1/* 2 * $Id: radiusclient.h,v 1.1 2004/11/14 07:26:26 paulus Exp $ 3 * 4 * Copyright (C) 1995,1996,1997,1998 Lars Fenneberg 5 * 6 * Copyright 1992 Livingston Enterprises, Inc. 7 * 8 * Copyright 1992,1993, 1994,1995 The Regents of the University of Michigan 9 * and Merit Network, Inc. All Rights Reserved 10 * 11 * See the file COPYRIGHT for the respective terms and conditions. 12 * If the file is missing contact me at lf@elemental.net 13 * and I'll send you a copy. 14 * 15 */ 16 17#ifndef RADIUSCLIENT_H 18#define RADIUSCLIENT_H 19 20#include <sys/types.h> 21#include <stdio.h> 22#include <time.h> 23#include "pppd.h" 24 25#ifndef _UINT4_T 26/* This works for all machines that Linux runs on... */ 27typedef unsigned int UINT4; 28typedef int INT4; 29#endif 30 31#define AUTH_VECTOR_LEN 16 32#define AUTH_PASS_LEN (3 * 16) /* multiple of 16 */ 33#define AUTH_ID_LEN 64 34#define AUTH_STRING_LEN 128 /* maximum of 253 */ 35 36#define BUFFER_LEN 8192 37 38#define NAME_LENGTH 32 39#define GETSTR_LENGTH 128 /* must be bigger than AUTH_PASS_LEN */ 40 41/* codes for radius_buildreq, radius_getport, etc. */ 42#define AUTH 0 43#define ACCT 1 44 45/* defines for config.c */ 46 47#define SERVER_MAX 8 48 49#define AUTH_LOCAL_FST (1<<0) 50#define AUTH_RADIUS_FST (1<<1) 51#define AUTH_LOCAL_SND (1<<2) 52#define AUTH_RADIUS_SND (1<<3) 53 54typedef struct server { 55 int max; 56 char *name[SERVER_MAX]; 57 unsigned short port[SERVER_MAX]; 58} SERVER; 59 60typedef struct pw_auth_hdr 61{ 62 u_char code; 63 u_char id; 64 u_short length; 65 u_char vector[AUTH_VECTOR_LEN]; 66 u_char data[2]; 67} AUTH_HDR; 68 69#define AUTH_HDR_LEN 20 70#define MAX_SECRET_LENGTH (3 * 16) /* MUST be multiple of 16 */ 71#define CHAP_VALUE_LENGTH 16 72 73#define PW_AUTH_UDP_PORT 1812 74#define PW_ACCT_UDP_PORT 1813 75 76#define PW_TYPE_STRING 0 77#define PW_TYPE_INTEGER 1 78#define PW_TYPE_IPADDR 2 79#define PW_TYPE_DATE 3 80 81/* standard RADIUS codes */ 82 83#define PW_ACCESS_REQUEST 1 84#define PW_ACCESS_ACCEPT 2 85#define PW_ACCESS_REJECT 3 86#define PW_ACCOUNTING_REQUEST 4 87#define PW_ACCOUNTING_RESPONSE 5 88#define PW_ACCOUNTING_STATUS 6 89#define PW_PASSWORD_REQUEST 7 90#define PW_PASSWORD_ACK 8 91#define PW_PASSWORD_REJECT 9 92#define PW_ACCOUNTING_MESSAGE 10 93#define PW_ACCESS_CHALLENGE 11 94#define PW_STATUS_SERVER 12 95#define PW_STATUS_CLIENT 13 96 97 98/* standard RADIUS attribute-value pairs */ 99 100#define PW_USER_NAME 1 /* string */ 101#define PW_USER_PASSWORD 2 /* string */ 102#define PW_CHAP_PASSWORD 3 /* string */ 103#define PW_NAS_IP_ADDRESS 4 /* ipaddr */ 104#define PW_NAS_PORT 5 /* integer */ 105#define