2 * $Id: radiusclient.h,v 1.1 2004/11/14 07:26:26 paulus Exp $
4 * Copyright (C) 1995,1996,1997,1998 Lars Fenneberg
6 * Copyright 1992 Livingston Enterprises, Inc.
8 * Copyright 1992,1993, 1994,1995 The Regents of the University of Michigan
9 * and Merit Network, Inc. All Rights Reserved
11 * See the file COPYRIGHT for the respective terms and conditions.
12 * If the file is missing contact me at lf@elemental.net
13 * and I'll send you a copy.
17 #ifndef RADIUSCLIENT_H
18 #define RADIUSCLIENT_H
20 #include <sys/types.h>
25 #include <pppd/pppd.h>
26 #include <pppd/options.h>
29 /* This works for all machines that Linux runs on... */
30 typedef unsigned int UINT4;
34 #define AUTH_VECTOR_LEN 16
35 #define AUTH_PASS_LEN (3 * 16) /* multiple of 16 */
36 #define AUTH_ID_LEN 64
37 #define AUTH_STRING_LEN 253 /* maximum of 253 */
39 #define BUFFER_LEN 8192
41 #define NAME_LENGTH 32
42 #define GETSTR_LENGTH 128 /* must be bigger than AUTH_PASS_LEN */
44 /* codes for radius_buildreq, radius_getport, etc. */
48 /* defines for config.c */
52 #define AUTH_LOCAL_FST (1<<0)
53 #define AUTH_RADIUS_FST (1<<1)
54 #define AUTH_LOCAL_SND (1<<2)
55 #define AUTH_RADIUS_SND (1<<3)
57 typedef struct server {
59 char *name[SERVER_MAX];
60 unsigned short port[SERVER_MAX];
63 typedef struct pw_auth_hdr
68 u_char vector[AUTH_VECTOR_LEN];
72 #define AUTH_HDR_LEN 20
73 #define MAX_SECRET_LENGTH (3 * 16) /* MUST be multiple of 16 */
74 #define CHAP_VALUE_LENGTH 16
76 #define PW_AUTH_UDP_PORT 1812
77 #define PW_ACCT_UDP_PORT 1813
79 #define PW_TYPE_STRING 0
80 #define PW_TYPE_INTEGER 1
81 #define PW_TYPE_IPADDR 2
82 #define PW_TYPE_DATE 3
83 #define PW_TYPE_ABINARY 4
84 #define PW_TYPE_OCTETS 5
85 #define PW_TYPE_IFID 6
86 #define PW_TYPE_IPV6ADDR 7
87 #define PW_TYPE_IPV6PREFIX 8
88 #define PW_TYPE_BYTE 9
89 #define PW_TYPE_SHORT 10
90 #define PW_TYPE_ETHERNET 11
91 #define PW_TYPE_SIGNED 12
92 #define PW_TYPE_COMBO_IP 13
93 #define PW_TYPE_TLV 14
95 /* standard RADIUS codes */
97 #define PW_ACCESS_REQUEST 1
98 #define PW_ACCESS_ACCEPT 2
99 #define PW_ACCESS_REJECT 3
100 #define PW_ACCOUNTING_REQUEST 4
101 #define PW_ACCOUNTING_RESPONSE 5
102 #define PW_ACCOUNTING_STATUS 6
103 #define PW_PASSWORD_REQUEST 7
104 #define PW_PASSWORD_ACK 8
105 #define PW_PASSWORD_REJECT 9
106 #define PW_ACCOUNTING_MESSAGE 10
107 #define PW_ACCESS_CHALLENGE 11
108 #define PW_STATUS_SERVER 12
109 #define PW_STATUS_CLIENT 13
112 /* standard RADIUS attribute-value pairs */
114 #define PW_USER_NAME 1 /* string */
115 #define PW_USER_PASSWORD 2 /* string */
116 #define PW_CHAP_PASSWORD 3 /* string */
117 #define PW_NAS_IP_ADDRESS 4 /* ipaddr */
118 #define PW_NAS_PORT 5 /* integer */
119 #define PW_SERVICE_TYPE 6 /* integer */
120 #define PW_FRAMED_PROTOCOL 7 /* integer */
121 #define PW_FRAMED_IP_ADDRESS 8 /* ipaddr */
122 #define PW_FRAMED_IP_NETMASK 9 /* ipaddr */
123 #define PW_FRAMED_ROUTING 10 /* integer */
124 #define PW_FILTER_ID 11 /* string */
125 #define PW_FRAMED_MTU 12 /* integer */
