--- embedaddon/mpd/src/auth.h 2013/07/22 08:44:29 1.1.1.1 +++ embedaddon/mpd/src/auth.h 2016/11/01 09:56:12 1.1.1.2 @@ -28,296 +28,327 @@ * DEFINITIONS */ - #define AUTH_RETRIES 5 +#define AUTH_RETRIES 5 - #define AUTH_MSG_WELCOME "Welcome" - #define AUTH_MSG_INVALID "Login incorrect" - #define AUTH_MSG_BAD_PACKET "Incorrectly formatted packet" - #define AUTH_MSG_NOT_ALLOWED "Login not allowed for this account" - #define AUTH_MSG_NOT_EXPECTED "Unexpected packet" - #define AUTH_MSG_ACCT_DISAB "Account disabled" - #define AUTH_MSG_RESTR_HOURS "Login hours restricted" +#define AUTH_MSG_WELCOME "Welcome" +#define AUTH_MSG_INVALID "Login incorrect" +#define AUTH_MSG_BAD_PACKET "Incorrectly formatted packet" +#define AUTH_MSG_NOT_ALLOWED "Login not allowed for this account" +#define AUTH_MSG_NOT_EXPECTED "Unexpected packet" +#define AUTH_MSG_ACCT_DISAB "Account disabled" +#define AUTH_MSG_RESTR_HOURS "Login hours restricted" - #define AUTH_PEER_TO_SELF 0 - #define AUTH_SELF_TO_PEER 1 +#define AUTH_PEER_TO_SELF 0 +#define AUTH_SELF_TO_PEER 1 - #define AUTH_FAIL_INVALID_LOGIN 0 - #define AUTH_FAIL_ACCT_DISABLED 1 - #define AUTH_FAIL_NO_PERMISSION 2 - #define AUTH_FAIL_RESTRICTED_HOURS 3 - #define AUTH_FAIL_INVALID_PACKET 4 - #define AUTH_FAIL_NOT_EXPECTED 5 - - #define AUTH_STATUS_UNDEF 0 - #define AUTH_STATUS_FAIL 1 - #define AUTH_STATUS_SUCCESS 2 - #define AUTH_STATUS_BUSY 3 - - #define AUTH_PW_HASH_NONE 0 - #define AUTH_PW_HASH_NT 1 - - #define AUTH_ACCT_START 1 - #define AUTH_ACCT_STOP 2 - #define AUTH_ACCT_UPDATE 3 - - #define MPPE_POLICY_NONE 0 - #define MPPE_POLICY_ALLOWED 1 - #define MPPE_POLICY_REQUIRED 2 +#define AUTH_FAIL_INVALID_LOGIN 0 +#define AUTH_FAIL_ACCT_DISABLED 1 +#define AUTH_FAIL_NO_PERMISSION 2 +#define AUTH_FAIL_RESTRICTED_HOURS 3 +#define AUTH_FAIL_INVALID_PACKET 4 +#define AUTH_FAIL_NOT_EXPECTED 5 - #define MPPE_TYPE_0BIT 0 /* No encryption required */ - #define MPPE_TYPE_40BIT 2 - #define MPPE_TYPE_128BIT 4 - #define MPPE_TYPE_56BIT 8 - - /* Configuration options */ - enum { - AUTH_CONF_RADIUS_AUTH = 1, - AUTH_CONF_RADIUS_ACCT, - AUTH_CONF_INTERNAL, - AUTH_CONF_EXT_AUTH, - AUTH_CONF_EXT_ACCT, - AUTH_CONF_SYSTEM_AUTH, - AUTH_CONF_SYSTEM_ACCT, - AUTH_CONF_PAM_AUTH, - AUTH_CONF_PAM_ACCT, - AUTH_CONF_OPIE, - AUTH_CONF_ACCT_MANDATORY - }; +#define AUTH_STATUS_UNDEF 0 +#define AUTH_STATUS_FAIL 1 +#define AUTH_STATUS_SUCCESS 2 +#define AUTH_STATUS_BUSY 3 +#define AUTH_PW_HASH_NONE 0 +#define AUTH_PW_HASH_NT 1 + +#define AUTH_ACCT_START 1 +#define AUTH_ACCT_STOP 2 +#define AUTH_ACCT_UPDATE 3 + +#define MPPE_POLICY_NONE 0 +#define MPPE_POLICY_ALLOWED 1 +#define MPPE_POLICY_REQUIRED 2 + +#define MPPE_TYPE_0BIT 0 /* No encryption required */ +#define MPPE_TYPE_40BIT 2 +#define MPPE_TYPE_128BIT 4 +#define MPPE_TYPE_56BIT 8 + + /* Configuration options */ +enum { + AUTH_CONF_RADIUS_AUTH = 1, + AUTH_CONF_RADIUS_ACCT, + AUTH_CONF_INTERNAL, + AUTH_CONF_EXT_AUTH, + AUTH_CONF_EXT_ACCT, + AUTH_CONF_SYSTEM_AUTH, + AUTH_CONF_SYSTEM_ACCT, + AUTH_CONF_PAM_AUTH, + AUTH_CONF_PAM_ACCT, + AUTH_CONF_OPIE, + AUTH_CONF_ACCT_MANDATORY +}; + #if defined(USE_NG_BPF) || defined(USE_IPFW) - struct acl { /* List of ACLs received from auth */ - u_short number; /* ACL number given by auth server */ - u_short real_number; /* ACL number allocated my mpd */ - struct acl *next; - char name[ACL_NAME_LEN]; /* Name of ACL */ - char rule[1]; /* Text of ACL (Dynamically