Annotation of embedaddon/coova-chilli/src/radius.h, revision 1.1
1.1 ! misho 1: /*
! 2: * Radius client functions.
! 3: * Copyright (C) 2003, 2004, 2005 Mondru AB.
! 4: * Copyright (c) 2006-2007 David Bird <david@coova.com>
! 5: *
! 6: * The contents of this file may be used under the terms of the GNU
! 7: * General Public License Version 2, provided that the above copyright
! 8: * notice and this permission notice is included in all copies or
! 9: * substantial portions of the software.
! 10: *
! 11: */
! 12:
! 13: #ifndef _RADIUS_H
! 14: #define _RADIUS_H
! 15:
! 16: #define RADIUS_NONETWORK 0x01
! 17: #define RADIUS_NOBROADCAST 0x02
! 18:
! 19: #define RADIUS_AUTHPORT 1812
! 20: #define RADIUS_ACCTPORT 1813
! 21:
! 22: /* Radius packet types */
! 23: #define RADIUS_CODE_ACCESS_REQUEST 1
! 24: #define RADIUS_CODE_ACCESS_ACCEPT 2
! 25: #define RADIUS_CODE_ACCESS_REJECT 3
! 26: #define RADIUS_CODE_ACCOUNTING_REQUEST 4
! 27: #define RADIUS_CODE_ACCOUNTING_RESPONSE 5
! 28: #define RADIUS_CODE_ACCESS_CHALLENGE 11
! 29: #define RADIUS_CODE_STATUS_SERVER 12
! 30: #define RADIUS_CODE_STATUS_CLIENT 13
! 31: #define RADIUS_CODE_DISCONNECT_REQUEST 40
! 32: #define RADIUS_CODE_DISCONNECT_ACK 41
! 33: #define RADIUS_CODE_DISCONNECT_NAK 42
! 34: #define RADIUS_CODE_COA_REQUEST 43
! 35: #define RADIUS_CODE_COA_ACK 44
! 36: #define RADIUS_CODE_COA_NAK 45
! 37: #define RADIUS_CODE_STATUS_REQUEST 46
! 38: #define RADIUS_CODE_STATUS_ACCEPT 47
! 39: #define RADIUS_CODE_STATUS_REJECT 48
! 40:
! 41: /* Radius attributes */
! 42: #define RADIUS_ATTR_USER_NAME 1 /* string */
! 43: #define RADIUS_ATTR_USER_PASSWORD 2 /* string (encrypt) */
! 44: #define RADIUS_ATTR_CHAP_PASSWORD 3 /* octets */
! 45: #define RADIUS_ATTR_NAS_IP_ADDRESS 4 /* ipaddr */
! 46: #define RADIUS_ATTR_NAS_PORT 5 /* integer */
! 47: #define RADIUS_ATTR_SERVICE_TYPE 6 /* integer */
! 48: #define RADIUS_ATTR_FRAMED_PROTOCOL 7 /* integer */
! 49: #define RADIUS_ATTR_FRAMED_IP_ADDRESS 8 /* ipaddr */
! 50: #define RADIUS_ATTR_FRAMED_IP_NETMASK 9 /* ipaddr */
! 51: #define RADIUS_ATTR_FRAMED_ROUTING 10 /* integer */
! 52: #define RADIUS_ATTR_FILTER_ID 11 /* string */
! 53: #define RADIUS_ATTR_FRAMED_MTU 12 /* integer */
! 54: #define RADIUS_ATTR_FRAMED_COMPRESSION 13 /* integer */
! 55: #define RADIUS_ATTR_LOGIN_IP_HOST 14 /* ipaddr */
! 56: #define RADIUS_ATTR_LOGIN_SERVICE 15 /* integer */
! 57: #define RADIUS_ATTR_LOGIN_TCP_PORT 16 /* integer */
! 58: #define RADIUS_ATTR_REPLY_MESSAGE 18 /* string */
! 59: #define RADIUS_ATTR_CALLBACK_NUMBER 19 /* string */
! 60: #define RADIUS_ATTR_CALLBACK_ID 20 /* string */
! 61: #define RADIUS_ATTR_FRAMED_ROUTE 22 /* string */
! 62: #define RADIUS_ATTR_FRAMED_IPX_NETWORK 23 /* ipaddr */
! 63: #define RADIUS_ATTR_STATE 24 /* octets */
! 64: #define RADIUS_ATTR_CLASS 25 /* octets */
! 65: #define RADIUS_ATTR_VENDOR_SPECIFIC 26 /* octets */
! 66: #define RADIUS_ATTR_SESSION_TIMEOUT 27 /* integer */