PW_SERVICE_TYPE 6 /* integer */ 106#define PW_FRAMED_PROTOCOL 7 /* integer */ 107#define PW_FRAMED_IP_ADDRESS 8 /* ipaddr */ 108#define PW_FRAMED_IP_NETMASK 9 /* ipaddr */ 109#define PW_FRAMED_ROUTING 10 /* integer */ 110#define PW_FILTER_ID 11 /* string */ 111#define PW_FRAMED_MTU 12 /* integer */ 112#define PW_FRAMED_COMPRESSION 13 /* integer */ 113#define PW_LOGIN_IP_HOST 14 /* ipaddr */ 114#define PW_LOGIN_SERVICE 15 /* integer */ 115#define PW_LOGIN_PORT 16 /* integer */ 116#define PW_OLD_PASSWORD 17 /* string */ /* deprecated */ 117#define PW_REPLY_MESSAGE 18 /* string */ 118#define PW_LOGIN_CALLBACK_NUMBER 19 /* string */ 119#define PW_FRAMED_CALLBACK_ID 20 /* string */ 120#define PW_EXPIRATION 21 /* date */ /* deprecated */ 121#define PW_FRAMED_ROUTE 22 /* string */ 122#define PW_FRAMED_IPX_NETWORK 23 /* integer */ 123#define PW_STATE 24 /* string */ 124#define PW_CLASS 25 /* string */ 125#define PW_VENDOR_SPECIFIC 26 /* string */ 126#define PW_SESSION_TIMEOUT 27 /* integer */ 127#define PW_IDLE_TIMEOUT 28 /* integer */ 128#define PW_TERMINATION_ACTION 29 /* integer */ 129#define PW_CALLED_STATION_ID 30 /* string */ 130#define PW_CALLING_STATION_ID 31 /* string */ 131#define PW_NAS_IDENTIFIER 32 /* string */ 132#define PW_PROXY_STATE 33 /* string */ 133#define PW_LOGIN_LAT_SERVICE 34 /* string */ 134#define PW_LOGIN_LAT_NODE 35 /* string */ 135#define PW_LOGIN_LAT_GROUP 36 /* string */ 136#define PW_FRAMED_APPLETALK_LINK 37 /* integer */ 137#define PW_FRAMED_APPLETALK_NETWORK 38 /* integer */ 138#define PW_FRAMED_APPLETALK_ZONE 39 /* string */ 139#define PW_CHAP_CHALLENGE 60 /* string */ 140#define PW_NAS_PORT_TYPE 61 /* integer */ 141#define PW_PORT_LIMIT 62 /* integer */ 142#define PW_LOGIN_LAT_PORT 63 /* string */ 143 144/* Vendor RADIUS attribute-value pairs */ 145#define PW_MS_CHAP_CHALLENGE 11 /* string */ 146#define PW_MS_CHAP_RESPONSE 1 /* string */ 147#define PW_MS_CHAP2_RESPONSE 25 /* string */ 148#define PW_MS_CHAP2_SUCCESS 26 /* string */ 149#define PW_MS_MPPE_ENCRYPTION_POLICY 7 /* string */ 150#define PW_MS_MPPE_ENCRYPTION_TYPE 8 /* string */ 151#define PW_MS_MPPE_ENCRYPTION_TYPES PW_MS_MPPE_ENCRYPTION_TYPE 152#define PW_MS_CHAP_MPPE_KEYS 12 /* string */ 153#define PW_MS_MPPE_SEND_KEY 16 /* string */ 154#define PW_MS_MPPE_RECV_KEY 17 /* string */ 155 156/* Accounting */ 157 158#define PW_ACCT_STATUS_TYPE 40 /* integer */ 159#define PW_ACCT_DELAY_TIME 41 /* integer */ 160#define PW_ACCT_INPUT_OCTETS 42 /* integer */ 161#define PW_ACCT_OUTPUT_OCTETS 43 /* integer */ 162#define PW_ACCT_SESSION_ID 44 /* string */ 163#define PW_ACCT_AUTHENTIC 45 /* integer */ 