2008-02-28 02:34:43 +01:00
|
|
|
/*
|
2009-11-28 22:00:29 +01:00
|
|
|
* RADIUS client
|
|
|
|
* Copyright (c) 2002-2009, Jouni Malinen <j@w1.fi>
|
2008-02-28 02:34:43 +01:00
|
|
|
*
|
2012-02-11 15:46:35 +01:00
|
|
|
* This software may be distributed under the terms of the BSD license.
|
|
|
|
* See README for more details.
|
2008-02-28 02:34:43 +01:00
|
|
|
*/
|
|
|
|
|
|
|
|
#ifndef RADIUS_CLIENT_H
|
|
|
|
#define RADIUS_CLIENT_H
|
|
|
|
|
|
|
|
#include "ip_addr.h"
|
|
|
|
|
|
|
|
struct radius_msg;
|
|
|
|
|
2009-11-28 22:00:29 +01:00
|
|
|
/**
|
|
|
|
* struct hostapd_radius_server - RADIUS server information for RADIUS client
|
|
|
|
*
|
|
|
|
* This structure contains information about a RADIUS server. The values are
|
|
|
|
* mainly for MIB information. The MIB variable prefix (radiusAuth or
|
|
|
|
* radiusAcc) depends on whether this is an authentication or accounting
|
|
|
|
* server.
|
|
|
|
*
|
|
|
|
* radiusAuthClientPendingRequests (or radiusAccClientPendingRequests) is the
|
2009-11-29 10:48:28 +01:00
|
|
|
* number struct radius_client_data::msgs for matching msg_type.
|
2009-11-28 22:00:29 +01:00
|
|
|
*/
|
2008-02-28 02:34:43 +01:00
|
|
|
struct hostapd_radius_server {
|
2009-11-28 22:00:29 +01:00
|
|
|
/**
|
|
|
|
* addr - radiusAuthServerAddress or radiusAccServerAddress
|
|
|
|
*/
|
|
|
|
struct hostapd_ip_addr addr;
|
|
|
|
|
|
|
|
/**
|
|
|
|
* port - radiusAuthClientServerPortNumber or radiusAccClientServerPortNumber
|
|
|
|
*/
|
|
|
|
int port;
|
|
|
|
|
|
|
|
/**
|
|
|
|
* shared_secret - Shared secret for authenticating RADIUS messages
|
|
|
|
*/
|
2008-02-28 02:34:43 +01:00
|
|
|
u8 *shared_secret;
|
2009-11-28 22:00:29 +01:00
|
|
|
|
|
|
|
/**
|
|
|
|
* shared_secret_len - Length of shared_secret in octets
|
|
|
|
*/
|
2008-02-28 02:34:43 +01:00
|
|
|
size_t shared_secret_len;
|
|
|
|
|
|
|
|
/* Dynamic (not from configuration file) MIB data */
|
2009-11-28 22:00:29 +01:00
|
|
|
|
|
|
|
/**
|
|
|
|
* index - radiusAuthServerIndex or radiusAccServerIndex
|
|
|
|
*/
|
|
|
|
int index;
|
|
|
|
|
|
|
|
/**
|
|
|
|
* round_trip_time - radiusAuthClientRoundTripTime or radiusAccClientRoundTripTime
|
|
|
|
* Round-trip time in hundredths of a second.
|
|
|
|
*/
|
|
|
|
int round_trip_time;
|
|
|
|
|
|
|
|
/**
|
|
|
|
* requests - radiusAuthClientAccessRequests or radiusAccClientRequests
|
|
|
|
*/
|
|
|
|
u32 requests;
|
|
|
|
|
|
|
|
/**
|
|
|
|
* retransmissions - radiusAuthClientAccessRetransmissions or radiusAccClientRetransmissions
|
|
|
|
*/
|
|
|
|
u32 retransmissions;
|
|
|
|
|
|
|
|
/**
|
|
|
|
* access_accepts - radiusAuthClientAccessAccepts
|
|
|
|
*/
|
|
|
|
u32 access_accepts;
|
|
|
|
|
|
|
|
/**
|
|
|
|
* access_rejects - radiusAuthClientAccessRejects
|
|
|
|
*/
|
|
|
|
u32 access_rejects;
|
|
|
|
|
|
|
|
/**
|
|
|
|
* access_challenges - radiusAuthClientAccessChallenges
|
|
|
|
*/
|
|
|
|
u32 access_challenges;
|
|
|
|
|
|
|
|
/**
|
|
|
|
* responses - radiusAccClientResponses
|
|
|
|
*/
|
|
|
|
u32 responses;
|
|
|
|
|
|
|
|
/**
|
|
|
|
* malformed_responses - radiusAuthClientMalformedAccessResponses or radiusAccClientMalformedResponses
|
|
|
|
*/
|
|
|
|
u32 malformed_responses;
|
|
|
|
|
|
|
|
/**
|
|
|
|
* bad_authenticators - radiusAuthClientBadAuthenticators or radiusAccClientBadAuthenticators
|
|
|
|
*/
|
|
|
|
u32 bad_authenticators;
|
|
|
|
|
|
|
|
/**
|
|
|
|
* timeouts - radiusAuthClientTimeouts or radiusAccClientTimeouts
|
|
|
|
*/
|
|
|
|
u32 timeouts;
|
|
|
|
|
|
|
|
/**
|
|
|
|
