1 /* 2 * $Id: radiusclient.h,v 1.1 2004/11/14 07:26:26 paulus Exp $ 3 * 4 * Copyright (C) 1995,1996,1997,1998 Lars Fenneberg 5 * 6 * Copyright 1992 Livingston Enterprises, Inc. 7 * 8 * Copyright 1992,1993, 1994,1995 The Regents of the University of Michigan 9 * and Merit Network, Inc. All Rights Reserved 10 * 11 * See the file COPYRIGHT for the respective terms and conditions. 12 * If the file is missing contact me at lf@elemental.net 13 * and I'll send you a copy. 14 * 15 */ 16 17 #ifndef RADIUSCLIENT_H 18 #define RADIUSCLIENT_H 19 20 #include <sys/types.h> 21 #include <stdio.h> 22 #include <time.h> 23 #include "pppd.h" 24 25 #ifndef _UINT4_T 26 /* This works for all machines that Linux runs on... */ 27 typedef unsigned int UINT4; 28 typedef int INT4; 29 #endif 30 31 #define AUTH_VECTOR_LEN 16 32 #define AUTH_PASS_LEN (3 * 16) /* multiple of 16 */ 33 #define AUTH_ID_LEN 64 34 #define AUTH_STRING_LEN 128 /* maximum of 253 */ 35 36 #define BUFFER_LEN 8192 37 38 #define NAME_LENGTH 32 39 #define GETSTR_LENGTH 128 /* must be bigger than AUTH_PASS_LEN */ 40 41 /* codes for radius_buildreq, radius_getport, etc. */ 42 #define AUTH 0 43 #define ACCT 1 44 45 /* defines for config.c */ 46 47 #define SERVER_MAX 8 48 49 #define AUTH_LOCAL_FST (1<<0) 50 #define AUTH_RADIUS_FST (1<<1) 51 #define AUTH_LOCAL_SND (1<<2) 52 #define AUTH_RADIUS_SND (1<<3) 53 54 typedef struct server { 55 int max; 56 char *name[SERVER_MAX]; 57 unsigned short port[SERVER_MAX]; 58 } SERVER; 59 60 typedef struct pw_auth_hdr 61 { 62 u_char code; 63 u_char id; 64 u_short length; 65 u_char vector[AUTH_VECTOR_LEN]; 66 u_char data[2]; 67 } AUTH_HDR; 68 69 #define AUTH_HDR_LEN 20 70 #define MAX_SECRET_LENGTH (3 * 16) /* MUST be multiple of 16 */ 71 #define CHAP_VALUE_LENGTH 16 72 73 #define PW_AUTH_UDP_PORT 1812 74 #define PW_ACCT_UDP_PORT 1813 75 76 #define PW_TYPE_STRING 0 77 #define PW_TYPE_INTEGER 1 78 #define PW_TYPE_IPADDR 2 79 #define PW_TYPE_DATE 3 80 81 /* standard RADIUS codes */ 82 83 #define PW_ACCESS_REQUEST 1 84 #define PW_ACCESS_ACCEPT 2 85 #define PW_ACCESS_REJECT 3 86 #define PW_ACCOUNTING_REQUEST 4 87 #define PW_ACCOUNTING_RESPONSE 5 88 #define PW_ACCOUNTING_STATUS 6 89 #define PW_PASSWORD_REQUEST 7 90 #define PW_PASSWORD_ACK 8 91 #define PW_PASSWORD_REJECT 9 92 #define PW_ACCOUNTING_MESSAGE 10 93 #define PW_ACCESS_CHALLENGE 11 94 #define PW_STATUS_SERVER 12 95 #define PW_STATUS_CLIENT 13 96 97 98 /* standard RADIUS attribute-value pairs */ 99 100 #define PW_USER_NAME 1 /* string */ 101 #define PW_USER_PASSWORD 2 /* string */ 102 #define PW_CHAP_PASSWORD 3 /* string */ 103 #define PW_NAS_IP_ADDRESS 4 /* ipaddr */ 104 #define PW_NAS_PORT 5 /* integer */ 105 #define PW_SERVICE_TYPE 6 /* integer */ 106 #define