radius_client.h revision 8d520ff1dc2da35cdca849e982051b86468016d8 
1/*
2 * RADIUS client
3 * Copyright (c) 2002-2009, Jouni Malinen <j@w1.fi>
4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License version 2 as
7 * published by the Free Software Foundation.
8 *
9 * Alternatively, this software may be distributed under the terms of BSD
10 * license.
11 *
12 * See README and COPYING for more details.
13 */
14
15#ifndef RADIUS_CLIENT_H
16#define RADIUS_CLIENT_H
17
18#include "ip_addr.h"
19
20struct radius_msg;
21
22/**
23 * struct hostapd_radius_server - RADIUS server information for RADIUS client
24 *
25 * This structure contains information about a RADIUS server. The values are
26 * mainly for MIB information. The MIB variable prefix (radiusAuth or
27 * radiusAcc) depends on whether this is an authentication or accounting
28 * server.
29 *
30 * radiusAuthClientPendingRequests (or radiusAccClientPendingRequests) is the
31 * number struct radius_client_data::msgs for matching msg_type.
32 */
33struct hostapd_radius_server {
34	/**
35	 * addr - radiusAuthServerAddress or radiusAccServerAddress
36	 */
37	struct hostapd_ip_addr addr;
38
39	/**
40	 * port - radiusAuthClientServerPortNumber or radiusAccClientServerPortNumber
41	 */
42	int port;
43
44	/**
45	 * shared_secret - Shared secret for authenticating RADIUS messages
46	 */
47	u8 *shared_secret;
48
49	/**
50	 * shared_secret_len - Length of shared_secret in octets
51	 */
52	size_t shared_secret_len;
53
54	/* Dynamic (not from configuration file) MIB data */
55
56	/**
57	 * index - radiusAuthServerIndex or radiusAccServerIndex
58	 */
59	int index;
60
61	/**
62	 * round_trip_time - radiusAuthClientRoundTripTime or radiusAccClientRoundTripTime
63	 * Round-trip time in hundredths of a second.
64	 */
65	int round_trip_time;
66
67	/**
68	 * requests - radiusAuthClientAccessRequests or radiusAccClientRequests
69	 */
70	u32 requests;
71
72	/**
73	 * retransmissions - radiusAuthClientAccessRetransmissions or radiusAccClientRetransmissions
74	 */
75	u32 retransmissions;
76
77	/**
78	 * access_accepts - radiusAuthClientAccessAccepts
79	 */
80	u32 access_accepts;
81
82	/**
83	 * access_rejects - radiusAuthClientAccessRejects
84	 */
85	u32 access_rejects;
86
87	/**
88	 * access_challenges - radiusAuthClientAccessChallenges
89	 */
90	u32 access_challenges;
91
92	/**
93	 * responses - radiusAccClientResponses
94	 */
95	u32 responses;
96
97	/**
98	 * malformed_responses - radiusAuthClientMalformedAccessResponses or radiusAccClientMalformedResponses
99	 */
100	u32 malformed_responses;
101
102	/**
103	 * bad_authenticators - radiusAuthClientBadAuthenticators or radiusAccClientBadAuthenticators
104	 */
105	u32 bad_authenticators;
106
107	/**
108	 * timeouts - radiusAuthClientTimeouts or radiusAccClientTimeouts
109	 */
110	u32 timeouts;
111
112	/**
113	 * unknown_types - radiusAuthClientUnknownTypes or radiusAccClientUnknownTypes
114	 */
115	u32 unknown_types;
116
117	/**
118	 * packets_dropped - radiusAuthClientPacketsDropped or radiusAccClientPacketsDropped
119	 */
120	u32 packets_dropped;
121};
122
123/**
124 * struct hostapd_radius_servers - RADIUS servers for RADIUS client
125 */
126struct hostapd_radius_servers {
127	/**
128	 * auth_servers - RADIUS Authentication servers in priority order
129	 */
130	struct hostapd_radius_server *auth_servers;
131
132	/**
133	 * num_auth_servers - Number of auth_servers entries
134	 */
135	int num_auth_servers;
136
137	/**
138	 * auth_server - The current Authentication server
139	 */
140	struct hostapd_radius_server *auth_server;
141
142	/**
143	 * acct_servers - RADIUS Accounting servers in priority order
144	 */
145	struct hostapd_radius_server *acct_servers;
146
147	/**
148	 * num_acct_servers - Number of acct_servers entries
149	 */
150	int num_acct_servers;
151
152	/**
153	 * acct_server - The current Accounting server
154	 */
155	struct hostapd_radius_server *acct_server;
156
157	/**
158	 * retry_primary_interval - Retry interval for trying primary server
159	 *
160	 * This specifies a retry interval in sexconds for trying to return to
161	 * the primary RADIUS server. RADIUS client code will automatically try
162	 * to use the next server when the current server is not replying to
163	 * requests. If this interval is set (non-zero), the primary server
164	 * will be retried after the specified number of seconds has passed
165	 * even if the current used secondary server is still working.
