Annotation of embedaddon/strongswan/src/libradius/radius_message.h, revision 1.1
1.1 ! misho 1: /*
! 2: * Copyright (C) 2009 Martin Willi
! 3: * HSR Hochschule fuer Technik Rapperswil
! 4: *
! 5: * This program is free software; you can redistribute it and/or modify it
! 6: * under the terms of the GNU General Public License as published by the
! 7: * Free Software Foundation; either version 2 of the License, or (at your
! 8: * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
! 9: *
! 10: * This program is distributed in the hope that it will be useful, but
! 11: * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
! 12: * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
! 13: * for more details.
! 14: */
! 15:
! 16: /**
! 17: * @defgroup libradius libradius
! 18: *
! 19: * @addtogroup libradius
! 20: * RADIUS protocol support library.
! 21: *
! 22: * @defgroup radius_message radius_message
! 23: * @{ @ingroup libradius
! 24: */
! 25:
! 26: #ifndef RADIUS_MESSAGE_H_
! 27: #define RADIUS_MESSAGE_H_
! 28:
! 29: #include <library.h>
! 30: #include <pen/pen.h>
! 31:
! 32: #define MAX_RADIUS_ATTRIBUTE_SIZE 253
! 33:
! 34: #define RADIUS_TUNNEL_TYPE_ESP 9
! 35:
! 36: typedef struct radius_message_t radius_message_t;
! 37: typedef enum radius_message_code_t radius_message_code_t;
! 38: typedef enum radius_attribute_type_t radius_attribute_type_t;
! 39:
! 40: /**
! 41: * RADIUS Message Codes.
! 42: */
! 43: enum radius_message_code_t {
! 44: RMC_ACCESS_REQUEST = 1,
! 45: RMC_ACCESS_ACCEPT = 2,
! 46: RMC_ACCESS_REJECT = 3,
! 47: RMC_ACCOUNTING_REQUEST = 4,
! 48: RMC_ACCOUNTING_RESPONSE = 5,
! 49: RMC_ACCESS_CHALLENGE = 11,
! 50: RMC_DISCONNECT_REQUEST = 40,
! 51: RMC_DISCONNECT_ACK = 41,
! 52: RMC_DISCONNECT_NAK = 42,
! 53: RMC_COA_REQUEST = 43,
! 54: RMC_COA_ACK = 44,
! 55: RMC_COA_NAK = 45,
! 56: };
! 57:
! 58: /**
! 59: * Enum names for radius_attribute_type_t.
! 60: */
! 61: extern enum_name_t *radius_message_code_names;
! 62:
! 63: /**
! 64: * RADIUS Attribute Types.
! 65: */
! 66: enum radius_attribute_type_t {
! 67: RAT_USER_NAME = 1,
! 68: RAT_USER_PASSWORD = 2,
! 69: RAT_CHAP_PASSWORD = 3,
! 70: RAT_NAS_IP_ADDRESS = 4,
! 71: RAT_NAS_PORT = 5,
! 72: RAT_SERVICE_TYPE = 6,
! 73: RAT_FRAMED_PROTOCOL = 7,
! 74: RAT_FRAMED_IP_ADDRESS = 8,
! 75: RAT_FRAMED_IP_NETMASK = 9,
! 76: RAT_FRAMED_ROUTING = 10,
! 77: RAT_FILTER_ID = 11,
! 78: RAT_FRAMED_MTU = 12,
! 79: RAT_FRAMED_COMPRESSION = 13,
! 80: RAT_LOGIN_IP_HOST = 14,
! 81: RAT_LOGIN_SERVICE = 15,