sized!) */ - }; +struct acl { /* List of ACLs received from auth */ + u_short number; /* ACL number given by auth server */ + u_short real_number; /* ACL number allocated my mpd */ + struct acl *next; + char name[ACL_NAME_LEN]; /* Name of ACL */ + char rule[1]; /* Text of ACL (Dynamically sized!) */ +}; + #endif - struct authparams { - char authname[AUTH_MAX_AUTHNAME]; - char password[AUTH_MAX_PASSWORD]; +struct authparams { + char authname[AUTH_MAX_AUTHNAME]; + char password[AUTH_MAX_PASSWORD]; - struct papparams pap; - struct chapparams chap; + struct papparams pap; + struct chapparams chap; - struct u_range range; /* IP range allowed to user */ - u_char range_valid; /* range is valid */ - u_char netmask; /* IP Netmask */ - u_char vjc_enable; /* VJC requested by AAA */ + struct u_range range; /* IP range allowed to user */ + u_char range_valid; /* range is valid */ + u_char netmask; /* IP Netmask */ + u_char vjc_enable; /* VJC requested by AAA */ - u_char ippool_used; - char ippool[LINK_MAX_NAME]; + u_char ippool_used; + char ippool[LINK_MAX_NAME]; - struct in_addr peer_dns[2]; /* DNS servers for peer to use */ - struct in_addr peer_nbns[2]; /* NBNS servers for peer to use */ + struct in_addr peer_dns[2]; /* DNS servers for peer to use */ + struct in_addr peer_nbns[2]; /* NBNS servers for peer to use */ - char *eapmsg; /* EAP Msg for forwarding to RADIUS server */ - int eapmsg_len; - u_char *state; /* copy of the state attribute, needed for accounting */ - int state_len; - u_char *class; /* copy of the class attribute, needed for accounting */ - int class_len; + char *eapmsg; /* EAP Msg for forwarding to RADIUS + * server */ + int eapmsg_len; + u_char *state; /* copy of the state attribute, needed + * for accounting */ + int state_len; + u_char *class; /* copy of the class attribute, needed + * for accounting */ + int class_len; - char action[8 + LINK_MAX_NAME]; + char *filter_id; /* RADIUS Framed-Filter-Id attribute */ + char action[8 + LINK_MAX_NAME]; + #ifdef USE_IPFW - struct acl *acl_rule; /* ipfw rules */ - struct acl *acl_pipe; /* ipfw pipes */ - struct acl *acl_queue; /* ipfw queues */ - struct acl *acl_table; /* ipfw tables */ + struct acl *acl_rule; /* ipfw rules */ + struct acl *acl_pipe; /* ipfw pipes */ + struct acl *acl_queue; /* ipfw queues */ + struct acl *acl_table; /* ipfw tables */ #endif #ifdef USE_NG_BPF - struct acl *acl_filters[ACL_FILTERS]; /* mpd's internal bpf filters */ - struct acl *acl_limits[ACL_DIRS]; /* traffic limits based on mpd's filters */ + struct acl *acl_filters[ACL_FILTERS]; /* mpd's internal bpf filters */ + struct acl *acl_limits[ACL_DIRS]; /* traffic limits based on + * mpd's filters */ - char std_acct[ACL_DIRS][ACL_NAME_LEN]; /* Names of ACL rerurned in standard accounting */ + char std_acct[ACL_DIRS][ACL_NAME_LEN]; /* Names of ACL rerurned + * in standard + * accounting */ #endif - - u_int session_timeout; /* Session-Timeout */ - u_int idle_timeout; /* Idle-Timeout */ - u_int acct_update; /* interval for accouting updates */ - u_int acct_update_lim_recv; - u_int acct_update_lim_xmit; - char *msdomain; /* Microsoft domain */ - SLIST_HEAD(, ifaceroute) routes; - u_short mtu; /* MTU */ - u_char authentic; /* wich backend was used */ + u_int session_timeout; /* Session-Timeout */ + u_int idle_timeout; /* Idle-Timeout */ + u_int acct_update; /* interval for accouting updates */ + u_int