126 #define PW_FRAMED_COMPRESSION 13 /* integer */
127 #define PW_LOGIN_IP_HOST 14 /* ipaddr */
128 #define PW_LOGIN_SERVICE 15 /* integer */
129 #define PW_LOGIN_PORT 16 /* integer */
130 #define PW_OLD_PASSWORD 17 /* string */ /* deprecated */
131 #define PW_REPLY_MESSAGE 18 /* string */
132 #define PW_LOGIN_CALLBACK_NUMBER 19 /* string */
133 #define PW_FRAMED_CALLBACK_ID 20 /* string */
134 #define PW_EXPIRATION 21 /* date */ /* deprecated */
135 #define PW_FRAMED_ROUTE 22 /* string */
136 #define PW_FRAMED_IPX_NETWORK 23 /* integer */
137 #define PW_STATE 24 /* string */
138 #define PW_CLASS 25 /* string */
139 #define PW_VENDOR_SPECIFIC 26 /* string */
140 #define PW_SESSION_TIMEOUT 27 /* integer */
141 #define PW_IDLE_TIMEOUT 28 /* integer */
142 #define PW_TERMINATION_ACTION 29 /* integer */
143 #define PW_CALLED_STATION_ID 30 /* string */
144 #define PW_CALLING_STATION_ID 31 /* string */
145 #define PW_NAS_IDENTIFIER 32 /* string */
146 #define PW_PROXY_STATE 33 /* string */
147 #define PW_LOGIN_LAT_SERVICE 34 /* string */
148 #define PW_LOGIN_LAT_NODE 35 /* string */
149 #define PW_LOGIN_LAT_GROUP 36 /* string */
150 #define PW_FRAMED_APPLETALK_LINK 37 /* integer */
151 #define PW_FRAMED_APPLETALK_NETWORK 38 /* integer */
152 #define PW_FRAMED_APPLETALK_ZONE 39 /* string */
153 #define PW_CHAP_CHALLENGE 60 /* string */
154 #define PW_NAS_PORT_TYPE 61 /* integer */
155 #define PW_PORT_LIMIT 62 /* integer */
156 #define PW_LOGIN_LAT_PORT 63 /* string */
158 /* Vendor RADIUS attribute-value pairs */
159 #define PW_MS_CHAP_CHALLENGE 11 /* string */
160 #define PW_MS_CHAP_RESPONSE 1 /* string */
161 #define PW_MS_CHAP2_RESPONSE 25 /* string */
162 #define PW_MS_CHAP2_SUCCESS 26 /* string */
163 #define PW_MS_MPPE_ENCRYPTION_POLICY 7 /* string */
164 #define PW_MS_MPPE_ENCRYPTION_TYPE 8 /* string */
165 #define PW_MS_MPPE_ENCRYPTION_TYPES PW_MS_MPPE_ENCRYPTION_TYPE
166 #define PW_MS_CHAP_MPPE_KEYS 12 /* string */
167 #define PW_MS_MPPE_SEND_KEY 16 /* string */
168 #define PW_MS_MPPE_RECV_KEY 17 /* string */
169 #define PW_MS_PRIMARY_DNS_SERVER 28 /* ipaddr */
170 #define PW_MS_SECONDARY_DNS_SERVER 29 /* ipaddr */
171 #define PW_MS_PRIMARY_NBNS_SERVER 30 /* ipaddr */
172 #define PW_MS_SECONDARY_NBNS_SERVER 31 /* ipaddr */
176 #define PW_ACCT_STATUS_TYPE 40 /* integer */
177 #define PW_ACCT_DELAY_TIME 41 /* integer */
178 #define PW_ACCT_INPUT_OCTETS 42 /* integer */
179 #define PW_ACCT_OUTPUT_OCTETS 43 /* integer */
180 #define PW_ACCT_SESSION_ID 44 /* string */
181 #define PW_ACCT_AUTHENTIC 45 /* integer */
182 #define PW_ACCT_SESSION_TIME 46 /* integer */
183 #define PW_ACCT_INPUT_PACKETS 47 /* integer */
184 #define PW_ACCT_OUTPUT_PACKETS 48 /* integer */
185 #define PW_ACCT_TERMINATE_CAUSE 49 /* integer */
186 #define PW_ACCT_MULTI_SESSION_ID 50 /* string */
187 #define PW_ACCT_LINK_COUNT 51 /* integer */
190 #define PW_ACCT_INPUT_GIGAWORDS 52 /* integer */
191 #define PW_ACCT_OUTPUT_GIGAWORDS 53 /* integer */
