1 /* 2 * $Id: radiusclient.h,v 1.1 2004/11/14 07:26:26 paulus Exp $ 3 * 4 * Copyright (C) 1995,1996,1997,1998 Lars Fenneberg 5 * 6 * Copyright 1992 Livingston Enterprises, Inc. 7 * 8 * Copyright 1992,1993, 1994,1995 The Regents of the University of Michigan 9 * and Merit Network, Inc. All Rights Reserved 10 * 11 * See the file COPYRIGHT for the respective terms and conditions. 12 * If the file is missing contact me at lf (at) elemental.net 13 * and I'll send you a copy. 14 * 15 */ 16 17 #ifndef RADIUSCLIENT_H 18 #define RADIUSCLIENT_H 19 20 #include <sys/types.h> 21 #include <stdio.h> 22 #include <time.h> 23 #include "pppd.h" 24 25 #ifndef _UINT4_T 26 /* This works for all machines that Linux runs on... */ 27 typedef unsigned int UINT4; 28 typedef int INT4; 29 #endif 30 31 #define AUTH_VECTOR_LEN 16 32 #define AUTH_PASS_LEN (3 * 16) /* multiple of 16 */ 33 #define AUTH_ID_LEN 64 34 #define AUTH_STRING_LEN 128 /* maximum of 253 */ 35 36 #define BUFFER_LEN 8192 37 38 #define NAME_LENGTH 32 39 #define GETSTR_LENGTH 128 /* must be bigger than AUTH_PASS_LEN */ 40 41 /* codes for radius_buildreq, radius_getport, etc. */ 42 #define AUTH 0 43 #define ACCT 1 44 45 /* defines for config.c */ 46 47 #define SERVER_MAX 8 48 49 #define AUTH_LOCAL_FST (1<<0) 50 #define AUTH_RADIUS_FST (1<<1) 51 #define AUTH_LOCAL_SND (1<<2) 52 #define AUTH_RADIUS_SND (1<<3) 53 54 typedef struct server { 55 int max; 56 char *name[SERVER_MAX]; 57 unsigned short port[SERVER_MAX]; 58 } SERVER; 59 60 typedef struct pw_auth_hdr 61 { 62 u_char code; 63 u_char id; 64 u_short length; 65 u_char vector[AUTH_VECTOR_LEN]; 66 u_char data[2]; 67 } AUTH_HDR; 68 69 #define AUTH_HDR_LEN 20 70 #define MAX_SECRET_LENGTH (3 * 16) /* MUST be multiple of 16 */ 71 #define CHAP_VALUE_LENGTH 16 72 73 #define PW_AUTH_UDP_PORT 1812 74 #define PW_ACCT_UDP_PORT 1813 75 76 #define PW_TYPE_STRING 0 77 #define PW_TYPE_INTEGER 1 78 #define PW_TYPE_IPADDR 2 79 #define PW_TYPE_DATE 3 80 81 /* standard RADIUS codes */ 82 83 #define PW_ACCESS_REQUEST 1 84 #define PW_ACCESS_ACCEPT 2 85 #define PW_ACCESS_REJECT 3 86 #define PW_ACCOUNTING_REQUEST 4 87 #define PW_ACCOUNTING_RESPONSE 5 88 #define PW_ACCOUNTING_STATUS 6 89 #define PW_PASSWORD_REQUEST 7 90 #define PW_PASSWORD_ACK 8 91 #define PW_PASSWORD_REJECT 9 92 #define PW_ACCOUNTING_MESSAGE 10 93 #define PW_ACCESS_CHALLENGE 11 94 #define PW_STATUS_SERVER 12 95 #define PW_STATUS_CLIENT 13 96 97 98 /* standard RADIUS attribute-value pairs */ 99 100 #define PW_USER_NAME 1 /* string */ 101 #define PW_USER_PASSWORD 2 /* string */ 102 #define PW_CHAP_PASSWORD 3 /* string */ 103 #define PW_NAS_IP_ADDRESS 4 /* ipaddr */ 104 #define PW_NAS_PORT 5 /* integer */ 105 #define