! 82: RAT_LOGIN_TCP_PORT = 16,
! 83: RAT_REPLY_MESSAGE = 18,
! 84: RAT_CALLBACK_NUMBER = 19,
! 85: RAT_CALLBACK_ID = 20,
! 86: RAT_FRAMED_ROUTE = 22,
! 87: RAT_FRAMED_IPX_NETWORK = 23,
! 88: RAT_STATE = 24,
! 89: RAT_CLASS = 25,
! 90: RAT_VENDOR_SPECIFIC = 26,
! 91: RAT_SESSION_TIMEOUT = 27,
! 92: RAT_IDLE_TIMEOUT = 28,
! 93: RAT_TERMINATION_ACTION = 29,
! 94: RAT_CALLED_STATION_ID = 30,
! 95: RAT_CALLING_STATION_ID = 31,
! 96: RAT_NAS_IDENTIFIER = 32,
! 97: RAT_PROXY_STATE = 33,
! 98: RAT_LOGIN_LAT_SERVICE = 34,
! 99: RAT_LOGIN_LAT_NODE = 35,
! 100: RAT_LOGIN_LAT_GROUP = 36,
! 101: RAT_FRAMED_APPLETALK_LINK = 37,
! 102: RAT_FRAMED_APPLETALK_NETWORK = 38,
! 103: RAT_FRAMED_APPLETALK_ZONE = 39,
! 104: RAT_ACCT_STATUS_TYPE = 40,
! 105: RAT_ACCT_DELAY_TIME = 41,
! 106: RAT_ACCT_INPUT_OCTETS = 42,
! 107: RAT_ACCT_OUTPUT_OCTETS = 43,
! 108: RAT_ACCT_SESSION_ID = 44,
! 109: RAT_ACCT_AUTHENTIC = 45,
! 110: RAT_ACCT_SESSION_TIME = 46,
! 111: RAT_ACCT_INPUT_PACKETS = 47,
! 112: RAT_ACCT_OUTPUT_PACKETS = 48,
! 113: RAT_ACCT_TERMINATE_CAUSE = 49,
! 114: RAT_ACCT_MULTI_SESSION_ID = 50,
! 115: RAT_ACCT_LINK_COUNT = 51,
! 116: RAT_ACCT_INPUT_GIGAWORDS = 52,
! 117: RAT_ACCT_OUTPUT_GIGAWORDS = 53,
! 118: RAT_EVENT_TIMESTAMP = 55,
! 119: RAT_EGRESS_VLANID = 56,
! 120: RAT_INGRESS_FILTERS = 57,
! 121: RAT_EGRESS_VLAN_NAME = 58,
! 122: RAT_USER_PRIORITY_TABLE = 59,
! 123: RAT_CHAP_CHALLENGE = 60,
! 124: RAT_NAS_PORT_TYPE = 61,
! 125: RAT_PORT_LIMIT = 62,
! 126: RAT_LOGIN_LAT_PORT = 63,
! 127: RAT_TUNNEL_TYPE = 64,
! 128: RAT_TUNNEL_MEDIUM_TYPE = 65,
! 129: RAT_TUNNEL_CLIENT_ENDPOINT = 66,
! 130: RAT_TUNNEL_SERVER_ENDPOINT = 67,
! 131: RAT_ACCT_TUNNEL_CONNECTION = 68,
! 132: RAT_TUNNEL_PASSWORD = 69,
! 133: RAT_ARAP_PASSWORD = 70,
! 134: RAT_ARAP_FEATURES = 71,
! 135: RAT_ARAP_ZONE_ACCESS = 72,
! 136: RAT_ARAP_SECURITY = 73,
! 137: RAT_ARAP_SECURITY_DATA = 74,
! 138: RAT_PASSWORD_RETRY = 75,
! 139: RAT_PROMPT = 76,
! 140: RAT_CONNECT_INFO = 77,
! 141: RAT_CONFIGURATION_TOKEN = 78,
! 142: RAT_EAP_MESSAGE = 79,
! 143: RAT_MESSAGE_AUTHENTICATOR = 80,
! 144: RAT_TUNNEL_PRIVATE_GROUP_ID = 81,
! 145: RAT_TUNNEL_ASSIGNMENT_ID = 82,
! 146: RAT_TUNNEL_PREFERENCE = 83,
! 147: RAT_ARAP_CHALLENGE_RESPONSE = 84,
! 148: RAT_ACCT_INTERIM_INTERVAL = 85,
! 149: RAT_ACCT_TUNNEL_PACKETS_LOST = 86,
! 150: RAT_NAS_PORT_ID = 87,
! 151: RAT_FRAMED_POOL = 88,
! 152: RAT_CUI = 89,
! 153: RAT_TUNNEL_CLIENT_AUTH_ID = 90,
! 154: RAT_TUNNEL_SERVER_AUTH_ID = 91,
! 155: RAT_NAS_FILTER_RULE = 92,
