1: /*
2: * Radius client functions.
3: * Copyright (C) 2003, 2004, 2005 Mondru AB.
4: * Copyright (c) 2006-2007 David Bird <david@coova.com>
5: *
6: * The contents of this file may be used under the terms of the GNU
7: * General Public License Version 2, provided that the above copyright
8: * notice and this permission notice is included in all copies or
9: * substantial portions of the software.
10: *
11: */
12:
13: #ifndef _RADIUS_H
14: #define _RADIUS_H
15:
16: #define RADIUS_NONETWORK 0x01
17: #define RADIUS_NOBROADCAST 0x02
18:
19: #define RADIUS_AUTHPORT 1812
20: #define RADIUS_ACCTPORT 1813
21:
22: /* Radius packet types */
23: #define RADIUS_CODE_ACCESS_REQUEST 1
24: #define RADIUS_CODE_ACCESS_ACCEPT 2
25: #define RADIUS_CODE_ACCESS_REJECT 3
26: #define RADIUS_CODE_ACCOUNTING_REQUEST 4
27: #define RADIUS_CODE_ACCOUNTING_RESPONSE 5
28: #define RADIUS_CODE_ACCESS_CHALLENGE 11
29: #define RADIUS_CODE_STATUS_SERVER 12
30: #define RADIUS_CODE_STATUS_CLIENT 13
31: #define RADIUS_CODE_DISCONNECT_REQUEST 40
32: #define RADIUS_CODE_DISCONNECT_ACK 41
33: #define RADIUS_CODE_DISCONNECT_NAK 42
34: #define RADIUS_CODE_COA_REQUEST 43
35: #define RADIUS_CODE_COA_ACK 44
36: #define RADIUS_CODE_COA_NAK 45
37: #define RADIUS_CODE_STATUS_REQUEST 46
38: #define RADIUS_CODE_STATUS_ACCEPT 47
39: #define RADIUS_CODE_STATUS_REJECT 48
40:
41: /* Radius attributes */
42: #define RADIUS_ATTR_USER_NAME 1 /* string */
43: #define RADIUS_ATTR_USER_PASSWORD 2 /* string (encrypt) */
44: #define RADIUS_ATTR_CHAP_PASSWORD 3 /* octets */
45: #define RADIUS_ATTR_NAS_IP_ADDRESS 4 /* ipaddr */
46: #define RADIUS_ATTR_NAS_PORT 5 /* integer */
47: #define RADIUS_ATTR_SERVICE_TYPE 6 /* integer */
48: #define RADIUS_ATTR_FRAMED_PROTOCOL 7 /* integer */
49: #define RADIUS_ATTR_FRAMED_IP_ADDRESS 8 /* ipaddr */
50: #define RADIUS_ATTR_FRAMED_IP_NETMASK 9 /* ipaddr */
51: #define RADIUS_ATTR_FRAMED_ROUTING 10 /* integer */
52: #define RADIUS_ATTR_FILTER_ID 11 /* string */
53: #define RADIUS_ATTR_FRAMED_MTU 12 /* integer */
54: #define RADIUS_ATTR_FRAMED_COMPRESSION 13 /* integer */
55: #define RADIUS_ATTR_LOGIN_IP_HOST 14 /* ipaddr */
56: #define RADIUS_ATTR_LOGIN_SERVICE 15 /* integer */
57: #define RADIUS_ATTR_LOGIN_TCP_PORT 16 /* integer */
58: #define RADIUS_ATTR_REPLY_MESSAGE 18 /* string */
59: #define RADIUS_ATTR_CALLBACK_NUMBER 19 /* string */
60: #define RADIUS_ATTR_CALLBACK_ID 20 /* string */
61: #define RADIUS_ATTR_FRAMED_ROUTE 22 /* string */
62: #define RADIUS_ATTR_FRAMED_IPX_NETWORK 23 /* ipaddr */
63: #define RADIUS_ATTR_STATE 24 /* octets */
64: #define RADIUS_ATTR_CLASS 25 /* octets */
65: #define RADIUS_ATTR_VENDOR_SPECIFIC 26 /* octets */
66: #define RADIUS_ATTR_SESSION_TIMEOUT 27 /* integer */
67: #define RADIUS_ATTR_IDLE_TIMEOUT 28 /* integer */
68: #define RADIUS_ATTR_TERMINATION_ACTION 29 /* integer */
69: #define RADIUS_ATTR_CALLED_STATION_ID 30 /* string */
70: #define RADIUS_ATTR_CALLING_STATION_ID 31 /* string */
71: #define RADIUS_ATTR_NAS_IDENTIFIER 32 /* string */
72: #define RADIUS_ATTR_PROXY_STATE 33 /* octets */
73: #define RADIUS_ATTR_LOGIN_LAT_SERVICE 34 /* string */
74: #define RADIUS_ATTR_LOGIN_LAT_NODE 35 /* string */
75: #define RADIUS_ATTR_LOGIN_LAT_GROUP 36 /* octets */
76: #define RADIUS_ATTR_FRAMED_APPLETALK_LINK 37 /* integer */
77: #define RADIUS_ATTR_FRAMED_APPLETALK_NETWORK 38 /* integer */
