1 /* $OpenBSD: radius.h,v 1.7 2024/06/29 11:50:31 yasuoka Exp $ */ 2 3 /*- 4 * Copyright (c) 2009 Internet Initiative Japan Inc. 5 * All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 17 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 18 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 19 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 20 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 21 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 22 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 23 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 24 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 25 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 26 * SUCH DAMAGE. 27 */ 28 29 #ifndef _RADIUS_H 30 #define _RADIUS_H 31 32 #define RADIUS_DEFAULT_PORT 1812 33 #define RADIUS_ACCT_DEFAULT_PORT 1813 34 #define RADIUS_DAE_DEFAULT_PORT 3799 35 36 /* RADIUS codes */ 37 #define RADIUS_CODE_ACCESS_REQUEST 1 38 #define RADIUS_CODE_ACCESS_ACCEPT 2 39 #define RADIUS_CODE_ACCESS_REJECT 3 40 #define RADIUS_CODE_ACCOUNTING_REQUEST 4 41 #define RADIUS_CODE_ACCOUNTING_RESPONSE 5 42 #define RADIUS_CODE_ACCESS_CHALLENGE 11 43 #define RADIUS_CODE_STATUS_SERVER 12 44 #define RADIUS_CODE_STATUS_CLIENT 13 45 46 #define RADIUS_CODE_DISCONNECT_REQUEST 40 47 #define RADIUS_CODE_DISCONNECT_ACK 41 48 #define RADIUS_CODE_DISCONNECT_NAK 42 49 #define RADIUS_CODE_COA_REQUEST 43 50 #define RADIUS_CODE_COA_ACK 44 51 #define RADIUS_CODE_COA_NAK 45 52 53 /* RADIUS attributes */ 54 #define RADIUS_TYPE_USER_NAME 1 55 #define RADIUS_TYPE_USER_PASSWORD 2 56 #define RADIUS_TYPE_CHAP_PASSWORD 3 57 #define RADIUS_TYPE_NAS_IP_ADDRESS 4 58 #define RADIUS_TYPE_NAS_PORT 5 59 #define RADIUS_TYPE_SERVICE_TYPE 6 60 #define RADIUS_TYPE_FRAMED_PROTOCOL 7 61 #define RADIUS_TYPE_FRAMED_IP_ADDRESS 8 62 #define RADIUS_TYPE_FRAMED_IP_NETMASK 9 63 #define RADIUS_TYPE_FRAMED_ROUTING 10 64 #define RADIUS_TYPE_FILTER_ID 11 65 #define RADIUS_TYPE_FRAMED_MTU 12 66 #define RADIUS_TYPE_FRAMED_COMPRESSION 13 67 #define RADIUS_TYPE_LOGIN_IP_HOST 14 68 #define RADIUS_TYPE_LOGIN_SERVICE 15 69 #define RADIUS_TYPE_LOGIN_TCP_PORT 16 70 /* unassigned 17 */ 71 #define RADIUS_TYPE_REPLY_MESSAGE 18 72 #define RADIUS_TYPE_CALLBACK_NUMBER 19 73 #define RADIUS_TYPE_CALLBACK_ID 20 74 /* unassigned 21 */ 75 #define RADIUS_TYPE_FRAMED_ROUTE 22 76 #define RADIUS_TYPE_FRAMED_IPX_NETWORK 23 77 #define RADIUS_TYPE_STATE 24 78 #define RADIUS_TYPE_CLASS 25 79 #define RADIUS_TYPE_VENDOR_SPECIFIC 26 80 #define RADIUS_TYPE_SESSION_TIMEOUT 27 81 #define RADIUS_TYPE_IDLE_TIMEOUT 28 82 #define RADIUS_TYPE_TERMINATION_ACTION 29 83 #define RADIUS_TYPE_CALLED_STATION_ID 