! 156: RAT_UNASSIGNED = 93,
! 157: RAT_ORIGINATING_LINE_INFO = 94,
! 158: RAT_NAS_IPV6_ADDRESS = 95,
! 159: RAT_FRAMED_INTERFACE_ID = 96,
! 160: RAT_FRAMED_IPV6_PREFIX = 97,
! 161: RAT_LOGIN_IPV6_HOST = 98,
! 162: RAT_FRAMED_IPV6_ROUTE = 99,
! 163: RAT_FRAMED_IPV6_POOL = 100,
! 164: RAT_ERROR_CAUSE = 101,
! 165: RAT_EAP_KEY_NAME = 102,
! 166: RAT_DIGEST_RESPONSE = 103,
! 167: RAT_DIGEST_REALM = 104,
! 168: RAT_DIGEST_NONCE = 105,
! 169: RAT_DIGEST_RESPONSE_AUTH = 106,
! 170: RAT_DIGEST_NEXTNONCE = 107,
! 171: RAT_DIGEST_METHOD = 108,
! 172: RAT_DIGEST_URI = 109,
! 173: RAT_DIGEST_QOP = 110,
! 174: RAT_DIGEST_ALGORITHM = 111,
! 175: RAT_DIGEST_ENTITY_BODY_HASH = 112,
! 176: RAT_DIGEST_CNONCE = 113,
! 177: RAT_DIGEST_NONCE_COUNT = 114,
! 178: RAT_DIGEST_USERNAME = 115,
! 179: RAT_DIGEST_OPAQUE = 116,
! 180: RAT_DIGEST_AUTH_PARAM = 117,
! 181: RAT_DIGEST_AKA_AUTS = 118,
! 182: RAT_DIGEST_DOMAIN = 119,
! 183: RAT_DIGEST_STALE = 120,
! 184: RAT_DIGEST_HA1 = 121,
! 185: RAT_SIP_AOR = 122,
! 186: RAT_DELEGATED_IPV6_PREFIX = 123,
! 187: RAT_MIP6_FEATURE_VECTOR = 124,
! 188: RAT_MIP6_HOME_LINK_PREFIX = 125,
! 189: RAT_FRAMED_IPV6_ADDRESS = 168,
! 190: RAT_FRAMED_IPV6_DNS_SERVER = 169,
! 191: RAT_ROUTE_IPV6_INFORMATION = 170,
! 192: RAT_DELEGATED_IPV6_PREFIX_POOL = 171,
! 193: RAT_STATEFUL_IPV6_ADDRESS_POOL = 172,
! 194: };
! 195:
! 196: /**
! 197: * Enum names for radius_attribute_type_t.
! 198: */
! 199: extern enum_name_t *radius_attribute_type_names;
! 200:
! 201: /**
! 202: * A RADIUS message, contains attributes.
! 203: */
! 204: struct radius_message_t {
! 205:
! 206: /**
! 207: * Create an enumerator over contained RADIUS attributes.
! 208: *
! 209: * @return enumerator over (int type, chunk_t data)
! 210: */
! 211: enumerator_t* (*create_enumerator)(radius_message_t *this);
! 212:
! 213: /**
! 214: * Create an enumerator over contained RADIUS Vendor-ID attributes.
! 215: *
! 216: * This enumerator parses only vendor specific attributes in the format
! 217: * recommended in RFC2865.
! 218: *
! 219: * @return enumerator over (int vendor, int type, chunk_t data)
! 220: */
! 221: enumerator_t* (*create_vendor_enumerator)(radius_message_t *this);
! 222:
! 223: /**
! 224: * Add a RADIUS attribute to the message.
! 225: *
! 226: * @param type type of attribute to add
! 227: * @param attribute data, gets cloned
! 228: */
! 229: void (*add)(radius_message_t *this, radius_attribute_type_t type,
! 230: chunk_t data);
! 231:
! 232: /**
! 233: * Get the message type (code).