acct_update_lim_recv; + u_int acct_update_lim_xmit; + char *msdomain; /* Microsoft domain */ + SLIST_HEAD (, ifaceroute) routes; + u_short mtu; /* MTU */ - char callingnum[128];/* hr representation of the calling number */ - char callednum[128]; /* hr representation of the called number */ - char selfname[64]; /* hr representation of the self name */ - char peername[64]; /* hr representation of the peer name */ - char selfaddr[64]; /* hr representation of the self address */ - char peeraddr[64]; /* hr representation of the peer address */ - char peerport[6]; /* hr representation of the peer port */ - char peermacaddr[32]; /* hr representation of the peer MAC address */ - char peeriface[IFNAMSIZ]; /* hr representation of the peer interface */ + u_char authentic; /* wich backend was used */ - /* Iface stuff */ - char ifname[IFNAMSIZ]; /* Interface name */ + char callingnum[128]; /* hr representation of the calling + * number */ + char callednum[128]; /* hr representation of the called + * number */ + char selfname[64]; /* hr representation of the self name */ + char peername[64]; /* hr representation of the peer name */ + char selfaddr[64]; /* hr representation of the self + * address */ + char peeraddr[64]; /* hr representation of the peer + * address */ + char peerport[6]; /* hr representation of the peer port */ + char peermacaddr[32]; /* hr representation of the peer MAC + * address */ + char peeriface[IFNAMSIZ]; /* hr representation of the peer + * interface */ + + /* Iface stuff */ + char ifname[IFNAMSIZ]; /* Interface name */ #ifdef SIOCSIFDESCR - char *ifdescr; /* Interface description */ + char *ifdescr; /* Interface description */ #endif #ifdef SIOCAIFGROUP - char ifgroup[IFNAMSIZ]; /* Interface group */ + char ifgroup[IFNAMSIZ]; /* Interface group */ #endif - struct { - int policy; /* MPPE_POLICY_* */ - int types; /* MPPE_TYPE_*BIT bitmask */ - u_char lm_hash[16]; /* LM-Hash */ - u_char nt_hash[16]; /* NT-Hash */ - u_char nt_hash_hash[16]; /* NT-Hash-Hash */ - u_char has_lm_hash; - u_char has_nt_hash; - u_char has_keys; + struct { + int policy; /* MPPE_POLICY_* */ + int types; /* MPPE_TYPE_*BIT bitmask */ + u_char lm_hash[16]; /* LM-Hash */ + u_char nt_hash[16]; /* NT-Hash */ + u_char nt_hash_hash[16]; /* NT-Hash-Hash */ + u_char has_lm_hash; + u_char has_nt_hash; + u_char has_keys; - u_char chap_alg; /* Callers's CHAP algorithm */ + u_char chap_alg; /* Callers's CHAP algorithm */ - u_char msChal[CHAP_MSOFTv2_CHAL_LEN]; /* MSOFT challng */ - u_char ntResp[CHAP_MSOFTv2_RESP_LEN]; /* MSOFT response */ + u_char msChal[CHAP_MSOFTv2_CHAL_LEN]; /* MSOFT challng */ + u_char ntResp[CHAP_MSOFTv2_RESP_LEN]; /* MSOFT response */ #ifdef CCP_MPPC - /* Keys when using MS-CHAPv2 or EAP */ - u_char xmit_key[MPPE_KEY_LEN]; /* xmit start key */ - u_char recv_key[MPPE_KEY_LEN]; /* recv start key */ + /* Keys when using MS-CHAPv2 or EAP */ + u_char xmit_key[MPPE_KEY_LEN]; /* xmit start key */ + u_char recv_key[MPPE_KEY_LEN]; /* recv start key */ #endif - } msoft; - }; + } msoft; +}; - struct authconf { - struct radiusconf radius; /* RADIUS configuration */ - char authname[AUTH_MAX_AUTHNAME]; /* Configured username */ - char password[AUTH_MAX_PASSWORD]; /* Configured password */ - u_int acct_update; - u_int acct_update_lim_recv; - u_int acct_update_lim_xmit; - int timeout; /* Authorization timeout in seconds */ - struct optinfo options; /* Configured options */ - char *extauth_script;/* External auth script */ - char *extacct_script;/* External acct script */ - char ippool[LINK_MAX_NAME]; - }; - typedef struct authconf *AuthConf; +struct authconf { + struct radiusconf radius; /* RADIUS configuration */ + char authname[AUTH_MAX_AUTHNAME]; /* Configured username */ + char password[AUTH_MAX_PASSWORD]; /* Configured password */ + u_int acct_update; + u_int acct_update_lim_recv; + u_int acct_update_lim_xmit; + int timeout; /* Authorization timeout in seconds */ + struct optinfo options; /* Configured options */ + char *extauth_script; /* External auth script */ + char *extacct_script; /* External acct script */ + char ippool[LINK_MAX_NAME]; +}; +typedef struct authconf *AuthConf; - /* State of authorization process during authorization phase, - * contains params set by the auth-backend */ - struct auth { - u_short peer_to_self; /* What I need from peer */ - u_short self_to_peer; /* What peer needs from me */ - u_char peer_to_self_alg; /* What alg I need from peer */ - u_char self_to_peer_alg; /* What alg peer needs from me */ - struct pppTimer timer; /* Max time to spend doing auth */ - struct pppTimer acct_timer; /* Timer for accounting updates */ - struct papinfo pap; /* PAP state */ - struct chapinfo chap; /* CHAP state */ - struct eapinfo eap; /* EAP state */ - struct paction *thread; /* async auth thread */ - struct paction *acct_thread; /* async accounting auth thread */ - struct authconf conf; /* Auth backends, RADIUS, etc. */ - struct authparams params; /* params to pass to from auth backend */ - struct ng_ppp_link_stat64 prev_stats; /* Previous link statistics */ - }; - typedef struct auth *Auth; + /* + * State of authorization process during authorization phase, contains + * params set by the auth-backend + */ +struct auth { + u_short peer_to_self; /* What I need from peer */ + u_short self_to_peer; /* What peer needs from me */ + u_char peer_to_self_alg; /* What alg I need from peer */ + u_char self_to_peer_alg; /* What alg peer needs from me */ + struct pppTimer timer; /* Max time to spend doing auth */ + struct pppTimer acct_timer; /* Timer for accounting updates */ + struct papinfo pap; /* PAP state */ + struct chapinfo chap; /* CHAP state */ + struct eapinfo eap; /* EAP state */ + struct paction *thread; /* async auth thread */ + struct paction *acct_thread; /* async accounting auth thread */ + struct authconf conf; /* Auth backends, RADIUS, etc. */ + struct authparams params; /* params to pass to from auth backend */ + struct ng_ppp_link_stat64 prev_stats; /* Previous link statistics */ +}; +typedef struct auth *Auth; - struct radiusconf radius; /* RADIUS configuration */ - /* Interface between the auth-backend (secret file, RADIUS, etc.) - * and Mpd's internal structs. - */ - struct authdata { - struct authconf conf; /* a copy of bundle's authconf */ - u_short proto; /* wich proto are we using, PAP, CHAP, ... */ - u_char alg; /* proto specific algoruthm */ - u_int id; /* Actual, packet id */ - u_int code; /* Proto specific code */ - u_char acct_type; /* Accounting type, Start, Stop, Update */ - u_char eap_radius; - u_char status; - u_char why_fail; - char *reply_message; /* Text wich may displayed to the user */ - char *mschap_error; /* MSCHAP Error Message */ - char *mschapv2resp; /* Response String for MSCHAPv2 */ - void (*finish)(Link l, struct authdata *auth); /* Finish handler */ - int