1 /* 2 * RADIUS client 3 * Copyright (c) 2002-2009, Jouni Malinen <j (at) w1.fi> 4 * 5 * This program is free software; you can redistribute it and/or modify 6 * it under the terms of the GNU General Public License version 2 as 7 * published by the Free Software Foundation. 8 * 9 * Alternatively, this software may be distributed under the terms of BSD 10 * license. 11 * 12 * See README and COPYING for more details. 13 */ 14 15 #ifndef RADIUS_CLIENT_H 16 #define RADIUS_CLIENT_H 17 18 #include "ip_addr.h" 19 20 struct radius_msg; 21 22 /** 23 * struct hostapd_radius_server - RADIUS server information for RADIUS client 24 * 25 * This structure contains information about a RADIUS server. The values are 26 * mainly for MIB information. The MIB variable prefix (radiusAuth or 27 * radiusAcc) depends on whether this is an authentication or accounting 28 * server. 29 * 30 * radiusAuthClientPendingRequests (or radiusAccClientPendingRequests) is the 31 * number struct radius_client_data::msgs for matching msg_type. 32 */ 33 struct hostapd_radius_server { 34 /** 35 * addr - radiusAuthServerAddress or radiusAccServerAddress 36 */ 37 struct hostapd_ip_addr addr; 38 39 /** 40 * port - radiusAuthClientServerPortNumber or radiusAccClientServerPortNumber 41 */ 42 int port; 43 44 /** 45 * shared_secret - Shared secret for authenticating RADIUS messages 46 */ 47 u8 *shared_secret; 48 49 /** 50 * shared_secret_len - Length of shared_secret in octets 51 */ 52 size_t shared_secret_len; 53 54 /* Dynamic (not from configuration file) MIB data */ 55 56 /** 57 * index - radiusAuthServerIndex or radiusAccServerIndex 58 */ 59 int index; 60 61 /** 62 * round_trip_time - radiusAuthClientRoundTripTime or radiusAccClientRoundTripTime 63 * Round-trip time in hundredths of a second. 64 */ 65 int round_trip_time; 66 67 /** 68 * requests - radiusAuthClientAccessRequests or radiusAccClientRequests 69 */ 70 u32 requests; 71 72 /** 73 * retransmissions - radiusAuthClientAccessRetransmissions or radiusAccClientRetransmissions 74 */ 75 u32 retransmissions; 76 77 /** 78 * access_accepts - radiusAuthClientAccessAccepts 79 */ 80 u32 access_accepts; 81 82 /** 83 * access_rejects - radiusAuthClientAccessRejects 84 */ 85 u32 access_rejects; 86 87 /** 88 * access_challenges - radiusAuthClientAccessChallenges 89 */ 90 u32 access_challenges; 91 92 /** 93 * responses - radiusAccClientResponses 94 */ 95 u32 responses; 96 97 /** 98 * malformed_responses - radiusAuthClientMalformedAccessResponses or radiusAccClientMalformedResponses 99 */ 100 u32 malformed_responses; 101 102 /** 103 * bad_authenticators - radiusAuthClientBadAuthenticators or radiusAccClientBadAuthenticators 104 */ 105 u32 bad_authenticators; 106 107 /** 108 * timeouts - radiusAuthClientTimeouts or radiusAccClientTimeouts 109 */ 110 u32 timeouts; 111 112 /** 113 * unknown_types - radiusAuthClientUnknownTypes or radiusAccClientUnknownTypes 114 */ 115 u32 unknown_types; 116 117 /** 118 * packets_dropped - radiusAuthClientPacketsDropped or radiusAccClientPacketsDropped 119 */ 120 u32 packets_dropped; 121 }; 122 123 /** 124 * struct hostapd_radius_servers - RADIUS servers for RADIUS client 125 */ 126 struct hostapd_radius_servers { 127 /** 128 * auth_servers - RADIUS Authentication servers in priority order 129 */ 130 struct hostapd_radius_server *auth_servers; 131 132 /** 133 * num_auth_servers - Number of auth_servers entries 134 */ 135 int num_auth_servers; 136 137 /** 138 * auth_server - The current Authentication server 139 */ 140 struct hostapd_radius_server *auth_server; 141 142 /** 143 * acct_servers - RADIUS Accounting