, 0, sizeof(sock_file));
+ sprintf(sock_file, "/var/run/hostapd/%s", ctrl_ifname);
+
+ ctrl_conn = wpa_ctrl_open(sock_file);
+
+ if (ctrl_conn == NULL)
+ {
+ AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_CLIENT, 0,
+ "Not connected to hostapd - command dropped.. retrying..\n");
+ usleep(10 * 1000);
+
+ ctrl_conn = wpa_ctrl_open(sock_file);
+
+ if (ctrl_conn == NULL)
+ {
+ AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_CLIENT, 0,
+ "Not connected to hostapd - command dropped..\n");
+ return -1;
+ }
+ }
+
+ *len = sizeof(buf) - 1;
+ ret = wpa_ctrl_request(ctrl_conn, cmd, strlen(cmd), buf, len, NULL);
+ if (ret == -2) {
+ AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_CLIENT, 0,
+ "'%s' command timed out.\n", cmd);
+ return -2;
+ } else if (ret < 0) {
+ AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_CLIENT, 0,
+ "'%s' command failed.\n", cmd);
+ return -1;
+ }
+ if (1) {
+ buf[*len] = '\0';
+ AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_CLIENT, 0,"hostapd reply %s", buf);
+ }
+
+ wpa_ctrl_close(ctrl_conn);
+ return 0;
+}
+
+/* function to receive multiple connections */
+
+/* Start listening socket listen_sock. */
+int start_listen_socket(int *listen_sock)
+{
+ int reuse = 1;
+ struct sockaddr_in my_addr;
+
+ // Obtain a file descriptor for our "listening" socket.
+ *listen_sock = socket(AF_INET, SOCK_STREAM, 0);
+ if (*listen_sock < 0)
+ {
+ perror("socket");
+ return -1;
+ }
+
+ if (setsockopt(*listen_sock, SOL_SOCKET, SO_REUSEADDR, &reuse, sizeof(reuse)) != 0) {
+ perror("setsockopt");
+ return -1;
+ }
+
+ memset(&my_addr, 0, sizeof(my_addr));
+ my_addr.sin_family = AF_INET;
+ my_addr.sin_addr.s_addr = inet_addr(SERVER_IPV4_ADDR);
+ my_addr.sin_port = htons(SERVER_LISTEN_PORT);
+
+ if (bind(*listen_sock, (struct sockaddr*)&my_addr, sizeof(struct sockaddr)) != 0) {
+ perror("bind");
+ return -1;
+ }
+
+ // start accept client connections
+ if (listen(*listen_sock, 144) != 0) {
+ perror("listen");
+ return -1;
+ }
+ AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_CLIENT, 0,
+ "Accepting connections on port %d.\n", (int)SERVER_LISTEN_PORT);
+
+ return 0;
+}
+
+static void close_connection(int conn_socket)
+{
+ /* Close it regardless */
+ close(conn_socket);
+}
+
+void shutdown_properly(int *listen_sock)
+{
+ int i;
+
+ for (i = 0; i < MAX_CLIENTS; ++i)
+ if (connection_list[i].socket != NO_SOCKET)
+ close_connection(connection_list[i].socket);
+
+ close(*listen_sock);
+ AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_CLIENT, 0,"Shutdown server properly.\n");
+ return;
+}
+
+
+int build_fd_sets(fd_set *read_fds, fd_set *write_fds, fd_set *except_fds, int listen_sock)
+{
+
+ FD_ZERO(read_fds);
+ FD_SET(listen_sock, read_fds);
+ return 0;
+}
+
+/* Receive message from peer and handle it with message_handler(). */
+int read_from_connection(int socket, char *buf, unsigned int buf_len,
+ unsigned int *bytes_read, bool *more_data)
+{
+ size_t len_to_receive;
+ ssize_t received_count = 0;
+ size_t received_total = 0;
+
+ char *buf_ptr = buf;
+
+ AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_CLIENT, 0,
+ "Entering read_from_connection fd %d buf_len %d\n", socket, buf_len);
+
+ do {
+ if (received_total >= buf_len)
+ {
+ /* still more to copy */
