embedaddon/mpd/src/auth.h - diff

Return to auth.h CVS log

Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / mpd / src

Diff for /embedaddon/mpd/src/auth.h between versions 1.1.1.1 and 1.1.1.2

version 1.1.1.1, 2013/07/22 08:44:29	version 1.1.1.2, 2016/11/01 09:56:12
Line 28	Line 28
* DEFINITIONS	* DEFINITIONS
*/	*/

#define AUTH_RETRIES 5	#define AUTH_RETRIES 5

#define AUTH_MSG_WELCOME "Welcome"	#define AUTH_MSG_WELCOME "Welcome"
#define AUTH_MSG_INVALID "Login incorrect"	#define AUTH_MSG_INVALID "Login incorrect"
#define AUTH_MSG_BAD_PACKET "Incorrectly formatted packet"	#define AUTH_MSG_BAD_PACKET "Incorrectly formatted packet"
#define AUTH_MSG_NOT_ALLOWED "Login not allowed for this account"	#define AUTH_MSG_NOT_ALLOWED "Login not allowed for this account"
#define AUTH_MSG_NOT_EXPECTED "Unexpected packet"	#define AUTH_MSG_NOT_EXPECTED "Unexpected packet"
#define AUTH_MSG_ACCT_DISAB "Account disabled"	#define AUTH_MSG_ACCT_DISAB "Account disabled"
#define AUTH_MSG_RESTR_HOURS "Login hours restricted"	#define AUTH_MSG_RESTR_HOURS "Login hours restricted"

#define AUTH_PEER_TO_SELF 0	#define AUTH_PEER_TO_SELF 0
#define AUTH_SELF_TO_PEER 1	#define AUTH_SELF_TO_PEER 1

#define AUTH_FAIL_INVALID_LOGIN 0	#define AUTH_FAIL_INVALID_LOGIN 0
#define AUTH_FAIL_ACCT_DISABLED 1	#define AUTH_FAIL_ACCT_DISABLED 1
#define AUTH_FAIL_NO_PERMISSION 2	#define AUTH_FAIL_NO_PERMISSION 2
#define AUTH_FAIL_RESTRICTED_HOURS 3	#define AUTH_FAIL_RESTRICTED_HOURS 3
#define AUTH_FAIL_INVALID_PACKET 4	#define AUTH_FAIL_INVALID_PACKET 4
#define AUTH_FAIL_NOT_EXPECTED 5	#define AUTH_FAIL_NOT_EXPECTED 5

#define AUTH_STATUS_UNDEF 0
#define AUTH_STATUS_FAIL 1
#define AUTH_STATUS_SUCCESS 2
#define AUTH_STATUS_BUSY 3

#define AUTH_PW_HASH_NONE 0
#define AUTH_PW_HASH_NT 1

#define AUTH_ACCT_START 1
#define AUTH_ACCT_STOP 2
#define AUTH_ACCT_UPDATE 3

#define MPPE_POLICY_NONE 0
#define MPPE_POLICY_ALLOWED 1
#define MPPE_POLICY_REQUIRED 2

#define MPPE_TYPE_0BIT 0 /* No encryption required */	#define AUTH_STATUS_UNDEF 0
#define MPPE_TYPE_40BIT 2	#define AUTH_STATUS_FAIL 1
#define MPPE_TYPE_128BIT 4	#define AUTH_STATUS_SUCCESS 2
#define MPPE_TYPE_56BIT 8	#define AUTH_STATUS_BUSY 3

/* Configuration options */
enum {
AUTH_CONF_RADIUS_AUTH = 1,
AUTH_CONF_RADIUS_ACCT,
AUTH_CONF_INTERNAL,
AUTH_CONF_EXT_AUTH,
AUTH_CONF_EXT_ACCT,
AUTH_CONF_SYSTEM_AUTH,
AUTH_CONF_SYSTEM_ACCT,
AUTH_CONF_PAM_AUTH,
AUTH_CONF_PAM_ACCT,
AUTH_CONF_OPIE,
AUTH_CONF_ACCT_MANDATORY
};

