Annotation of embedaddon/mpd/src/auth.h, revision 1.1
1.1 ! misho 1:
! 2: /*
! 3: * auth.h
! 4: *
! 5: * Written by Archie Cobbs <archie@freebsd.org>
! 6: * Copyright (c) 1995-1999 Whistle Communications, Inc. All rights reserved.
! 7: * See ``COPYRIGHT.whistle''
! 8: */
! 9:
! 10: #ifndef _AUTH_H_
! 11: #define _AUTH_H_
! 12:
! 13: #include "timer.h"
! 14: #include "ppp.h"
! 15: #include "pap.h"
! 16: #include "chap.h"
! 17: #include "eap.h"
! 18: #include "radius.h"
! 19:
! 20: #ifdef USE_SYSTEM
! 21: #include <pwd.h>
! 22: #endif
! 23: #ifdef USE_OPIE
! 24: #include <opie.h>
! 25: #endif
! 26:
! 27: /*
! 28: * DEFINITIONS
! 29: */
! 30:
! 31: #define AUTH_RETRIES 5
! 32:
! 33: #define AUTH_MSG_WELCOME "Welcome"
! 34: #define AUTH_MSG_INVALID "Login incorrect"
! 35: #define AUTH_MSG_BAD_PACKET "Incorrectly formatted packet"
! 36: #define AUTH_MSG_NOT_ALLOWED "Login not allowed for this account"
! 37: #define AUTH_MSG_NOT_EXPECTED "Unexpected packet"
! 38: #define AUTH_MSG_ACCT_DISAB "Account disabled"
! 39: #define AUTH_MSG_RESTR_HOURS "Login hours restricted"
! 40:
! 41: #define AUTH_PEER_TO_SELF 0
! 42: #define AUTH_SELF_TO_PEER 1
! 43:
! 44: #define AUTH_FAIL_INVALID_LOGIN 0
! 45: #define AUTH_FAIL_ACCT_DISABLED 1
! 46: #define AUTH_FAIL_NO_PERMISSION 2
! 47: #define AUTH_FAIL_RESTRICTED_HOURS 3
! 48: #define AUTH_FAIL_INVALID_PACKET 4
! 49: #define AUTH_FAIL_NOT_EXPECTED 5
! 50:
! 51: #define AUTH_STATUS_UNDEF 0
! 52: #define AUTH_STATUS_FAIL 1
! 53: #define AUTH_STATUS_SUCCESS 2
! 54: #define AUTH_STATUS_BUSY 3
! 55:
! 56: #define AUTH_PW_HASH_NONE 0
! 57: #define AUTH_PW_HASH_NT 1
! 58:
! 59: #define AUTH_ACCT_START 1
! 60: #define AUTH_ACCT_STOP 2
! 61: #define AUTH_ACCT_UPDATE 3
! 62:
! 63: #define MPPE_POLICY_NONE 0
! 64: #define MPPE_POLICY_ALLOWED 1
! 65: #define MPPE_POLICY_REQUIRED 2
! 66:
! 67: #define MPPE_TYPE_0BIT 0 /* No encryption required */
! 68: #define MPPE_TYPE_40BIT 2
! 69: #define MPPE_TYPE_128BIT 4
! 70: #define MPPE_TYPE_56BIT 8
! 71:
! 72: /* Configuration options */
! 73: enum {
! 74: AUTH_CONF_RADIUS_AUTH = 1,
! 75: AUTH_CONF_RADIUS_ACCT,
! 76: AUTH_CONF_INTERNAL,
! 77: AUTH_CONF_EXT_AUTH,
! 78: AUTH_CONF_EXT_ACCT,
! 79: AUTH_CONF_SYSTEM_AUTH,
! 80: AUTH_CONF_SYSTEM_ACCT,
! 81: AUTH_CONF_PAM_AUTH,
! 82: AUTH_CONF_PAM_ACCT,
! 83: AUTH_CONF_OPIE,
! 84: AUTH_CONF_ACCT_MANDATORY
! 85: };
! 86:
! 87: #if defined(USE_NG_BPF) || defined(USE_IPFW)
! 88: struct acl { /* List of ACLs received from auth */
! 89: u_short number; /* ACL number given by auth server */
! 90: u_short real_number; /* ACL number allocated my mpd */
! 91: struct acl *next;
! 92: char name[ACL_NAME_LEN]; /* Name of ACL */
! 93: char rule[1]; /* Text of ACL (Dynamically sized!) */
