radius_client.h 6.3 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259
  1. /*
  2. * RADIUS client
  3. * Copyright (c) 2002-2009, Jouni Malinen <j@w1.fi>
  4. *
  5. * This software may be distributed under the terms of the BSD license.
  6. * See README for more details.
  7. */
  8. #ifndef RADIUS_CLIENT_H
  9. #define RADIUS_CLIENT_H
  10. #include "ip_addr.h"
  11. struct radius_msg;
  12. /**
  13. * struct hostapd_radius_server - RADIUS server information for RADIUS client
  14. *
  15. * This structure contains information about a RADIUS server. The values are
  16. * mainly for MIB information. The MIB variable prefix (radiusAuth or
  17. * radiusAcc) depends on whether this is an authentication or accounting
  18. * server.
  19. *
  20. * radiusAuthClientPendingRequests (or radiusAccClientPendingRequests) is the
  21. * number struct radius_client_data::msgs for matching msg_type.
  22. */
  23. struct hostapd_radius_server {
  24. /**
  25. * addr - radiusAuthServerAddress or radiusAccServerAddress
  26. */
  27. struct hostapd_ip_addr addr;
  28. /**
  29. * port - radiusAuthClientServerPortNumber or radiusAccClientServerPortNumber
  30. */
  31. int port;
  32. /**
  33. * shared_secret - Shared secret for authenticating RADIUS messages
  34. */
  35. u8 *shared_secret;
  36. /**
  37. * shared_secret_len - Length of shared_secret in octets
  38. */
  39. size_t shared_secret_len;
  40. /* Dynamic (not from configuration file) MIB data */
  41. /**
  42. * index - radiusAuthServerIndex or radiusAccServerIndex
  43. */
  44. int index;
  45. /**
  46. * round_trip_time - radiusAuthClientRoundTripTime or radiusAccClientRoundTripTime
  47. * Round-trip time in hundredths of a second.
  48. */
  49. int round_trip_time;
  50. /**
  51. * requests - radiusAuthClientAccessRequests or radiusAccClientRequests
  52. */
  53. u32 requests;
  54. /**
  55. * retransmissions - radiusAuthClientAccessRetransmissions or radiusAccClientRetransmissions
  56. */
  57. u32 retransmissions;
  58. /**
  59. * access_accepts - radiusAuthClientAccessAccepts
  60. */
  61. u32 access_accepts;
  62. /**
  63. * access_rejects - radiusAuthClientAccessRejects
  64. */
  65. u32 access_rejects;
  66. /**
  67. * access_challenges - radiusAuthClientAccessChallenges
  68. */
  69. u32 access_challenges;
  70. /**
  71. * responses - radiusAccClientResponses
  72. */
  73. u32 responses;
  74. /**
  75. * malformed_responses - radiusAuthClientMalformedAccessResponses or radiusAccClientMalformedResponses
  76. */
  77. u32 malformed_responses;
  78. /**
  79. * bad_authenticators - radiusAuthClientBadAuthenticators or radiusAccClientBadAuthenticators
  80. */
  81. u32 bad_authenticators;
  82. /**
  83. * timeouts - radiusAuthClientTimeouts or radiusAccClientTimeouts
  84. */
  85. u32 timeouts;
  86. /**
  87. * unknown_types - radiusAuthClientUnknownTypes or radiusAccClientUnknownTypes
  88. */
  89. u32 unknown_types;
  90. /**
  91. * packets_dropped - radiusAuthClientPacketsDropped or radiusAccClientPacketsDropped
  92. */
  93. u32 packets_dropped;
  94. };
  95. /**
  96. * struct hostapd_radius_servers - RADIUS servers for RADIUS client
  97. */
  98. struct hostapd_radius_servers {
  99. /**
  100. * auth_servers - RADIUS Authentication servers in priority order
  101. */
  102. struct hostapd_radius_server *auth_servers;
  103. /**
  104. * num_auth_servers - Number of auth_servers entries
  105. */
  106. int num_auth_servers;
  107. /**
  108. * auth_server - The current Authentication server
  109. */
  110. struct hostapd_radius_server *auth_server;
  111. /**
  112. * acct_servers - RADIUS Accounting servers in priority order
  113. */
  114. struct hostapd_radius_server *acct_servers;
  115. /**
  116. * num_acct_servers - Number of acct_servers entries
  117. */
  118. int num_acct_servers;
  119. /**
  120. * acct_server - The current Accounting server
  121. */
  122. struct hostapd_radius_server *acct_server;
  123. /**
  124. * retry_primary_interval - Retry interval for trying primary server
  125. *
  126. * This specifies a retry interval in sexconds for trying to return to
  127. * the primary RADIUS server. RADIUS client code will automatically try
  128. * to use the next server when the current server is not replying to
  129. * requests. If this interval is set (non-zero), the primary server
  130. * will be retried after the specified number of seconds has passed
  131. * even if the current used secondary server is still working.