164#define PW_ACCT_SESSION_TIME 46 /* integer */ 165#define PW_ACCT_INPUT_PACKETS 47 /* integer */ 166#define PW_ACCT_OUTPUT_PACKETS 48 /* integer */ 167#define PW_ACCT_TERMINATE_CAUSE 49 /* integer */ 168#define PW_ACCT_MULTI_SESSION_ID 50 /* string */ 169#define PW_ACCT_LINK_COUNT 51 /* integer */ 170 171/* From RFC 2869 */ 172#define PW_ACCT_INTERIM_INTERVAL 85 /* integer */ 173 174/* Merit Experimental Extensions */ 175 176#define PW_USER_ID 222 /* string */ 177#define PW_USER_REALM 223 /* string */ 178 179 180/* Session limits */ 181#define PW_SESSION_OCTETS_LIMIT 227 /* integer */ 182#define PW_OCTETS_DIRECTION 228 /* integer */ 183 184/* Integer Translations */ 185 186/* SERVICE TYPES */ 187 188#define PW_LOGIN 1 189#define PW_FRAMED 2 190#define PW_CALLBACK_LOGIN 3 191#define PW_CALLBACK_FRAMED 4 192#define PW_OUTBOUND 5 193#define PW_ADMINISTRATIVE 6 194#define PW_NAS_PROMPT 7 195#define PW_AUTHENTICATE_ONLY 8 196#define PW_CALLBACK_NAS_PROMPT 9 197 198/* FRAMED PROTOCOLS */ 199 200#define PW_PPP 1 201#define PW_SLIP 2 202#define PW_ARA 3 203#define PW_GANDALF 4 204#define PW_XYLOGICS 5 205 206/* FRAMED ROUTING VALUES */ 207 208#define PW_NONE 0 209#define PW_BROADCAST 1 210#define PW_LISTEN 2 211#define PW_BROADCAST_LISTEN 3 212 213/* FRAMED COMPRESSION TYPES */ 214 215#define PW_VAN_JACOBSON_TCP_IP 1 216#define PW_IPX_HEADER_COMPRESSION 2 217 218/* LOGIN SERVICES */ 219 220#define PW_TELNET 0 221#define PW_RLOGIN 1 222#define PW_TCP_CLEAR 2 223#define PW_PORTMASTER 3 224#define PW_LAT 4 225#define PW_X25_PAD 5 226#define PW_X25_T3POS 6 227 228/* TERMINATION ACTIONS */ 229 230#define PW_DEFAULT 0 231#define PW_RADIUS_REQUEST 1 232 233/* PROHIBIT PROTOCOL */ 234 235#define PW_DUMB 0 /* 1 and 2 are defined in FRAMED PROTOCOLS */ 236#define PW_AUTH_ONLY 3 237#define PW_ALL 255 238 239/* ACCOUNTING STATUS TYPES */ 240 241#define PW_STATUS_START 1 242#define PW_STATUS_STOP 2 243#define PW_STATUS_ALIVE 3 244#define PW_STATUS_MODEM_START 4 245#define PW_STATUS_MODEM_STOP 5 246#define PW_STATUS_CANCEL 6 247#define PW_ACCOUNTING_ON 7 248#define PW_ACCOUNTING_OFF 8 249 250/* ACCOUNTING TERMINATION CAUSES */ 251 252#define PW_USER_REQUEST 1 253#define PW_LOST_CARRIER 2 254#define PW_LOST_SERVICE 3 255#define PW_ACCT_IDLE_TIMEOUT 4 256#define PW_ACCT_SESSION_TIMEOUT 5 257#define PW_ADMIN_RESET 6 258#define PW_ADMIN_REBOOT 7 259#define PW_PORT_ERROR 8 260#define PW_NAS_ERROR 9 261#define PW_NAS_REQUEST 10 262#define PW_NAS_REBOOT 11 263#define PW_PORT_UNNEEDED 12 264#define PW_PORT_PREEMPTED 13 265#define PW_PORT_SUSPENDED 14 266#define PW_SERVICE_UNAVAILABLE 15 267#define PW_CALLBACK 