PW_FRAMED_PROTOCOL 7 /* integer */ 107 #define PW_FRAMED_IP_ADDRESS 8 /* ipaddr */ 108 #define PW_FRAMED_IP_NETMASK 9 /* ipaddr */ 109 #define PW_FRAMED_ROUTING 10 /* integer */ 110 #define PW_FILTER_ID 11 /* string */ 111 #define PW_FRAMED_MTU 12 /* integer */ 112 #define PW_FRAMED_COMPRESSION 13 /* integer */ 113 #define PW_LOGIN_IP_HOST 14 /* ipaddr */ 114 #define PW_LOGIN_SERVICE 15 /* integer */ 115 #define PW_LOGIN_PORT 16 /* integer */ 116 #define PW_OLD_PASSWORD 17 /* string */ /* deprecated */ 117 #define PW_REPLY_MESSAGE 18 /* string */ 118 #define PW_LOGIN_CALLBACK_NUMBER 19 /* string */ 119 #define PW_FRAMED_CALLBACK_ID 20 /* string */ 120 #define PW_EXPIRATION 21 /* date */ /* deprecated */ 121 #define PW_FRAMED_ROUTE 22 /* string */ 122 #define PW_FRAMED_IPX_NETWORK 23 /* integer */ 123 #define PW_STATE 24 /* string */ 124 #define PW_CLASS 25 /* string */ 125 #define PW_VENDOR_SPECIFIC 26 /* string */ 126 #define PW_SESSION_TIMEOUT 27 /* integer */ 127 #define PW_IDLE_TIMEOUT 28 /* integer */ 128 #define PW_TERMINATION_ACTION 29 /* integer */ 129 #define PW_CALLED_STATION_ID 30 /* string */ 130 #define PW_CALLING_STATION_ID 31 /* string */ 131 #define PW_NAS_IDENTIFIER 32 /* string */ 132 #define PW_PROXY_STATE 33 /* string */ 133 #define PW_LOGIN_LAT_SERVICE 34 /* string */ 134 #define PW_LOGIN_LAT_NODE 35 /* string */ 135 #define PW_LOGIN_LAT_GROUP 36 /* string */ 136 #define PW_FRAMED_APPLETALK_LINK 37 /* integer */ 137 #define PW_FRAMED_APPLETALK_NETWORK 38 /* integer */ 138 #define PW_FRAMED_APPLETALK_ZONE 39 /* string */ 139 #define PW_CHAP_CHALLENGE 60 /* string */ 140 #define PW_NAS_PORT_TYPE 61 /* integer */ 141 #define PW_PORT_LIMIT 62 /* integer */ 142 #define PW_LOGIN_LAT_PORT 63 /* string */ 143 144 /* Vendor RADIUS attribute-value pairs */ 145 #define PW_MS_CHAP_CHALLENGE 11 /* string */ 146 #define PW_MS_CHAP_RESPONSE 1 /* string */ 147 #define PW_MS_CHAP2_RESPONSE 25 /* string */ 148 #define PW_MS_CHAP2_SUCCESS 26 /* string */ 149 #define PW_MS_MPPE_ENCRYPTION_POLICY 7 /* string */ 150 #define PW_MS_MPPE_ENCRYPTION_TYPE 8 /* string */ 151 #define PW_MS_MPPE_ENCRYPTION_TYPES PW_MS_MPPE_ENCRYPTION_TYPE 152 #define PW_MS_CHAP_MPPE_KEYS 12 /* string */ 153 #define PW_MS_MPPE_SEND_KEY 16 /* string */ 154 #define PW_MS_MPPE_RECV_KEY 17 /* string */ 155 #define PW_MS_PRIMARY_DNS_SERVER 28 /* ipaddr */ 156 #define PW_MS_SECONDARY_DNS_SERVER 29 /* ipaddr */ 157 #define PW_MS_PRIMARY_NBNS_SERVER 30 /* ipaddr */ 158 #define PW_MS_SECONDARY_NBNS_SERVER 31 /* ipaddr */ 159 160 /* Accounting */ 161 162 #define PW_ACCT_STATUS_TYPE 40 /* integer */ 163 #define PW_ACCT_DELAY_TIME 41 /* integer */ 164 #define PW_ACCT_INPUT_OCTETS 42 /* integer */ 165 #define PW_ACCT_OUTPUT_OCTETS 