+ *more_data = true;
+ *bytes_read = received_total;
+ AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_CLIENT, 0,
+ "fd: %d There is more data , Read %zd bytes till now\n",
+ socket, received_count);
+ return 0;
+ }
+
+ /* Count bytes to receive.*/
+ len_to_receive = buf_len;
+ if (len_to_receive > MAX_SEND_SIZE)
+ len_to_receive = MAX_SEND_SIZE;
+
+ AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_CLIENT, 0,
+ "fd: %d Let's try to recv() %zd bytes... ", socket, len_to_receive);
+
+ received_count = recv(socket, buf_ptr, len_to_receive, NULL);
+
+ if (received_count < 0) {
+ if (errno == EAGAIN || errno == EWOULDBLOCK) {
+ AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_CLIENT, 0,
+ "fd %d peer is not ready right now, try again later.\n", socket);
+ continue;
+ } else {
+ perror("recv() from peer error");
+ *more_data = false;
+ return -1;
+ }
+ }
+ /* If recv() returns 0, it means that peer gracefully shutdown. Shutdown client.*/
+ else if (received_count == 0) {
+ AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_CLIENT, 0,
+ "fd %d recv() 0 bytes. Peer gracefully shutdown.\n", socket);
+ *more_data = false;
+ break;
+ }
+ else if (received_count > 0) {
+ received_total += received_count;
+ AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_CLIENT, 0,
+ "fd %d recv() %zd bytes\n", socket, received_count);
+
+ buf_ptr += received_count;
+ len_to_receive -= received_count;
+ }
+ } while (received_count > 0);
+
+ *bytes_read = received_total;
+
+ AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_CLIENT, 0,
+ "fd %d Total recv()'ed %zu bytes.\n", socket, received_total);
+ return 0;
+}
+
+
+void *handle_connection(void *arg)
+{
+ int new_socket = *((int *)arg);
+ char *recv_buff = NULL;
+ char *buf = NULL;
+ unsigned int bytes_received;
+ bool more_data = true;
+ unsigned int buff_step_size = 2048;
+ int rem_len = 4* buff_step_size;
+ int buff_size = 4* buff_step_size;
+ clientStatusReply_t *clientReply = NULLPTR;
+ authmgrClientStatusInfo_t clientStatus;
+ int total_read = 0;
+ uint32 intf = 0;
+ uint32 method = 0, status = 0;
+ void *in = NULL;
+ void *out = NULL;
+ int rc = -1;
+ char8 paeCapabilities = 0;
+
+ int i;
+
+ recv_buff = (char *)malloc(buff_size);
+
+ if (!recv_buff)
+ goto conn_close;
+
+ memset(recv_buff, 0, buff_size);
+ buf = recv_buff;
+
+ while(more_data)
+ {
+ more_data = false;
+ if (rem_len <= 0)
+ {
+ AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_CLIENT, 0,
+ "fd %d More data to read, but not sufficient buffer !!\n", new_socket);
+ buff_size += buff_step_size;
+ recv_buff = (char *)realloc(recv_buff, buff_size);
+ buf = recv_buff + total_read;
+ rem_len = buff_size - total_read;
+ }
+ bytes_received = 0;
+ if (0 != read_from_connection(new_socket, buf, rem_len, &bytes_received, &more_data))
+ {
+ break;
+ }
+ total_read += bytes_received;
+ buf = recv_buff + total_read;
+ rem_len = buff_size - total_read;
+ }
+
+ AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_CLIENT, 0,"fd %d : buffer: total_read %d", new_socket, total_read);
+
+ close(new_socket);
+
+ if (extra_detail_logs)
+ {
+ char *ptr = recv_buff;
+ for (i =0; i<10; i++)
+ {
+ AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_CLIENT, 0,"0x%x ", ptr[i]);
+ }
+ AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_CLIENT, 0,"\nstart processing !!\n");
+ }
+ /* invoke api to decipher the data
+ * and post to the appropriate queue */
+
+ memset(&clientStatus, 0, sizeof(clientStatus));
+
+ clientReply = (clientStatusReply_t *)recv_buff;
+
+ if (clientReply->status)
+ AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_CLIENT, 0,
+ "Read update from socket for user %02X:%02X:%02X:%02X:%02X:%02X on interface %s"
+ "status %s method %s",
+ (unsigned int)clientReply->info.authInfo.addr[0],
+ (unsigned int)clientReply->info.authInfo.addr[1],
+ (unsigned int)clientReply->info.authInfo.addr[2],
+ (unsigned int)clientReply->info.authInfo.addr[3],
+ (unsigned int)clientReply->info.authInfo.addr[4],
+ (unsigned int)clientReply->info.authInfo.addr[5],
+ clientReply->intf, authmgrMethodStatusStringGet(clientReply->status), clientReply->method);
+
+ /* convert char intf to intf number */
+ in = (void *)clientReply->intf;
+ out = (void *)&intf;
+
+ AUTH_MGR_ENTER(INTERFACE, in, out, rc);
+
+ AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_CLIENT, 0,"AUTH_MGR_ENTER INTERFACE !! rc %d \n", rc);
+
+ if (-1 == rc)
+ goto conn_close;
+
+ (void)authmgrDot1xPortPaeCapabilitiesGet(intf, &paeCapabilities);
+ if ( DOT1X_PAE_PORT_AUTH_CAPABLE != paeCapabilities)
+ goto conn_close;
+
+ /* copy the method */
+ in = (void *)clientReply->method;
+ out = (void *)&method;
+
+ AUTH_MGR_ENTER(METHOD, in, out, rc);
+ AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_CLIENT, 0,"AUTH_MGR_ENTER METHOD !! rc %d \n", rc);
+ if (-1 == rc)
+ goto conn_close;
+
+ status = clientReply->status;
+
+ AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_CLIENT, 0,"client reply Status %d \n", status);
+ rc = auth_mgr_status_params_copy(&clientStatus, clientReply);
+ AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_CLIENT, 0,"AUTH_MGR_ENTER PARAMS COPY !! rc %d \n", rc);
+ if (-1 == rc)
+ goto conn_close;
+
+ AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_CLIENT, 0,"AUTH_MGR_ENTER status update !! rc %d \n", rc);
+ authmgrPortClientAuthStatusUpdate (intf, method,
+ status, (void *) &clientStatus);
+
+conn_close:
+ if (recv_buff)
+ free(recv_buff);
+ free (arg);
+ pthread_exit(NULL);
+}
+
+int open_new_connection(int new_client_sock)
+{
+ pthread_attr_t tattr;
+ static int cl_count;
+ int ret = 0;
+ int *new_sock;
+
+ if ((ret = pthread_attr_init(&tattr)) !=0)
+ {
+ AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_FAILURE, 0,
+ "Failed to create thread - pthread_attr_init failed with %d\n", ret);
+ close(new_client_sock);
+ return -1;
+ }
+
+ if ((ret = pthread_attr_setdetachstate(&tattr,PTHREAD_CREATE_DETACHED)) !=0)
+ {
+ AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_FAILURE, 0,
+ "Failed to create thread - pthread_attr_setdetachstate failed with %d\n", ret);
+ close(new_client_sock);
+ pthread_attr_destroy(&tattr);
+ return -1;
+ }
+
+ new_sock = malloc(sizeof(*new_sock));
+ *new_sock = new_client_sock;
+
+ connection_list[cl_count].socket = new_client_sock;
+ connection_list[cl_count].tid = TID_INIT;
+
+ if ((ret = pthread_create(&connection_list[cl_count].tid, &tattr,
+ handle_connection, (void*)new_sock)) !=0)
+ {
+ AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_FAILURE, 0,