  132. */
  133. int retry_primary_interval;
  134. /**
  135. * msg_dumps - Whether RADIUS message details are shown in stdout
  136. */
  137. int msg_dumps;
  138. /**
  139. * client_addr - Client (local) address to use if force_client_addr
  140. */
  141. struct hostapd_ip_addr client_addr;
  142. /**
  143. * force_client_addr - Whether to force client (local) address
  144. */
  145. int force_client_addr;
  146. };
  147. /**
  148. * RadiusType - RADIUS server type for RADIUS client
  149. */
  150. typedef enum {
  151. /**
  152. * RADIUS authentication
  153. */
  154. RADIUS_AUTH,
  155. /**
  156. * RADIUS_ACCT - RADIUS accounting
  157. */
  158. RADIUS_ACCT,
  159. /**
  160. * RADIUS_ACCT_INTERIM - RADIUS interim accounting message
  161. *
  162. * Used only with radius_client_send(). This behaves just like
  163. * RADIUS_ACCT, but removes any pending interim RADIUS Accounting
  164. * messages for the same STA before sending the new interim update.
  165. */
  166. RADIUS_ACCT_INTERIM
  167. } RadiusType;
  168. /**
  169. * RadiusRxResult - RADIUS client RX handler result
  170. */
  171. typedef enum {
  172. /**
  173. * RADIUS_RX_PROCESSED - Message processed
  174. *
  175. * This stops handler calls and frees the message.
  176. */
  177. RADIUS_RX_PROCESSED,
  178. /**
  179. * RADIUS_RX_QUEUED - Message has been queued
  180. *
  181. * This stops handler calls, but does not free the message; the handler
  182. * that returned this is responsible for eventually freeing the
  183. * message.
  184. */
  185. RADIUS_RX_QUEUED,
  186. /**
  187. * RADIUS_RX_UNKNOWN - Message is not for this handler
  188. */
  189. RADIUS_RX_UNKNOWN,
  190. /**
  191. * RADIUS_RX_INVALID_AUTHENTICATOR - Message has invalid Authenticator
  192. */
  193. RADIUS_RX_INVALID_AUTHENTICATOR
  194. } RadiusRxResult;
  195. struct radius_client_data;
  196. int radius_client_register(struct radius_client_data *radius,
  197. RadiusType msg_type,
  198. RadiusRxResult (*handler)
  199. (struct radius_msg *msg, struct radius_msg *req,
  200. const u8 *shared_secret, size_t shared_secret_len,
  201. void *data),
  202. void *data);
  203. int radius_client_send(struct radius_client_data *radius,
  204. struct radius_msg *msg,
  205. RadiusType msg_type, const u8 *addr);
  206. u8 radius_client_get_id(struct radius_client_data *radius);
  207. void radius_client_flush(struct radius_client_data *radius, int only_auth);
  208. struct radius_client_data *
  209. radius_client_init(void *ctx, struct hostapd_radius_servers *conf);
  210. void radius_client_deinit(struct radius_client_data *radius);
  211. void radius_client_flush_auth(struct radius_client_data *radius,
  212. const u8 *addr);
  213. int radius_client_get_mib(struct radius_client_data *radius, char *buf,
  214. size_t buflen);
  215. void radius_client_reconfig(struct radius_client_data *radius,
  216. struct hostapd_radius_servers *conf);
  217. #endif /* RADIUS_CLIENT_H */