* unknown_types - radiusAuthClientUnknownTypes or radiusAccClientUnknownTypes
|
|
|
|
*/
|
|
|
|
u32 unknown_types;
|
|
|
|
|
|
|
|
/**
|
|
|
|
* packets_dropped - radiusAuthClientPacketsDropped or radiusAccClientPacketsDropped
|
|
|
|
*/
|
|
|
|
u32 packets_dropped;
|
2008-02-28 02:34:43 +01:00
|
|
|
};
|
|
|
|
|
2009-11-28 22:00:29 +01:00
|
|
|
/**
|
|
|
|
* struct hostapd_radius_servers - RADIUS servers for RADIUS client
|
|
|
|
*/
|
2008-02-28 02:34:43 +01:00
|
|
|
struct hostapd_radius_servers {
|
2009-11-28 22:00:29 +01:00
|
|
|
/**
|
|
|
|
* auth_servers - RADIUS Authentication servers in priority order
|
|
|
|
*/
|
|
|
|
struct hostapd_radius_server *auth_servers;
|
|
|
|
|
|
|
|
/**
|
|
|
|
* num_auth_servers - Number of auth_servers entries
|
|
|
|
*/
|
2008-02-28 02:34:43 +01:00
|
|
|
int num_auth_servers;
|
2009-11-28 22:00:29 +01:00
|
|
|
|
|
|
|
/**
|
|
|
|
* auth_server - The current Authentication server
|
|
|
|
*/
|
|
|
|
struct hostapd_radius_server *auth_server;
|
|
|
|
|
|
|
|
/**
|
|
|
|
* acct_servers - RADIUS Accounting servers in priority order
|
|
|
|
*/
|
|
|
|
struct hostapd_radius_server *acct_servers;
|
|
|
|
|
|
|
|
/**
|
|
|
|
* num_acct_servers - Number of acct_servers entries
|
|
|
|
*/
|
2008-02-28 02:34:43 +01:00
|
|
|
int num_acct_servers;
|
|
|
|
|
2009-11-28 22:00:29 +01:00
|
|
|
/**
|
|
|
|
* acct_server - The current Accounting server
|
|
|
|
*/
|
|
|
|
struct hostapd_radius_server *acct_server;
|
|
|
|
|
|
|
|
/**
|
|
|
|
* retry_primary_interval - Retry interval for trying primary server
|
|
|
|
*
|
|
|
|
* This specifies a retry interval in sexconds for trying to return to
|
|
|
|
* the primary RADIUS server. RADIUS client code will automatically try
|
|
|
|
* to use the next server when the current server is not replying to
|
|
|
|
* requests. If this interval is set (non-zero), the primary server
|
|
|
|
* will be retried after the specified number of seconds has passed
|
|
|
|
* even if the current used secondary server is still working.
|
|
|
|
*/
|
2008-02-28 02:34:43 +01:00
|
|
|
int retry_primary_interval;
|
2009-11-28 22:00:29 +01:00
|
|
|
|
|
|
|
/**
|
|
|
|
* msg_dumps - Whether RADIUS message details are shown in stdout
|
|
|
|
*/
|
2008-02-28 02:34:43 +01:00
|
|
|
int msg_dumps;
|
2008-03-30 17:15:52 +02:00
|
|
|
|
2009-11-28 22:00:29 +01:00
|
|
|
/**
|
|
|
|
* client_addr - Client (local) address to use if force_client_addr
|
|
|
|
*/
|
2008-03-30 17:15:52 +02:00
|
|
|
struct hostapd_ip_addr client_addr;
|
2009-11-28 22:00:29 +01:00
|
|
|
|
|
|
|
/**
|
|
|
|
* force_client_addr - Whether to force client (local) address
|
|
|
|
*/
|
2008-03-30 17:15:52 +02:00
|
|
|
int force_client_addr;
|
2008-02-28 02:34:43 +01:00
|
|
|
};
|
|
|
|
|
|
|
|
|
2009-11-28 22:00:29 +01:00
|
|
|
/**
|
|
|
|
* RadiusType - RADIUS server type for RADIUS client
|
|
|
|
*/
|
2008-02-28 02:34:43 +01:00
|
|
|
typedef enum {
|
2009-11-28 22:00:29 +01:00
|
|
|
/**
|
|
|
|
* RADIUS authentication
|
|
|
|
*/
|
2008-02-28 02:34:43 +01:00
|
|
|
RADIUS_AUTH,
|
2009-11-28 22:00:29 +01:00
|
|
|
|
|
|
|
/**
|
|
|
|
* RADIUS_ACCT - RADIUS accounting
|
|
|
|
*/
|
2008-02-28 02:34:43 +01:00
|
|
|
RADIUS_ACCT,
|
2009-11-28 22:00:29 +01:00
|
|
|
|
|
|
|
/**
|
|
|
|
* RADIUS_ACCT_INTERIM - RADIUS interim accounting message
|
|
|
|
*
|
|
|
|
* Used only with radius_client_send(). This behaves just like
|
|
|
|
* RADIUS_ACCT, but removes any pending interim RADIUS Accounting
|
|
|
|
* messages for the same STA before sending the new interim update.
