1 /*********************************************************************************************************
2 * Software License Agreement (BSD License)                                                               *
3 * Author: Sebastien Decugis <sdecugis@freediameter.net>							 *
4 *													 *
5 * Copyright (c) 2013, WIDE Project and NICT								 *
6 * All rights reserved.											 *
7 * 													 *
8 * Redistribution and use of this software in source and binary forms, with or without modification, are  *
9 * permitted provided that the following conditions are met:						 *
10 * 													 *
11 * * Redistributions of source code must retain the above 						 *
12 *   copyright notice, this list of conditions and the 							 *
13 *   following disclaimer.										 *
14 *    													 *
15 * * Redistributions in binary form must reproduce the above 						 *
16 *   copyright notice, this list of conditions and the 							 *
17 *   following disclaimer in the documentation and/or other						 *
18 *   materials provided with the distribution.								 *
19 * 													 *
20 * * Neither the name of the WIDE Project or NICT nor the 						 *
21 *   names of its contributors may be used to endorse or 						 *
22 *   promote products derived from this software without 						 *
23 *   specific prior written permission of WIDE Project and 						 *
24 *   NICT.												 *
25 * 													 *
26 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED *
27 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A *
28 * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR *
29 * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 	 *
30 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 	 *
31 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR *
32 * TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF   *
33 * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.								 *
34 *********************************************************************************************************/
35 
36 /* This file contains definitions for both app_radgw extension and its plugins. */
37 
38 #ifndef _RGW_COMMON_H
39 #define _RGW_COMMON_H
40 
41 /* Include definitions from the freeDiameter framework */
42 #include <freeDiameter/extension.h>
43 
44 /* Include hostap files for RADIUS processings */
45 #include "hostap_compat.h"
46 #include "md5.h"
47 #include "radius.h"
48 
49 
50 /**************************************************************/
51 /*              Interface with gateway's plug-ins             */
52 /**************************************************************/
53 /* This structure is private for each plugin */
54 struct rgwp_config;
55 
56 /* This structure points to a RADIUS client description, the definition is not known to plugins */
57 struct rgw_client;
58 
59 int    rgw_clients_getkey(struct rgw_client * cli, unsigned char **key, size_t *key_len);
60 char * rgw_clients_id(struct rgw_client *cli);
61 int    rgw_clients_get_origin(struct rgw_client *cli, DiamId_t *fqdn, size_t *fqdnlen, DiamId_t *realm, size_t *realmlen);
62 
63 /* Each plugin must provide the following structure. */
64 extern struct rgw_api {
65 	/* The name of the plugin */
66 	const char * rgwp_name;
67 
68 	/* Parse the configuration file. It may be called several times with different configurations.
69 	    Called even if no configuration file is passed (with NULL conf_file parameter then) */
70 	int (*rgwp_conf_parse) ( char * conf_file, struct rgwp_config ** state );
71 
72 	/* Cleanup the configuration state when the daemon is exiting (called even if state is NULL). */
73 	void (*rgwp_conf_free) (struct rgwp_config * state);
74 
75 	/* handle an incoming RADIUS message */
76 	int	(*rgwp_rad_req) ( struct rgwp_config * conf, struct radius_msg * rad_req, struct radius_msg ** rad_ans, struct msg ** diam_fw, struct rgw_client * cli );
77 	/* ret >0: critical error (errno), log and exit.
