1/* 2 * $Id: radiusclient.h,v 1.1 2004/11/14 07:26:26 paulus Exp $ 3 * 4 * Copyright (C) 1995,1996,1997,1998 Lars Fenneberg 5 * 6 * Copyright 1992 Livingston Enterprises, Inc. 7 * 8 * Copyright 1992,1993, 1994,1995 The Regents of the University of Michigan 9 * and Merit Network, Inc. All Rights Reserved 10 * 11 * See the file COPYRIGHT for the respective terms and conditions. 12 * If the file is missing contact me at lf@elemental.net 13 * and I'll send you a copy. 14 * 15 */ 16 17#ifndef RADIUSCLIENT_H 18#define RADIUSCLIENT_H 19 20#include <sys/types.h> 21#include <stdio.h> 22#include <time.h> 23#include "pppd.h" 24 25#ifndef _UINT4_T 26/* This works for all machines that Linux runs on... */ 27typedef unsigned int UINT4; 28typedef int INT4; 29#endif 30 31#define AUTH_VECTOR_LEN 16 32#define AUTH_PASS_LEN (3 * 16) /* multiple of 16 */ 33#define AUTH_ID_LEN 64 34#define AUTH_STRING_LEN 128 /* maximum of 253 */ 35 36#define BUFFER_LEN 8192 37 38#define NAME_LENGTH 32 39#define GETSTR_LENGTH 128 /* must be bigger than AUTH_PASS_LEN */ 40 41/* codes for radius_buildreq, radius_getport, etc. */ 42#define AUTH 0 43#define ACCT 1 44 45/* defines for config.c */ 46 47#define SERVER_MAX 8 48 49#define AUTH_LOCAL_FST (1<<0) 50#define AUTH_RADIUS_FST (1<<1) 51#define AUTH_LOCAL_SND (1<<2) 52#define AUTH_RADIUS_SND (1<<3) 53 54typedef struct server { 55 int max; 56 char *name[SERVER_MAX]; 57 unsigned short port[SERVER_MAX]; 58} SERVER; 59 60typedef struct pw_auth_hdr 61{ 62 u_char code; 63 u_char id; 64 u_short length; 65 u_char vector[AUTH_VECTOR_LEN]; 66 u_char data[2]; 67} AUTH_HDR; 68 69#define AUTH_HDR_LEN 20 70#define MAX_SECRET_LENGTH (3 * 16) /* MUST be multiple of 16 */ 71#define CHAP_VALUE_LENGTH 16 72 73#define PW_AUTH_UDP_PORT 1812 74#define PW_ACCT_UDP_PORT 1813 75 76#define PW_TYPE_STRING 0 77#define PW_TYPE_INTEGER 1 78#define PW_TYPE_IPADDR 2 79#define PW_TYPE_DATE 3 80 81/* standard RADIUS codes */ 82 83#define PW_ACCESS_REQUEST 1 84#define PW_ACCESS_ACCEPT 2 85#define PW_ACCESS_REJECT 3 86#define PW_ACCOUNTING_REQUEST 4 87#define PW_ACCOUNTING_RESPONSE 5 88#define PW_ACCOUNTING_STATUS 6 89#define PW_PASSWORD_REQUEST 7 90#define PW_PASSWORD_ACK 8 91#define PW_PASSWORD_REJECT 9 92#define PW_ACCOUNTING_MESSAGE 10 93#define PW_ACCESS_CHALLENGE 11 94#define PW_STATUS_SERVER 12 95#define PW_STATUS_CLIENT 13 96 97 98/* standard RADIUS attribute-value pairs */ 99 100#define PW_USER_NAME 1 /* string */ 101#define PW_USER_PASSWORD 2 /* string */ 102#define PW_CHAP_PASSWORD 3 /* string */ 103#define PW_NAS_IP_ADDRESS 4 /* ipaddr */ 104#define PW_NAS_PORT 5 /* integer */ 105#define PW_SERVICE_TYPE 6 /* integer */ 106#define