+ "Failed to create thread with %d\n", ret);
+ free(new_sock);
+ close_connection(new_client_sock);
+ pthread_attr_destroy(&tattr);
+ return -1;
+ }
+ cl_count = (cl_count+1)%MAX_CLIENTS;
+ pthread_attr_destroy(&tattr);
+ return 0;
+}
+
+
+int handle_async_resp_data(int *listen_sock)
+{
+ int i;
+ int new_client_sock = -1;
+ struct sockaddr_in client_addr;
+ socklen_t client_len = sizeof(client_addr);
+ char client_ipv4_str[INET_ADDRSTRLEN];
+ struct linger sl;
+
+
+ if (start_listen_socket(listen_sock) != 0) {
+ return -1;
+ }
+
+ for (i = 0; i < MAX_CLIENTS; ++i)
+ {
+ connection_list[i].socket = NO_SOCKET;
+ connection_list[i].tid = TID_INIT;
+ }
+
+ while (1)
+ {
+ new_client_sock = -1;
+ memset(&client_addr, 0, sizeof(client_addr));
+
+ new_client_sock = accept(*listen_sock, (struct sockaddr *)&client_addr, &client_len);
+ if (new_client_sock < 0) {
+ AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_FAILURE, 0, "accept failed");
+ continue;
+ }
+
+ sl.l_onoff = 1; /* enable linger option */
+ sl.l_linger = 0; /* timeout interval in seconds */
+ if (-1 == setsockopt(new_client_sock, SOL_SOCKET, SO_LINGER, &sl, sizeof(sl)))
+ {
+ AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_CLIENT, 0,
+ "unable to set SO_LINGER option socket with fd: %d\n", new_client_sock);
+ }
+
+
+ inet_ntop(AF_INET, &client_addr.sin_addr, client_ipv4_str, INET_ADDRSTRLEN);
+
+ AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_EVENTS, 0,
+ "received from client fd %d [%s:%u] ",
+ new_client_sock, inet_ntoa(client_addr.sin_addr), ntohs(client_addr.sin_port));
+ open_new_connection(new_client_sock);
+ }
+ return 0;
+}
+
+int authmgrMabDataSend(mab_pac_cmd_t *req, char *resp, unsigned int *len)
+{
+ struct sockaddr_in saddr;
+ int fd, rc;
+ struct hostent *local_host;
+ char *ptr = (char *)req;
+ struct sockaddr_in client;
+ socklen_t clientlen = sizeof(client);
+
+ /* open the socket to MAB server */
+ fd = socket(AF_INET, SOCK_STREAM, 0);
+ if (fd == -1)
+ {
+ fprintf(stderr, "socket failed [%s]\n", strerror(errno));
+ return -1;
+ }
+
+ saddr.sin_family = AF_INET;
+ saddr.sin_port = htons(3734);
+ local_host = gethostbyname("127.0.0.1");
+ saddr.sin_addr = *((struct in_addr *)local_host->h_addr);
+
+ rc = connect(fd, (struct sockaddr *)&saddr, sizeof(struct sockaddr_in));
+ if (-1 == rc)
+ {
+ fprintf(stderr, "connect failed [%s]\n", strerror(errno));
+ goto close_soc;
+ }
+
+ getsockname(fd, (struct sockaddr *) &client, &clientlen);
+
+ AUTHMGR_EVENT_TRACE(AUTHMGR_TRACE_EVENTS, 0,
+ "The Socket is now connected fd %d [%s:%u] ",
+ fd, inet_ntoa(client.sin_addr), ntohs(client.sin_port));
+
+ /* Send the command req */
+ rc = send(fd, ptr, sizeof(mab_pac_cmd_t), 0);
+ AUTHMGR_EVENT_TRACE (AUTHMGR_TRACE_CLIENT, 0,
+ "fd : %d Successfully sent data (len %lu bytes): %s",
+ fd, sizeof(mab_pac_cmd_t), req->cmd);
+
+ /* read the resp */
+ rc = recv(fd, resp, *len, NULL);
+
+ *len = 0;
+ if (rc)
+ {
+ *len = rc;
+ }
+
+close_soc:
+ close(fd);
+ return 0;
+}
+
+
+
+
+RC_t auth_mgr_eap_socket_create( int32 *fd)
+{
+ *fd = socket(PF_PACKET, SOCK_RAW, htons(ETH_P_PAE));
+ if (*fd < 0) {
+ printf("%s, %d socket[PF_PACKET,SOCK_RAW]: %s",
+ __func__, __LINE__, strerror(errno));
+ return FAILURE;
+ }
+return SUCCESS;
+
+
+}