43 /* integer */ 166 #define PW_ACCT_SESSION_ID 44 /* string */ 167 #define PW_ACCT_AUTHENTIC 45 /* integer */ 168 #define PW_ACCT_SESSION_TIME 46 /* integer */ 169 #define PW_ACCT_INPUT_PACKETS 47 /* integer */ 170 #define PW_ACCT_OUTPUT_PACKETS 48 /* integer */ 171 #define PW_ACCT_TERMINATE_CAUSE 49 /* integer */ 172 #define PW_ACCT_MULTI_SESSION_ID 50 /* string */ 173 #define PW_ACCT_LINK_COUNT 51 /* integer */ 174 175 /* From RFC 2869 */ 176 #define PW_ACCT_INTERIM_INTERVAL 85 /* integer */ 177 178 /* Merit Experimental Extensions */ 179 180 #define PW_USER_ID 222 /* string */ 181 #define PW_USER_REALM 223 /* string */ 182 183 184 /* Session limits */ 185 #define PW_SESSION_OCTETS_LIMIT 227 /* integer */ 186 #define PW_OCTETS_DIRECTION 228 /* integer */ 187 188 /* Integer Translations */ 189 190 /* SERVICE TYPES */ 191 192 #define PW_LOGIN 1 193 #define PW_FRAMED 2 194 #define PW_CALLBACK_LOGIN 3 195 #define PW_CALLBACK_FRAMED 4 196 #define PW_OUTBOUND 5 197 #define PW_ADMINISTRATIVE 6 198 #define PW_NAS_PROMPT 7 199 #define PW_AUTHENTICATE_ONLY 8 200 #define PW_CALLBACK_NAS_PROMPT 9 201 202 /* FRAMED PROTOCOLS */ 203 204 #define PW_PPP 1 205 #define PW_SLIP 2 206 #define PW_ARA 3 207 #define PW_GANDALF 4 208 #define PW_XYLOGICS 5 209 210 /* FRAMED ROUTING VALUES */ 211 212 #define PW_NONE 0 213 #define PW_BROADCAST 1 214 #define PW_LISTEN 2 215 #define PW_BROADCAST_LISTEN 3 216 217 /* FRAMED COMPRESSION TYPES */ 218 219 #define PW_VAN_JACOBSON_TCP_IP 1 220 #define PW_IPX_HEADER_COMPRESSION 2 221 222 /* LOGIN SERVICES */ 223 224 #define PW_TELNET 0 225 #define PW_RLOGIN 1 226 #define PW_TCP_CLEAR 2 227 #define PW_PORTMASTER 3 228 #define PW_LAT 4 229 #define PW_X25_PAD 5 230 #define PW_X25_T3POS 6 231 232 /* TERMINATION ACTIONS */ 233 234 #define PW_DEFAULT 0 235 #define PW_RADIUS_REQUEST 1 236 237 /* PROHIBIT PROTOCOL */ 238 239 #define PW_DUMB 0 /* 1 and 2 are defined in FRAMED PROTOCOLS */ 240 #define PW_AUTH_ONLY 3 241 #define PW_ALL 255 242 243 /* ACCOUNTING STATUS TYPES */ 244 245 #define PW_STATUS_START 1 246 #define PW_STATUS_STOP 2 247 #define PW_STATUS_ALIVE 3 248 #define PW_STATUS_MODEM_START 4 249 #define PW_STATUS_MODEM_STOP 5 250 #define PW_STATUS_CANCEL 6 251 #define PW_ACCOUNTING_ON 7 252 #define PW_ACCOUNTING_OFF 8 253 254 /* ACCOUNTING TERMINATION CAUSES */ 255 256 #define PW_USER_REQUEST 1 257 #define PW_LOST_CARRIER 2 258 #define PW_LOST_SERVICE 3 259 #define PW_ACCT_IDLE_TIMEOUT 4 260 #define PW_ACCT_SESSION_TIMEOUT 5 261 #define PW_ADMIN_RESET 6 262 #define PW_ADMIN_REBOOT 7 263 #define PW_PORT_ERROR 8 264 #define PW_NAS_ERROR 9 265 #define PW_NAS_REQUEST 10 266 #define PW_NAS_REBOOT 11 267 #define PW_PORT_UNNEEDED 12 268 #define PW_PORT_PREEMPTED 