! 67: #define RADIUS_ATTR_IDLE_TIMEOUT 28 /* integer */
! 68: #define RADIUS_ATTR_TERMINATION_ACTION 29 /* integer */
! 69: #define RADIUS_ATTR_CALLED_STATION_ID 30 /* string */
! 70: #define RADIUS_ATTR_CALLING_STATION_ID 31 /* string */
! 71: #define RADIUS_ATTR_NAS_IDENTIFIER 32 /* string */
! 72: #define RADIUS_ATTR_PROXY_STATE 33 /* octets */
! 73: #define RADIUS_ATTR_LOGIN_LAT_SERVICE 34 /* string */
! 74: #define RADIUS_ATTR_LOGIN_LAT_NODE 35 /* string */
! 75: #define RADIUS_ATTR_LOGIN_LAT_GROUP 36 /* octets */
! 76: #define RADIUS_ATTR_FRAMED_APPLETALK_LINK 37 /* integer */
! 77: #define RADIUS_ATTR_FRAMED_APPLETALK_NETWORK 38 /* integer */
! 78: #define RADIUS_ATTR_FRAMED_APPLETALK_ZONE 39 /* string */
! 79: #define RADIUS_ATTR_ACCT_STATUS_TYPE 40 /* integer */
! 80: #define RADIUS_ATTR_ACCT_DELAY_TIME 41 /* integer */
! 81: #define RADIUS_ATTR_ACCT_INPUT_OCTETS 42 /* integer */
! 82: #define RADIUS_ATTR_ACCT_OUTPUT_OCTETS 43 /* integer */
! 83: #define RADIUS_ATTR_ACCT_SESSION_ID 44 /* string */
! 84: #define RADIUS_ATTR_ACCT_AUTHENTIC 45 /* integer */
! 85: #define RADIUS_ATTR_ACCT_SESSION_TIME 46 /* integer */
! 86: #define RADIUS_ATTR_ACCT_INPUT_PACKETS 47 /* integer */
! 87: #define RADIUS_ATTR_ACCT_OUTPUT_PACKETS 48 /* integer */
! 88: #define RADIUS_ATTR_ACCT_TERMINATE_CAUSE 49 /* integer */
! 89: #define RADIUS_ATTR_ACCT_MULTI_SESSION_ID 50 /* string */
! 90: #define RADIUS_ATTR_ACCT_LINK_COUNT 51 /* integer */
! 91: #define RADIUS_ATTR_ACCT_INPUT_GIGAWORDS 52 /* integer */
! 92: #define RADIUS_ATTR_ACCT_OUTPUT_GIGAWORDS 53 /* integer */
! 93: #define RADIUS_ATTR_EVENT_TIMESTAMP 55 /* date */
! 94: #define RADIUS_ATTR_CHAP_CHALLENGE 60 /* string */
! 95: #define RADIUS_ATTR_NAS_PORT_TYPE 61 /* integer */
! 96: #define RADIUS_ATTR_PORT_LIMIT 62 /* integer */
! 97: #define RADIUS_ATTR_LOGIN_LAT_PORT 63 /* integer */
! 98: #define RADIUS_ATTR_ACCT_TUNNEL_CONNECTION 68 /* string */
! 99: #define RADIUS_ATTR_ARAP_PASSWORD 70 /* string */
! 100: #define RADIUS_ATTR_ARAP_FEATURES 71 /* string */
! 101: #define RADIUS_ATTR_ARAP_ZONE_ACCESS 72 /* integer */
! 102: #define RADIUS_ATTR_ARAP_SECURITY 73 /* integer */
! 103: #define RADIUS_ATTR_ARAP_SECURITY_DATA 74 /* string */
! 104: #define RADIUS_ATTR_PASSWORD_RETRY 75 /* integer */
! 105: #define RADIUS_ATTR_PROMPT 76 /* integer */
! 106: #define RADIUS_ATTR_CONNECT_INFO 77 /* string */
! 107: #define RADIUS_ATTR_CONFIGURATION_TOKEN 78 /* string */
! 108: #define RADIUS_ATTR_EAP_MESSAGE 79 /* string */
! 109: #define RADIUS_ATTR_MESSAGE_AUTHENTICATOR 80 /* octets */
! 110: #define RADIUS_ATTR_ARAP_CHALLENGE_RESPONSE 84 /* string # 10 octets */
! 111: #define RADIUS_ATTR_ACCT_INTERIM_INTERVAL 85 /* integer */
! 112: #define RADIUS_ATTR_NAS_PORT_ID 87 /* string */
! 113: #define RADIUS_ATTR_FRAMED_POOL 88 /* string */
! 114: #define RADIUS_ATTR_NAS_IPV6_ADDRESS 95 /* octets (IPv6) */
