Annotation of embedaddon/strongswan/src/libradius/radius_message.h, revision 1.1.1.1
1.1 misho 1: /*
2: * Copyright (C) 2009 Martin Willi
3: * HSR Hochschule fuer Technik Rapperswil
4: *
5: * This program is free software; you can redistribute it and/or modify it
6: * under the terms of the GNU General Public License as published by the
7: * Free Software Foundation; either version 2 of the License, or (at your
8: * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9: *
10: * This program is distributed in the hope that it will be useful, but
11: * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12: * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13: * for more details.
14: */
15:
16: /**
17: * @defgroup libradius libradius
18: *
19: * @addtogroup libradius
20: * RADIUS protocol support library.
21: *
22: * @defgroup radius_message radius_message
23: * @{ @ingroup libradius
24: */
25:
26: #ifndef RADIUS_MESSAGE_H_
27: #define RADIUS_MESSAGE_H_
28:
29: #include <library.h>
30: #include <pen/pen.h>
31:
32: #define MAX_RADIUS_ATTRIBUTE_SIZE 253
33:
34: #define RADIUS_TUNNEL_TYPE_ESP 9
35:
36: typedef struct radius_message_t radius_message_t;
37: typedef enum radius_message_code_t radius_message_code_t;
38: typedef enum radius_attribute_type_t radius_attribute_type_t;
39:
40: /**
41: * RADIUS Message Codes.
42: */
43: enum radius_message_code_t {
44: RMC_ACCESS_REQUEST = 1,
45: RMC_ACCESS_ACCEPT = 2,
46: RMC_ACCESS_REJECT = 3,
47: RMC_ACCOUNTING_REQUEST = 4,
48: RMC_ACCOUNTING_RESPONSE = 5,
49: RMC_ACCESS_CHALLENGE = 11,
50: RMC_DISCONNECT_REQUEST = 40,
51: RMC_DISCONNECT_ACK = 41,
52: RMC_DISCONNECT_NAK = 42,
53: RMC_COA_REQUEST = 43,
54: RMC_COA_ACK = 44,
55: RMC_COA_NAK = 45,
56: };
57:
58: /**
59: * Enum names for radius_attribute_type_t.
60: */
61: extern enum_name_t *radius_message_code_names;
62:
63: /**
64: * RADIUS Attribute Types.
65: */
66: enum radius_attribute_type_t {
67: RAT_USER_NAME = 1,
68: RAT_USER_PASSWORD = 2,
69: RAT_CHAP_PASSWORD = 3,
70: RAT_NAS_IP_ADDRESS = 4,
71: RAT_NAS_PORT = 5,
72: RAT_SERVICE_TYPE = 6,
73: RAT_FRAMED_PROTOCOL = 7,
74: RAT_FRAMED_IP_ADDRESS = 8,
75: RAT_FRAMED_IP_NETMASK = 9,
76: RAT_FRAMED_ROUTING = 10,
77: RAT_FILTER_ID = 11,
78: RAT_FRAMED_MTU = 12,
79: RAT_FRAMED_COMPRESSION = 13,
80: RAT_LOGIN_IP_HOST = 14,
81: RAT_LOGIN_SERVICE = 15,
82: RAT_LOGIN_TCP_PORT = 16,
83: RAT_REPLY_MESSAGE = 18,
84: RAT_CALLBACK_NUMBER = 19,
85: RAT_CALLBACK_ID = 20,
86: RAT_FRAMED_ROUTE = 22,
87: RAT_FRAMED_IPX_NETWORK = 23,
88: RAT_STATE = 24,
89: RAT_CLASS = 25,
90: RAT_VENDOR_SPECIFIC = 26,
91: RAT_SESSION_TIMEOUT = 27,
92: RAT_IDLE_TIMEOUT = 28,
93: RAT_TERMINATION_ACTION = 29,
94: RAT_CALLED_STATION_ID = 30,
95: RAT_CALLING_STATION_ID = 31,
96: RAT_NAS_IDENTIFIER = 32,
97: RAT_PROXY_STATE = 33,
98: RAT_LOGIN_LAT_SERVICE = 34,
99: RAT_LOGIN_LAT_NODE = 35,
100: RAT_LOGIN_LAT_GROUP = 36,
101: RAT_FRAMED_APPLETALK_LINK = 37,
102: RAT_FRAMED_APPLETALK_NETWORK = 38,
103: RAT_FRAMED_APPLETALK_ZONE = 39,