13 269 #define PW_PORT_SUSPENDED 14 270 #define PW_SERVICE_UNAVAILABLE 15 271 #define PW_CALLBACK 16 272 #define PW_USER_ERROR 17 273 #define PW_HOST_REQUEST 18 274 275 /* NAS PORT TYPES */ 276 277 #define PW_ASYNC 0 278 #define PW_SYNC 1 279 #define PW_ISDN_SYNC 2 280 #define PW_ISDN_SYNC_V120 3 281 #define PW_ISDN_SYNC_V110 4 282 #define PW_VIRTUAL 5 283 284 /* AUTHENTIC TYPES */ 285 #define PW_RADIUS 1 286 #define PW_LOCAL 2 287 #define PW_REMOTE 3 288 289 /* Session-Octets-Limit */ 290 #define PW_OCTETS_DIRECTION_SUM 0 291 #define PW_OCTETS_DIRECTION_IN 1 292 #define PW_OCTETS_DIRECTION_OUT 2 293 #define PW_OCTETS_DIRECTION_MAX 3 294 295 296 /* Vendor codes */ 297 #define VENDOR_NONE (-1) 298 #define VENDOR_MICROSOFT 311 299 300 /* Server data structures */ 301 302 typedef struct dict_attr 303 { 304 char name[NAME_LENGTH + 1]; /* attribute name */ 305 int value; /* attribute index */ 306 int type; /* string, int, etc. */ 307 int vendorcode; /* vendor code */ 308 struct dict_attr *next; 309 } DICT_ATTR; 310 311 typedef struct dict_value 312 { 313 char attrname[NAME_LENGTH +1]; 314 char name[NAME_LENGTH + 1]; 315 int value; 316 struct dict_value *next; 317 } DICT_VALUE; 318 319 typedef struct vendor_dict 320 { 321 char vendorname[NAME_LENGTH + 1]; 322 int vendorcode; 323 DICT_ATTR *attributes; 324 struct vendor_dict *next; 325 } VENDOR_DICT; 326 327 typedef struct value_pair 328 { 329 char name[NAME_LENGTH + 1]; 330 int attribute; 331 int vendorcode; 332 int type; 333 UINT4 lvalue; 334 u_char strvalue[AUTH_STRING_LEN + 1]; 335 struct value_pair *next; 336 } VALUE_PAIR; 337 338 /* don't change this, as it has to be the same as in the Merit radiusd code */ 339 #define MGMT_POLL_SECRET "Hardlyasecret" 340 341 /* Define return codes from "SendServer" utility */ 342 343 #define BADRESP_RC -2 344 #define ERROR_RC -1 345 #define OK_RC 0 346 #define TIMEOUT_RC 1 347 348 typedef struct send_data /* Used to pass information to sendserver() function */ 349 { 350 u_char code; /* RADIUS packet code */ 351 u_char seq_nbr; /* Packet sequence number */ 352 char *server; /* Name/addrress of RADIUS server */ 353 int svc_port; /* RADIUS protocol destination port */ 354 int timeout; /* Session timeout in seconds */ 355 int retries; 356 VALUE_PAIR *send_pairs; /* More a/v pairs to send */ 357 VALUE_PAIR *receive_pairs; /* Where to place received a/v pairs */ 358 } SEND_DATA; 359 360 typedef struct request_info 361 { 362 char secret[MAX_SECRET_LENGTH + 1]; 363 u_char request_vector[AUTH_VECTOR_LEN]; 364 } REQUEST_INFO; 365 366 #ifndef MIN 367 #define MIN(a, b) ((a) < (b) ? (a) : (b)) 368 #endif 369 #ifndef MAX 370 #define MAX(a, b) ((a) > (b) ? (a) : (b)) 371 #endif 372 373 #ifndef PATH_MAX 374 #define