! 115: #define RADIUS_ATTR_FRAMED_INTERFACE_ID 96 /* octets # 8 octets */
! 116: #define RADIUS_ATTR_FRAMED_IPV6_PREFIX 97 /* octets ??? */
! 117: #define RADIUS_ATTR_LOGIN_IPV6_HOST 98 /* octets (IPv6) */
! 118: #define RADIUS_ATTR_FRAMED_IPV6_ROUTE 99 /* string */
! 119: #define RADIUS_ATTR_FRAMED_IPV6_POOL 100 /* string */
! 120: #define RADIUS_ATTR_DIGEST_RESPONSE 206 /* string */
! 121: #define RADIUS_ATTR_DIGEST_ATTRIBUTES 207 /* octets ??? */
! 122:
! 123:
! 124: #define RADIUS_VENDOR_MS 311
! 125: #define RADIUS_ATTR_MS_CHAP_RESPONSE 1
! 126: #define RADIUS_ATTR_MS_MPPE_ENCRYPTION_POLICY 7
! 127: #define RADIUS_ATTR_MS_MPPE_ENCRYPTION_TYPES 8
! 128: #define RADIUS_ATTR_MS_CHAP_CHALLENGE 11
! 129: #define RADIUS_ATTR_MS_CHAP_MPPE_KEYS 12
! 130: #define RADIUS_ATTR_MS_MPPE_SEND_KEY 16
! 131: #define RADIUS_ATTR_MS_MPPE_RECV_KEY 17
! 132: #define RADIUS_ATTR_MS_CHAP2_RESPONSE 25
! 133: #define RADIUS_ATTR_MS_CHAP2_SUCCESS 26
! 134:
! 135:
! 136: #define RADIUS_SERVICE_TYPE_LOGIN 1
! 137: #define RADIUS_SERVICE_TYPE_ADMIN_USER 6
! 138:
! 139: #define RADIUS_STATUS_TYPE_START 1
! 140: #define RADIUS_STATUS_TYPE_STOP 2
! 141: #define RADIUS_STATUS_TYPE_INTERIM_UPDATE 3
! 142: #define RADIUS_STATUS_TYPE_ACCOUNTING_ON 7
! 143: #define RADIUS_STATUS_TYPE_ACCOUNTING_OFF 8
! 144:
! 145: #define RADIUS_NAS_PORT_TYPE_VIRTUAL 5
! 146: #define RADIUS_NAS_PORT_TYPE_WIRELESS_802_11 19
! 147: #define RADIUS_NAS_PORT_TYPE_WIRELESS_UMTS 23
! 148:
! 149: #define RADIUS_TERMINATE_CAUSE_USER_REQUEST 1
! 150: #define RADIUS_TERMINATE_CAUSE_LOST_CARRIER 2
! 151: #define RADIUS_TERMINATE_CAUSE_LOST_SERVICE 3
! 152: #define RADIUS_TERMINATE_CAUSE_IDLE_TIMEOUT 4
! 153: #define RADIUS_TERMINATE_CAUSE_SESSION_TIMEOUT 5
! 154: #define RADIUS_TERMINATE_CAUSE_ADMIN_RESET 6
! 155: #define RADIUS_TERMINATE_CAUSE_ADMIN_REBOOT 7
! 156: #define RADIUS_TERMINATE_CAUSE_PORT_ERROR 8
! 157: #define RADIUS_TERMINATE_CAUSE_NAS_ERROR 9
! 158: #define RADIUS_TERMINATE_CAUSE_NAS_REQUEST 10
! 159: #define RADIUS_TERMINATE_CAUSE_NAS_REBOOT 11
! 160: #define RADIUS_TERMINATE_CAUSE_PORT_UNNEEDED 12
! 161: #define RADIUS_TERMINATE_CAUSE_PORT_PREEMPTED 13
! 162: #define RADIUS_TERMINATE_CAUSE_PORT_SUSPEND 14
! 163: #define RADIUS_TERMINATE_CAUSE_SERVICE_UNAVAILABLE 15
! 164: #define RADIUS_TERMINATE_CAUSE_CALLBACK 16
! 165: #define RADIUS_TERMINATE_CAUSE_USER_ERROR 17
! 166: #define RADIUS_TERMINATE_CAUSE_HOST_REQUEST 18
! 167:
! 168: #include "limits.h"
! 169:
! 170: struct radius_packet_t {
! 171: uint8_t code;
! 172: uint8_t id;
! 173: uint16_t length;
! 174: uint8_t authenticator[RADIUS_AUTHLEN];
! 175: uint8_t payload[RADIUS_PACKSIZE-RADIUS_HDRSIZE];
! 176: } __attribute__((packed));
! 177:
! 178:
! 179: struct radius_queue_t { /* Holder for queued packets */
! 180: int state; /* 0=empty, 1=full */
! 181: void *cbp; /* Pointer used for callbacks */
! 182: struct timeval timeout; /* When do we retransmit this packet? */
