1/*
2 * RADIUS client
3 * Copyright (c) 2002-2009, Jouni Malinen <j@w1.fi>
4 *
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
7 */
8
9#ifndef RADIUS_CLIENT_H
10#define RADIUS_CLIENT_H
11
12#include "ip_addr.h"
13
14struct radius_msg;
15
16/**
17 * struct hostapd_radius_server - RADIUS server information for RADIUS client
18 *
19 * This structure contains information about a RADIUS server. The values are
20 * mainly for MIB information. The MIB variable prefix (radiusAuth or
21 * radiusAcc) depends on whether this is an authentication or accounting
22 * server.
23 *
24 * radiusAuthClientPendingRequests (or radiusAccClientPendingRequests) is the
25 * number struct radius_client_data::msgs for matching msg_type.
26 */
27struct hostapd_radius_server {
28	/**
29	 * addr - radiusAuthServerAddress or radiusAccServerAddress
30	 */
31	struct hostapd_ip_addr addr;
32
33	/**
34	 * port - radiusAuthClientServerPortNumber or radiusAccClientServerPortNumber
35	 */
36	int port;
37
38	/**
39	 * shared_secret - Shared secret for authenticating RADIUS messages
40	 */
41	u8 *shared_secret;
42
43	/**
44	 * shared_secret_len - Length of shared_secret in octets
45	 */
46	size_t shared_secret_len;
47
48	/* Dynamic (not from configuration file) MIB data */
49
50	/**
51	 * index - radiusAuthServerIndex or radiusAccServerIndex
52	 */
53	int index;
54
55	/**
56	 * round_trip_time - radiusAuthClientRoundTripTime or radiusAccClientRoundTripTime
57	 * Round-trip time in hundredths of a second.
58	 */
59	int round_trip_time;
60
61	/**
62	 * requests - radiusAuthClientAccessRequests or radiusAccClientRequests
63	 */
64	u32 requests;
65
66	/**
67	 * retransmissions - radiusAuthClientAccessRetransmissions or radiusAccClientRetransmissions
68	 */
69	u32 retransmissions;
70
71	/**
72	 * access_accepts - radiusAuthClientAccessAccepts
73	 */
74	u32 access_accepts;
75
76	/**
77	 * access_rejects - radiusAuthClientAccessRejects
78	 */
79	u32 access_rejects;
80
81	/**
82	 * access_challenges - radiusAuthClientAccessChallenges
83	 */
84	u32 access_challenges;
85
86	/**
87	 * responses - radiusAccClientResponses
88	 */
89	u32 responses;
90
91	/**
92	 * malformed_responses - radiusAuthClientMalformedAccessResponses or radiusAccClientMalformedResponses
93	 */
94	u32 malformed_responses;
95
96	/**
97	 * bad_authenticators - radiusAuthClientBadAuthenticators or radiusAccClientBadAuthenticators
98	 */
99	u32 bad_authenticators;
100
101	/**
102	 * timeouts - radiusAuthClientTimeouts or radiusAccClientTimeouts
103	 */
104	u32 timeouts;
105
106	/**
107	 * unknown_types - radiusAuthClientUnknownTypes or radiusAccClientUnknownTypes
108	 */
109	u32 unknown_types;
110
111	/**
112	 * packets_dropped - radiusAuthClientPacketsDropped or radiusAccClientPacketsDropped
113	 */
114	u32 packets_dropped;
115};
116
117/**
118 * struct hostapd_radius_servers - RADIUS servers for RADIUS client
119 */
120struct hostapd_radius_servers {
121	/**
122	 * auth_servers - RADIUS Authentication servers in priority order
123	 */
124	struct hostapd_radius_server *auth_servers;
125
126	/**
127	 * num_auth_servers - Number of auth_servers entries
128	 */
129	int num_auth_servers;
130
131	/**
132	 * auth_server - The current Authentication server
133	 */
134	struct hostapd_radius_server *auth_server;
135
136	/**
137	 * acct_servers - RADIUS Accounting servers in priority order
138	 */
139	struct hostapd_radius_server *acct_servers;
140
141	/**
142	 * num_acct_servers - Number of acct_servers entries
143	 */
144	int num_acct_servers;
145
146	/**
147	 * acct_server - The current Accounting server
148	 */
149	struct hostapd_radius_server *acct_server;
150
151	/**
152	 * retry_primary_interval - Retry interval for trying primary server
153	 *
154	 * This specifies a retry interval in sexconds for trying to return to
155	 * the primary RADIUS server. RADIUS client code will automatically try
156	 * to use the next server when the current server is not replying to
157	 * requests. If this interval is set (non-zero), the primary server
158	 * will be retried after the specified number of seconds has passed
159	 * even if the current used secondary server is still working.