104: RAT_ACCT_STATUS_TYPE = 40,
105: RAT_ACCT_DELAY_TIME = 41,
106: RAT_ACCT_INPUT_OCTETS = 42,
107: RAT_ACCT_OUTPUT_OCTETS = 43,
108: RAT_ACCT_SESSION_ID = 44,
109: RAT_ACCT_AUTHENTIC = 45,
110: RAT_ACCT_SESSION_TIME = 46,
111: RAT_ACCT_INPUT_PACKETS = 47,
112: RAT_ACCT_OUTPUT_PACKETS = 48,
113: RAT_ACCT_TERMINATE_CAUSE = 49,
114: RAT_ACCT_MULTI_SESSION_ID = 50,
115: RAT_ACCT_LINK_COUNT = 51,
116: RAT_ACCT_INPUT_GIGAWORDS = 52,
117: RAT_ACCT_OUTPUT_GIGAWORDS = 53,
118: RAT_EVENT_TIMESTAMP = 55,
119: RAT_EGRESS_VLANID = 56,
120: RAT_INGRESS_FILTERS = 57,
121: RAT_EGRESS_VLAN_NAME = 58,
122: RAT_USER_PRIORITY_TABLE = 59,
123: RAT_CHAP_CHALLENGE = 60,
124: RAT_NAS_PORT_TYPE = 61,
125: RAT_PORT_LIMIT = 62,
126: RAT_LOGIN_LAT_PORT = 63,
127: RAT_TUNNEL_TYPE = 64,
128: RAT_TUNNEL_MEDIUM_TYPE = 65,
129: RAT_TUNNEL_CLIENT_ENDPOINT = 66,
130: RAT_TUNNEL_SERVER_ENDPOINT = 67,
131: RAT_ACCT_TUNNEL_CONNECTION = 68,
132: RAT_TUNNEL_PASSWORD = 69,
133: RAT_ARAP_PASSWORD = 70,
134: RAT_ARAP_FEATURES = 71,
135: RAT_ARAP_ZONE_ACCESS = 72,
136: RAT_ARAP_SECURITY = 73,
137: RAT_ARAP_SECURITY_DATA = 74,
138: RAT_PASSWORD_RETRY = 75,
139: RAT_PROMPT = 76,
140: RAT_CONNECT_INFO = 77,
141: RAT_CONFIGURATION_TOKEN = 78,
142: RAT_EAP_MESSAGE = 79,
143: RAT_MESSAGE_AUTHENTICATOR = 80,
144: RAT_TUNNEL_PRIVATE_GROUP_ID = 81,
145: RAT_TUNNEL_ASSIGNMENT_ID = 82,
146: RAT_TUNNEL_PREFERENCE = 83,
147: RAT_ARAP_CHALLENGE_RESPONSE = 84,
148: RAT_ACCT_INTERIM_INTERVAL = 85,
149: RAT_ACCT_TUNNEL_PACKETS_LOST = 86,
150: RAT_NAS_PORT_ID = 87,
151: RAT_FRAMED_POOL = 88,
152: RAT_CUI = 89,
153: RAT_TUNNEL_CLIENT_AUTH_ID = 90,
154: RAT_TUNNEL_SERVER_AUTH_ID = 91,
155: RAT_NAS_FILTER_RULE = 92,
156: RAT_UNASSIGNED = 93,
157: RAT_ORIGINATING_LINE_INFO = 94,
158: RAT_NAS_IPV6_ADDRESS = 95,
159: RAT_FRAMED_INTERFACE_ID = 96,
160: RAT_FRAMED_IPV6_PREFIX = 97,
161: RAT_LOGIN_IPV6_HOST = 98,
162: RAT_FRAMED_IPV6_ROUTE = 99,
163: RAT_FRAMED_IPV6_POOL = 100,
164: RAT_ERROR_CAUSE = 101,
165: RAT_EAP_KEY_NAME = 102,
166: RAT_DIGEST_RESPONSE = 103,
167: RAT_DIGEST_REALM = 104,
168: RAT_DIGEST_NONCE = 105,
169: RAT_DIGEST_RESPONSE_AUTH = 106,
170: RAT_DIGEST_NEXTNONCE = 107,
171: RAT_DIGEST_METHOD = 108,
172: RAT_DIGEST_URI = 109,
173: RAT_DIGEST_QOP = 110,
174: RAT_DIGEST_ALGORITHM = 111,
175: RAT_DIGEST_ENTITY_BODY_HASH = 112,
176: RAT_DIGEST_CNONCE = 113,
177: RAT_DIGEST_NONCE_COUNT = 114,
178: RAT_DIGEST_USERNAME = 115,
179: RAT_DIGEST_OPAQUE = 116,
180: RAT_DIGEST_AUTH_PARAM = 117,
181: RAT_DIGEST_AKA_AUTS = 118,
182: RAT_DIGEST_DOMAIN = 119,
183: RAT_DIGEST_STALE = 120,
184: RAT_DIGEST_HA1 = 121,
185: RAT_SIP_AOR = 122,
186: RAT_DELEGATED_IPV6_PREFIX = 123,
187: RAT_MIP6_FEATURE_VECTOR = 124,
188: RAT_MIP6_HOME_LINK_PREFIX = 125,
189: RAT_FRAMED_IPV6_ADDRESS = 168,
190: RAT_FRAMED_IPV6_DNS_SERVER = 169,
191: RAT_ROUTE_IPV6_INFORMATION = 170,
192: RAT_DELEGATED_IPV6_PREFIX_POOL = 171,
193: RAT_STATEFUL_IPV6_ADDRESS_POOL = 172,
194: };
195:
196: /**
197: * Enum names for radius_attribute_type_t.