! 183: int retrans; /* How many times did we retransmit this? */
! 184: int lastsent; /* 0 or 1 indicates last server used */
! 185: struct sockaddr_in peer; /* Address packet was sent to / received from */
! 186: struct radius_packet_t p; /* The packet stored */
! 187: uint16_t seq; /* The sequence number */
! 188: uint8_t type; /* The type of packet */
! 189: size_t l; /* Length of the packet */
! 190: struct qmsg_t *seqnext; /* Pointer to next in sequence hash list */
! 191: int next; /* Pointer to the next in queue. -1: Last */
! 192: int prev; /* Pointer to the previous in queue. -1: First */
! 193: int this; /* Pointer to myself */
! 194: };
! 195:
! 196:
! 197: struct radius_t {
! 198: int fd; /* Socket file descriptor */
! 199: FILE *urandom_fp; /* /dev/urandom FILE pointer */
! 200: struct in_addr ouraddr; /* Address to listen to */
! 201: uint16_t ourport; /* Port to listen to */
! 202: int coanocheck; /* Accept coa from all IP addresses */
! 203: int lastreply; /* 0 or 1 indicates last server reply */
! 204: uint16_t authport; /* His port for authentication */
! 205: uint16_t acctport; /* His port for accounting */
! 206: struct in_addr hisaddr0; /* Server address */
! 207: struct in_addr hisaddr1; /* Server address */
! 208: char secret[RADIUS_SECRETSIZE];/* Shared secret */
! 209: size_t secretlen; /* Length of sharet secret */
! 210: int proxyfd; /* Proxy socket file descriptor */
! 211: struct in_addr proxylisten; /* Proxy address to listen to */
! 212: uint16_t proxyport; /* Proxy port to listen to */
! 213: struct in_addr proxyaddr; /* Proxy client address */
! 214: struct in_addr proxymask; /* Proxy client mask */
! 215: char proxysecret[RADIUS_SECRETSIZE]; /* Proxy secret */
! 216: size_t proxysecretlen; /* Length of sharet secret */
! 217: unsigned char nas_hwaddr[6]; /* Hardware address of NAS */
! 218:
! 219: int debug; /* Print debug messages */
! 220:
! 221: struct radius_queue_t queue[RADIUS_QUEUESIZE]; /* Outstanding replies */
! 222: uint8_t next; /* Next location in queue to use */
! 223: int first; /* First packet in queue (oldest timeout) */
! 224: int last; /* Last packet in queue (youngest timeout) */
! 225:
! 226: int listsize; /* Total number of addresses */
! 227: int hashsize; /* Size of hash table */
! 228: int hashlog; /* Log2 size of hash table */
! 229: int hashmask; /* Bitmask for calculating hash */
! 230: int (*cb_ind) (struct radius_t *radius, struct radius_packet_t *pack,
! 231: struct sockaddr_in *peer);
! 232: int (*cb_auth_conf) (struct radius_t *radius, struct radius_packet_t *pack,
! 233: struct radius_packet_t *pack_req, void *cbp);
! 234: int (*cb_acct_conf) (struct radius_t *radius, struct radius_packet_t *pack,
! 235: struct radius_packet_t *pack_req, void *cbp);
! 236: int (*cb_coa_ind) (struct radius_t *radius, struct radius_packet_t *pack,
! 237: struct sockaddr_in *peer);
! 238: };
! 239:
! 240: struct radiusm_t {