PW_FRAMED_PROTOCOL 7 /* integer */ 107#define PW_FRAMED_IP_ADDRESS 8 /* ipaddr */ 108#define PW_FRAMED_IP_NETMASK 9 /* ipaddr */ 109#define PW_FRAMED_ROUTING 10 /* integer */ 110#define PW_FILTER_ID 11 /* string */ 111#define PW_FRAMED_MTU 12 /* integer */ 112#define PW_FRAMED_COMPRESSION 13 /* integer */ 113#define PW_LOGIN_IP_HOST 14 /* ipaddr */ 114#define PW_LOGIN_SERVICE 15 /* integer */ 115#define PW_LOGIN_PORT 16 /* integer */ 116#define PW_OLD_PASSWORD 17 /* string */ /* deprecated */ 117#define PW_REPLY_MESSAGE 18 /* string */ 118#define PW_LOGIN_CALLBACK_NUMBER 19 /* string */ 119#define PW_FRAMED_CALLBACK_ID 20 /* string */ 120#define PW_EXPIRATION 21 /* date */ /* deprecated */ 121#define PW_FRAMED_ROUTE 22 /* string */ 122#define PW_FRAMED_IPX_NETWORK 23 /* integer */ 123#define PW_STATE 24 /* string */ 124#define PW_CLASS 25 /* string */ 125#define PW_VENDOR_SPECIFIC 26 /* string */ 126#define PW_SESSION_TIMEOUT 27 /* integer */ 127#define PW_IDLE_TIMEOUT 28 /* integer */ 128#define PW_TERMINATION_ACTION 29 /* integer */ 129#define PW_CALLED_STATION_ID 30 /* string */ 130#define PW_CALLING_STATION_ID 31 /* string */ 131#define PW_NAS_IDENTIFIER 32 /* string */ 132#define PW_PROXY_STATE 33 /* string */ 133#define PW_LOGIN_LAT_SERVICE 34 /* string */ 134#define PW_LOGIN_LAT_NODE 35 /* string */ 135#define PW_LOGIN_LAT_GROUP 36 /* string */ 136#define PW_FRAMED_APPLETALK_LINK 37 /* integer */ 137#define PW_FRAMED_APPLETALK_NETWORK 38 /* integer */ 138#define PW_FRAMED_APPLETALK_ZONE 39 /* string */ 139#define PW_CHAP_CHALLENGE 60 /* string */ 140#define PW_NAS_PORT_TYPE 61 /* integer */ 141#define PW_PORT_LIMIT 62 /* integer */ 142#define PW_LOGIN_LAT_PORT 63 /* string */ 143 144/* Vendor RADIUS attribute-value pairs */ 145#define PW_MS_CHAP_CHALLENGE 11 /* string */ 146#define PW_MS_CHAP_RESPONSE 1 /* string */ 147#define PW_MS_CHAP2_RESPONSE 25 /* string */ 148#define PW_MS_CHAP2_SUCCESS 26 /* string */ 149#define PW_MS_MPPE_ENCRYPTION_POLICY 7 /* string */ 150#define PW_MS_MPPE_ENCRYPTION_TYPE 8 /* string */ 151#define PW_MS_MPPE_ENCRYPTION_TYPES PW_MS_MPPE_ENCRYPTION_TYPE 152#define PW_MS_CHAP_MPPE_KEYS 12 /* string */ 153#define PW_MS_MPPE_SEND_KEY 16 /* string */ 154#define PW_MS_MPPE_RECV_KEY 17 /* string */ 155#define PW_MS_PRIMARY_DNS_SERVER 28 /* ipaddr */ 156#define PW_MS_SECONDARY_DNS_SERVER 29 /* ipaddr */ 157#define PW_MS_PRIMARY_NBNS_SERVER 30 /* ipaddr */ 158#define PW_MS_SECONDARY_NBNS_SERVER 31 /* ipaddr */ 159 160/* Accounting */ 161 162#define PW_ACCT_STATUS_TYPE 40 /* integer */ 163#define PW_ACCT_DELAY_TIME 41 /* integer */ 164#define PW_ACCT_INPUT_OCTETS 42 /* integer */ 165#define