Annotation of embedaddon/mpd/src/auth.h, revision 1.1.1.3.2.1
1.1 misho 1:
2: /*
3: * auth.h
4: *
5: * Written by Archie Cobbs <archie@freebsd.org>
6: * Copyright (c) 1995-1999 Whistle Communications, Inc. All rights reserved.
7: * See ``COPYRIGHT.whistle''
8: */
9:
10: #ifndef _AUTH_H_
11: #define _AUTH_H_
12:
13: #include "timer.h"
14: #include "ppp.h"
15: #include "pap.h"
16: #include "chap.h"
17: #include "eap.h"
18: #include "radius.h"
19:
20: #ifdef USE_SYSTEM
21: #include <pwd.h>
22: #endif
23: #ifdef USE_OPIE
24: #include <opie.h>
25: #endif
26:
27: /*
28: * DEFINITIONS
29: */
30:
1.1.1.2 misho 31: #define AUTH_RETRIES 5
1.1 misho 32:
1.1.1.2 misho 33: #define AUTH_MSG_WELCOME "Welcome"
34: #define AUTH_MSG_INVALID "Login incorrect"
35: #define AUTH_MSG_BAD_PACKET "Incorrectly formatted packet"
36: #define AUTH_MSG_NOT_ALLOWED "Login not allowed for this account"
37: #define AUTH_MSG_NOT_EXPECTED "Unexpected packet"
38: #define AUTH_MSG_ACCT_DISAB "Account disabled"
39: #define AUTH_MSG_RESTR_HOURS "Login hours restricted"
40:
41: #define AUTH_PEER_TO_SELF 0
42: #define AUTH_SELF_TO_PEER 1
43:
44: #define AUTH_FAIL_INVALID_LOGIN 0
45: #define AUTH_FAIL_ACCT_DISABLED 1
46: #define AUTH_FAIL_NO_PERMISSION 2
47: #define AUTH_FAIL_RESTRICTED_HOURS 3
48: #define AUTH_FAIL_INVALID_PACKET 4
49: #define AUTH_FAIL_NOT_EXPECTED 5
50:
51: #define AUTH_STATUS_UNDEF 0
52: #define AUTH_STATUS_FAIL 1
53: #define AUTH_STATUS_SUCCESS 2
54: #define AUTH_STATUS_BUSY 3
55:
56: #define AUTH_PW_HASH_NONE 0
57: #define AUTH_PW_HASH_NT 1
58:
59: #define AUTH_ACCT_START 1
60: #define AUTH_ACCT_STOP 2
61: #define AUTH_ACCT_UPDATE 3
62:
63: #define MPPE_POLICY_NONE 0
64: #define MPPE_POLICY_ALLOWED 1
65: #define MPPE_POLICY_REQUIRED 2
66:
67: #define MPPE_TYPE_0BIT 0 /* No encryption required */
68: #define MPPE_TYPE_40BIT 2
69: #define MPPE_TYPE_128BIT 4
70: #define MPPE_TYPE_56BIT 8
71:
72: /* Configuration options */
73: enum {
74: AUTH_CONF_RADIUS_AUTH = 1,
75: AUTH_CONF_RADIUS_ACCT,
76: AUTH_CONF_INTERNAL,
77: AUTH_CONF_EXT_AUTH,
78: AUTH_CONF_EXT_ACCT,
79: AUTH_CONF_SYSTEM_AUTH,
80: AUTH_CONF_SYSTEM_ACCT,
81: AUTH_CONF_PAM_AUTH,
82: AUTH_CONF_PAM_ACCT,
83: AUTH_CONF_OPIE,
84: AUTH_CONF_ACCT_MANDATORY
85: };
1.1 misho 86:
87: #if defined(USE_NG_BPF) || defined(USE_IPFW)
1.1.1.2 misho 88: struct acl { /* List of ACLs received from auth */
89: u_short number; /* ACL number given by auth server */
90: u_short real_number; /* ACL number allocated my mpd */
91: struct acl *next;
92: char name[ACL_NAME_LEN]; /* Name of ACL */
93: char rule[1]; /* Text of ACL (Dynamically sized!) */
94: };
95:
1.1 misho 96: #endif
97:
1.1.1.2 misho 98: struct authparams {
99: char authname[AUTH_MAX_AUTHNAME];
100: char password[AUTH_MAX_PASSWORD];
101:
102: struct papparams pap;
103: struct chapparams chap;
104:
105: struct u_range range; /* IP range allowed to user */
106: u_char range_valid; /* range is valid */
107: u_char netmask; /* IP Netmask */
108: u_char vjc_enable; /* VJC requested by AAA */
109:
110: u_char ippool_used;
111: char ippool[LINK_MAX_NAME];
112:
113: struct in_addr peer_dns[2]; /* DNS servers for peer to use */
114: struct in_addr peer_nbns[2]; /* NBNS servers for peer to use */
115:
1.1.1.3.2.1! misho 116: #ifdef USE_RADIUS
1.1.1.2 misho 117: char *eapmsg; /* EAP Msg for forwarding to RADIUS
118: * server */
119: int eapmsg_len;
120: u_char *state; /* copy of the state attribute, needed
121: * for accounting */
122: int state_len;
123: u_char *class; /* copy of the class attribute, needed
124: * for accounting */
125: int class_len;
126:
127: char *filter_id; /* RADIUS Framed-Filter-Id attribute */
1.1 misho 128:
1.1.1.3.2.1! misho 129: #endif
1.1.1.2 misho 130: char action[8 + LINK_MAX_NAME];
1.1 misho 131:
132: #ifdef USE_IPFW
1.1.1.2 misho 133: struct acl *acl_rule; /* ipfw rules */
134: struct acl *acl_pipe; /* ipfw pipes */
135: struct acl *acl_queue; /* ipfw queues */
136: struct acl *acl_table; /* ipfw tables */
1.1 misho 137: #endif
138:
139: #ifdef USE_NG_BPF
1.1.1.2 misho 140: struct acl *acl_filters[ACL_FILTERS]; /* mpd's internal bpf filters */
141: struct acl *acl_limits[ACL_DIRS]; /* traffic limits based on
142: * mpd's filters */
143:
144: char std_acct[ACL_DIRS][ACL_NAME_LEN]; /* Names of ACL rerurned
145: * in standard
146: * accounting */
1.1 misho 147: #endif
148:
1.1.1.2 misho 149: u_int session_timeout; /* Session-Timeout */
150: u_int idle_timeout; /* Idle-Timeout */
151: u_int acct_update; /* interval for accouting updates */
152: u_int acct_update_lim_recv;
153: u_int acct_update_lim_xmit;
154: char *msdomain; /* Microsoft domain */
155: SLIST_HEAD (, ifaceroute) routes;
156: u_short mtu; /* MTU */
157:
158: u_char authentic; /* wich backend was used */
159:
160: char callingnum[128]; /* hr representation of the calling
161: * number */
162: char callednum[128]; /* hr representation of the called
163: * number */
164: char selfname[64]; /* hr representation of the self name */
165: char peername[64]; /* hr representation of the peer name */
166: char selfaddr[64]; /* hr representation of the self
167: * address */
168: char peeraddr[64]; /* hr representation of the peer
169: * address */
170: char peerport[6]; /* hr representation of the peer port */
171: char peermacaddr[32]; /* hr representation of the peer MAC
172: * address */
173: char peeriface[IFNAMSIZ]; /* hr representation of the peer
174: * interface */
175:
176: /* Iface stuff */
177: char ifname[IFNAMSIZ]; /* Interface name */
1.1 misho 178: #ifdef SIOCSIFDESCR
1.1.1.2 misho 179: char *ifdescr; /* Interface description */
1.1 misho 180: #endif
181: #ifdef SIOCAIFGROUP
1.1.1.2 misho 182: char ifgroup[IFNAMSIZ]; /* Interface group */