! 241: struct in_addr addr; /* IP address of this member */
! 242: int inuse; /* 0=available; 1= inuse */
! 243: struct RADIUSm_t *nexthash; /* Linked list part of hash table */
! 244: struct RADIUSm_t *prev, *next; /* Double linked list of available members */
! 245: struct RADIUS_t *parent; /* Pointer to parent */
! 246: void *peer; /* Pointer to peer protocol handler */
! 247: };
! 248:
! 249:
! 250: struct radius_attr_t {
! 251: uint8_t t;
! 252: uint8_t l;
! 253: union {
! 254: uint32_t i;
! 255: uint8_t t[RADIUS_ATTR_VLEN];
! 256: struct {
! 257: uint32_t i;
! 258: uint8_t t;
! 259: uint8_t l;
! 260: union {
! 261: uint32_t i;
! 262: uint8_t t[RADIUS_ATTR_VLEN-4];
! 263: } v;
! 264: } vv;
! 265: } v;
! 266: } __attribute__((packed));
! 267:
! 268:
! 269: /* Create new radius instance */
! 270: extern int radius_new(struct radius_t **this,
! 271: struct in_addr *listen, uint16_t port, int coanocheck,
! 272: struct in_addr *proxylisten, uint16_t proxyport,
! 273: struct in_addr *proxyaddr, struct in_addr *proxymask,
! 274: char* proxysecret);
! 275:
! 276: /* Delete existing radius instance */
! 277: extern int radius_free(struct radius_t *this);
! 278:
! 279: /* Set radius parameters which can later be changed */
! 280: extern void radius_set(struct radius_t *this,
! 281: unsigned char *hwaddr,
! 282: int debug);
! 283:
! 284: /* Callback function for received request */
! 285: extern int radius_set_cb_ind(struct radius_t *this,
! 286: int (*cb_ind) (struct radius_t *radius, struct radius_packet_t *pack,
! 287: struct sockaddr_in *peer));
! 288:
! 289: /* Callback function for response to access request */
! 290: extern int radius_set_cb_auth_conf(struct radius_t *this,
! 291: int (*cb_auth_conf) (struct radius_t *radius, struct radius_packet_t *pack,
! 292: struct radius_packet_t *pack_req, void *cbp));
! 293:
! 294: /* Callback function for response to accounting request */
! 295: extern int radius_set_cb_acct_conf(struct radius_t *this,
! 296: int (*cb_acct_conf) (struct radius_t *radius, struct radius_packet_t *pack,
! 297: struct radius_packet_t *pack_req, void *cbp));
! 298:
! 299: extern int radius_set_cb_coa_ind(struct radius_t *this,
! 300: int (*cb_coa_ind) (struct radius_t *radius, struct radius_packet_t *pack,
! 301: struct sockaddr_in *peer));
! 302:
! 303: /* Send of a request */
! 304: extern int radius_req(struct radius_t *this,
! 305: struct radius_packet_t *pack,
! 306: void *cbp);
! 307:
! 308: /* Send of a response */
! 309: extern int radius_resp(struct radius_t *this,
! 310: struct radius_packet_t *pack,
! 311: struct sockaddr_in *peer, uint8_t *req_auth);
! 312:
! 313: /* Send of a coa response */
! 314: extern int radius_coaresp(struct radius_t *this,
! 315: struct radius_packet_t *pack,
! 316: struct sockaddr_in *peer, uint8_t *req_auth);
! 317:
! 318: /* Process an incoming packet */
! 319: extern int radius_decaps(struct radius_t *this);