78 	   ret 0: continue;
79 	   ret -1: stop processing this message
80 	   ret -2: reply the content of rad_ans to the RADIUS client immediatly
81 	 */
82 
83 	/* handle the corresponding Diameter answer */
84 	int	(*rgwp_diam_ans) ( struct rgwp_config * conf, struct msg ** diam_ans, struct radius_msg ** rad_fw, struct rgw_client * cli );
85 	/* ret 0: continue; ret >0: error; ret: -1 ... (tbd) */
86 
87 } rgwp_descriptor;
88 
89 
90 
91 /**************************************************************/
92 /*              Additional definitions                        */
93 /**************************************************************/
94 /* Type of message / server */
95 #define RGW_PLG_TYPE_AUTH	1
96 #define RGW_PLG_TYPE_ACCT	2
97 
98 /* Class attribute prefix to store the Auth Application Id (required to send STR) */
99 #define CLASS_AAI_PREFIX 	"fD/rgwx/aai:"
100 
101 /* Attributes missing from radius.h (not used in EAP) */
102 enum { RADIUS_ATTR_CHAP_PASSWORD = 3,
103 	RADIUS_ATTR_SERVICE_TYPE = 6,
104 	RADIUS_ATTR_FRAMED_PROTOCOL = 7,
105 	RADIUS_ATTR_FRAMED_IP_ADDRESS = 8,
106 	RADIUS_ATTR_FRAMED_IP_NETMASK = 9,
107 	RADIUS_ATTR_FRAMED_ROUTING = 10,
108 	RADIUS_ATTR_FILTER_ID = 11,
109 	RADIUS_ATTR_FRAMED_COMPRESSION = 13,
110 	RADIUS_ATTR_LOGIN_IP_HOST = 14,
111 	RADIUS_ATTR_LOGIN_SERVICE = 15,
112 	RADIUS_ATTR_LOGIN_TCP_PORT = 16,
113 	RADIUS_ATTR_CALLBACK_NUMBER = 19,
114 	RADIUS_ATTR_CALLBACK_ID = 20,
115 	RADIUS_ATTR_FRAMED_ROUTE = 22,
116 	RADIUS_ATTR_FRAMED_IPX_NETWORK = 23,
117 	RADIUS_ATTR_LOGIN_LAT_SERVICE = 34,
118 	RADIUS_ATTR_LOGIN_LAT_NODE = 35,
119 	RADIUS_ATTR_LOGIN_LAT_GROUP = 36,
120 	RADIUS_ATTR_FRAMED_APPLETALK_LINK = 37,
121 	RADIUS_ATTR_FRAMED_APPLETALK_NETWORK = 38,
122 	RADIUS_ATTR_FRAMED_APPLETALK_ZONE = 39,
123 	RADIUS_ATTR_CHAP_CHALLENGE = 60,
124 	RADIUS_ATTR_PORT_LIMIT = 62,
125 	RADIUS_ATTR_LOGIN_LAT_PORT = 63,
126 	RADIUS_ATTR_TUNNEL_CLIENT_ENDPOINT = 66,
127 	RADIUS_ATTR_TUNNEL_SERVER_ENDPOINT = 67,
128 	RADIUS_ATTR_TUNNEL_PASSWORD = 69,
129 	RADIUS_ATTR_ARAP_PASSWORD = 70,
130 	RADIUS_ATTR_ARAP_FEATURES = 71,
131 	RADIUS_ATTR_ARAP_ZONE_ACCESS = 72,
132 	RADIUS_ATTR_ARAP_SECURITY = 73,
133 	RADIUS_ATTR_ARAP_SECURITY_DATA = 74,
134 	RADIUS_ATTR_PASSWORD_RETRY = 75,
135 	RADIUS_ATTR_PROMPT = 76,
136 	RADIUS_ATTR_CONFIGURATION_TOKEN = 78,
137 	RADIUS_ATTR_TUNNEL_ASSIGNMENT_ID = 82,
138 	RADIUS_ATTR_TUNNEL_PREFERENCE = 83,
139 	RADIUS_ATTR_ARAP_CHALLENGE_RESPONSE = 84,
140 	RADIUS_ATTR_NAS_PORT_ID = 87,
141 	RADIUS_ATTR_FRAMED_POOL = 88,
142 	RADIUS_ATTR_TUNNEL_CLIENT_AUTH_ID = 90,
143 	RADIUS_ATTR_TUNNEL_SERVER_AUTH_ID = 91,
144 	RADIUS_ATTR_ORIGINATING_LINE_INFO = 94,