! 234: *
! 235: * @return message code
! 236: */
! 237: radius_message_code_t (*get_code)(radius_message_t *this);
! 238:
! 239: /**
! 240: * Get the message identifier.
! 241: *
! 242: * @return message identifier
! 243: */
! 244: uint8_t (*get_identifier)(radius_message_t *this);
! 245:
! 246: /**
! 247: * Set the message identifier.
! 248: *
! 249: * @param identifier message identifier
! 250: */
! 251: void (*set_identifier)(radius_message_t *this, uint8_t identifier);
! 252:
! 253: /**
! 254: * Get the 16 byte authenticator.
! 255: *
! 256: * @return pointer to the Authenticator field
! 257: */
! 258: uint8_t* (*get_authenticator)(radius_message_t *this);
! 259:
! 260: /**
! 261: * Get the RADIUS message in its encoded form.
! 262: *
! 263: * @return chunk pointing to internal RADIUS message.
! 264: */
! 265: chunk_t (*get_encoding)(radius_message_t *this);
! 266:
! 267: /**
! 268: * Calculate and add the Message-Authenticator attribute to the message.
! 269: *
! 270: * @param req_auth 16 byte Authenticator of request, or NULL
! 271: * @param secret shared RADIUS secret
! 272: * @param signer HMAC-MD5 signer with secret set
! 273: * @param hasher MD5 hasher
! 274: * @param rng RNG to create Request-Authenticator, NULL to omit
! 275: * @param msg_auth calculate and add Message-Authenticator
! 276: * @return TRUE if signed successfully
! 277: */
! 278: bool (*sign)(radius_message_t *this, uint8_t *req_auth, chunk_t secret,
! 279: hasher_t *hasher, signer_t *signer, rng_t *rng, bool msg_auth);
! 280:
! 281: /**
! 282: * Verify the integrity of a received RADIUS message.
! 283: *
! 284: * @param req_auth 16 byte Authenticator of request, or NULL
! 285: * @param secret shared RADIUS secret
! 286: * @param signer HMAC-MD5 signer with secret set
! 287: * @param hasher MD5 hasher
! 288: */
! 289: bool (*verify)(radius_message_t *this, uint8_t *req_auth, chunk_t secret,
! 290: hasher_t *hasher, signer_t *signer);
! 291:
! 292: /**
! 293: * Perform RADIUS attribute en-/decryption.
! 294: *
! 295: * Performs en-/decryption by XOring the hash-extended secret into data,
! 296: * as specified in RFC 2865 5.2 and used by RFC 2548.
! 297: *
! 298: * @param salt salt to append to message authenticator, if any
! 299: * @param in data to en-/decrypt, multiple of HASH_SIZE_MD5
! 300: * @param out en-/decrypted data, length equal to in
! 301: * @param secret RADIUS secret
! 302: * @param hasher MD5 hasher
! 303: * @return TRUE if en-/decryption successful
! 304: */
! 305: bool (*crypt)(radius_message_t *this, chunk_t salt, chunk_t in, chunk_t out,
! 306: chunk_t secret, hasher_t *hasher);
! 307:
! 308: /**
! 309: * Destroy the message.
! 310: */
! 311: void (*destroy)(radius_message_t *this);
! 312: };
! 313:
! 314: /**
! 315: * Create an empty RADIUS message.
! 316: *
! 317: * @param code request type
! 318: * @return radius_message_t object
! 319: */
! 320: radius_message_t *radius_message_create(radius_message_code_t code);
! 321:
! 322: /**
! 323: * Parse and verify a received RADIUS message.
! 324: *
! 325: * @param data received message data
! 326: * @return radius_message_t object, NULL if length invalid
! 327: */
! 328: radius_message_t *radius_message_parse(chunk_t data);
! 329:
! 330: /**
! 331: * @}
! 332: * @addtogroup libradius
! 333: * @{
! 334: *
! 335: * Dummy libradius initialization function needed for integrity test
! 336: */
! 337: void libradius_init(void);
! 338:
! 339: #endif /** RADIUS_MESSAGE_H_ @}*/
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to radius_message.h CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / src / libradius