30 84 #define RADIUS_TYPE_CALLING_STATION_ID 31 85 #define RADIUS_TYPE_NAS_IDENTIFIER 32 86 #define RADIUS_TYPE_PROXY_STATE 33 87 #define RADIUS_TYPE_LOGIN_LAT_SERVICE 34 88 #define RADIUS_TYPE_LOGIN_LAT_NODE 35 89 #define RADIUS_TYPE_LOGIN_LAT_GROUP 36 90 #define RADIUS_TYPE_FRAMED_APPLETALK_LINK 37 91 #define RADIUS_TYPE_FRAMED_APPLETALK_NETWORK 38 92 #define RADIUS_TYPE_FRAMED_APPLETALK_ZONE 39 93 #define RADIUS_TYPE_ACCT_STATUS_TYPE 40 94 #define RADIUS_TYPE_ACCT_DELAY_TIME 41 95 #define RADIUS_TYPE_ACCT_INPUT_OCTETS 42 96 #define RADIUS_TYPE_ACCT_OUTPUT_OCTETS 43 97 #define RADIUS_TYPE_ACCT_SESSION_ID 44 98 #define RADIUS_TYPE_ACCT_AUTHENTIC 45 99 #define RADIUS_TYPE_ACCT_SESSION_TIME 46 100 #define RADIUS_TYPE_ACCT_INPUT_PACKETS 47 101 #define RADIUS_TYPE_ACCT_OUTPUT_PACKETS 48 102 #define RADIUS_TYPE_ACCT_TERMINATE_CAUSE 49 103 #define RADIUS_TYPE_ACCT_MULTI_SESSION_ID 50 104 #define RADIUS_TYPE_ACCT_LINK_COUNT 51 105 #define RADIUS_TYPE_ACCT_INPUT_GIGAWORDS 52 106 #define RADIUS_TYPE_ACCT_OUTPUT_GIGAWORDS 53 107 /* unassigned (for accounting) 54 */ 108 #define RADIUS_TYPE_EVENT_TIMESTAMP 55 109 /* unassigned (for accounting) 56 */ 110 /* unassigned (for accounting) 57 */ 111 /* unassigned (for accounting) 58 */ 112 /* unassigned (for accounting) 59 */ 113 #define RADIUS_TYPE_CHAP_CHALLENGE 60 114 #define RADIUS_TYPE_NAS_PORT_TYPE 61 115 #define RADIUS_TYPE_PORT_LIMIT 62 116 #define RADIUS_TYPE_LOGIN_LAT_PORT 63 117 #define RADIUS_TYPE_TUNNEL_TYPE 64 118 #define RADIUS_TYPE_TUNNEL_MEDIUM_TYPE 65 119 #define RADIUS_TYPE_TUNNEL_CLIENT_ENDPOINT 66 120 #define RADIUS_TYPE_TUNNEL_SERVER_ENDPOINT 67 121 #define RADIUS_TYPE_ACCT_TUNNEL_CONNECTION 68 122 #define RADIUS_TYPE_TUNNEL_PASSWORD 69 123 #define RADIUS_TYPE_ARAP_PASSWORD 70 124 #define RADIUS_TYPE_ARAP_FEATURES 71 125 #define RADIUS_TYPE_ARAP_ZONE_ACCESS 72 126 #define RADIUS_TYPE_ARAP_SECURITY 73 127 #define RADIUS_TYPE_ARAP_SECURITY_DATA 74 128 #define RADIUS_TYPE_PASSWORD_RETRY 75 129 #define RADIUS_TYPE_PROMPT 76 130 #define RADIUS_TYPE_CONNECT_INFO 77 131 #define RADIUS_TYPE_CONFIGURATION_TOKEN 78 132 #define RADIUS_TYPE_EAP_MESSAGE 79 133 #define RADIUS_TYPE_MESSAGE_AUTHENTICATOR 80 134 #define RADIUS_TYPE_TUNNEL_PRIVATE_GROUP_ID 81 135 #define RADIUS_TYPE_TUNNEL_ASSIGNMENT_ID 82 136 #define RADIUS_TYPE_TUNNEL_PREFERENCE 83 137 #define RADIUS_TYPE_ARAP_CHALLENGE_RESPONSE 84 138 #define RADIUS_TYPE_ACCT_INTERIM_INTERVAL 85 139 #define RADIUS_TYPE_ACCT_TUNNEL_PACKETS_LOST 86 140 #define RADIUS_TYPE_NAS_PORT_ID 87 141 #define RADIUS_TYPE_FRAMED_POOL 88 142 /* unassigned 89 */ 143 #define RADIUS_TYPE_TUNNEL_CLIENT_AUTH_ID 90 144 #define