1.1 misho 183: #endif
184:
1.1.1.2 misho 185: struct {
186: int policy; /* MPPE_POLICY_* */
187: int types; /* MPPE_TYPE_*BIT bitmask */
188: u_char lm_hash[16]; /* LM-Hash */
189: u_char nt_hash[16]; /* NT-Hash */
190: u_char nt_hash_hash[16]; /* NT-Hash-Hash */
191: u_char has_lm_hash;
192: u_char has_nt_hash;
193: u_char has_keys;
1.1 misho 194:
1.1.1.2 misho 195: u_char chap_alg; /* Callers's CHAP algorithm */
1.1 misho 196:
1.1.1.2 misho 197: u_char msChal[CHAP_MSOFTv2_CHAL_LEN]; /* MSOFT challng */
198: u_char ntResp[CHAP_MSOFTv2_RESP_LEN]; /* MSOFT response */
1.1 misho 199:
200: #ifdef CCP_MPPC
1.1.1.2 misho 201: /* Keys when using MS-CHAPv2 or EAP */
202: u_char xmit_key[MPPE_KEY_LEN]; /* xmit start key */
203: u_char recv_key[MPPE_KEY_LEN]; /* recv start key */
1.1 misho 204: #endif
1.1.1.2 misho 205: } msoft;
206: };
1.1 misho 207:
1.1.1.2 misho 208: struct authconf {
1.1.1.3.2.1! misho 209: #ifdef USE_RADIUS
1.1.1.2 misho 210: struct radiusconf radius; /* RADIUS configuration */
1.1.1.3.2.1! misho 211: #endif
1.1.1.2 misho 212: char authname[AUTH_MAX_AUTHNAME]; /* Configured username */
213: char password[AUTH_MAX_PASSWORD]; /* Configured password */
214: u_int acct_update;
215: u_int acct_update_lim_recv;
216: u_int acct_update_lim_xmit;
217: int timeout; /* Authorization timeout in seconds */
218: struct optinfo options; /* Configured options */
219: char *extauth_script; /* External auth script */
220: char *extacct_script; /* External acct script */
221: char ippool[LINK_MAX_NAME];
222: };
223: typedef struct authconf *AuthConf;
224:
225: /*
226: * State of authorization process during authorization phase, contains
227: * params set by the auth-backend
228: */
229: struct auth {
230: u_short peer_to_self; /* What I need from peer */
231: u_short self_to_peer; /* What peer needs from me */
232: u_char peer_to_self_alg; /* What alg I need from peer */
233: u_char self_to_peer_alg; /* What alg peer needs from me */
234: struct pppTimer timer; /* Max time to spend doing auth */
235: struct pppTimer acct_timer; /* Timer for accounting updates */
236: struct papinfo pap; /* PAP state */
237: struct chapinfo chap; /* CHAP state */
1.1.1.3.2.1! misho 238: #ifdef USE_RADIUS
1.1.1.2 misho 239: struct eapinfo eap; /* EAP state */
1.1.1.3.2.1! misho 240: #endif
1.1.1.2 misho 241: struct paction *thread; /* async auth thread */
242: struct paction *acct_thread; /* async accounting auth thread */
243: struct authconf conf; /* Auth backends, RADIUS, etc. */
244: struct authparams params; /* params to pass to from auth backend */
245: struct ng_ppp_link_stat64 prev_stats; /* Previous link statistics */
246: };
247: typedef struct auth *Auth;
248:
249: /*
250: * Interface between the auth-backend (secret file, RADIUS, etc.) and Mpd's
251: * internal structs.