	#define AUTH_PW_HASH_NONE 0
	#define AUTH_PW_HASH_NT 1

	#define AUTH_ACCT_START 1
	#define AUTH_ACCT_STOP 2
	#define AUTH_ACCT_UPDATE 3

	#define MPPE_POLICY_NONE 0
	#define MPPE_POLICY_ALLOWED 1
	#define MPPE_POLICY_REQUIRED 2

	#define MPPE_TYPE_0BIT 0 /* No encryption required */
	#define MPPE_TYPE_40BIT 2
	#define MPPE_TYPE_128BIT 4
	#define MPPE_TYPE_56BIT 8

	/* Configuration options */
	enum {
	AUTH_CONF_RADIUS_AUTH = 1,
	AUTH_CONF_RADIUS_ACCT,
	AUTH_CONF_INTERNAL,
	AUTH_CONF_EXT_AUTH,
	AUTH_CONF_EXT_ACCT,
	AUTH_CONF_SYSTEM_AUTH,
	AUTH_CONF_SYSTEM_ACCT,
	AUTH_CONF_PAM_AUTH,
	AUTH_CONF_PAM_ACCT,
	AUTH_CONF_OPIE,
	AUTH_CONF_ACCT_MANDATORY
	};

#if defined(USE_NG_BPF) \|\| defined(USE_IPFW)	#if defined(USE_NG_BPF) \|\| defined(USE_IPFW)
struct acl { /* List of ACLs received from auth */	struct acl { /* List of ACLs received from auth */
u_short number; /* ACL number given by auth server */	u_short number; /* ACL number given by auth server */
u_short real_number; /* ACL number allocated my mpd */	u_short real_number; /* ACL number allocated my mpd */
struct acl *next;	struct acl *next;
char name[ACL_NAME_LEN]; /* Name of ACL */	char name[ACL_NAME_LEN]; /* Name of ACL */
char rule[1]; /* Text of ACL (Dynamically sized!) */	char rule[1]; /* Text of ACL (Dynamically sized!) */
};	};

#endif	#endif

struct authparams {	struct authparams {
char authname[AUTH_MAX_AUTHNAME];	char authname[AUTH_MAX_AUTHNAME];
char password[AUTH_MAX_PASSWORD];	char password[AUTH_MAX_PASSWORD];

struct papparams pap;	struct papparams pap;
struct chapparams chap;	struct chapparams chap;

struct u_range range; /* IP range allowed to user */	struct u_range range; /* IP range allowed to user */
u_char range_valid; /* range is valid */	u_char range_valid; /* range is valid */
u_char netmask; /* IP Netmask */	u_char netmask; /* IP Netmask */
u_char vjc_enable; /* VJC requested by AAA */	u_char vjc_enable; /* VJC requested by AAA */

u_char ippool_used;	u_char ippool_used;
char ippool[LINK_MAX_NAME];	char ippool[LINK_MAX_NAME];

struct in_addr peer_dns[2]; /* DNS servers for peer to use */	struct in_addr peer_dns[2]; /* DNS servers for peer to use */
struct in_addr peer_nbns[2]; /* NBNS servers for peer to use */	struct in_addr peer_nbns[2]; /* NBNS servers for peer to use */

char eapmsg; / EAP Msg for forwarding to RADIUS server */	char eapmsg; / EAP Msg for forwarding to RADIUS
int eapmsg_len;	* server */
u_char state; / copy of the state attribute, needed for accounting */	int eapmsg_len;
int state_len;	u_char state; / copy of the state attribute, needed
u_char class; / copy of the class attribute, needed for accounting */	* for accounting */
int class_len;	int state_len;
	u_char class; / copy of the class attribute, needed
	* for accounting */
	int class_len;

char action[8 + LINK_MAX_NAME];	char filter_id; / RADIUS Framed-Filter-Id attribute */

	char action[8 + LINK_MAX_NAME];

#ifdef USE_IPFW	#ifdef USE_IPFW
struct acl acl_rule; / ipfw rules */	struct acl acl_rule; / ipfw rules */
struct acl acl_pipe; / ipfw pipes */	struct acl acl_pipe; / ipfw pipes */
struct acl acl_queue; / ipfw queues */	struct acl acl_queue; / ipfw queues */
struct acl acl_table; / ipfw tables */	struct acl acl_table; / ipfw tables */
#endif	#endif