192 #define PW_ACCT_INTERIM_INTERVAL 85 /* integer */
194 /* Merit Experimental Extensions */
196 #define PW_USER_ID 222 /* string */
197 #define PW_USER_REALM 223 /* string */
201 #define PW_SESSION_OCTETS_LIMIT 227 /* integer */
202 #define PW_OCTETS_DIRECTION 228 /* integer */
204 /* Integer Translations */
210 #define PW_CALLBACK_LOGIN 3
211 #define PW_CALLBACK_FRAMED 4
212 #define PW_OUTBOUND 5
213 #define PW_ADMINISTRATIVE 6
214 #define PW_NAS_PROMPT 7
215 #define PW_AUTHENTICATE_ONLY 8
216 #define PW_CALLBACK_NAS_PROMPT 9
218 /* FRAMED PROTOCOLS */
224 #define PW_XYLOGICS 5
226 /* FRAMED ROUTING VALUES */
229 #define PW_BROADCAST 1
231 #define PW_BROADCAST_LISTEN 3
233 /* FRAMED COMPRESSION TYPES */
235 #define PW_VAN_JACOBSON_TCP_IP 1
236 #define PW_IPX_HEADER_COMPRESSION 2
242 #define PW_TCP_CLEAR 2
243 #define PW_PORTMASTER 3
246 #define PW_X25_T3POS 6
248 /* TERMINATION ACTIONS */
251 #define PW_RADIUS_REQUEST 1
253 /* PROHIBIT PROTOCOL */
255 #define PW_DUMB 0 /* 1 and 2 are defined in FRAMED PROTOCOLS */
256 #define PW_AUTH_ONLY 3
259 /* ACCOUNTING STATUS TYPES */
261 #define PW_STATUS_START 1
262 #define PW_STATUS_STOP 2
263 #define PW_STATUS_ALIVE 3
264 #define PW_STATUS_MODEM_START 4
265 #define PW_STATUS_MODEM_STOP 5
266 #define PW_STATUS_CANCEL 6
267 #define PW_ACCOUNTING_ON 7
268 #define PW_ACCOUNTING_OFF 8
270 /* ACCOUNTING TERMINATION CAUSES */
272 #define PW_USER_REQUEST 1
273 #define PW_LOST_CARRIER 2
274 #define PW_LOST_SERVICE 3
275 #define PW_ACCT_IDLE_TIMEOUT 4
276 #define PW_ACCT_SESSION_TIMEOUT 5
277 #define PW_ADMIN_RESET 6
278 #define PW_ADMIN_REBOOT 7
279 #define PW_PORT_ERROR 8
280 #define PW_NAS_ERROR 9
281 #define PW_NAS_REQUEST 10
282 #define PW_NAS_REBOOT 11
283 #define PW_PORT_UNNEEDED 12
284 #define PW_PORT_PREEMPTED 13
285 #define PW_PORT_SUSPENDED 14
286 #define PW_SERVICE_UNAVAILABLE 15
287 #define PW_CALLBACK 16
288 #define PW_USER_ERROR 17
289 #define PW_HOST_REQUEST 18
295 #define PW_ISDN_SYNC 2
296 #define PW_ISDN_SYNC_V120 3
297 #define PW_ISDN_SYNC_V110 4
300 /* AUTHENTIC TYPES */
305 /* Session-Octets-Limit */
306 #define PW_OCTETS_DIRECTION_SUM 0
307 #define PW_OCTETS_DIRECTION_IN 1
308 #define PW_OCTETS_DIRECTION_OUT 2
309 #define PW_OCTETS_DIRECTION_MAX 3
313 #define VENDOR_NONE (-1)
314 #define VENDOR_MICROSOFT 311
316 /* Server data structures */
318 typedef struct dict_attr
320 char name[NAME_LENGTH + 1]; /* attribute name */
321 int value; /* attribute index */
322 int type; /* string, int, etc. */
323 int vendorcode; /* vendor code */
324 struct dict_attr *next;
327 typedef struct dict_value
329 char attrname[NAME_LENGTH +1];
330 char name[NAME_LENGTH + 1];
332 struct dict_value *next;
335 typedef struct vendor_dict
337 char vendorname[NAME_LENGTH + 1];
339 DICT_ATTR *attributes;
340 struct vendor_dict *next;
343 typedef struct value_pair
345 char name[NAME_LENGTH + 1];
350 u_char strvalue[AUTH_STRING_LEN + 1];
351 struct value_pair *next;
354 /* don't change this, as it has to be the same as in the Merit radiusd code */