78: #define RADIUS_ATTR_FRAMED_APPLETALK_ZONE 39 /* string */
79: #define RADIUS_ATTR_ACCT_STATUS_TYPE 40 /* integer */
80: #define RADIUS_ATTR_ACCT_DELAY_TIME 41 /* integer */
81: #define RADIUS_ATTR_ACCT_INPUT_OCTETS 42 /* integer */
82: #define RADIUS_ATTR_ACCT_OUTPUT_OCTETS 43 /* integer */
83: #define RADIUS_ATTR_ACCT_SESSION_ID 44 /* string */
84: #define RADIUS_ATTR_ACCT_AUTHENTIC 45 /* integer */
85: #define RADIUS_ATTR_ACCT_SESSION_TIME 46 /* integer */
86: #define RADIUS_ATTR_ACCT_INPUT_PACKETS 47 /* integer */
87: #define RADIUS_ATTR_ACCT_OUTPUT_PACKETS 48 /* integer */
88: #define RADIUS_ATTR_ACCT_TERMINATE_CAUSE 49 /* integer */
89: #define RADIUS_ATTR_ACCT_MULTI_SESSION_ID 50 /* string */
90: #define RADIUS_ATTR_ACCT_LINK_COUNT 51 /* integer */
91: #define RADIUS_ATTR_ACCT_INPUT_GIGAWORDS 52 /* integer */
92: #define RADIUS_ATTR_ACCT_OUTPUT_GIGAWORDS 53 /* integer */
93: #define RADIUS_ATTR_EVENT_TIMESTAMP 55 /* date */
94: #define RADIUS_ATTR_CHAP_CHALLENGE 60 /* string */
95: #define RADIUS_ATTR_NAS_PORT_TYPE 61 /* integer */
96: #define RADIUS_ATTR_PORT_LIMIT 62 /* integer */
97: #define RADIUS_ATTR_LOGIN_LAT_PORT 63 /* integer */
98: #define RADIUS_ATTR_ACCT_TUNNEL_CONNECTION 68 /* string */
99: #define RADIUS_ATTR_ARAP_PASSWORD 70 /* string */
100: #define RADIUS_ATTR_ARAP_FEATURES 71 /* string */
101: #define RADIUS_ATTR_ARAP_ZONE_ACCESS 72 /* integer */
102: #define RADIUS_ATTR_ARAP_SECURITY 73 /* integer */
103: #define RADIUS_ATTR_ARAP_SECURITY_DATA 74 /* string */
104: #define RADIUS_ATTR_PASSWORD_RETRY 75 /* integer */
105: #define RADIUS_ATTR_PROMPT 76 /* integer */
106: #define RADIUS_ATTR_CONNECT_INFO 77 /* string */
107: #define RADIUS_ATTR_CONFIGURATION_TOKEN 78 /* string */
108: #define RADIUS_ATTR_EAP_MESSAGE 79 /* string */
109: #define RADIUS_ATTR_MESSAGE_AUTHENTICATOR 80 /* octets */
110: #define RADIUS_ATTR_ARAP_CHALLENGE_RESPONSE 84 /* string # 10 octets */
111: #define RADIUS_ATTR_ACCT_INTERIM_INTERVAL 85 /* integer */
112: #define RADIUS_ATTR_NAS_PORT_ID 87 /* string */
113: #define RADIUS_ATTR_FRAMED_POOL 88 /* string */
114: #define RADIUS_ATTR_NAS_IPV6_ADDRESS 95 /* octets (IPv6) */
115: #define RADIUS_ATTR_FRAMED_INTERFACE_ID 96 /* octets # 8 octets */
116: #define RADIUS_ATTR_FRAMED_IPV6_PREFIX 97 /* octets ??? */
117: #define RADIUS_ATTR_LOGIN_IPV6_HOST 98 /* octets (IPv6) */
118: #define RADIUS_ATTR_FRAMED_IPV6_ROUTE 99 /* string */
119: #define RADIUS_ATTR_FRAMED_IPV6_POOL 100 /* string */
120: #define RADIUS_ATTR_DIGEST_RESPONSE 206 /* string */
121: #define RADIUS_ATTR_DIGEST_ATTRIBUTES 207 /* octets ??? */
122:
123:
124: #define RADIUS_VENDOR_MS 311
125: #define RADIUS_ATTR_MS_CHAP_RESPONSE 1
126: #define RADIUS_ATTR_MS_MPPE_ENCRYPTION_POLICY 7
127: #define RADIUS_ATTR_MS_MPPE_ENCRYPTION_TYPES 8
128: #define RADIUS_ATTR_MS_CHAP_CHALLENGE 11
129: #define RADIUS_ATTR_MS_CHAP_MPPE_KEYS 12
130: #define RADIUS_ATTR_MS_MPPE_SEND_KEY 16
131: #define RADIUS_ATTR_MS_MPPE_RECV_KEY 17
132: #define RADIUS_ATTR_MS_CHAP2_RESPONSE 25
133: #define RADIUS_ATTR_MS_CHAP2_SUCCESS 26
134:
135:
136: #define RADIUS_SERVICE_TYPE_LOGIN 1
137: #define RADIUS_SERVICE_TYPE_ADMIN_USER 6
138:
139: #define RADIUS_STATUS_TYPE_START 1
140: #define RADIUS_STATUS_TYPE_STOP 2
141: #define RADIUS_STATUS_TYPE_INTERIM_UPDATE 3