PW_ACCT_OUTPUT_OCTETS 43 /* integer */ 166#define PW_ACCT_SESSION_ID 44 /* string */ 167#define PW_ACCT_AUTHENTIC 45 /* integer */ 168#define PW_ACCT_SESSION_TIME 46 /* integer */ 169#define PW_ACCT_INPUT_PACKETS 47 /* integer */ 170#define PW_ACCT_OUTPUT_PACKETS 48 /* integer */ 171#define PW_ACCT_TERMINATE_CAUSE 49 /* integer */ 172#define PW_ACCT_MULTI_SESSION_ID 50 /* string */ 173#define PW_ACCT_LINK_COUNT 51 /* integer */ 174 175/* From RFC 2869 */ 176#define PW_ACCT_INTERIM_INTERVAL 85 /* integer */ 177 178/* Merit Experimental Extensions */ 179 180#define PW_USER_ID 222 /* string */ 181#define PW_USER_REALM 223 /* string */ 182 183 184/* Session limits */ 185#define PW_SESSION_OCTETS_LIMIT 227 /* integer */ 186#define PW_OCTETS_DIRECTION 228 /* integer */ 187 188/* Integer Translations */ 189 190/* SERVICE TYPES */ 191 192#define PW_LOGIN 1 193#define PW_FRAMED 2 194#define PW_CALLBACK_LOGIN 3 195#define PW_CALLBACK_FRAMED 4 196#define PW_OUTBOUND 5 197#define PW_ADMINISTRATIVE 6 198#define PW_NAS_PROMPT 7 199#define PW_AUTHENTICATE_ONLY 8 200#define PW_CALLBACK_NAS_PROMPT 9 201 202/* FRAMED PROTOCOLS */ 203 204#define PW_PPP 1 205#define PW_SLIP 2 206#define PW_ARA 3 207#define PW_GANDALF 4 208#define PW_XYLOGICS 5 209 210/* FRAMED ROUTING VALUES */ 211 212#define PW_NONE 0 213#define PW_BROADCAST 1 214#define PW_LISTEN 2 215#define PW_BROADCAST_LISTEN 3 216 217/* FRAMED COMPRESSION TYPES */ 218 219#define PW_VAN_JACOBSON_TCP_IP 1 220#define PW_IPX_HEADER_COMPRESSION 2 221 222/* LOGIN SERVICES */ 223 224#define PW_TELNET 0 225#define PW_RLOGIN 1 226#define PW_TCP_CLEAR 2 227#define PW_PORTMASTER 3 228#define PW_LAT 4 229#define PW_X25_PAD 5 230#define PW_X25_T3POS 6 231 232/* TERMINATION ACTIONS */ 233 234#define PW_DEFAULT 0 235#define PW_RADIUS_REQUEST 1 236 237/* PROHIBIT PROTOCOL */ 238 239#define PW_DUMB 0 /* 1 and 2 are defined in FRAMED PROTOCOLS */ 240#define PW_AUTH_ONLY 3 241#define PW_ALL 255 242 243/* ACCOUNTING STATUS TYPES */ 244 245#define PW_STATUS_START 1 246#define PW_STATUS_STOP 2 247#define PW_STATUS_ALIVE 3 248#define PW_STATUS_MODEM_START 4 249#define PW_STATUS_MODEM_STOP 5 250#define PW_STATUS_CANCEL 6 251#define PW_ACCOUNTING_ON 7 252#define PW_ACCOUNTING_OFF 8 253 254/* ACCOUNTING TERMINATION CAUSES */ 255 256#define PW_USER_REQUEST 1 257#define PW_LOST_CARRIER 2 258#define PW_LOST_SERVICE 3 259#define PW_ACCT_IDLE_TIMEOUT 4 260#define PW_ACCT_SESSION_TIMEOUT 5 261#define PW_ADMIN_RESET 6 262#define PW_ADMIN_REBOOT 7 263#define PW_PORT_ERROR 8 264#define PW_NAS_ERROR 9 265#define PW_NAS_REQUEST 10 266#define PW_NAS_REBOOT 11 267#define PW_PORT_UNNEEDED 12 268#define PW_PORT_PREEMPTED 13 269#define