#ifdef USE_NG_BPF	#ifdef USE_NG_BPF
struct acl acl_filters[ACL_FILTERS]; / mpd's internal bpf filters */	struct acl acl_filters[ACL_FILTERS]; / mpd's internal bpf filters */
struct acl acl_limits[ACL_DIRS]; / traffic limits based on mpd's filters */	struct acl acl_limits[ACL_DIRS]; / traffic limits based on
	* mpd's filters */

char std_acct[ACL_DIRS][ACL_NAME_LEN]; /* Names of ACL rerurned in standard accounting */	char std_acct[ACL_DIRS][ACL_NAME_LEN]; /* Names of ACL rerurned
	* in standard
	* accounting */
#endif	#endif

u_int session_timeout; /* Session-Timeout */
u_int idle_timeout; /* Idle-Timeout */
u_int acct_update; /* interval for accouting updates */
u_int acct_update_lim_recv;
u_int acct_update_lim_xmit;
char msdomain; / Microsoft domain */
SLIST_HEAD(, ifaceroute) routes;
u_short mtu; /* MTU */

u_char authentic; /* wich backend was used */	u_int session_timeout; /* Session-Timeout */
	u_int idle_timeout; /* Idle-Timeout */
	u_int acct_update; /* interval for accouting updates */
	u_int acct_update_lim_recv;
	u_int acct_update_lim_xmit;
	char msdomain; / Microsoft domain */
	SLIST_HEAD (, ifaceroute) routes;
	u_short mtu; /* MTU */

char callingnum[128];/* hr representation of the calling number */	u_char authentic; /* wich backend was used */
char callednum[128]; /* hr representation of the called number */
char selfname[64]; /* hr representation of the self name */
char peername[64]; /* hr representation of the peer name */
char selfaddr[64]; /* hr representation of the self address */
char peeraddr[64]; /* hr representation of the peer address */
char peerport[6]; /* hr representation of the peer port */
char peermacaddr[32]; /* hr representation of the peer MAC address */
char peeriface[IFNAMSIZ]; /* hr representation of the peer interface */

/* Iface stuff */	char callingnum[128]; /* hr representation of the calling
char ifname[IFNAMSIZ]; /* Interface name */	* number */
	char callednum[128]; /* hr representation of the called
	* number */
	char selfname[64]; /* hr representation of the self name */
	char peername[64]; /* hr representation of the peer name */
	char selfaddr[64]; /* hr representation of the self
	* address */
	char peeraddr[64]; /* hr representation of the peer
	* address */
	char peerport[6]; /* hr representation of the peer port */
	char peermacaddr[32]; /* hr representation of the peer MAC
	* address */
	char peeriface[IFNAMSIZ]; /* hr representation of the peer
	* interface */

	/* Iface stuff */
	char ifname[IFNAMSIZ]; /* Interface name */
#ifdef SIOCSIFDESCR	#ifdef SIOCSIFDESCR
char ifdescr; / Interface description */	char ifdescr; / Interface description */
#endif	#endif
#ifdef SIOCAIFGROUP	#ifdef SIOCAIFGROUP
char ifgroup[IFNAMSIZ]; /* Interface group */	char ifgroup[IFNAMSIZ]; /* Interface group */
#endif	#endif

struct {	struct {
int policy; /* MPPE_POLICY_* */	int policy; /* MPPE_POLICY_* */
int types; /* MPPE_TYPE_BIT bitmask /	int types; /* MPPE_TYPE_BIT bitmask /
u_char lm_hash[16]; /* LM-Hash */	u_char lm_hash[16]; /* LM-Hash */
u_char nt_hash[16]; /* NT-Hash */	u_char nt_hash[16]; /* NT-Hash */
u_char nt_hash_hash[16]; /* NT-Hash-Hash */	u_char nt_hash_hash[16]; /* NT-Hash-Hash */
u_char has_lm_hash;	u_char has_lm_hash;
u_char has_nt_hash;	u_char has_nt_hash;
u_char has_keys;	u_char has_keys;

u_char chap_alg; /* Callers's CHAP algorithm */	u_char chap_alg; /* Callers's CHAP algorithm */

u_char msChal[CHAP_MSOFTv2_CHAL_LEN]; /* MSOFT challng */	u_char msChal[CHAP_MSOFTv2_CHAL_LEN]; /* MSOFT challng */
u_char ntResp[CHAP_MSOFTv2_RESP_LEN]; /* MSOFT response */	u_char ntResp[CHAP_MSOFTv2_RESP_LEN]; /* MSOFT response */