142: #define RADIUS_STATUS_TYPE_ACCOUNTING_ON 7
143: #define RADIUS_STATUS_TYPE_ACCOUNTING_OFF 8
144:
145: #define RADIUS_NAS_PORT_TYPE_VIRTUAL 5
146: #define RADIUS_NAS_PORT_TYPE_WIRELESS_802_11 19
147: #define RADIUS_NAS_PORT_TYPE_WIRELESS_UMTS 23
148:
149: #define RADIUS_TERMINATE_CAUSE_USER_REQUEST 1
150: #define RADIUS_TERMINATE_CAUSE_LOST_CARRIER 2
151: #define RADIUS_TERMINATE_CAUSE_LOST_SERVICE 3
152: #define RADIUS_TERMINATE_CAUSE_IDLE_TIMEOUT 4
153: #define RADIUS_TERMINATE_CAUSE_SESSION_TIMEOUT 5
154: #define RADIUS_TERMINATE_CAUSE_ADMIN_RESET 6
155: #define RADIUS_TERMINATE_CAUSE_ADMIN_REBOOT 7
156: #define RADIUS_TERMINATE_CAUSE_PORT_ERROR 8
157: #define RADIUS_TERMINATE_CAUSE_NAS_ERROR 9
158: #define RADIUS_TERMINATE_CAUSE_NAS_REQUEST 10
159: #define RADIUS_TERMINATE_CAUSE_NAS_REBOOT 11
160: #define RADIUS_TERMINATE_CAUSE_PORT_UNNEEDED 12
161: #define RADIUS_TERMINATE_CAUSE_PORT_PREEMPTED 13
162: #define RADIUS_TERMINATE_CAUSE_PORT_SUSPEND 14
163: #define RADIUS_TERMINATE_CAUSE_SERVICE_UNAVAILABLE 15
164: #define RADIUS_TERMINATE_CAUSE_CALLBACK 16
165: #define RADIUS_TERMINATE_CAUSE_USER_ERROR 17
166: #define RADIUS_TERMINATE_CAUSE_HOST_REQUEST 18
167:
168: #include "limits.h"
169:
170: struct radius_packet_t {
171: uint8_t code;
172: uint8_t id;
173: uint16_t length;
174: uint8_t authenticator[RADIUS_AUTHLEN];
175: uint8_t payload[RADIUS_PACKSIZE-RADIUS_HDRSIZE];
176: } __attribute__((packed));
177:
178:
179: struct radius_queue_t { /* Holder for queued packets */
180: int state; /* 0=empty, 1=full */
181: void *cbp; /* Pointer used for callbacks */
182: struct timeval timeout; /* When do we retransmit this packet? */
183: int retrans; /* How many times did we retransmit this? */
184: int lastsent; /* 0 or 1 indicates last server used */
185: struct sockaddr_in peer; /* Address packet was sent to / received from */
186: struct radius_packet_t p; /* The packet stored */
187: uint16_t seq; /* The sequence number */
188: uint8_t type; /* The type of packet */
189: size_t l; /* Length of the packet */
190: struct qmsg_t *seqnext; /* Pointer to next in sequence hash list */
191: int next; /* Pointer to the next in queue. -1: Last */
192: int prev; /* Pointer to the previous in queue. -1: First */
193: int this; /* Pointer to myself */
194: };
195:
196:
197: struct radius_t {
198: int fd; /* Socket file descriptor */
199: FILE *urandom_fp; /* /dev/urandom FILE pointer */
200: struct in_addr ouraddr; /* Address to listen to */
201: uint16_t ourport; /* Port to listen to */
202: int coanocheck; /* Accept coa from all IP addresses */
203: int lastreply; /* 0 or 1 indicates last server reply */
204: uint16_t authport; /* His port for authentication */
205: uint16_t acctport; /* His port for accounting */
206: struct in_addr hisaddr0; /* Server address */
207: struct in_addr hisaddr1; /* Server address */
208: char secret[RADIUS_SECRETSIZE];/* Shared secret */
209: size_t secretlen; /* Length of sharet secret */
210: int proxyfd; /* Proxy socket file descriptor */
211: struct in_addr proxylisten; /* Proxy address to listen to */
212: uint16_t proxyport; /* Proxy port to listen to */
213: struct in_addr proxyaddr; /* Proxy client address */
214: struct in_addr proxymask; /* Proxy client mask */
215: char proxysecret[RADIUS_SECRETSIZE]; /* Proxy secret */