166	 */
167	int retry_primary_interval;
168
169	/**
170	 * msg_dumps - Whether RADIUS message details are shown in stdout
171	 */
172	int msg_dumps;
173
174	/**
175	 * client_addr - Client (local) address to use if force_client_addr
176	 */
177	struct hostapd_ip_addr client_addr;
178
179	/**
180	 * force_client_addr - Whether to force client (local) address
181	 */
182	int force_client_addr;
183};
184
185
186/**
187 * RadiusType - RADIUS server type for RADIUS client
188 */
189typedef enum {
190	/**
191	 * RADIUS authentication
192	 */
193	RADIUS_AUTH,
194
195	/**
196	 * RADIUS_ACCT - RADIUS accounting
197	 */
198	RADIUS_ACCT,
199
200	/**
201	 * RADIUS_ACCT_INTERIM - RADIUS interim accounting message
202	 *
203	 * Used only with radius_client_send(). This behaves just like
204	 * RADIUS_ACCT, but removes any pending interim RADIUS Accounting
205	 * messages for the same STA before sending the new interim update.
206	 */
207	RADIUS_ACCT_INTERIM
208} RadiusType;
209
210/**
211 * RadiusRxResult - RADIUS client RX handler result
212 */
213typedef enum {
214	/**
215	 * RADIUS_RX_PROCESSED - Message processed
216	 *
217	 * This stops handler calls and frees the message.
218	 */
219	RADIUS_RX_PROCESSED,
220
221	/**
222	 * RADIUS_RX_QUEUED - Message has been queued
223	 *
224	 * This stops handler calls, but does not free the message; the handler
225	 * that returned this is responsible for eventually freeing the
226	 * message.
227	 */
228	RADIUS_RX_QUEUED,
229
230	/**
231	 * RADIUS_RX_UNKNOWN - Message is not for this handler
232	 */
233	RADIUS_RX_UNKNOWN,
234
235	/**
236	 * RADIUS_RX_INVALID_AUTHENTICATOR - Message has invalid Authenticator
237	 */
238	RADIUS_RX_INVALID_AUTHENTICATOR
239} RadiusRxResult;
240
241struct radius_client_data;
242
243int radius_client_register(struct radius_client_data *radius,
244			   RadiusType msg_type,
245			   RadiusRxResult (*handler)
246			   (struct radius_msg *msg, struct radius_msg *req,
247			    const u8 *shared_secret, size_t shared_secret_len,
248			    void *data),
249			   void *data);
250int radius_client_send(struct radius_client_data *radius,
251		       struct radius_msg *msg,
252		       RadiusType msg_type, const u8 *addr);
253u8 radius_client_get_id(struct radius_client_data *radius);
254void radius_client_flush(struct radius_client_data *radius, int only_auth);
255struct radius_client_data *
256radius_client_init(void *ctx, struct hostapd_radius_servers *conf);
257void radius_client_deinit(struct radius_client_data *radius);
258void radius_client_flush_auth(struct radius_client_data *radius,
259			      const u8 *addr);
260int radius_client_get_mib(struct radius_client_data *radius, char *buf,
261			  size_t buflen);
262void radius_client_reconfig(struct radius_client_data *radius,
263			    struct hostapd_radius_servers *conf);
264
265#endif /* RADIUS_CLIENT_H */
266