252: */
253: struct authdata {
254: struct authconf conf; /* a copy of bundle's authconf */
255: u_short proto; /* wich proto are we using, PAP, CHAP,
256: * ... */
257: u_char alg; /* proto specific algoruthm */
258: u_int id; /* Actual, packet id */
259: u_int code; /* Proto specific code */
260: u_char acct_type; /* Accounting type, Start, Stop,
261: * Update */
1.1.1.3.2.1! misho 262: #ifdef USE_RADIUS
1.1.1.2 misho 263: u_char eap_radius;
1.1.1.3.2.1! misho 264: #endif
1.1.1.2 misho 265: u_char status;
266: u_char why_fail;
267: char *reply_message; /* Text wich may displayed to the user */
268: char *mschap_error; /* MSCHAP Error Message */
269: char *mschapv2resp; /* Response String for MSCHAPv2 */
270: void (*finish) (Link l, struct authdata *auth); /* Finish handler */
271: int drop_user; /* RAD_MPD_DROP_USER value sent by
1.1.1.3.2.1! misho 272: * RADIUS server or external acct script */
! 273: #ifdef USE_RADIUS
1.1.1.2 misho 274: struct {
275: struct rad_handle *handle; /* the RADIUS handle */
276: } radius;
1.1.1.3.2.1! misho 277: #endif
! 278:
1.1 misho 279: #ifdef USE_OPIE
1.1.1.2 misho 280: struct {
281: struct opie data;
282: } opie;
1.1 misho 283: #endif
1.1.1.2 misho 284: struct { /* informational (read-only) data
285: * needed for e.g. accouting */
286: char msession_id[AUTH_MAX_SESSIONID]; /* multi-session-id */
287: char session_id[AUTH_MAX_SESSIONID]; /* session-id */
288: char ifname[IFNAMSIZ]; /* interface name */
289: uint ifindex; /* System interface index */
290: char bundname[LINK_MAX_NAME]; /* name of the bundle */
291: char lnkname[LINK_MAX_NAME]; /* name of the link */
292: struct ng_ppp_link_stat64 stats; /* Current link
293: * statistics */
1.1 misho 294: #ifdef USE_NG_BPF
1.1.1.2 misho 295: struct svcstat ss;
1.1 misho 296: #endif
1.1.1.2 misho 297: char *downReason; /* Reason for link going down */
298: time_t last_up; /* Time this link last got up */
1.1.1.3 misho 299: const struct phystype *phys_type; /* Device type descriptor */
1.1.1.2 misho 300: int linkID; /* Absolute link number */
301: char peer_ident[64]; /* LCP ident received from peer */
302: struct in_addr peer_addr; /* currently assigned
303: * IP-Address of the client */
304: struct in6_addr peer_addr6; /* currently assigned
305: * IPv6-Address of the client */
306: short n_links; /* number of links in the bundle */
307: u_char originate; /* Who originated the connection */
308: } info;
309: struct authparams params; /* params to pass to from auth backend */
310: };
311: typedef struct authdata *AuthData;
312:
313: extern const struct cmdtab AuthSetCmds[];
1.1 misho 314:
315: /*
316: * GLOBAL VARIABLES
317: */
1.1.1.2 misho 318: extern const u_char gMsoftZeros[32];
1.1 misho 319:
320: /*
321: * FUNCTIONS
322: */
323:
1.1.1.2 misho 324: extern void AuthInit(Link l);
325: extern void AuthInst(Auth auth, Auth autht);
326: extern void AuthShutdown(Link l);
327: extern void AuthStart(Link l);
328: extern void AuthStop(Link l);
329: extern void AuthInput(Link l, int proto, Mbuf bp);
330: extern void
331: AuthOutput(Link l, int proto, u_int code, u_int id,
332: const u_char *ptr, int len, int add_len,
333: u_char eap_type);
334: extern void AuthFinish(Link l, int which, int ok);
335: extern void AuthCleanup(Link l);
1.1.1.3 misho 336: extern int AuthStat(Context ctx, int ac, const char *const av[], const void *arg);
1.1.1.2 misho 337: extern void AuthAccountStart(Link l, int type);
338: extern void AuthAccountTimeout(void *arg);
339: extern AuthData AuthDataNew(Link l);
340: extern void AuthDataDestroy(AuthData auth);
341: extern int
342: AuthGetData(char *authname, char *password, size_t passlen,
343: struct u_range *range, u_char *range_valid);
344: extern void AuthAsyncStart(Link l, AuthData auth);
345: extern const char *AuthFailMsg(AuthData auth, char *buf, size_t len);
346: extern const char *AuthStatusText(int status);
347: extern const char *AuthMPPEPolicyname(int policy);
348: extern const char *AuthMPPETypesname(int types, char *buf, size_t len);
1.1 misho 349:
350: #if defined(USE_NG_BPF) || defined(USE_IPFW)
1.1.1.2 misho 351: extern void ACLCopy(struct acl *src, struct acl **dst);
352: extern void ACLDestroy(struct acl *acl);
353:
1.1 misho 354: #endif
1.1.1.2 misho 355: extern void authparamsInit(struct authparams *ap);
356: extern void authparamsCopy(struct authparams *src, struct authparams *dst);
357: extern void authparamsMove(struct authparams *src, struct authparams *dst);
358: extern void authparamsDestroy(struct authparams *ap);
1.1 misho 359:
360: #endif
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to auth.h CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / mpd / src