#ifdef CCP_MPPC	#ifdef CCP_MPPC
/* Keys when using MS-CHAPv2 or EAP */	/* Keys when using MS-CHAPv2 or EAP */
u_char xmit_key[MPPE_KEY_LEN]; /* xmit start key */	u_char xmit_key[MPPE_KEY_LEN]; /* xmit start key */
u_char recv_key[MPPE_KEY_LEN]; /* recv start key */	u_char recv_key[MPPE_KEY_LEN]; /* recv start key */
#endif	#endif
} msoft;	} msoft;
};	};

struct authconf {	struct authconf {
struct radiusconf radius; /* RADIUS configuration */	struct radiusconf radius; /* RADIUS configuration */
char authname[AUTH_MAX_AUTHNAME]; /* Configured username */	char authname[AUTH_MAX_AUTHNAME]; /* Configured username */
char password[AUTH_MAX_PASSWORD]; /* Configured password */	char password[AUTH_MAX_PASSWORD]; /* Configured password */
u_int acct_update;	u_int acct_update;
u_int acct_update_lim_recv;	u_int acct_update_lim_recv;
u_int acct_update_lim_xmit;	u_int acct_update_lim_xmit;
int timeout; /* Authorization timeout in seconds */	int timeout; /* Authorization timeout in seconds */
struct optinfo options; /* Configured options */	struct optinfo options; /* Configured options */
char extauth_script;/ External auth script */	char extauth_script; / External auth script */
char extacct_script;/ External acct script */	char extacct_script; / External acct script */
char ippool[LINK_MAX_NAME];	char ippool[LINK_MAX_NAME];
};	};
typedef struct authconf *AuthConf;	typedef struct authconf *AuthConf;

/* State of authorization process during authorization phase,	/*
* contains params set by the auth-backend */	* State of authorization process during authorization phase, contains
struct auth {	* params set by the auth-backend
u_short peer_to_self; /* What I need from peer */	*/
u_short self_to_peer; /* What peer needs from me */	struct auth {
u_char peer_to_self_alg; /* What alg I need from peer */	u_short peer_to_self; /* What I need from peer */
u_char self_to_peer_alg; /* What alg peer needs from me */	u_short self_to_peer; /* What peer needs from me */
struct pppTimer timer; /* Max time to spend doing auth */	u_char peer_to_self_alg; /* What alg I need from peer */
struct pppTimer acct_timer; /* Timer for accounting updates */	u_char self_to_peer_alg; /* What alg peer needs from me */
struct papinfo pap; /* PAP state */	struct pppTimer timer; /* Max time to spend doing auth */
struct chapinfo chap; /* CHAP state */	struct pppTimer acct_timer; /* Timer for accounting updates */
struct eapinfo eap; /* EAP state */	struct papinfo pap; /* PAP state */
struct paction thread; / async auth thread */	struct chapinfo chap; /* CHAP state */
struct paction acct_thread; / async accounting auth thread */	struct eapinfo eap; /* EAP state */
struct authconf conf; /* Auth backends, RADIUS, etc. */	struct paction thread; / async auth thread */
struct authparams params; /* params to pass to from auth backend */	struct paction acct_thread; / async accounting auth thread */
struct ng_ppp_link_stat64 prev_stats; /* Previous link statistics */	struct authconf conf; /* Auth backends, RADIUS, etc. */
};	struct authparams params; /* params to pass to from auth backend */
typedef struct auth *Auth;	struct ng_ppp_link_stat64 prev_stats; /* Previous link statistics */
	};
	typedef struct auth *Auth;