RADIUS_TYPE_TUNNEL_SERVER_AUTH_ID 91 145 /* unassigned 92-94 */ 146 #define RADIUS_TYPE_NAS_IPV6_ADDRESS 95 147 #define RADIUS_TYPE_FRAMED_INTERFACE_ID 96 148 #define RADIUS_TYPE_FRAMED_IPV6_PREFIX 97 149 #define RADIUS_TYPE_LOGIN_IPV6_HOST 98 150 #define RADIUS_TYPE_FRAMED_IPV6_ROUTE 99 151 #define RADIUS_TYPE_FRAMED_IPV6_POOL 100 152 153 /* RFC 5176 3.5. Error-Cause */ 154 #define RADIUS_TYPE_ERROR_CAUSE 101 155 156 /* RFC 6911 3. Attributes */ 157 #define RADIUS_TYPE_FRAMED_IPV6_ADDRESS 168 158 #define RADIUS_TYPE_DNS_SERVER_IPV6_ADDRESS 169 159 #define RADIUS_TYPE_ROUTE_IPV6_INFORMATION 170 160 #define RADIUS_TYPE_DELEGATED_IPV6_PREFIX_POOL 171 161 #define RADIUS_TYPE_STATEFUL_IPV6_ADDRESS_POOL 172 162 163 164 /* RFC 2865 5.7. Framed-Protocol */ 165 #define RADIUS_FRAMED_PROTOCOL_PPP 1 /* PPP */ 166 #define RADIUS_FRAMED_PROTOCOL_SLIP 2 /* SLIP */ 167 #define RADIUS_FRAMED_PROTOCOL_ARAP 3 /* AppleTalk Remote Access 168 * Protocol (ARAP) */ 169 #define RADIUS_FRAMED_PROTOCOL_GANDALF 4 /* Gandalf proprietary 170 * SingleLink/MultiLink 171 * protocol */ 172 #define RADIUS_FRAMED_PROTOCOL_XYLOGICS 5 /* Xylogics proprietary 173 * IPX/SLIP */ 174 #define RADIUS_FRAMED_PROTOCOL_X75 6 /* X.75 Synchronous */ 175 176 177 /* RFC 2865 5.6. Service-Type */ 178 #define RADIUS_SERVICE_TYPE_LOGIN 1 179 #define RADIUS_SERVICE_TYPE_FRAMED 2 180 #define RADIUS_SERVICE_TYPE_CB_LOGIN 3 181 #define RADIUS_SERVICE_TYPE_CB_FRAMED 4 182 #define RADIUS_SERVICE_TYPE_OUTBOUND 5 183 #define RADIUS_SERVICE_TYPE_ADMINISTRATIVE 6 184 #define RADIUS_SERVICE_TYPE_NAS_PROMPT 7 185 #define RADIUS_SERVICE_TYPE_AUTHENTICAT_ONLY 8 186 #define RADIUS_SERVICE_TYPE_CB_NAS_PROMPT 9 187 #define RADIUS_SERVICE_TYPE_CALL_CHECK 10 188 #define RADIUS_SERVICE_TYPE_CB_ADMINISTRATIVE 11 189 190 191 /* Microsoft vendor specific attributes: see RFC2548*/ 192 #define RADIUS_VENDOR_MICROSOFT 311 193 #define RADIUS_VTYPE_MS_CHAP_RESPONSE 1 194 #define RADIUS_VTYPE_MS_CHAP_ERROR 2 195 #define RADIUS_VTYPE_MS_CHAP_PW_1 3 196 #define RADIUS_VTYPE_MS_CHAP_PW_2 4 197 #define RADIUS_VTYPE_MS_CHAP_LM_ENC_PW 5 198 #define RADIUS_VTYPE_MS_CHAP_NT_ENC_PW 6 199 #define RADIUS_VTYPE_MPPE_ENCRYPTION_POLICY 7 200 #define RADIUS_VTYPE_MPPE_ENCRYPTION_TYPES 8 201 #define RADIUS_VTYPE_MS_RAS_VENDOR 9 202 #define RADIUS_VTYPE_MS_CHAP_CHALLENGE 11 203 #define RADIUS_VTYPE_MS_CHAP_MPPE_KEYS 12 204 #define RADIUS_VTYPE_MS_BAP_USAGE 13 205 #define RADIUS_VTYPE_MS_LINK_UTILIZATION_THRESHOLD 14 206 #define RADIUS_VTYPE_MS_LINK_DROP_TIME_LIMIT 15 207 #define RADIUS_VTYPE_MPPE_SEND_KEY 16 208 #define RADIUS_VTYPE_MPPE_RECV_KEY 17 209 #define RADIUS_VTYPE_MS_RAS_VERSION 18 210 #define RADIUS_VTYPE_MS_OLD_ARAP_PASSWORD 