! 94: };
! 95: #endif
! 96:
! 97: struct authparams {
! 98: char authname[AUTH_MAX_AUTHNAME];
! 99: char password[AUTH_MAX_PASSWORD];
! 100:
! 101: struct papparams pap;
! 102: struct chapparams chap;
! 103:
! 104: struct u_range range; /* IP range allowed to user */
! 105: u_char range_valid; /* range is valid */
! 106: u_char netmask; /* IP Netmask */
! 107: u_char vjc_enable; /* VJC requested by AAA */
! 108:
! 109: u_char ippool_used;
! 110: char ippool[LINK_MAX_NAME];
! 111:
! 112: struct in_addr peer_dns[2]; /* DNS servers for peer to use */
! 113: struct in_addr peer_nbns[2]; /* NBNS servers for peer to use */
! 114:
! 115: char *eapmsg; /* EAP Msg for forwarding to RADIUS server */
! 116: int eapmsg_len;
! 117: u_char *state; /* copy of the state attribute, needed for accounting */
! 118: int state_len;
! 119: u_char *class; /* copy of the class attribute, needed for accounting */
! 120: int class_len;
! 121:
! 122: char action[8 + LINK_MAX_NAME];
! 123:
! 124: #ifdef USE_IPFW
! 125: struct acl *acl_rule; /* ipfw rules */
! 126: struct acl *acl_pipe; /* ipfw pipes */
! 127: struct acl *acl_queue; /* ipfw queues */
! 128: struct acl *acl_table; /* ipfw tables */
! 129: #endif
! 130:
! 131: #ifdef USE_NG_BPF
! 132: struct acl *acl_filters[ACL_FILTERS]; /* mpd's internal bpf filters */
! 133: struct acl *acl_limits[ACL_DIRS]; /* traffic limits based on mpd's filters */
! 134:
! 135: char std_acct[ACL_DIRS][ACL_NAME_LEN]; /* Names of ACL rerurned in standard accounting */
! 136: #endif
! 137:
! 138: u_int session_timeout; /* Session-Timeout */
! 139: u_int idle_timeout; /* Idle-Timeout */
! 140: u_int acct_update; /* interval for accouting updates */
! 141: u_int acct_update_lim_recv;
! 142: u_int acct_update_lim_xmit;
! 143: char *msdomain; /* Microsoft domain */
! 144: SLIST_HEAD(, ifaceroute) routes;
! 145: u_short mtu; /* MTU */
! 146:
! 147: u_char authentic; /* wich backend was used */
! 148:
! 149: char callingnum[128];/* hr representation of the calling number */
! 150: char callednum[128]; /* hr representation of the called number */
! 151: char selfname[64]; /* hr representation of the self name */
! 152: char peername[64]; /* hr representation of the peer name */
! 153: char selfaddr[64]; /* hr representation of the self address */
! 154: char peeraddr[64]; /* hr representation of the peer address */
! 155: char peerport[6]; /* hr representation of the peer port */
! 156: char peermacaddr[32]; /* hr representation of the peer MAC address */
! 157: char peeriface[IFNAMSIZ]; /* hr representation of the peer interface */
! 158:
! 159: /* Iface stuff */
! 160: char ifname[IFNAMSIZ]; /* Interface name */
! 161: #ifdef SIOCSIFDESCR
! 162: char *ifdescr; /* Interface description */