PW_PORT_SUSPENDED 14 270#define PW_SERVICE_UNAVAILABLE 15 271#define PW_CALLBACK 16 272#define PW_USER_ERROR 17 273#define PW_HOST_REQUEST 18 274 275/* NAS PORT TYPES */ 276 277#define PW_ASYNC 0 278#define PW_SYNC 1 279#define PW_ISDN_SYNC 2 280#define PW_ISDN_SYNC_V120 3 281#define PW_ISDN_SYNC_V110 4 282#define PW_VIRTUAL 5 283 284/* AUTHENTIC TYPES */ 285#define PW_RADIUS 1 286#define PW_LOCAL 2 287#define PW_REMOTE 3 288 289/* Session-Octets-Limit */ 290#define PW_OCTETS_DIRECTION_SUM 0 291#define PW_OCTETS_DIRECTION_IN 1 292#define PW_OCTETS_DIRECTION_OUT 2 293#define PW_OCTETS_DIRECTION_MAX 3 294 295 296/* Vendor codes */ 297#define VENDOR_NONE (-1) 298#define VENDOR_MICROSOFT 311 299 300/* Server data structures */ 301 302typedef struct dict_attr 303{ 304 char name[NAME_LENGTH + 1]; /* attribute name */ 305 int value; /* attribute index */ 306 int type; /* string, int, etc. */ 307 int vendorcode; /* vendor code */ 308 struct dict_attr *next; 309} DICT_ATTR; 310 311typedef struct dict_value 312{ 313 char attrname[NAME_LENGTH +1]; 314 char name[NAME_LENGTH + 1]; 315 int value; 316 struct dict_value *next; 317} DICT_VALUE; 318 319typedef struct vendor_dict 320{ 321 char vendorname[NAME_LENGTH + 1]; 322 int vendorcode; 323 DICT_ATTR *attributes; 324 struct vendor_dict *next; 325} VENDOR_DICT; 326 327typedef struct value_pair 328{ 329 char name[NAME_LENGTH + 1]; 330 int attribute; 331 int vendorcode; 332 int type; 333 UINT4 lvalue; 334 u_char strvalue[AUTH_STRING_LEN + 1]; 335 struct value_pair *next; 336} VALUE_PAIR; 337 338/* don't change this, as it has to be the same as in the Merit radiusd code */ 339#define MGMT_POLL_SECRET "Hardlyasecret" 340 341/* Define return codes from "SendServer" utility */ 342 343#define BADRESP_RC -2 344#define ERROR_RC -1 345#define OK_RC 0 346#define TIMEOUT_RC 1 347 348typedef struct send_data /* Used to pass information to sendserver() function */ 349{ 350 u_char code; /* RADIUS packet code */ 351 u_char seq_nbr; /* Packet sequence number */ 352 char *server; /* Name/addrress of RADIUS server */ 353 int svc_port; /* RADIUS protocol destination port */ 354 int timeout; /* Session timeout in seconds */ 355 int retries; 356 VALUE_PAIR *send_pairs; /* More a/v pairs to send */ 357 VALUE_PAIR *receive_pairs; /* Where to place received a/v pairs */ 358} SEND_DATA; 359 360typedef struct request_info 361{ 362 char secret[MAX_SECRET_LENGTH + 1]; 363 u_char request_vector[AUTH_VECTOR_LEN]; 364} REQUEST_INFO; 365 366#ifndef MIN 367#define MIN(a, b) ((a) < (b) ? (a) : (b)) 368#endif 369#ifndef MAX 370#define MAX(a, b) ((a) > (b) ? (a) : (b)) 371#endif 372 373#ifndef PATH_MAX 374#define