19 211 #define RADIUS_VTYPE_MS_NEW_ARAP_PASSWORD 20 212 #define RADIUS_VTYPE_MS_ARAP_PASSWORD_CHANGE_REASON 21 213 #define RADIUS_VTYPE_MS_FILTER 22 214 #define RADIUS_VTYPE_MS_ACCT_AUTH_TYPE 23 215 #define RADIUS_VTYPE_MS_ACCT_EAP_TYPE 24 216 #define RADIUS_VTYPE_MS_CHAP2_RESPONSE 25 217 #define RADIUS_VTYPE_MS_CHAP2_SUCCESS 26 218 #define RADIUS_VTYPE_MS_CHAP2_PW 27 219 #define RADIUS_VTYPE_MS_PRIMARY_DNS_SERVER 28 220 #define RADIUS_VTYPE_MS_SECONDARY_DNS_SERVER 29 221 #define RADIUS_VTYPE_MS_PRIMARY_NBNS_SERVER 30 222 #define RADIUS_VTYPE_MS_SECONDARY_NBNS_SERVER 31 223 /* unassigned? 32 */ 224 #define RADIUS_VTYPE_MS_ARAP_CHALLENGE 33 225 226 227 /* RFC 2865 5.41. NAS-Port-Type */ 228 #define RADIUS_NAS_PORT_TYPE_ASYNC 0 /* Async */ 229 #define RADIUS_NAS_PORT_TYPE_SYNC 1 /* Sync */ 230 #define RADIUS_NAS_PORT_TYPE_ISDN_SYNC 2 /* ISDN Sync */ 231 #define RADIUS_NAS_PORT_TYPE_ISDN_ASYNC_V120 3 /* ISDN Async V.120 */ 232 #define RADIUS_NAS_PORT_TYPE_ISDN_ASYNC_V110 4 /* ISDN Async V.110 */ 233 #define RADIUS_NAS_PORT_TYPE_VIRTUAL 5 /* Virtual */ 234 #define RADIUS_NAS_PORT_TYPE_PIAFS 6 /* PIAFS */ 235 #define RADIUS_NAS_PORT_TYPE_HDLC_CLEAR_CHANNEL 7 /* HDLC Clear Channel */ 236 #define RADIUS_NAS_PORT_TYPE_X_25 8 /* X.25 */ 237 #define RADIUS_NAS_PORT_TYPE_X_75 9 /* X.75 */ 238 #define RADIUS_NAS_PORT_TYPE_G3_FAX 10 /* G.3 Fax */ 239 #define RADIUS_NAS_PORT_TYPE_SDSL 11 /* SDSL - Symmetric DSL */ 240 #define RADIUS_NAS_PORT_TYPE_ADSL_CAP 12 /* ADSL-CAP - Asymmetric 241 * DSL, Carrierless 242 * Amplitude Phase 243 * Modulation */ 244 #define RADIUS_NAS_PORT_TYPE_ADSL_DMT 13 /* ADSL-DMT - Asymmetric 245 * DSL, Discrete 246 * Multi-Tone */ 247 #define RADIUS_NAS_PORT_TYPE_IDSL 14 /* IDSL - ISDN Digital 248 * Subscriber Line */ 249 #define RADIUS_NAS_PORT_TYPE_ETHERNET 15 /* Ethernet */ 250 #define RADIUS_NAS_PORT_TYPE_XDSL 16 /* xDSL - Digital 251 * Subscriber Line of 252 * unknown type */ 253 #define RADIUS_NAS_PORT_TYPE_CABLE 17 /* Cable */ 254 #define RADIUS_NAS_PORT_TYPE_WIRELESS 18 /* Wireless - Other */ 255 #define RADIUS_NAS_PORT_TYPE_WIRELESS_802_11 19 /* Wireless - IEEE 256 * 802.11 */ 257 258 259 /* RFC 2866 5.1. Acct-Status-Type */ 260 #define RADIUS_ACCT_STATUS_TYPE_START 1 /* Start */ 261 #define RADIUS_ACCT_STATUS_TYPE_STOP 2 /* Stop */ 262 #define RADIUS_ACCT_STATUS_TYPE_INTERIM_UPDATE 3 /* Interim-Update */ 263 #define RADIUS_ACCT_STATUS_TYPE_ACCT_ON 7 /* Accounting-On */ 264 #define RADIUS_ACCT_STATUS_TYPE_ACCT_OFF 8 /* Accounting-Off */ 265 266 267 /* RFC 2866 5.6. Acct-Authentic */ 268 #define RADIUS_ACCT_AUTHENTIC_RADIUS 1 /* RADIUS */ 269 #define RADIUS_ACCT_AUTHENTIC_LOCAL 2 /* Local */ 270 #define RADIUS_ACCT_AUTHENTIC_REMOTE 3 /* Remote */ 271 272 273 /* RFC 2866 5.10. Acct-Terminate-Cause */ 274 #define RADIUS_TERMNATE_CAUSE_USER_REQUEST 1 /* User Request */ 275 #define RADIUS_TERMNATE_CAUSE_LOST_CARRIER 2 /* Lost Carrier */ 276 #define RADIUS_TERMNATE_CAUSE_LOST_SERVICE 3 /* Lost Service */ 277 #define RADIUS_TERMNATE_CAUSE_IDLE_TIMEOUT 4 /* Idle Timeout */ 278 #define RADIUS_TERMNATE_CAUSE_SESSION_TIMEOUT 5 /* Session Timeout */ 279 #define RADIUS_TERMNATE_CAUSE_ADMIN_RESET 6 /* Admin Reset */ 280 #define RADIUS_TERMNATE_CAUSE_ADMIN_REBOOT 7 /* Admin Reboot */ 281 #define RADIUS_TERMNATE_CAUSE_PORT_ERROR 8 /* Port Error */ 282 #define RADIUS_TERMNATE_CAUSE_NAS_ERROR 9 /* NAS Error */ 283 #define RADIUS_TERMNATE_CAUSE_NAS_RESET 10 /* NAS Request */ 284 #define RADIUS_TERMNATE_CAUSE_NAS_REBOOT 11 /* NAS Reboot */ 285 #define RADIUS_TERMNATE_CAUSE_PORT_UNNEEDED 12 /* Port Unneeded */ 286 #define RADIUS_TERMNATE_CAUSE_PORT_PREEMPTED 13 /* Port Preempted */ 287 #define RADIUS_TERMNATE_CAUSE_PORT_SUSPENDED 14 /* Port Suspended */ 288 #define RADIUS_TERMNATE_CAUSE_SERVICE_UNAVAIL 15 /* Service Unavailable */ 289 #define RADIUS_TERMNATE_CAUSE_CALLBACK 16 /* Callback */ 290 #define RADIUS_TERMNATE_CAUSE_USER_ERROR 17 /* User Error */ 291 #define RADIUS_TERMNATE_CAUSE_HOST_REQUEST 18 /* Host Request */ 292 293 294 /* RFC 2868 3.1. Tunnel-Type */ 295 #define RADIUS_TUNNEL_TYPE_PPTP 1 /* Point-to-Point Tunneling 296 * Protocol (PPTP) */ 297 #define RADIUS_TUNNEL_TYPE_L2F 2 /* Layer Two Forwarding (L2F) */ 298 #define RADIUS_TUNNEL_TYPE_L2TP 3 /* Layer Two Tunneling 299 * Protocol (L2TP) */ 300 #define RADIUS_TUNNEL_TYPE_ATMP 4 /* Ascend Tunnel Management 301 * Protocol (ATMP) */ 302 #define RADIUS_TUNNEL_TYPE_VTP 5 /* Virtual Tunneling Protocol 303 * (VTP) */ 304 #define RADIUS_TUNNEL_TYPE_AH 6 /* IP Authentication Header in 305 * the Tunnel-mode (AH) */ 306 #define RADIUS_TUNNEL_TYPE_IP 7 /* IP-in-IP Encapsulation 307 * (IP-IP) */ 308 #define RADIUS_TUNNEL_TYPE_MOBILE 8 /* Minimal IP-in-IP 309 * Encapsulation (MIN-IP-IP) */ 310 #define RADIUS_TUNNEL_TYPE_ESP 9 /* IP Encapsulating Security 311 * Payload in the Tunnel-mode 312 * (ESP) */ 313 #define RADIUS_TUNNEL_TYPE_GRE 10 /* Generic Route Encapsulation 314 * (GRE) */ 315 #define RADIUS_TUNNEL_TYPE_VDS 11 /* Bay Dial Virtual Services 316 * (DVS) */ 317 #define RADIUS_TUNNEL_TYPE_IPIP 12 /* IP-in-IP Tunneling */ 318 319 320 /* RFC 2868 3.2. Tunnel-Medium-Type */ 321 #define RADIUS_TUNNEL_MEDIUM_TYPE_IPV4 1 /* IPv4 (IP version 4) */ 322 #define RADIUS_TUNNEL_MEDIUM_TYPE_IPV6 2 /* IPv6 (IP version 6) */ 323 #define RADIUS_TUNNEL_MEDIUM_TYPE_NSAP 3 /* NSAP */ 324 #define RADIUS_TUNNEL_MEDIUM_TYPE_HDLC 4 /* HDLC (8-bit 325 * multidrop) */ 326 #define RADIUS_TUNNEL_MEDIUM_TYPE_BBN1822 5 /* BBN 1822 */ 327 #define RADIUS_TUNNEL_MEDIUM_TYPE_802 6 /* 802 (includes all 802 328 * media plus Ethernet 329 * "canonical format")*/ 330 #define RADIUS_TUNNEL_MEDIUM_TYPE_E163 7 /* E.163 (POTS) */ 331 #define RADIUS_TUNNEL_MEDIUM_TYPE_E164 8 /* E.164 (SMDS, Frame 332 * Relay, ATM) */ 333 /* RFC 5167 3.5. Error-Cause */ 334 /* Residual Session Context Removed */ 335 #define RADIUS_ERROR_CAUSE_RESIDUAL_SESSION_REMOVED 201 336 /* Invalid EAP Packet (Ignored) */ 337 #define RADIUS_ERROR_CAUSE_INVALID_EAP_PACKET 202 338 /* Unsupported Attribute */ 339 #define RADIUS_ERROR_CAUSE_UNSUPPORTED_ATTRIBUTE 401 340 /* Missing Attribute */ 341 #define RADIUS_ERROR_CAUSE_MISSING_ATTRIBUTE 402 342 /* NAS Identification Mismatch */ 343 #define RADIUS_ERROR_CAUSE_NAS_IDENTIFICATION_MISMATCH 403 344 /* Invalid Request */ 345 #define RADIUS_ERROR_CAUSE_INVALID_REQUEST 404 346 /* Unsupported Service */ 347 #define RADIUS_ERROR_CAUSE_UNSUPPORTED_SERVICE 405 348 /* Unsupported Extension */ 349 #define RADIUS_ERROR_CAUSE_UNSUPPORTED_EXTENSION 406 350 /* Invalid Attribute Valu */ 351 #define RADIUS_ERROR_CAUSE_INVALID_ATTRIBUTE_VALUE 407 352 /* Administratively Prohibited */ 353 #define RADIUS_ERROR_CAUSE_ADMINISTRATIVELY_PROHIBITED 501 354 /* Request Not Routable (Proxy) */ 355 #define RADIUS_ERROR_CAUSE_REQUEST_NOT_ROUTABLE 502 356 /* Session Context Not Found */ 357 #define RADIUS_ERROR_CAUSE_SESSION_NOT_FOUND 503 358 /* Session Context Not Removable */ 359 #define RADIUS_ERROR_CAUSE_SESSION_NOT_REMOVABLE 504 360 /* Other Proxy Processing Error */ 361 #define RADIUS_ERROR_CAUSE_OTHER_PROXY_PROCESSING_ERROR 505 362 /* Resources Unavailable */ 363 #define RADIUS_ERROR_CAUSE_RESOURCES_UNAVAILABLE 506 364 /* Request Initiated */ 365 #define RADIUS_ERROR_CAUSE_REQUEST_INITIATED 507 366 /* Multiple Session Selection Unsupported */ 367 #define RADIUS_ERROR_CAUSE_MULTI_SELECTION_UNSUPPORTED 508 368 369 #include <sys/socket.h> 370 #include <sys/cdefs.h> 371 372 #include <stdbool.h> 373 #include <stdint.h> 374 375 struct in_addr; 376 struct in6_addr; 377 378 __BEGIN_DECLS 379 380 /******* packet manipulation support *******/ 381 382 typedef struct _RADIUS_PACKET RADIUS_PACKET; 383 384 /* constructors */ 385 RADIUS_PACKET *radius_new_request_packet(uint8_t); 386 RADIUS_PACKET *radius_new_response_packet(uint8_t, const RADIUS_PACKET *); 387 RADIUS_PACKET *radius_convert_packet(const void *, size_t); 388 389 /* destructor */ 390 int radius_delete_packet(RADIUS_PACKET *); 391 392 /* accessors - header values */ 