PW_SERVICE_TYPE 6 /* integer */ 106 #define PW_FRAMED_PROTOCOL 7 /* integer */ 107 #define PW_FRAMED_IP_ADDRESS 8 /* ipaddr */ 108 #define PW_FRAMED_IP_NETMASK 9 /* ipaddr */ 109 #define PW_FRAMED_ROUTING 10 /* integer */ 110 #define PW_FILTER_ID 11 /* string */ 111 #define PW_FRAMED_MTU 12 /* integer */ 112 #define PW_FRAMED_COMPRESSION 13 /* integer */ 113 #define PW_LOGIN_IP_HOST 14 /* ipaddr */ 114 #define PW_LOGIN_SERVICE 15 /* integer */ 115 #define PW_LOGIN_PORT 16 /* integer */ 116 #define PW_OLD_PASSWORD 17 /* string */ /* deprecated */ 117 #define PW_REPLY_MESSAGE 18 /* string */ 118 #define PW_LOGIN_CALLBACK_NUMBER 19 /* string */ 119 #define PW_FRAMED_CALLBACK_ID 20 /* string */ 120 #define PW_EXPIRATION 21 /* date */ /* deprecated */ 121 #define PW_FRAMED_ROUTE 22 /* string */ 122 #define PW_FRAMED_IPX_NETWORK 23 /* integer */ 123 #define PW_STATE 24 /* string */ 124 #define PW_CLASS 25 /* string */ 125 #define PW_VENDOR_SPECIFIC 26 /* string */ 126 #define PW_SESSION_TIMEOUT 27 /* integer */ 127 #define PW_IDLE_TIMEOUT 28 /* integer */ 128 #define PW_TERMINATION_ACTION 29 /* integer */ 129 #define PW_CALLED_STATION_ID 30 /* string */ 130 #define PW_CALLING_STATION_ID 31 /* string */ 131 #define PW_NAS_IDENTIFIER 32 /* string */ 132 #define PW_PROXY_STATE 33 /* string */ 133 #define PW_LOGIN_LAT_SERVICE 34 /* string */ 134 #define PW_LOGIN_LAT_NODE 35 /* string */ 135 #define PW_LOGIN_LAT_GROUP 36 /* string */ 136 #define PW_FRAMED_APPLETALK_LINK 37 /* integer */ 137 #define PW_FRAMED_APPLETALK_NETWORK 38 /* integer */ 138 #define PW_FRAMED_APPLETALK_ZONE 39 /* string */ 139 #define PW_CHAP_CHALLENGE 60 /* string */ 140 #define PW_NAS_PORT_TYPE 61 /* integer */ 141 #define PW_PORT_LIMIT 62 /* integer */ 142 #define PW_LOGIN_LAT_PORT 63 /* string */ 143 144 /* Vendor RADIUS attribute-value pairs */ 145 #define PW_MS_CHAP_CHALLENGE 11 /* string */ 146 #define PW_MS_CHAP_RESPONSE 1 /* string */ 147 #define PW_MS_CHAP2_RESPONSE 25 /* string */ 148 #define PW_MS_CHAP2_SUCCESS 26 /* string */ 149 #define PW_MS_MPPE_ENCRYPTION_POLICY 7 /* string */ 150 #define PW_MS_MPPE_ENCRYPTION_TYPE 8 /* string */ 151 #define PW_MS_MPPE_ENCRYPTION_TYPES PW_MS_MPPE_ENCRYPTION_TYPE 152 #define PW_MS_CHAP_MPPE_KEYS 12 /* string */ 153 #define PW_MS_MPPE_SEND_KEY 16 /* string */ 154 #define PW_MS_MPPE_RECV_KEY 17 /* string */ 155 156 /* Accounting */ 157 158 #define PW_ACCT_STATUS_TYPE 40 /* integer */ 159 #define PW_ACCT_DELAY_TIME 41 /* integer */ 160 #define PW_ACCT_INPUT_OCTETS 42 /* integer */ 161 #define PW_ACCT_OUTPUT_OCTETS 43 /* integer */ 162 #define PW_ACCT_SESSION_ID 44 /* string */ 163 #define PW_ACCT_AUTHENTIC 45 /* integer */ 164 #define