PATH_MAX 1024 375 #endif 376 377 typedef struct env 378 { 379 int maxsize, size; 380 char **env; 381 } ENV; 382 383 #define ENV_SIZE 128 384 385 /* Function prototypes */ 386 387 /* avpair.c */ 388 389 VALUE_PAIR *rc_avpair_add __P((VALUE_PAIR **, int, void *, int, int)); 390 int rc_avpair_assign __P((VALUE_PAIR *, void *, int)); 391 VALUE_PAIR *rc_avpair_new __P((int, void *, int, int)); 392 VALUE_PAIR *rc_avpair_gen __P((AUTH_HDR *)); 393 VALUE_PAIR *rc_avpair_get __P((VALUE_PAIR *, UINT4)); 394 VALUE_PAIR *rc_avpair_copy __P((VALUE_PAIR *)); 395 void rc_avpair_insert __P((VALUE_PAIR **, VALUE_PAIR *, VALUE_PAIR *)); 396 void rc_avpair_free __P((VALUE_PAIR *)); 397 int rc_avpair_parse __P((char *, VALUE_PAIR **)); 398 int rc_avpair_tostr __P((VALUE_PAIR *, char *, int, char *, int)); 399 VALUE_PAIR *rc_avpair_readin __P((FILE *)); 400 401 /* buildreq.c */ 402 403 void rc_buildreq __P((SEND_DATA *, int, char *, unsigned short, int, int)); 404 unsigned char rc_get_seqnbr __P((void)); 405 int rc_auth __P((UINT4, VALUE_PAIR *, VALUE_PAIR **, char *, REQUEST_INFO *)); 406 int rc_auth_using_server __P((SERVER *, UINT4, VALUE_PAIR *, VALUE_PAIR **, 407 char *, REQUEST_INFO *)); 408 int rc_auth_proxy __P((VALUE_PAIR *, VALUE_PAIR **, char *)); 409 int rc_acct __P((UINT4, VALUE_PAIR *)); 410 int rc_acct_using_server __P((SERVER *, UINT4, VALUE_PAIR *)); 411 int rc_acct_proxy __P((VALUE_PAIR *)); 412 int rc_check __P((char *, unsigned short, char *)); 413 414 /* clientid.c */ 415 416 int rc_read_mapfile __P((char *)); 417 UINT4 rc_map2id __P((char *)); 418 419 /* config.c */ 420 421 int rc_read_config __P((char *)); 422 char *rc_conf_str __P((char *)); 423 int rc_conf_int __P((char *)); 424 SERVER *rc_conf_srv __P((char *)); 425 int rc_find_server __P((char *, UINT4 *, char *)); 426 427 /* dict.c */ 428 429 int rc_read_dictionary __P((char *)); 430 DICT_ATTR *rc_dict_getattr __P((int, int)); 431 DICT_ATTR *rc_dict_findattr __P((char *)); 432 DICT_VALUE *rc_dict_findval __P((char *)); 433 DICT_VALUE * rc_dict_getval __P((UINT4, char *)); 434 VENDOR_DICT * rc_dict_findvendor __P((char *)); 435 VENDOR_DICT * rc_dict_getvendor __P((int)); 436 437 /* ip_util.c */ 438 439 UINT4 rc_get_ipaddr __P((char *)); 440 int rc_good_ipaddr __P((char *)); 441 const char *rc_ip_hostname __P((UINT4)); 442 UINT4 rc_own_ipaddress __P((void)); 443 444 445 /* sendserver.c */ 446 447 int rc_send_server __P((SEND_DATA *, char *, REQUEST_INFO *)); 448 449 /* util.c */ 450 451 void rc_str2tm __P((char *, struct tm *)); 452 char *rc_mksid __P((void)); 453 void rc_mdelay __P((int)); 454 455 /* md5.c */ 456 457 void rc_md5_calc __P((unsigned char *, unsigned char *, unsigned int)); 458 459 #endif /* RADIUSCLIENT_H */ 460