struct radiusconf radius; /* RADIUS configuration */	struct radiusconf radius; /* RADIUS configuration */
/* Interface between the auth-backend (secret file, RADIUS, etc.)
* and Mpd's internal structs.	/*
*/	* Interface between the auth-backend (secret file, RADIUS, etc.) and Mpd's
struct authdata {	* internal structs.
struct authconf conf; /* a copy of bundle's authconf */	*/
u_short proto; /* wich proto are we using, PAP, CHAP, ... */	struct authdata {
u_char alg; /* proto specific algoruthm */	struct authconf conf; /* a copy of bundle's authconf */
u_int id; /* Actual, packet id */	u_short proto; /* wich proto are we using, PAP, CHAP,
u_int code; /* Proto specific code */	* ... */
u_char acct_type; /* Accounting type, Start, Stop, Update */	u_char alg; /* proto specific algoruthm */
u_char eap_radius;	u_int id; /* Actual, packet id */
u_char status;	u_int code; /* Proto specific code */
u_char why_fail;	u_char acct_type; /* Accounting type, Start, Stop,
char reply_message; / Text wich may displayed to the user */	* Update */
char mschap_error; / MSCHAP Error Message */	u_char eap_radius;
char mschapv2resp; / Response String for MSCHAPv2 */	u_char status;
void (finish)(Link l, struct authdata auth); /* Finish handler */	u_char why_fail;
int drop_user; /* RAD_MPD_DROP_USER value sent by RADIUS server */	char reply_message; / Text wich may displayed to the user */
struct {	char mschap_error; / MSCHAP Error Message */
struct rad_handle handle; / the RADIUS handle */	char mschapv2resp; / Response String for MSCHAPv2 */
} radius;	void (finish) (Link l, struct authdata auth); /* Finish handler */
	int drop_user; /* RAD_MPD_DROP_USER value sent by
	* RADIUS server */
	struct {
	struct rad_handle handle; / the RADIUS handle */
	} radius;
#ifdef USE_OPIE	#ifdef USE_OPIE
struct {	struct {
struct opie data;	struct opie data;
} opie;	} opie;
#endif	#endif
struct { /* informational (read-only) data needed for e.g. accouting */	struct { /* informational (read-only) data
char msession_id[AUTH_MAX_SESSIONID]; /* multi-session-id */	* needed for e.g. accouting */
char session_id[AUTH_MAX_SESSIONID]; /* session-id */	char msession_id[AUTH_MAX_SESSIONID]; /* multi-session-id */
char ifname[IFNAMSIZ]; /* interface name */	char session_id[AUTH_MAX_SESSIONID]; /* session-id */
uint ifindex; /* System interface index */	char ifname[IFNAMSIZ]; /* interface name */
char bundname[LINK_MAX_NAME];/* name of the bundle */	uint ifindex; /* System interface index */
char lnkname[LINK_MAX_NAME]; /* name of the link */	char bundname[LINK_MAX_NAME]; /* name of the bundle */
struct ng_ppp_link_stat64 stats; /* Current link statistics */	char lnkname[LINK_MAX_NAME]; /* name of the link */
	struct ng_ppp_link_stat64 stats; /* Current link
	* statistics */
#ifdef USE_NG_BPF	#ifdef USE_NG_BPF
struct svcstat ss;	struct svcstat ss;
#endif	#endif
char downReason; / Reason for link going down */	char downReason; / Reason for link going down */
time_t last_up; /* Time this link last got up */	time_t last_up; /* Time this link last got up */
PhysType phys_type; /* Device type descriptor */	PhysType phys_type; /* Device type descriptor */
int linkID; /* Absolute link number */	int linkID; /* Absolute link number */
char peer_ident[64]; /* LCP ident received from peer */	char peer_ident[64]; /* LCP ident received from peer */
struct in_addr peer_addr; /* currently assigned IP-Address of the client */	struct in_addr peer_addr; /* currently assigned
short n_links; /* number of links in the bundle */	* IP-Address of the client */
u_char originate; /* Who originated the connection */	struct in6_addr peer_addr6; /* currently assigned
} info;	* IPv6-Address of the client */
struct authparams params; /* params to pass to from auth backend */	short n_links; /* number of links in the bundle */
};	u_char originate; /* Who originated the connection */
typedef struct authdata *AuthData;	} info;
	struct authparams params; /* params to pass to from auth backend */
extern const struct cmdtab AuthSetCmds[];	};
	typedef struct authdata *AuthData;

	extern const struct cmdtab AuthSetCmds[];