198: */
199: extern enum_name_t *radius_attribute_type_names;
200:
201: /**
202: * A RADIUS message, contains attributes.
203: */
204: struct radius_message_t {
205:
206: /**
207: * Create an enumerator over contained RADIUS attributes.
208: *
209: * @return enumerator over (int type, chunk_t data)
210: */
211: enumerator_t* (*create_enumerator)(radius_message_t *this);
212:
213: /**
214: * Create an enumerator over contained RADIUS Vendor-ID attributes.
215: *
216: * This enumerator parses only vendor specific attributes in the format
217: * recommended in RFC2865.
218: *
219: * @return enumerator over (int vendor, int type, chunk_t data)
220: */
221: enumerator_t* (*create_vendor_enumerator)(radius_message_t *this);
222:
223: /**
224: * Add a RADIUS attribute to the message.
225: *
226: * @param type type of attribute to add
227: * @param attribute data, gets cloned
228: */
229: void (*add)(radius_message_t *this, radius_attribute_type_t type,
230: chunk_t data);
231:
232: /**
233: * Get the message type (code).
234: *
235: * @return message code
236: */
237: radius_message_code_t (*get_code)(radius_message_t *this);
238:
239: /**
240: * Get the message identifier.
241: *
242: * @return message identifier
243: */
244: uint8_t (*get_identifier)(radius_message_t *this);
245:
246: /**
247: * Set the message identifier.
248: *
249: * @param identifier message identifier
250: */
251: void (*set_identifier)(radius_message_t *this, uint8_t identifier);
252:
253: /**
254: * Get the 16 byte authenticator.
255: *
256: * @return pointer to the Authenticator field
257: */
258: uint8_t* (*get_authenticator)(radius_message_t *this);
259:
260: /**
261: * Get the RADIUS message in its encoded form.
262: *
263: * @return chunk pointing to internal RADIUS message.
264: */
265: chunk_t (*get_encoding)(radius_message_t *this);
266:
267: /**
268: * Calculate and add the Message-Authenticator attribute to the message.
269: *
270: * @param req_auth 16 byte Authenticator of request, or NULL
271: * @param secret shared RADIUS secret
272: * @param signer HMAC-MD5 signer with secret set
273: * @param hasher MD5 hasher
274: * @param rng RNG to create Request-Authenticator, NULL to omit
275: * @param msg_auth calculate and add Message-Authenticator
276: * @return TRUE if signed successfully
277: */
278: bool (*sign)(radius_message_t *this, uint8_t *req_auth, chunk_t secret,
279: hasher_t *hasher, signer_t *signer, rng_t *rng, bool msg_auth);
280:
281: /**
282: * Verify the integrity of a received RADIUS message.
283: *
284: * @param req_auth 16 byte Authenticator of request, or NULL
285: * @param secret shared RADIUS secret
286: * @param signer HMAC-MD5 signer with secret set
287: * @param hasher MD5 hasher
288: */
289: bool (*verify)(radius_message_t *this, uint8_t *req_auth, chunk_t secret,
290: hasher_t *hasher, signer_t *signer);
291:
292: /**
293: * Perform RADIUS attribute en-/decryption.
294: *
295: * Performs en-/decryption by XOring the hash-extended secret into data,
296: * as specified in RFC 2865 5.2 and used by RFC 2548.
297: *
298: * @param salt salt to append to message authenticator, if any
299: * @param in data to en-/decrypt, multiple of HASH_SIZE_MD5
300: * @param out en-/decrypted data, length equal to in
301: * @param secret RADIUS secret
302: * @param hasher MD5 hasher
303: * @return TRUE if en-/decryption successful
304: */
305: bool (*crypt)(radius_message_t *this, chunk_t salt, chunk_t in, chunk_t out,
306: chunk_t secret, hasher_t *hasher);
307:
308: /**
309: * Destroy the message.
310: */
311: void (*destroy)(radius_message_t *this);
312: };
313:
314: /**
315: * Create an empty RADIUS message.
316: *
317: * @param code request type
318: * @return radius_message_t object
319: */
320: radius_message_t *radius_message_create(radius_message_code_t code);
321:
322: /**
323: * Parse and verify a received RADIUS message.
324: *
325: * @param data received message data
326: * @return radius_message_t object, NULL if length invalid
327: */
328: radius_message_t *radius_message_parse(chunk_t data);
329:
330: /**
331: * @}
332: * @addtogroup libradius
333: * @{
334: *
335: * Dummy libradius initialization function needed for integrity test
336: */
337: void libradius_init(void);
338:
339: #endif /** RADIUS_MESSAGE_H_ @}*/
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to radius_message.h CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / src / libradius