drop_user; /* RAD_MPD_DROP_USER value sent by RADIUS server */ - struct { - struct rad_handle *handle; /* the RADIUS handle */ - } radius; +struct radiusconf radius; /* RADIUS configuration */ + + /* + * Interface between the auth-backend (secret file, RADIUS, etc.) and Mpd's + * internal structs. + */ +struct authdata { + struct authconf conf; /* a copy of bundle's authconf */ + u_short proto; /* wich proto are we using, PAP, CHAP, + * ... */ + u_char alg; /* proto specific algoruthm */ + u_int id; /* Actual, packet id */ + u_int code; /* Proto specific code */ + u_char acct_type; /* Accounting type, Start, Stop, + * Update */ + u_char eap_radius; + u_char status; + u_char why_fail; + char *reply_message; /* Text wich may displayed to the user */ + char *mschap_error; /* MSCHAP Error Message */ + char *mschapv2resp; /* Response String for MSCHAPv2 */ + void (*finish) (Link l, struct authdata *auth); /* Finish handler */ + int drop_user; /* RAD_MPD_DROP_USER value sent by + * RADIUS server */ + struct { + struct rad_handle *handle; /* the RADIUS handle */ + } radius; #ifdef USE_OPIE - struct { - struct opie data; - } opie; + struct { + struct opie data; + } opie; #endif - struct { /* informational (read-only) data needed for e.g. accouting */ - char msession_id[AUTH_MAX_SESSIONID]; /* multi-session-id */ - char session_id[AUTH_MAX_SESSIONID]; /* session-id */ - char ifname[IFNAMSIZ]; /* interface name */ - uint ifindex; /* System interface index */ - char bundname[LINK_MAX_NAME];/* name of the bundle */ - char lnkname[LINK_MAX_NAME]; /* name of the link */ - struct ng_ppp_link_stat64 stats; /* Current link statistics */ + struct { /* informational (read-only) data + * needed for e.g. accouting */ + char msession_id[AUTH_MAX_SESSIONID]; /* multi-session-id */ + char session_id[AUTH_MAX_SESSIONID]; /* session-id */ + char ifname[IFNAMSIZ]; /* interface name */ + uint ifindex; /* System interface index */ + char bundname[LINK_MAX_NAME]; /* name of the bundle */ + char lnkname[LINK_MAX_NAME]; /* name of the link */ + struct ng_ppp_link_stat64 stats; /* Current link + * statistics */ #ifdef USE_NG_BPF - struct svcstat ss; + struct svcstat ss; #endif - char *downReason; /* Reason for link going down */ - time_t last_up; /* Time this link last got up */ - PhysType phys_type; /* Device type descriptor */ - int linkID; /* Absolute link number */ - char peer_ident[64]; /* LCP ident received from peer */ - struct in_addr peer_addr; /* currently assigned IP-Address of the client */ - short n_links; /* number of links in the bundle */ - u_char originate; /* Who originated the connection */ - } info; - struct authparams params; /* params to pass to from auth backend */ - }; - typedef struct authdata *AuthData; - - extern const struct cmdtab AuthSetCmds[]; + char *downReason; /* Reason for link going down */ + time_t last_up; /* Time this link last got up */ + PhysType phys_type; /* Device type descriptor */ + int linkID; /* Absolute link number */ + char peer_ident[64]; /* LCP ident received from peer */ + struct in_addr peer_addr; /* currently assigned + * IP-Address of the client */ + struct in6_addr peer_addr6; /* currently assigned + * IPv6-Address of the client */ + short n_links; /* number of links in the bundle */ + u_char originate; /* Who originated the connection */ + } info; + struct authparams params; /* params to pass to from auth backend */ +}; +typedef struct authdata *AuthData; +extern const struct cmdtab AuthSetCmds[]; + /* * GLOBAL VARIABLES */ - extern const u_char gMsoftZeros[32]; - extern int gMaxLogins; /* max number of concurrent logins per user */ - extern int gMaxLoginsCI; +extern const u_char gMsoftZeros[32]; +extern int gMaxLogins; /* max number of concurrent logins per + * user */ +extern int gMaxLoginsCI; /* * FUNCTIONS */ - extern void AuthInit(Link l); - extern void AuthInst(Auth auth, Auth autht); - extern void AuthShutdown(Link l); - extern void AuthStart(Link l); - extern void AuthStop(Link l); - extern void AuthInput(Link l, int proto, Mbuf bp); - extern void AuthOutput(Link l, int proto, u_int code, u_int id, - const u_char *ptr, int len, int add_len, - u_char eap_type); - extern void AuthFinish(Link l, int which, int ok); - extern void AuthCleanup(Link l); - extern int AuthStat(Context ctx, int ac, char *av[], void *arg); - extern void AuthAccountStart(Link l, int type); - extern void AuthAccountTimeout(void *arg); - extern AuthData AuthDataNew(Link l); - extern void AuthDataDestroy(AuthData auth); - extern int AuthGetData(char *authname, char *password, size_t passlen, - struct u_range *range, u_char *range_valid); - extern void AuthAsyncStart(Link l, AuthData auth); - extern const char *AuthFailMsg(AuthData auth, char *buf, size_t len); - extern const char *AuthStatusText(int status); - extern const char *AuthMPPEPolicyname(int policy); - extern const char *AuthMPPETypesname(int types, char *buf, size_t len); +extern void AuthInit(Link l); +extern void AuthInst(Auth auth, Auth autht); +extern void AuthShutdown(Link l); +extern void AuthStart(Link l); +extern void AuthStop(Link l); +extern void AuthInput(Link l, int proto, Mbuf bp); +extern void +AuthOutput(Link l, int proto, u_int code, u_int id, + const u_char *ptr, int len, int add_len, + u_char eap_type); +extern void AuthFinish(Link l, int which, int ok); +extern void AuthCleanup(Link l); +extern int AuthStat(Context ctx, int ac, char *av[], void *arg); +extern void AuthAccountStart(Link l, int type); +extern void AuthAccountTimeout(void *arg); +extern AuthData AuthDataNew(Link l); +extern void AuthDataDestroy(AuthData auth); +extern int +AuthGetData(char *authname, char *password, size_t passlen, + struct u_range *range, u_char *range_valid); +extern void AuthAsyncStart(Link l, AuthData auth); +extern const char *AuthFailMsg(AuthData auth, char *buf, size_t len); +extern const char *AuthStatusText(int status); +extern const char *AuthMPPEPolicyname(int policy); +extern const char *AuthMPPETypesname(int types, char *buf, size_t len); #if defined(USE_NG_BPF) || defined(USE_IPFW) - extern void ACLCopy(struct acl *src, struct acl **dst); - extern void ACLDestroy(struct acl *acl); +extern void ACLCopy(struct acl *src, struct acl **dst); +extern void ACLDestroy(struct acl *acl); + #endif - extern void authparamsInit(struct authparams *ap); - extern void authparamsCopy(struct authparams *src, struct authparams *dst); - extern void authparamsMove(struct authparams *src, struct authparams *dst); - extern void authparamsDestroy(struct authparams *ap); +extern void authparamsInit(struct authparams *ap); +extern void authparamsCopy(struct authparams *src, struct authparams *dst); +extern void authparamsMove(struct authparams *src, struct authparams *dst); +extern void authparamsDestroy(struct authparams *ap); #endif