! 163: #endif
! 164: #ifdef SIOCAIFGROUP
! 165: char ifgroup[IFNAMSIZ]; /* Interface group */
! 166: #endif
! 167:
! 168: struct {
! 169: int policy; /* MPPE_POLICY_* */
! 170: int types; /* MPPE_TYPE_*BIT bitmask */
! 171: u_char lm_hash[16]; /* LM-Hash */
! 172: u_char nt_hash[16]; /* NT-Hash */
! 173: u_char nt_hash_hash[16]; /* NT-Hash-Hash */
! 174: u_char has_lm_hash;
! 175: u_char has_nt_hash;
! 176: u_char has_keys;
! 177:
! 178: u_char chap_alg; /* Callers's CHAP algorithm */
! 179:
! 180: u_char msChal[CHAP_MSOFTv2_CHAL_LEN]; /* MSOFT challng */
! 181: u_char ntResp[CHAP_MSOFTv2_RESP_LEN]; /* MSOFT response */
! 182:
! 183: #ifdef CCP_MPPC
! 184: /* Keys when using MS-CHAPv2 or EAP */
! 185: u_char xmit_key[MPPE_KEY_LEN]; /* xmit start key */
! 186: u_char recv_key[MPPE_KEY_LEN]; /* recv start key */
! 187: #endif
! 188: } msoft;
! 189: };
! 190:
! 191: struct authconf {
! 192: struct radiusconf radius; /* RADIUS configuration */
! 193: char authname[AUTH_MAX_AUTHNAME]; /* Configured username */
! 194: char password[AUTH_MAX_PASSWORD]; /* Configured password */
! 195: u_int acct_update;
! 196: u_int acct_update_lim_recv;
! 197: u_int acct_update_lim_xmit;
! 198: int timeout; /* Authorization timeout in seconds */
! 199: struct optinfo options; /* Configured options */
! 200: char *extauth_script;/* External auth script */
! 201: char *extacct_script;/* External acct script */
! 202: char ippool[LINK_MAX_NAME];
! 203: };
! 204: typedef struct authconf *AuthConf;
! 205:
! 206: /* State of authorization process during authorization phase,
! 207: * contains params set by the auth-backend */
! 208: struct auth {
! 209: u_short peer_to_self; /* What I need from peer */
! 210: u_short self_to_peer; /* What peer needs from me */
! 211: u_char peer_to_self_alg; /* What alg I need from peer */
! 212: u_char self_to_peer_alg; /* What alg peer needs from me */
! 213: struct pppTimer timer; /* Max time to spend doing auth */
! 214: struct pppTimer acct_timer; /* Timer for accounting updates */
! 215: struct papinfo pap; /* PAP state */
! 216: struct chapinfo chap; /* CHAP state */
! 217: struct eapinfo eap; /* EAP state */
! 218: struct paction *thread; /* async auth thread */
! 219: struct paction *acct_thread; /* async accounting auth thread */
! 220: struct authconf conf; /* Auth backends, RADIUS, etc. */
! 221: struct authparams params; /* params to pass to from auth backend */
! 222: struct ng_ppp_link_stat64 prev_stats; /* Previous link statistics */
! 223: };
! 224: typedef struct auth *Auth;
! 225:
! 226: struct radiusconf radius; /* RADIUS configuration */
! 227: /* Interface between the auth-backend (secret file, RADIUS, etc.)
! 228: * and Mpd's internal structs.