! 320:
! 321: /* Process an incoming packet */
! 322: extern int radius_proxy_ind(struct radius_t *this);
! 323:
! 324: /* Add an attribute to a packet */
! 325: extern int radius_addattr(struct radius_t *this, struct radius_packet_t *pack,
! 326: uint8_t type, uint32_t vendor_id, uint8_t vendor_type,
! 327: uint32_t value, uint8_t *data, uint16_t dlen);
! 328:
! 329: /* Generate a packet for use with radius_addattr() */
! 330: extern int radius_default_pack(struct radius_t *this,
! 331: struct radius_packet_t *pack,
! 332: int code);
! 333:
! 334: /* Extract an attribute from a packet */
! 335: extern int
! 336: radius_getnextattr(struct radius_packet_t *pack, struct radius_attr_t **attr,
! 337: uint8_t type, uint32_t vendor_id, uint8_t vendor_type,
! 338: int instance, size_t *roffset);
! 339: extern int
! 340: radius_getattr(struct radius_packet_t *pack, struct radius_attr_t **attr,
! 341: uint8_t type, uint32_t vendor_id, uint8_t vendor_type,
! 342: int instance);
! 343:
! 344:
! 345: /* Encode a password */
! 346: extern int
! 347: radius_pwencode(struct radius_t *this, uint8_t *dst, size_t dstsize,
! 348: size_t *dstlen, uint8_t *src, size_t srclen,
! 349: uint8_t *authenticator, char *secret, size_t secretlen);
! 350:
! 351:
! 352: /* Decode a password (also used for MSCHAPv1 MPPE keys) */
! 353: extern int
! 354: radius_pwdecode(struct radius_t *this, uint8_t *dst, size_t dstsize,
! 355: size_t *dstlen, uint8_t *src, size_t srclen,
! 356: uint8_t *authenticator, char *secret, size_t secretlen);
! 357:
! 358:
! 359: /* Decode MPPE key */
! 360: extern int
! 361: radius_keydecode(struct radius_t *this, uint8_t *dst, size_t dstsize,
! 362: size_t *dstlen, uint8_t *src, size_t srclen,
! 363: uint8_t *authenticator, char *secret, size_t secretlen);
! 364:
! 365: /* Encode MPPE key */
! 366: extern int
! 367: radius_keyencode(struct radius_t *this, uint8_t *dst, size_t dstsize,
! 368: size_t *dstlen, uint8_t *src, size_t srclen,
! 369: uint8_t *authenticator, char *secret, size_t secretlen);
! 370:
! 371:
! 372:
! 373: /* Call this function to process packets needing retransmission */
! 374: extern int radius_timeout(struct radius_t *this);
! 375:
! 376: /* Figure out when to call radius_calltimeout() */
! 377: extern int radius_timeleft(struct radius_t *this, struct timeval *timeout);
! 378:
! 379: extern void radius_addnasip(struct radius_t *radius, struct radius_packet_t *pack);
! 380: extern void radius_addcalledstation(struct radius_t *radius, struct radius_packet_t *pack);
! 381:
! 382: int radius_hmac_md5(struct radius_t *this, struct radius_packet_t *pack,
! 383: char *secret, int secretlen, uint8_t *dst);
! 384:
! 385: int chilliauth_radius(struct radius_t *radius);
! 386:
! 387: #endif /* !_RADIUS_H */
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to radius.h CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / coova-chilli / src