355 #define MGMT_POLL_SECRET "Hardlyasecret"
357 /* Define return codes from "SendServer" utility */
359 #define BADRESP_RC -2
364 typedef struct send_data /* Used to pass information to sendserver() function */
366 u_char code; /* RADIUS packet code */
367 u_char seq_nbr; /* Packet sequence number */
368 char *server; /* Name/addrress of RADIUS server */
369 int svc_port; /* RADIUS protocol destination port */
370 int timeout; /* Session timeout in seconds */
372 VALUE_PAIR *send_pairs; /* More a/v pairs to send */
373 VALUE_PAIR *receive_pairs; /* Where to place received a/v pairs */
376 typedef struct request_info
378 char secret[MAX_SECRET_LENGTH + 1];
379 u_char request_vector[AUTH_VECTOR_LEN];
383 #define MIN(a, b) ((a) < (b) ? (a) : (b))
386 #define MAX(a, b) ((a) > (b) ? (a) : (b))
390 #define PATH_MAX 1024
401 /* Function prototypes */
405 VALUE_PAIR *rc_avpair_add(VALUE_PAIR **, int, const void *, int, int);
406 int rc_avpair_assign(VALUE_PAIR *, const void *, int);
407 VALUE_PAIR *rc_avpair_new(int, const void *, int, int);
408 VALUE_PAIR *rc_avpair_gen(AUTH_HDR *);
409 VALUE_PAIR *rc_avpair_get(VALUE_PAIR *, UINT4);
410 VALUE_PAIR *rc_avpair_copy(VALUE_PAIR *);
411 void rc_avpair_insert(VALUE_PAIR **, VALUE_PAIR *, VALUE_PAIR *);
412 void rc_avpair_free(VALUE_PAIR *);
413 int rc_avpair_parse(char *, VALUE_PAIR **);
414 int rc_avpair_tostr(VALUE_PAIR *, char *, int, char *, int);
415 VALUE_PAIR *rc_avpair_readin(FILE *);
419 void rc_buildreq(SEND_DATA *, int, char *, unsigned short, int, int);
420 unsigned char rc_get_seqnbr(void);
421 int rc_auth(UINT4, VALUE_PAIR *, VALUE_PAIR **, char *, REQUEST_INFO *);
422 int rc_auth_using_server(SERVER *, UINT4, VALUE_PAIR *, VALUE_PAIR **,
423 char *, REQUEST_INFO *);
424 int rc_auth_proxy(VALUE_PAIR *, VALUE_PAIR **, char *);
425 int rc_acct(UINT4, VALUE_PAIR *);
426 int rc_acct_using_server(SERVER *, UINT4, VALUE_PAIR *);
427 int rc_acct_proxy(VALUE_PAIR *);
428 int rc_check(char *, unsigned short, char *);
432 int rc_read_mapfile(char *);
433 UINT4 rc_map2id(const char *);
437 int rc_read_config(char *);
438 char *rc_conf_str(char *);
439 int rc_conf_int(char *);
440 SERVER *rc_conf_srv(char *);
441 int rc_find_server(char *, UINT4 *, char *);
445 int rc_read_dictionary(char *);
446 DICT_ATTR *rc_dict_getattr(int, int);
447 DICT_ATTR *rc_dict_findattr(char *);
448 DICT_VALUE *rc_dict_findval(char *);
449 DICT_VALUE * rc_dict_getval(UINT4, char *);
450 VENDOR_DICT * rc_dict_findvendor(char *);
451 VENDOR_DICT * rc_dict_getvendor(int);
455 UINT4 rc_get_ipaddr(const char *);
456 int rc_good_ipaddr(const char *);
457 const char *rc_ip_hostname(UINT4);
458 UINT4 rc_own_ipaddress(void);
459 UINT4 rc_own_bind_ipaddress(void);
464 int rc_send_server(SEND_DATA *, char *, REQUEST_INFO *);
468 void rc_str2tm(char *, struct tm *);
469 char *rc_mksid(void);
474 int rc_md5_calc(unsigned char *out, const unsigned char *in, unsigned int inl);
476 #endif /* RADIUSCLIENT_H */