16 268#define PW_USER_ERROR 17 269#define PW_HOST_REQUEST 18 270 271/* NAS PORT TYPES */ 272 273#define PW_ASYNC 0 274#define PW_SYNC 1 275#define PW_ISDN_SYNC 2 276#define PW_ISDN_SYNC_V120 3 277#define PW_ISDN_SYNC_V110 4 278#define PW_VIRTUAL 5 279 280/* AUTHENTIC TYPES */ 281#define PW_RADIUS 1 282#define PW_LOCAL 2 283#define PW_REMOTE 3 284 285/* Session-Octets-Limit */ 286#define PW_OCTETS_DIRECTION_SUM 0 287#define PW_OCTETS_DIRECTION_IN 1 288#define PW_OCTETS_DIRECTION_OUT 2 289#define PW_OCTETS_DIRECTION_MAX 3 290 291 292/* Vendor codes */ 293#define VENDOR_NONE (-1) 294#define VENDOR_MICROSOFT 311 295 296/* Server data structures */ 297 298typedef struct dict_attr 299{ 300 char name[NAME_LENGTH + 1]; /* attribute name */ 301 int value; /* attribute index */ 302 int type; /* string, int, etc. */ 303 int vendorcode; /* vendor code */ 304 struct dict_attr *next; 305} DICT_ATTR; 306 307typedef struct dict_value 308{ 309 char attrname[NAME_LENGTH +1]; 310 char name[NAME_LENGTH + 1]; 311 int value; 312 struct dict_value *next; 313} DICT_VALUE; 314 315typedef struct vendor_dict 316{ 317 char vendorname[NAME_LENGTH + 1]; 318 int vendorcode; 319 DICT_ATTR *attributes; 320 struct vendor_dict *next; 321} VENDOR_DICT; 322 323typedef struct value_pair 324{ 325 char name[NAME_LENGTH + 1]; 326 int attribute; 327 int vendorcode; 328 int type; 329 UINT4 lvalue; 330 u_char strvalue[AUTH_STRING_LEN + 1]; 331 struct value_pair *next; 332} VALUE_PAIR; 333 334/* don't change this, as it has to be the same as in the Merit radiusd code */ 335#define MGMT_POLL_SECRET "Hardlyasecret" 336 337/* Define return codes from "SendServer" utility */ 338 339#define BADRESP_RC -2 340#define ERROR_RC -1 341#define OK_RC 0 342#define TIMEOUT_RC 1 343 344typedef struct send_data /* Used to pass information to sendserver() function */ 345{ 346 u_char code; /* RADIUS packet code */ 347 u_char seq_nbr; /* Packet sequence number */ 348 char *server; /* Name/addrress of RADIUS server */ 349 int svc_port; /* RADIUS protocol destination port */ 350 int timeout; /* Session timeout in seconds */ 351 int retries; 352 VALUE_PAIR *send_pairs; /* More a/v pairs to send */ 353 VALUE_PAIR *receive_pairs; /* Where to place received a/v pairs */ 354} SEND_DATA; 355 356typedef struct request_info 357{ 358 char secret[MAX_SECRET_LENGTH + 1]; 359 u_char request_vector[AUTH_VECTOR_LEN]; 360} REQUEST_INFO; 361 362#ifndef MIN 363#define MIN(a, b) ((a) < (b) ? (a) : (b)) 364#endif 365#ifndef MAX 366#define MAX(a, b) ((a) > (b) ? (a) : (b)) 367#endif 368 369#ifndef PATH_MAX 370#define PATH_MAX 1024 371#endif 372 373typedef struct