PATH_MAX 1024 375#endif 376 377typedef struct env 378{ 379 int maxsize, size; 380 char **env; 381} ENV; 382 383#define ENV_SIZE 128 384 385/* Function prototypes */ 386 387/* avpair.c */ 388 389VALUE_PAIR *rc_avpair_add __P((VALUE_PAIR **, int, void *, int, int)); 390int rc_avpair_assign __P((VALUE_PAIR *, void *, int)); 391VALUE_PAIR *rc_avpair_new __P((int, void *, int, int)); 392VALUE_PAIR *rc_avpair_gen __P((AUTH_HDR *)); 393VALUE_PAIR *rc_avpair_get __P((VALUE_PAIR *, UINT4)); 394VALUE_PAIR *rc_avpair_copy __P((VALUE_PAIR *)); 395void rc_avpair_insert __P((VALUE_PAIR **, VALUE_PAIR *, VALUE_PAIR *)); 396void rc_avpair_free __P((VALUE_PAIR *)); 397int rc_avpair_parse __P((char *, VALUE_PAIR **)); 398int rc_avpair_tostr __P((VALUE_PAIR *, char *, int, char *, int)); 399VALUE_PAIR *rc_avpair_readin __P((FILE *)); 400 401/* buildreq.c */ 402 403void rc_buildreq __P((SEND_DATA *, int, char *, unsigned short, int, int)); 404unsigned char rc_get_seqnbr __P((void)); 405int rc_auth __P((UINT4, VALUE_PAIR *, VALUE_PAIR **, char *, REQUEST_INFO *)); 406int rc_auth_using_server __P((SERVER *, UINT4, VALUE_PAIR *, VALUE_PAIR **, 407 char *, REQUEST_INFO *)); 408int rc_auth_proxy __P((VALUE_PAIR *, VALUE_PAIR **, char *)); 409int rc_acct __P((UINT4, VALUE_PAIR *)); 410int rc_acct_using_server __P((SERVER *, UINT4, VALUE_PAIR *)); 411int rc_acct_proxy __P((VALUE_PAIR *)); 412int rc_check __P((char *, unsigned short, char *)); 413 414/* clientid.c */ 415 416int rc_read_mapfile __P((char *)); 417UINT4 rc_map2id __P((char *)); 418 419/* config.c */ 420 421int rc_read_config __P((char *)); 422char *rc_conf_str __P((char *)); 423int rc_conf_int __P((char *)); 424SERVER *rc_conf_srv __P((char *)); 425int rc_find_server __P((char *, UINT4 *, char *)); 426 427/* dict.c */ 428 429int rc_read_dictionary __P((char *)); 430DICT_ATTR *rc_dict_getattr __P((int, int)); 431DICT_ATTR *rc_dict_findattr __P((char *)); 432DICT_VALUE *rc_dict_findval __P((char *)); 433DICT_VALUE * rc_dict_getval __P((UINT4, char *)); 434VENDOR_DICT * rc_dict_findvendor __P((char *)); 435VENDOR_DICT * rc_dict_getvendor __P((int)); 436 437/* ip_util.c */ 438 439UINT4 rc_get_ipaddr __P((char *)); 440int rc_good_ipaddr __P((char *)); 441const char *rc_ip_hostname __P((UINT4)); 442UINT4 rc_own_ipaddress __P((void)); 443 444 445/* sendserver.c */ 446 447int rc_send_server __P((SEND_DATA *, char *, REQUEST_INFO *)); 448 449/* util.c */ 450 451void rc_str2tm __P((char *, struct tm *)); 452char *rc_mksid __P((void)); 453void rc_mdelay __P((int)); 454 455/* md5.c */ 456 457void rc_md5_calc __P((unsigned char *, unsigned char *, unsigned int)); 458 459#endif /* RADIUSCLIENT_H */ 460