/*	/*
* GLOBAL VARIABLES	* GLOBAL VARIABLES
*/	*/
extern const u_char gMsoftZeros[32];	extern const u_char gMsoftZeros[32];
extern int gMaxLogins; /* max number of concurrent logins per user */	extern int gMaxLogins; /* max number of concurrent logins per
extern int gMaxLoginsCI;	* user */
	extern int gMaxLoginsCI;

/*	/*
* FUNCTIONS	* FUNCTIONS
*/	*/

extern void AuthInit(Link l);	extern void AuthInit(Link l);
extern void AuthInst(Auth auth, Auth autht);	extern void AuthInst(Auth auth, Auth autht);
extern void AuthShutdown(Link l);	extern void AuthShutdown(Link l);
extern void AuthStart(Link l);	extern void AuthStart(Link l);
extern void AuthStop(Link l);	extern void AuthStop(Link l);
extern void AuthInput(Link l, int proto, Mbuf bp);	extern void AuthInput(Link l, int proto, Mbuf bp);
extern void AuthOutput(Link l, int proto, u_int code, u_int id,	extern void
const u_char *ptr, int len, int add_len,	AuthOutput(Link l, int proto, u_int code, u_int id,
u_char eap_type);	const u_char *ptr, int len, int add_len,
extern void AuthFinish(Link l, int which, int ok);	u_char eap_type);
extern void AuthCleanup(Link l);	extern void AuthFinish(Link l, int which, int ok);
extern int AuthStat(Context ctx, int ac, char av[], void arg);	extern void AuthCleanup(Link l);
extern void AuthAccountStart(Link l, int type);	extern int AuthStat(Context ctx, int ac, char av[], void arg);
extern void AuthAccountTimeout(void *arg);	extern void AuthAccountStart(Link l, int type);
extern AuthData AuthDataNew(Link l);	extern void AuthAccountTimeout(void *arg);
extern void AuthDataDestroy(AuthData auth);	extern AuthData AuthDataNew(Link l);
extern int AuthGetData(char authname, char password, size_t passlen,	extern void AuthDataDestroy(AuthData auth);
struct u_range range, u_char range_valid);	extern int
extern void AuthAsyncStart(Link l, AuthData auth);	AuthGetData(char authname, char password, size_t passlen,
extern const char AuthFailMsg(AuthData auth, char buf, size_t len);	struct u_range range, u_char range_valid);
extern const char *AuthStatusText(int status);	extern void AuthAsyncStart(Link l, AuthData auth);
extern const char *AuthMPPEPolicyname(int policy);	extern const char AuthFailMsg(AuthData auth, char buf, size_t len);
extern const char AuthMPPETypesname(int types, char buf, size_t len);	extern const char *AuthStatusText(int status);
	extern const char *AuthMPPEPolicyname(int policy);
	extern const char AuthMPPETypesname(int types, char buf, size_t len);

#if defined(USE_NG_BPF) \|\| defined(USE_IPFW)	#if defined(USE_NG_BPF) \|\| defined(USE_IPFW)
extern void ACLCopy(struct acl src, struct acl *dst);	extern void ACLCopy(struct acl src, struct acl *dst);
extern void ACLDestroy(struct acl *acl);	extern void ACLDestroy(struct acl *acl);

#endif	#endif
extern void authparamsInit(struct authparams *ap);	extern void authparamsInit(struct authparams *ap);
extern void authparamsCopy(struct authparams src, struct authparams dst);	extern void authparamsCopy(struct authparams src, struct authparams dst);
extern void authparamsMove(struct authparams src, struct authparams dst);	extern void authparamsMove(struct authparams src, struct authparams dst);
extern void authparamsDestroy(struct authparams *ap);	extern void authparamsDestroy(struct authparams *ap);

#endif	#endif

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>

Removed from v.1.1.1.1
changed lines
	Added in v.1.1.1.2