PW_ACCT_SESSION_TIME 46 /* integer */ 165 #define PW_ACCT_INPUT_PACKETS 47 /* integer */ 166 #define PW_ACCT_OUTPUT_PACKETS 48 /* integer */ 167 #define PW_ACCT_TERMINATE_CAUSE 49 /* integer */ 168 #define PW_ACCT_MULTI_SESSION_ID 50 /* string */ 169 #define PW_ACCT_LINK_COUNT 51 /* integer */ 170 171 /* From RFC 2869 */ 172 #define PW_ACCT_INTERIM_INTERVAL 85 /* integer */ 173 174 /* Merit Experimental Extensions */ 175 176 #define PW_USER_ID 222 /* string */ 177 #define PW_USER_REALM 223 /* string */ 178 179 180 /* Session limits */ 181 #define PW_SESSION_OCTETS_LIMIT 227 /* integer */ 182 #define PW_OCTETS_DIRECTION 228 /* integer */ 183 184 /* Integer Translations */ 185 186 /* SERVICE TYPES */ 187 188 #define PW_LOGIN 1 189 #define PW_FRAMED 2 190 #define PW_CALLBACK_LOGIN 3 191 #define PW_CALLBACK_FRAMED 4 192 #define PW_OUTBOUND 5 193 #define PW_ADMINISTRATIVE 6 194 #define PW_NAS_PROMPT 7 195 #define PW_AUTHENTICATE_ONLY 8 196 #define PW_CALLBACK_NAS_PROMPT 9 197 198 /* FRAMED PROTOCOLS */ 199 200 #define PW_PPP 1 201 #define PW_SLIP 2 202 #define PW_ARA 3 203 #define PW_GANDALF 4 204 #define PW_XYLOGICS 5 205 206 /* FRAMED ROUTING VALUES */ 207 208 #define PW_NONE 0 209 #define PW_BROADCAST 1 210 #define PW_LISTEN 2 211 #define PW_BROADCAST_LISTEN 3 212 213 /* FRAMED COMPRESSION TYPES */ 214 215 #define PW_VAN_JACOBSON_TCP_IP 1 216 #define PW_IPX_HEADER_COMPRESSION 2 217 218 /* LOGIN SERVICES */ 219 220 #define PW_TELNET 0 221 #define PW_RLOGIN 1 222 #define PW_TCP_CLEAR 2 223 #define PW_PORTMASTER 3 224 #define PW_LAT 4 225 #define PW_X25_PAD 5 226 #define PW_X25_T3POS 6 227 228 /* TERMINATION ACTIONS */ 229 230 #define PW_DEFAULT 0 231 #define PW_RADIUS_REQUEST 1 232 233 /* PROHIBIT PROTOCOL */ 234 235 #define PW_DUMB 0 /* 1 and 2 are defined in FRAMED PROTOCOLS */ 236 #define PW_AUTH_ONLY 3 237 #define PW_ALL 255 238 239 /* ACCOUNTING STATUS TYPES */ 240 241 #define PW_STATUS_START 1 242 #define PW_STATUS_STOP 2 243 #define PW_STATUS_ALIVE 3 244 #define PW_STATUS_MODEM_START 4 245 #define PW_STATUS_MODEM_STOP 5 246 #define PW_STATUS_CANCEL 6 247 #define PW_ACCOUNTING_ON 7 248 #define PW_ACCOUNTING_OFF 8 249 250 /* ACCOUNTING TERMINATION CAUSES */ 251 252 #define PW_USER_REQUEST 1 253 #define PW_LOST_CARRIER 2 254 #define PW_LOST_SERVICE 3 255 #define PW_ACCT_IDLE_TIMEOUT 4 256 #define PW_ACCT_SESSION_TIMEOUT 5 257 #define PW_ADMIN_RESET 6 258 #define PW_ADMIN_REBOOT 7 259 #define PW_PORT_ERROR 8 260 #define PW_NAS_ERROR 9 261 #define PW_NAS_REQUEST 10 262 #define PW_NAS_REBOOT 11 263 #define PW_PORT_UNNEEDED 12 264 #define PW_PORT_PREEMPTED 13 265 #define PW_PORT_SUSPENDED 14 266 #define PW_SERVICE_UNAVAILABLE 15 267 #define