145 	RADIUS_ATTR_FRAMED_INTERFACE_ID = 96,
146 	RADIUS_ATTR_FRAMED_IPV6_PREFIX = 97,
147 	RADIUS_ATTR_LOGIN_IPV6_HOST = 98,
148 	RADIUS_ATTR_FRAMED_IPV6_ROUTE = 99,
149 	RADIUS_ATTR_FRAMED_IPV6_POOL = 100,
150 	RADIUS_ATTR_ERROR_CAUSE = 101,
151 	RADIUS_ATTR_EAP_KEY_NAME = 102,
152 	RADIUS_ATTR_DIGEST_RESPONSE = 103,
153 	RADIUS_ATTR_DIGEST_REALM = 104,
154 	RADIUS_ATTR_DIGEST_NONCE = 105,
155 	RADIUS_ATTR_DIGEST_RESPONSE_AUTH=106,
156 	RADIUS_ATTR_DIGEST_NEXTNONCE = 107,
157 	RADIUS_ATTR_DIGEST_METHOD = 108,
158 	RADIUS_ATTR_DIGEST_URI = 109,
159 	RADIUS_ATTR_DIGEST_QOP = 110,
160 	RADIUS_ATTR_DIGEST_ALGORITHM = 111,
161 	RADIUS_ATTR_DIGEST_ENTITY_BODY_HASH=112,
162 	RADIUS_ATTR_DIGEST_CNONCE = 113,
163 	RADIUS_ATTR_DIGEST_NONCE_COUNT = 114,
164 	RADIUS_ATTR_DIGEST_USERNAME = 115,
165 	RADIUS_ATTR_DIGEST_HA1 = 121,
166 	RADIUS_ATTR_SIP_AOR = 122
167 };
168 
169 enum {  DIAM_ATTR_USER_NAME = 1,
170 	DIAM_ATTR_USER_PASSWORD = 2,
171 	DIAM_ATTR_NAS_IP_ADDRESS = 4,
172 	DIAM_ATTR_NAS_PORT = 5,
173 	DIAM_ATTR_SERVICE_TYPE = 6,
174 	DIAM_ATTR_FRAMED_PROTOCOL = 7,
175 	DIAM_ATTR_FRAMED_IP_ADDRESS = 8,
176 	DIAM_ATTR_FRAMED_IP_NETMASK = 9,
177 	DIAM_ATTR_FRAMED_ROUTING = 10,
178 	DIAM_ATTR_FILTER_ID = 11,
179 	DIAM_ATTR_FRAMED_MTU = 12,
180 	DIAM_ATTR_FRAMED_COMPRESSION = 13,
181 	DIAM_ATTR_LOGIN_IP_HOST = 14,
182 	DIAM_ATTR_LOGIN_SERVICE = 15,
183 	DIAM_ATTR_LOGIN_TCP_PORT = 16,
184 	DIAM_ATTR_REPLY_MESSAGE = 18,
185 	DIAM_ATTR_CALLBACK_NUMBER = 19,
186 	DIAM_ATTR_CALLBACK_ID = 20,
187 	DIAM_ATTR_FRAMED_ROUTE = 22,
188 	DIAM_ATTR_FRAMED_IPX_NETWORK = 23,
189 	DIAM_ATTR_STATE = 24,
190 	DIAM_ATTR_CLASS = 25,
191 	DIAM_ATTR_IDLE_TIMEOUT = 28,
192 	DIAM_ATTR_NAS_IDENTIFIER = 32,
193 	DIAM_ATTR_LOGIN_LAT_SERVICE = 34,
194 	DIAM_ATTR_LOGIN_LAT_NODE = 35,
195 	DIAM_ATTR_LOGIN_LAT_GROUP = 36,
196 	DIAM_ATTR_FRAMED_APPLETALK_LINK = 37,
197 	DIAM_ATTR_FRAMED_APPLETALK_NETWORK = 38,
198 	DIAM_ATTR_FRAMED_APPLETALK_ZONE = 39,
199 	DIAM_ATTR_ACCT_SESSION_ID = 44,
200 	DIAM_ATTR_ACCT_MULTI_SESSION_ID = 50,
201 	DIAM_ATTR_EVENT_TIMESTAMP = 55,
202 	DIAM_ATTR_NAS_PORT_TYPE = 61,
203 	DIAM_ATTR_PORT_LIMIT = 62,
204 	DIAM_ATTR_LOGIN_LAT_PORT = 63,
205 	DIAM_ATTR_TUNNEL_TYPE = 64,
206 	DIAM_ATTR_TUNNEL_MEDIUM_TYPE = 65,
207 	DIAM_ATTR_TUNNEL_CLIENT_ENDPOINT = 66,
208 	DIAM_ATTR_TUNNEL_SERVER_ENDPOINT = 67,
209 	DIAM_ATTR_TUNNEL_PASSWORD = 69,
210 	DIAM_ATTR_ARAP_FEATURES = 71,
211 	DIAM_ATTR_ARAP_ZONE_ACCESS = 72,
212 	DIAM_ATTR_ARAP_SECURITY = 73,
213 	DIAM_ATTR_ARAP_SECURITY_DATA = 74,
214 	DIAM_ATTR_PASSWORD_RETRY = 75,
215 	DIAM_ATTR_PROMPT = 76,
216 	DIAM_ATTR_CONFIGURATION_TOKEN = 78,
217 	DIAM_ATTR_TUNNEL_PRIVATE_GROUP_ID = 81,