160	 */
161	int retry_primary_interval;
162
163	/**
164	 * msg_dumps - Whether RADIUS message details are shown in stdout
165	 */
166	int msg_dumps;
167
168	/**
169	 * client_addr - Client (local) address to use if force_client_addr
170	 */
171	struct hostapd_ip_addr client_addr;
172
173	/**
174	 * force_client_addr - Whether to force client (local) address
175	 */
176	int force_client_addr;
177};
178
179
180/**
181 * RadiusType - RADIUS server type for RADIUS client
182 */
183typedef enum {
184	/**
185	 * RADIUS authentication
186	 */
187	RADIUS_AUTH,
188
189	/**
190	 * RADIUS_ACCT - RADIUS accounting
191	 */
192	RADIUS_ACCT,
193
194	/**
195	 * RADIUS_ACCT_INTERIM - RADIUS interim accounting message
196	 *
197	 * Used only with radius_client_send(). This behaves just like
198	 * RADIUS_ACCT, but removes any pending interim RADIUS Accounting
199	 * messages for the same STA before sending the new interim update.
200	 */
201	RADIUS_ACCT_INTERIM
202} RadiusType;
203
204/**
205 * RadiusRxResult - RADIUS client RX handler result
206 */
207typedef enum {
208	/**
209	 * RADIUS_RX_PROCESSED - Message processed
210	 *
211	 * This stops handler calls and frees the message.
212	 */
213	RADIUS_RX_PROCESSED,
214
215	/**
216	 * RADIUS_RX_QUEUED - Message has been queued
217	 *
218	 * This stops handler calls, but does not free the message; the handler
219	 * that returned this is responsible for eventually freeing the
220	 * message.
221	 */
222	RADIUS_RX_QUEUED,
223
224	/**
225	 * RADIUS_RX_UNKNOWN - Message is not for this handler
226	 */
227	RADIUS_RX_UNKNOWN,
228
229	/**
230	 * RADIUS_RX_INVALID_AUTHENTICATOR - Message has invalid Authenticator
231	 */
232	RADIUS_RX_INVALID_AUTHENTICATOR
233} RadiusRxResult;
234
235struct radius_client_data;
236
237int radius_client_register(struct radius_client_data *radius,
238			   RadiusType msg_type,
239			   RadiusRxResult (*handler)
240			   (struct radius_msg *msg, struct radius_msg *req,
241			    const u8 *shared_secret, size_t shared_secret_len,
242			    void *data),
243			   void *data);
244int radius_client_send(struct radius_client_data *radius,
245		       struct radius_msg *msg,
246		       RadiusType msg_type, const u8 *addr);
247u8 radius_client_get_id(struct radius_client_data *radius);
248void radius_client_flush(struct radius_client_data *radius, int only_auth);
249struct radius_client_data *
250radius_client_init(void *ctx, struct hostapd_radius_servers *conf);
251void radius_client_deinit(struct radius_client_data *radius);
252void radius_client_flush_auth(struct radius_client_data *radius,
253			      const u8 *addr);
254int radius_client_get_mib(struct radius_client_data *radius, char *buf,
255			  size_t buflen);
256void radius_client_reconfig(struct radius_client_data *radius,
257			    struct hostapd_radius_servers *conf);
258
259#endif /* RADIUS_CLIENT_H */
260