PW_CALLBACK 16 268 #define PW_USER_ERROR 17 269 #define PW_HOST_REQUEST 18 270 271 /* NAS PORT TYPES */ 272 273 #define PW_ASYNC 0 274 #define PW_SYNC 1 275 #define PW_ISDN_SYNC 2 276 #define PW_ISDN_SYNC_V120 3 277 #define PW_ISDN_SYNC_V110 4 278 #define PW_VIRTUAL 5 279 280 /* AUTHENTIC TYPES */ 281 #define PW_RADIUS 1 282 #define PW_LOCAL 2 283 #define PW_REMOTE 3 284 285 /* Session-Octets-Limit */ 286 #define PW_OCTETS_DIRECTION_SUM 0 287 #define PW_OCTETS_DIRECTION_IN 1 288 #define PW_OCTETS_DIRECTION_OUT 2 289 #define PW_OCTETS_DIRECTION_MAX 3 290 291 292 /* Vendor codes */ 293 #define VENDOR_NONE (-1) 294 #define VENDOR_MICROSOFT 311 295 296 /* Server data structures */ 297 298 typedef struct dict_attr 299 { 300 char name[NAME_LENGTH + 1]; /* attribute name */ 301 int value; /* attribute index */ 302 int type; /* string, int, etc. */ 303 int vendorcode; /* vendor code */ 304 struct dict_attr *next; 305 } DICT_ATTR; 306 307 typedef struct dict_value 308 { 309 char attrname[NAME_LENGTH +1]; 310 char name[NAME_LENGTH + 1]; 311 int value; 312 struct dict_value *next; 313 } DICT_VALUE; 314 315 typedef struct vendor_dict 316 { 317 char vendorname[NAME_LENGTH + 1]; 318 int vendorcode; 319 DICT_ATTR *attributes; 320 struct vendor_dict *next; 321 } VENDOR_DICT; 322 323 typedef struct value_pair 324 { 325 char name[NAME_LENGTH + 1]; 326 int attribute; 327 int vendorcode; 328 int type; 329 UINT4 lvalue; 330 u_char strvalue[AUTH_STRING_LEN + 1]; 331 struct value_pair *next; 332 } VALUE_PAIR; 333 334 /* don't change this, as it has to be the same as in the Merit radiusd code */ 335 #define MGMT_POLL_SECRET "Hardlyasecret" 336 337 /* Define return codes from "SendServer" utility */ 338 339 #define BADRESP_RC -2 340 #define ERROR_RC -1 341 #define OK_RC 0 342 #define TIMEOUT_RC 1 343 344 typedef struct send_data /* Used to pass information to sendserver() function */ 345 { 346 u_char code; /* RADIUS packet code */ 347 u_char seq_nbr; /* Packet sequence number */ 348 char *server; /* Name/addrress of RADIUS server */ 349 int svc_port; /* RADIUS protocol destination port */ 350 int timeout; /* Session timeout in seconds */ 351 int retries; 352 VALUE_PAIR *send_pairs; /* More a/v pairs to send */ 353 VALUE_PAIR *receive_pairs; /* Where to place received a/v pairs */ 354 } SEND_DATA; 355 356 typedef struct request_info 357 { 358 char secret[MAX_SECRET_LENGTH + 1]; 359 u_char request_vector[AUTH_VECTOR_LEN]; 360 } REQUEST_INFO; 361 362 #ifndef MIN 363 #define MIN(a, b) ((a) < (b) ? (a) : (b)) 364 #endif 365 #ifndef MAX 366 #define MAX(a, b) ((a) > (b) ? (a) : (b)) 367 #endif 368 369 #ifndef PATH_MAX 370 #define PATH_MAX 1024 371 #endif 372 373 typedef