218 	DIAM_ATTR_TUNNEL_ASSIGNMENT_ID = 82,
219 	DIAM_ATTR_TUNNEL_PREFERENCE = 83,
220 	DIAM_ATTR_ARAP_CHALLENGE_RESPONSE = 84,
221 	DIAM_ATTR_ACCT_INTERIM_INTERVAL = 85,
222 	DIAM_ATTR_NAS_PORT_ID = 87,
223 	DIAM_ATTR_FRAMED_POOL = 88,
224 	DIAM_ATTR_TUNNEL_CLIENT_AUTH_ID = 90,
225 	DIAM_ATTR_TUNNEL_SERVER_AUTH_ID = 91,
226 	DIAM_ATTR_NAS_IPV6_ADDRESS = 95,
227 	DIAM_ATTR_FRAMED_INTERFACE_ID = 96,
228 	DIAM_ATTR_FRAMED_IPV6_PREFIX = 97,
229 	DIAM_ATTR_LOGIN_IPV6_HOST = 98,
230 	DIAM_ATTR_FRAMED_IPV6_ROUTE = 99,
231 	DIAM_ATTR_FRAMED_IPV6_POOL = 100,
232 	DIAM_ATTR_EAP_KEY_NAME = 102,
233 	DIAM_ATTR_DIGEST_RESPONSE = 103,
234 	DIAM_ATTR_DIGEST_REALM = 104,
235 	DIAM_ATTR_DIGEST_NONCE = 105,
236 	DIAM_ATTR_DIGEST_RESPONSE_AUTH=106,
237 	DIAM_ATTR_DIGEST_NEXTNONCE = 107,
238 	DIAM_ATTR_DIGEST_METHOD = 108,
239 	DIAM_ATTR_DIGEST_URI = 109,
240 	DIAM_ATTR_DIGEST_QOP = 110,
241 	DIAM_ATTR_DIGEST_ALGORITHM = 111,
242 	DIAM_ATTR_DIGEST_ENTITY_BODY_HASH=112,
243 	DIAM_ATTR_DIGEST_CNONCE = 113,
244 	DIAM_ATTR_DIGEST_NONCE_COUNT = 114,
245 	DIAM_ATTR_DIGEST_USERNAME = 115,
246 	DIAM_ATTR_DIGEST_HA1 = 121,
247 	DIAM_ATTR_SIP_AOR = 122,
248 	DIAM_ATTR_AUTH_APPLICATION_ID = 258,
249 	DIAM_ATTR_ACCT_APPLICATION_ID = 259,
250 	DIAM_ATTR_VENDOR_SPECIFIC_APPLICATION_ID = 260,
251 	DIAM_ATTR_SESSION_ID = 263,
252 	DIAM_ATTR_ORIGIN_HOST = 264,
253 	DIAM_ATTR_MULTI_ROUND_TIMEOUT = 272,
254 	DIAM_ATTR_AUTH_REQUEST_TYPE = 274,
255 	DIAM_ATTR_AUTH_GRACE_PERIOD = 276,
256 	DIAM_ATTR_AUTH_SESSION_STATE = 277,
257 	DIAM_ATTR_ORIGIN_STATE_ID = 278,
258 	DIAM_ATTR_FAILED_AVP = 279,
259 	DIAM_ATTR_ERROR_MESSAGE = 281,
260 	DIAM_ATTR_ROUTE_RECORD = 282,
261 	DIAM_ATTR_PROXY_INFO = 284,
262 	DIAM_ATTR_ACCOUNTING_SUB_SESSION_ID = 287,
263 	DIAM_ATTR_ERROR_REPORTING_HOST = 294,
264 	DIAM_ATTR_TERMINATION_CAUSE = 295,
265 	DIAM_ATTR_ORIGIN_REALM = 296,
266 	DIAM_ATTR_SIP_AUTH_DATA_ITEM = 376,
267 	DIAM_ATTR_SIP_AUTHENTICATION_SCHEME = 377,
268 	DIAM_ATTR_SIP_AUTHENTICATE = 379,
269 	DIAM_ATTR_SIP_NUMBER_AUTH_ITEMS = 382,
270 	DIAM_ATTR_NAS_FILTER_RULE = 400,
271 	DIAM_ATTR_TUNNELING = 401,
272 	DIAM_ATTR_QOS_FILTER_RULE = 407,
273 	DIAM_ATTR_ORIGIN_AAA_PROTOCOL = 408,
274 	DIAM_ATTR_EAP_PAYLOAD = 462,
275 	DIAM_ATTR_EAP_REISSUED_PAYLOAD = 463,
276 	DIAM_ATTR_EAP_MASTER_SESSION_KEY = 464,
277 	DIAM_ATTR_ACCOUNTING_EAP_AUTH_METHOD = 465,
278 	DIAM_ATTR_ACCOUNTING_RECORD_TYPE = 480,
279 	DIAM_ATTR_ACCOUNTING_REALTIME_REQUIRED = 483,
280 	DIAM_ATTR_ACCOUNTING_RECORD_NUMBER = 485
281 };
282 
283 const char * rgw_msg_attrtype_str(unsigned char c);
284 const char * rgw_msg_code_str(unsigned char c);
285 
286 #endif /* _RGW_COMMON_H */
287 
288