! 229: */
! 230: struct authdata {
! 231: struct authconf conf; /* a copy of bundle's authconf */
! 232: u_short proto; /* wich proto are we using, PAP, CHAP, ... */
! 233: u_char alg; /* proto specific algoruthm */
! 234: u_int id; /* Actual, packet id */
! 235: u_int code; /* Proto specific code */
! 236: u_char acct_type; /* Accounting type, Start, Stop, Update */
! 237: u_char eap_radius;
! 238: u_char status;
! 239: u_char why_fail;
! 240: char *reply_message; /* Text wich may displayed to the user */
! 241: char *mschap_error; /* MSCHAP Error Message */
! 242: char *mschapv2resp; /* Response String for MSCHAPv2 */
! 243: void (*finish)(Link l, struct authdata *auth); /* Finish handler */
! 244: int drop_user; /* RAD_MPD_DROP_USER value sent by RADIUS server */
! 245: struct {
! 246: struct rad_handle *handle; /* the RADIUS handle */
! 247: } radius;
! 248: #ifdef USE_OPIE
! 249: struct {
! 250: struct opie data;
! 251: } opie;
! 252: #endif
! 253: struct { /* informational (read-only) data needed for e.g. accouting */
! 254: char msession_id[AUTH_MAX_SESSIONID]; /* multi-session-id */
! 255: char session_id[AUTH_MAX_SESSIONID]; /* session-id */
! 256: char ifname[IFNAMSIZ]; /* interface name */
! 257: uint ifindex; /* System interface index */
! 258: char bundname[LINK_MAX_NAME];/* name of the bundle */
! 259: char lnkname[LINK_MAX_NAME]; /* name of the link */
! 260: struct ng_ppp_link_stat64 stats; /* Current link statistics */
! 261: #ifdef USE_NG_BPF
! 262: struct svcstat ss;
! 263: #endif
! 264: char *downReason; /* Reason for link going down */
! 265: time_t last_up; /* Time this link last got up */
! 266: PhysType phys_type; /* Device type descriptor */
! 267: int linkID; /* Absolute link number */
! 268: char peer_ident[64]; /* LCP ident received from peer */
! 269: struct in_addr peer_addr; /* currently assigned IP-Address of the client */
! 270: short n_links; /* number of links in the bundle */
! 271: u_char originate; /* Who originated the connection */
! 272: } info;
! 273: struct authparams params; /* params to pass to from auth backend */
! 274: };
! 275: typedef struct authdata *AuthData;
! 276:
! 277: extern const struct cmdtab AuthSetCmds[];
! 278:
! 279: /*
! 280: * GLOBAL VARIABLES
! 281: */
! 282: extern const u_char gMsoftZeros[32];
! 283: extern int gMaxLogins; /* max number of concurrent logins per user */
! 284: extern int gMaxLoginsCI;
! 285:
! 286: /*
! 287: * FUNCTIONS
! 288: */
! 289:
! 290: extern void AuthInit(Link l);
! 291: extern void AuthInst(Auth auth, Auth autht);
! 292: extern void AuthShutdown(Link l);
! 293: extern void AuthStart(Link l);
! 294: extern void AuthStop(Link l);
! 295: extern void AuthInput(Link l, int proto, Mbuf bp);
! 296: extern void AuthOutput(Link l, int proto, u_int code, u_int id,
! 297: const u_char *ptr, int len, int add_len,
! 298: u_char eap_type);
! 299: extern void AuthFinish(Link l, int which, int ok);
! 300: extern void AuthCleanup(Link l);
! 301: extern int AuthStat(Context ctx, int ac, char *av[], void *arg);
! 302: extern void AuthAccountStart(Link l, int type);
! 303: extern void AuthAccountTimeout(void *arg);
! 304: extern AuthData AuthDataNew(Link l);
! 305: extern void AuthDataDestroy(AuthData auth);
! 306: extern int AuthGetData(char *authname, char *password, size_t passlen,
! 307: struct u_range *range, u_char *range_valid);
! 308: extern void AuthAsyncStart(Link l, AuthData auth);
! 309: extern const char *AuthFailMsg(AuthData auth, char *buf, size_t len);
! 310: extern const char *AuthStatusText(int status);
! 311: extern const char *AuthMPPEPolicyname(int policy);
! 312: extern const char *AuthMPPETypesname(int types, char *buf, size_t len);
! 313:
! 314: #if defined(USE_NG_BPF) || defined(USE_IPFW)
! 315: extern void ACLCopy(struct acl *src, struct acl **dst);
! 316: extern void ACLDestroy(struct acl *acl);
! 317: #endif
! 318: extern void authparamsInit(struct authparams *ap);
! 319: extern void authparamsCopy(struct authparams *src, struct authparams *dst);
! 320: extern void authparamsMove(struct authparams *src, struct authparams *dst);
! 321: extern void authparamsDestroy(struct authparams *ap);
! 322:
! 323: #endif
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to auth.h CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / mpd / src