servers in priority order 144 */ 145 struct hostapd_radius_server *acct_servers; 146 147 /** 148 * num_acct_servers - Number of acct_servers entries 149 */ 150 int num_acct_servers; 151 152 /** 153 * acct_server - The current Accounting server 154 */ 155 struct hostapd_radius_server *acct_server; 156 157 /** 158 * retry_primary_interval - Retry interval for trying primary server 159 * 160 * This specifies a retry interval in sexconds for trying to return to 161 * the primary RADIUS server. RADIUS client code will automatically try 162 * to use the next server when the current server is not replying to 163 * requests. If this interval is set (non-zero), the primary server 164 * will be retried after the specified number of seconds has passed 165 * even if the current used secondary server is still working. 166 */ 167 int retry_primary_interval; 168 169 /** 170 * msg_dumps - Whether RADIUS message details are shown in stdout 171 */ 172 int msg_dumps; 173 174 /** 175 * client_addr - Client (local) address to use if force_client_addr 176 */ 177 struct hostapd_ip_addr client_addr; 178 179 /** 180 * force_client_addr - Whether to force client (local) address 181 */ 182 int force_client_addr; 183 }; 184 185 186 /** 187 * RadiusType - RADIUS server type for RADIUS client 188 */ 189 typedef enum { 190 /** 191 * RADIUS authentication 192 */ 193 RADIUS_AUTH, 194 195 /** 196 * RADIUS_ACCT - RADIUS accounting 197 */ 198 RADIUS_ACCT, 199 200 /** 201 * RADIUS_ACCT_INTERIM - RADIUS interim accounting message 202 * 203 * Used only with radius_client_send(). This behaves just like 204 * RADIUS_ACCT, but removes any pending interim RADIUS Accounting 205 * messages for the same STA before sending the new interim update. 206 */ 207 RADIUS_ACCT_INTERIM 208 } RadiusType; 209 210 /** 211 * RadiusRxResult - RADIUS client RX handler result 212 */ 213 typedef enum { 214 /** 215 * RADIUS_RX_PROCESSED - Message processed 216 * 217 * This stops handler calls and frees the message. 218 */ 219 RADIUS_RX_PROCESSED, 220 221 /** 222 * RADIUS_RX_QUEUED - Message has been queued 223 * 224 * This stops handler calls, but does not free the message; the handler 225 * that returned this is responsible for eventually freeing the 226 * message. 227 */ 228 RADIUS_RX_QUEUED, 229 230 /** 231 * RADIUS_RX_UNKNOWN - Message is not for this handler 232 */ 233 RADIUS_RX_UNKNOWN, 234 235 /** 236 * RADIUS_RX_INVALID_AUTHENTICATOR - Message has invalid Authenticator 237 */ 238 RADIUS_RX_INVALID_AUTHENTICATOR 239 } RadiusRxResult; 240 241 struct radius_client_data; 242 243 int radius_client_register(struct radius_client_data *radius, 244 RadiusType msg_type, 245 RadiusRxResult (*handler) 246 (struct radius_msg *msg, struct radius_msg *req, 247 const u8 *shared_secret, size_t shared_secret_len, 248 void *data), 249 void *data); 250 int radius_client_send(struct radius_client_data *radius, 251 struct radius_msg *msg, 252 RadiusType msg_type, const u8 *addr); 253 u8 radius_client_get_id(struct radius_client_data *radius); 254 void radius_client_flush(struct radius_client_data *radius, int only_auth); 255 struct radius_client_data * 256 radius_client_init(void *ctx, struct hostapd_radius_servers *conf); 257 void radius_client_deinit(struct radius_client_data *radius); 258 void radius_client_flush_auth(struct radius_client_data *radius, 259 const u8 *addr); 260 int radius_client_get_mib(struct radius_client_data *radius, char *buf, 261 size_t buflen); 262 void radius_client_reconfig(struct radius_client_data *radius, 263 struct hostapd_radius_servers *conf); 264 265 #endif /* RADIUS_CLIENT_H */ 266