216: size_t proxysecretlen; /* Length of sharet secret */
217: unsigned char nas_hwaddr[6]; /* Hardware address of NAS */
218:
219: int debug; /* Print debug messages */
220:
221: struct radius_queue_t queue[RADIUS_QUEUESIZE]; /* Outstanding replies */
222: uint8_t next; /* Next location in queue to use */
223: int first; /* First packet in queue (oldest timeout) */
224: int last; /* Last packet in queue (youngest timeout) */
225:
226: int listsize; /* Total number of addresses */
227: int hashsize; /* Size of hash table */
228: int hashlog; /* Log2 size of hash table */
229: int hashmask; /* Bitmask for calculating hash */
230: int (*cb_ind) (struct radius_t *radius, struct radius_packet_t *pack,
231: struct sockaddr_in *peer);
232: int (*cb_auth_conf) (struct radius_t *radius, struct radius_packet_t *pack,
233: struct radius_packet_t *pack_req, void *cbp);
234: int (*cb_acct_conf) (struct radius_t *radius, struct radius_packet_t *pack,
235: struct radius_packet_t *pack_req, void *cbp);
236: int (*cb_coa_ind) (struct radius_t *radius, struct radius_packet_t *pack,
237: struct sockaddr_in *peer);
238: };
239:
240: struct radiusm_t {
241: struct in_addr addr; /* IP address of this member */
242: int inuse; /* 0=available; 1= inuse */
243: struct RADIUSm_t *nexthash; /* Linked list part of hash table */
244: struct RADIUSm_t *prev, *next; /* Double linked list of available members */
245: struct RADIUS_t *parent; /* Pointer to parent */
246: void *peer; /* Pointer to peer protocol handler */
247: };
248:
249:
250: struct radius_attr_t {
251: uint8_t t;
252: uint8_t l;
253: union {
254: uint32_t i;
255: uint8_t t[RADIUS_ATTR_VLEN];
256: struct {
257: uint32_t i;
258: uint8_t t;
259: uint8_t l;
260: union {
261: uint32_t i;
262: uint8_t t[RADIUS_ATTR_VLEN-4];
263: } v;
264: } vv;
265: } v;
266: } __attribute__((packed));
267:
268:
269: /* Create new radius instance */
270: extern int radius_new(struct radius_t **this,
271: struct in_addr *listen, uint16_t port, int coanocheck,
272: struct in_addr *proxylisten, uint16_t proxyport,
273: struct in_addr *proxyaddr, struct in_addr *proxymask,
274: char* proxysecret);
275:
276: /* Delete existing radius instance */
277: extern int radius_free(struct radius_t *this);
278:
279: /* Set radius parameters which can later be changed */
280: extern void radius_set(struct radius_t *this,
281: unsigned char *hwaddr,
282: int debug);
283:
284: /* Callback function for received request */
285: extern int radius_set_cb_ind(struct radius_t *this,
286: int (*cb_ind) (struct radius_t *radius, struct radius_packet_t *pack,
287: struct sockaddr_in *peer));
288:
289: /* Callback function for response to access request */
290: extern int radius_set_cb_auth_conf(struct radius_t *this,
291: int (*cb_auth_conf) (struct radius_t *radius, struct radius_packet_t *pack,
292: struct radius_packet_t *pack_req, void *cbp));
293:
294: /* Callback function for response to accounting request */
295: extern int radius_set_cb_acct_conf(struct radius_t *this,
296: int (*cb_acct_conf) (struct radius_t *radius, struct radius_packet_t *pack,
297: struct radius_packet_t *pack_req, void *cbp));
298:
299: extern int radius_set_cb_coa_ind(struct radius_t *this,
300: int (*cb_coa_ind) (struct radius_t *radius, struct radius_packet_t *pack,
301: struct sockaddr_in *peer));
302:
303: /* Send of a request */
304: extern int radius_req(struct radius_t *this,
305: struct radius_packet_t *pack,
306: void *cbp);
307:
308: /* Send of a response */
309: extern int radius_resp(struct radius_t *this,
310: struct radius_packet_t *pack,
311: struct sockaddr_in *peer, uint8_t *req_auth);
312:
313: /* Send of a coa response */
314: extern int radius_coaresp(struct radius_t *this,
315: struct radius_packet_t *pack,
316: struct sockaddr_in *peer, uint8_t *req_auth);
317:
318: /* Process an incoming packet */
319: extern int radius_decaps(struct radius_t *this);
320:
321: /* Process an incoming packet */
322: extern int radius_proxy_ind(struct radius_t *this);
323:
324: /* Add an attribute to a packet */
325: extern int radius_addattr(struct radius_t *this, struct radius_packet_t *pack,
326: uint8_t type, uint32_t vendor_id, uint8_t vendor_type,
327: uint32_t value, uint8_t *data, uint16_t dlen);
328:
329: /* Generate a packet for use with radius_addattr() */
330: extern int radius_default_pack(struct radius_t *this,
331: struct radius_packet_t *pack,
332: int code);
333:
334: /* Extract an attribute from a packet */
335: extern int
336: radius_getnextattr(struct radius_packet_t *pack, struct radius_attr_t **attr,
337: uint8_t type, uint32_t vendor_id, uint8_t vendor_type,
338: int instance, size_t *roffset);
339: extern int
340: radius_getattr(struct radius_packet_t *pack, struct radius_attr_t **attr,
341: uint8_t type, uint32_t vendor_id, uint8_t vendor_type,
342: int instance);
343:
344:
345: /* Encode a password */
346: extern int
347: radius_pwencode(struct radius_t *this, uint8_t *dst, size_t dstsize,
348: size_t *dstlen, uint8_t *src, size_t srclen,
349: uint8_t *authenticator, char *secret, size_t secretlen);
350:
351:
352: /* Decode a password (also used for MSCHAPv1 MPPE keys) */
353: extern int
354: radius_pwdecode(struct radius_t *this, uint8_t *dst, size_t dstsize,
355: size_t *dstlen, uint8_t *src, size_t srclen,
356: uint8_t *authenticator, char *secret, size_t secretlen);
357:
358:
359: /* Decode MPPE key */
360: extern int
361: radius_keydecode(struct radius_t *this, uint8_t *dst, size_t dstsize,
362: size_t *dstlen, uint8_t *src, size_t srclen,
363: uint8_t *authenticator, char *secret, size_t secretlen);
364:
365: /* Encode MPPE key */
366: extern int
367: radius_keyencode(struct radius_t *this, uint8_t *dst, size_t dstsize,
368: size_t *dstlen, uint8_t *src, size_t srclen,
369: uint8_t *authenticator, char *secret, size_t secretlen);
370:
371:
372:
373: /* Call this function to process packets needing retransmission */
374: extern int radius_timeout(struct radius_t *this);
375:
376: /* Figure out when to call radius_calltimeout() */
377: extern int radius_timeleft(struct radius_t *this, struct timeval *timeout);
378:
379: extern void radius_addnasip(struct radius_t *radius, struct radius_packet_t *pack);
380: extern void radius_addcalledstation(struct radius_t *radius, struct radius_packet_t *pack);
381:
382: int radius_hmac_md5(struct radius_t *this, struct radius_packet_t *pack,
383: char *secret, int secretlen, uint8_t *dst);
384:
385: int chilliauth_radius(struct radius_t *radius);
386:
387: #endif /* !_RADIUS_H */
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to radius.h CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / coova-chilli / src