struct env 374 { 375 int maxsize, size; 376 char **env; 377 } ENV; 378 379 #define ENV_SIZE 128 380 381 /* Function prototypes */ 382 383 /* avpair.c */ 384 385 VALUE_PAIR *rc_avpair_add __P((VALUE_PAIR **, int, void *, int, int)); 386 int rc_avpair_assign __P((VALUE_PAIR *, void *, int)); 387 VALUE_PAIR *rc_avpair_new __P((int, void *, int, int)); 388 VALUE_PAIR *rc_avpair_gen __P((AUTH_HDR *)); 389 VALUE_PAIR *rc_avpair_get __P((VALUE_PAIR *, UINT4)); 390 VALUE_PAIR *rc_avpair_copy __P((VALUE_PAIR *)); 391 void rc_avpair_insert __P((VALUE_PAIR **, VALUE_PAIR *, VALUE_PAIR *)); 392 void rc_avpair_free __P((VALUE_PAIR *)); 393 int rc_avpair_parse __P((char *, VALUE_PAIR **)); 394 int rc_avpair_tostr __P((VALUE_PAIR *, char *, int, char *, int)); 395 VALUE_PAIR *rc_avpair_readin __P((FILE *)); 396 397 /* buildreq.c */ 398 399 void rc_buildreq __P((SEND_DATA *, int, char *, unsigned short, int, int)); 400 unsigned char rc_get_seqnbr __P((void)); 401 int rc_auth __P((UINT4, VALUE_PAIR *, VALUE_PAIR **, char *, REQUEST_INFO *)); 402 int rc_auth_using_server __P((SERVER *, UINT4, VALUE_PAIR *, VALUE_PAIR **, 403 char *, REQUEST_INFO *)); 404 int rc_auth_proxy __P((VALUE_PAIR *, VALUE_PAIR **, char *)); 405 int rc_acct __P((UINT4, VALUE_PAIR *)); 406 int rc_acct_using_server __P((SERVER *, UINT4, VALUE_PAIR *)); 407 int rc_acct_proxy __P((VALUE_PAIR *)); 408 int rc_check __P((char *, unsigned short, char *)); 409 410 /* clientid.c */ 411 412 int rc_read_mapfile __P((char *)); 413 UINT4 rc_map2id __P((char *)); 414 415 /* config.c */ 416 417 int rc_read_config __P((char *)); 418 char *rc_conf_str __P((char *)); 419 int rc_conf_int __P((char *)); 420 SERVER *rc_conf_srv __P((char *)); 421 int rc_find_server __P((char *, UINT4 *, char *)); 422 423 /* dict.c */ 424 425 int rc_read_dictionary __P((char *)); 426 DICT_ATTR *rc_dict_getattr __P((int, int)); 427 DICT_ATTR *rc_dict_findattr __P((char *)); 428 DICT_VALUE *rc_dict_findval __P((char *)); 429 DICT_VALUE * rc_dict_getval __P((UINT4, char *)); 430 VENDOR_DICT * rc_dict_findvendor __P((char *)); 431 VENDOR_DICT * rc_dict_getvendor __P((int)); 432 433 /* ip_util.c */ 434 435 UINT4 rc_get_ipaddr __P((char *)); 436 int rc_good_ipaddr __P((char *)); 437 const char *rc_ip_hostname __P((UINT4)); 438 UINT4 rc_own_ipaddress __P((void)); 439 440 441 /* sendserver.c */ 442 443 int rc_send_server __P((SEND_DATA *, char *, REQUEST_INFO *)); 444 445 /* util.c */ 446 447 void rc_str2tm __P((char *, struct tm *)); 448 char *rc_mksid __P((void)); 449 void rc_mdelay __P((int)); 450 451 /* md5.c */ 452 453 void rc_md5_calc __P((unsigned char *, unsigned char *, unsigned int)); 454 455 #endif /* RADIUSCLIENT_H */ 456