env 374{ 375 int maxsize, size; 376 char **env; 377} ENV; 378 379#define ENV_SIZE 128 380 381/* Function prototypes */ 382 383/* avpair.c */ 384 385VALUE_PAIR *rc_avpair_add __P((VALUE_PAIR **, int, void *, int, int)); 386int rc_avpair_assign __P((VALUE_PAIR *, void *, int)); 387VALUE_PAIR *rc_avpair_new __P((int, void *, int, int)); 388VALUE_PAIR *rc_avpair_gen __P((AUTH_HDR *)); 389VALUE_PAIR *rc_avpair_get __P((VALUE_PAIR *, UINT4)); 390VALUE_PAIR *rc_avpair_copy __P((VALUE_PAIR *)); 391void rc_avpair_insert __P((VALUE_PAIR **, VALUE_PAIR *, VALUE_PAIR *)); 392void rc_avpair_free __P((VALUE_PAIR *)); 393int rc_avpair_parse __P((char *, VALUE_PAIR **)); 394int rc_avpair_tostr __P((VALUE_PAIR *, char *, int, char *, int)); 395VALUE_PAIR *rc_avpair_readin __P((FILE *)); 396 397/* buildreq.c */ 398 399void rc_buildreq __P((SEND_DATA *, int, char *, unsigned short, int, int)); 400unsigned char rc_get_seqnbr __P((void)); 401int rc_auth __P((UINT4, VALUE_PAIR *, VALUE_PAIR **, char *, REQUEST_INFO *)); 402int rc_auth_using_server __P((SERVER *, UINT4, VALUE_PAIR *, VALUE_PAIR **, 403 char *, REQUEST_INFO *)); 404int rc_auth_proxy __P((VALUE_PAIR *, VALUE_PAIR **, char *)); 405int rc_acct __P((UINT4, VALUE_PAIR *)); 406int rc_acct_using_server __P((SERVER *, UINT4, VALUE_PAIR *)); 407int rc_acct_proxy __P((VALUE_PAIR *)); 408int rc_check __P((char *, unsigned short, char *)); 409 410/* clientid.c */ 411 412int rc_read_mapfile __P((char *)); 413UINT4 rc_map2id __P((char *)); 414 415/* config.c */ 416 417int rc_read_config __P((char *)); 418char *rc_conf_str __P((char *)); 419int rc_conf_int __P((char *)); 420SERVER *rc_conf_srv __P((char *)); 421int rc_find_server __P((char *, UINT4 *, char *)); 422 423/* dict.c */ 424 425int rc_read_dictionary __P((char *)); 426DICT_ATTR *rc_dict_getattr __P((int, int)); 427DICT_ATTR *rc_dict_findattr __P((char *)); 428DICT_VALUE *rc_dict_findval __P((char *)); 429DICT_VALUE * rc_dict_getval __P((UINT4, char *)); 430VENDOR_DICT * rc_dict_findvendor __P((char *)); 431VENDOR_DICT * rc_dict_getvendor __P((int)); 432 433/* ip_util.c */ 434 435UINT4 rc_get_ipaddr __P((char *)); 436int rc_good_ipaddr __P((char *)); 437const char *rc_ip_hostname __P((UINT4)); 438UINT4 rc_own_ipaddress __P((void)); 439 440 441/* sendserver.c */ 442 443int rc_send_server __P((SEND_DATA *, char *, REQUEST_INFO *)); 444 445/* util.c */ 446 447void rc_str2tm __P((char *, struct tm *)); 448char *rc_mksid __P((void)); 449void rc_mdelay __P((int)); 450 451/* md5.c */ 452 453void rc_md5_calc __P((unsigned char *, unsigned char *, unsigned int)); 454 455#endif /* RADIUSCLIENT_H */ 456