|
|
|
|
*/
|
|
|
|
RADIUS_ACCT_INTERIM
|
2008-02-28 02:34:43 +01:00
|
|
|
} RadiusType;
|
|
|
|
|
2009-11-28 22:00:29 +01:00
|
|
|
/**
|
|
|
|
* RadiusRxResult - RADIUS client RX handler result
|
|
|
|
*/
|
2008-02-28 02:34:43 +01:00
|
|
|
typedef enum {
|
2009-11-29 10:48:28 +01:00
|
|
|
/**
|
|
|
|
* RADIUS_RX_PROCESSED - Message processed
|
|
|
|
*
|
|
|
|
* This stops handler calls and frees the message.
|
|
|
|
*/
|
2008-02-28 02:34:43 +01:00
|
|
|
RADIUS_RX_PROCESSED,
|
2009-11-29 10:48:28 +01:00
|
|
|
|
|
|
|
/**
|
|
|
|
* RADIUS_RX_QUEUED - Message has been queued
|
|
|
|
*
|
|
|
|
* This stops handler calls, but does not free the message; the handler
|
|
|
|
* that returned this is responsible for eventually freeing the
|
|
|
|
* message.
|
|
|
|
*/
|
2008-02-28 02:34:43 +01:00
|
|
|
RADIUS_RX_QUEUED,
|
2009-11-29 10:48:28 +01:00
|
|
|
|
|
|
|
/**
|
|
|
|
* RADIUS_RX_UNKNOWN - Message is not for this handler
|
|
|
|
*/
|
2008-02-28 02:34:43 +01:00
|
|
|
RADIUS_RX_UNKNOWN,
|
2009-11-29 10:48:28 +01:00
|
|
|
|
|
|
|
/**
|
|
|
|
* RADIUS_RX_INVALID_AUTHENTICATOR - Message has invalid Authenticator
|
|
|
|
*/
|
2008-02-28 02:34:43 +01:00
|
|
|
RADIUS_RX_INVALID_AUTHENTICATOR
|
|
|
|
} RadiusRxResult;
|
|
|
|
|
|
|
|
struct radius_client_data;
|
|
|
|
|
|
|
|
int radius_client_register(struct radius_client_data *radius,
|
|
|
|
RadiusType msg_type,
|
|
|
|
RadiusRxResult (*handler)
|
|
|
|
(struct radius_msg *msg, struct radius_msg *req,
|
2009-01-08 15:41:47 +01:00
|
|
|
const u8 *shared_secret, size_t shared_secret_len,
|
2008-02-28 02:34:43 +01:00
|
|
|
void *data),
|
|
|
|
void *data);
|
2016-02-29 10:44:43 +01:00
|
|
|
void radius_client_set_interim_error_cb(struct radius_client_data *radius,
|
|
|
|
void (*cb)(const u8 *addr, void *ctx),
|
|
|
|
void *ctx);
|
2008-02-28 02:34:43 +01:00
|
|
|
int radius_client_send(struct radius_client_data *radius,
|
|
|
|
struct radius_msg *msg,
|
|
|
|
RadiusType msg_type, const u8 *addr);
|
|
|
|
u8 radius_client_get_id(struct radius_client_data *radius);
|
|
|
|
void radius_client_flush(struct radius_client_data *radius, int only_auth);
|
|
|
|
struct radius_client_data *
|
|
|
|
radius_client_init(void *ctx, struct hostapd_radius_servers *conf);
|
|
|
|
void radius_client_deinit(struct radius_client_data *radius);
|
2009-11-28 22:00:29 +01:00
|
|
|
void radius_client_flush_auth(struct radius_client_data *radius,
|
|
|
|
const u8 *addr);
|
2008-02-28 02:34:43 +01:00
|
|
|
int radius_client_get_mib(struct radius_client_data *radius, char *buf,
|
|
|
|
size_t buflen);
|
2011-02-10 21:12:29 +01:00
|
|
|
void radius_client_reconfig(struct radius_client_data *radius,
|
|
|
|
struct hostapd_radius_servers *conf);
|
2008-02-28 02:34:43 +01:00
|
|
|
|
|
|
|
#endif /* RADIUS_CLIENT_H */
|