393 uint8_t radius_get_id(const RADIUS_PACKET *); 394 void radius_update_id(RADIUS_PACKET * packet); 395 void radius_set_id(RADIUS_PACKET *, uint8_t); 396 uint8_t radius_get_code(const RADIUS_PACKET *); 397 void radius_get_authenticator(const RADIUS_PACKET *, void *); 398 void radius_set_request_packet(RADIUS_PACKET *, 399 const RADIUS_PACKET *); 400 const RADIUS_PACKET * 401 radius_get_request_packet(const RADIUS_PACKET *); 402 int radius_check_response_authenticator(const RADIUS_PACKET *, 403 const char *); 404 int radius_check_accounting_request_authenticator( 405 const RADIUS_PACKET *, const char *); 406 uint8_t *radius_get_authenticator_retval(const RADIUS_PACKET *); 407 uint8_t *radius_get_request_authenticator_retval(const RADIUS_PACKET *); 408 void radius_set_accounting_request_authenticator(RADIUS_PACKET *, 409 const char *); 410 void radius_set_response_authenticator(RADIUS_PACKET *, 411 const char *); 412 uint16_t radius_get_length(const RADIUS_PACKET *); 413 const void *radius_get_data(const RADIUS_PACKET *); 414 415 int radius_get_raw_attr(const RADIUS_PACKET *, uint8_t, void *, 416 size_t *); 417 int radius_get_vs_raw_attr(const RADIUS_PACKET *, uint32_t, 418 uint8_t, void *, size_t *); 419 int radius_put_raw_attr(RADIUS_PACKET *, uint8_t, const void *, 420 size_t); 421 int radius_put_vs_raw_attr(RADIUS_PACKET *, uint32_t, uint8_t, 422 const void *, size_t); 423 int radius_get_raw_attr_ptr(const RADIUS_PACKET *, uint8_t, 424 const void **, size_t *); 425 int radius_get_vs_raw_attr_ptr(const RADIUS_PACKET *, uint32_t, 426 uint8_t, const void **, size_t *); 427 int radius_get_raw_attr_cat(const RADIUS_PACKET *, uint8_t, 428 void *, size_t *); 429 int radius_get_vs_raw_attr_cat(const RADIUS_PACKET *, uint32_t, 430 uint8_t, void *, size_t *); 431 int radius_put_raw_attr_cat(RADIUS_PACKET *, uint8_t, 432 const void *, size_t); 433 int radius_put_vs_raw_attr_cat(RADIUS_PACKET *, uint32_t, uint8_t, 434 const void *, size_t); 435 int radius_set_raw_attr(RADIUS_PACKET *, uint8_t, const void *, 436 size_t); 437 int radius_set_vs_raw_attr(RADIUS_PACKET *, uint32_t, uint8_t, 438 const void *, size_t); 439 440 int radius_del_attr_all(RADIUS_PACKET *, uint8_t); 441 int radius_del_vs_attr_all(RADIUS_PACKET *, uint32_t, uint8_t); 442 443 bool radius_has_attr(const RADIUS_PACKET *, uint8_t); 444 bool radius_has_vs_attr(const RADIUS_PACKET *, uint32_t, uint8_t); 445 446 /* typed attribute accessor (string) */ 447 int radius_get_string_attr(const RADIUS_PACKET *, uint8_t, char *, 448 size_t); 449 int radius_get_vs_string_attr(const RADIUS_PACKET *, uint32_t, 450 uint8_t, char *, size_t); 451 int radius_put_string_attr(RADIUS_PACKET *, uint8_t, const char *); 452 int radius_put_vs_string_attr(RADIUS_PACKET *, uint32_t, uint8_t, 453 const char *); 454 455 /* typed attribute accessor (uint16_t) */ 456 int radius_get_uint16_attr(const RADIUS_PACKET *, 457 uint8_t, uint16_t *); 458 int radius_get_vs_uint16_attr(const RADIUS_PACKET *, 459 uint32_t, uint8_t, uint16_t *); 460 int radius_put_uint16_attr(RADIUS_PACKET *, 461 uint8_t, const uint16_t); 462 int radius_put_vs_uint16_attr(RADIUS_PACKET *, 463 uint32_t, uint8_t, const uint16_t); 464 int radius_set_uint16_attr(RADIUS_PACKET *, 465 uint8_t, const uint16_t); 466 int radius_set_vs_uint16_attr(RADIUS_PACKET *, 467 uint32_t, uint8_t, const uint16_t); 468 469 /* typed attribute accessor (uint32_t) */ 470 int radius_get_uint32_attr(const RADIUS_PACKET *, 471 uint8_t, uint32_t *); 472 int radius_get_vs_uint32_attr(const RADIUS_PACKET *, 473 uint32_t, uint8_t, uint32_t *); 474 int radius_put_uint32_attr(RADIUS_PACKET *, 475 uint8_t, const uint32_t); 476 int radius_put_vs_uint32_attr(RADIUS_PACKET *, 477 uint32_t, uint8_t, const uint32_t); 478 int radius_set_uint32_attr(RADIUS_PACKET *, 479 uint8_t, const uint32_t); 480 int radius_set_vs_uint32_attr(RADIUS_PACKET *, 481 uint32_t, uint8_t, const uint32_t); 482 483 /* typed attribute accessor (uint64_t) */ 484 int radius_get_uint64_attr(const RADIUS_PACKET *, 485 uint8_t, uint64_t *); 486 int radius_get_vs_uint64_attr(const RADIUS_PACKET *, 487 uint32_t, uint8_t, uint64_t *); 488 int radius_put_uint64_attr(RADIUS_PACKET *, 489 uint8_t, const uint64_t); 490 int radius_put_vs_uint64_attr(RADIUS_PACKET *, 491 uint32_t, uint8_t, const uint64_t); 492 int radius_set_uint64_attr(RADIUS_PACKET *, 493 uint8_t, const uint64_t); 494 int radius_set_vs_uint64_attr(RADIUS_PACKET *, 495 uint32_t, uint8_t, const uint64_t); 496 497 /* typed attribute accessor (ipv4) */ 498 int radius_get_ipv4_attr(const RADIUS_PACKET *, 499 uint8_t, struct in_addr *); 500 int radius_get_vs_ipv4_attr(const RADIUS_PACKET *, 501 uint32_t, uint8_t, struct in_addr *); 502 int radius_put_ipv4_attr(RADIUS_PACKET *, 503 uint8_t, const struct in_addr); 504 int radius_put_vs_ipv4_attr(RADIUS_PACKET *, 505 uint32_t, uint8_t, const struct in_addr); 506 int radius_set_ipv4_attr(RADIUS_PACKET *, 507 uint8_t, const struct in_addr); 508 int radius_set_vs_ipv4_attr(RADIUS_PACKET *, 509 uint32_t, uint8_t, const struct in_addr); 510 511 /* typed attribute accessor (ipv6) */ 512 int radius_get_ipv6_attr(const RADIUS_PACKET *, 513 uint8_t, struct in6_addr *); 514 int radius_get_vs_ipv6_attr(const RADIUS_PACKET *, 515 uint32_t, uint8_t, struct in6_addr *); 516 int radius_put_ipv6_attr(RADIUS_PACKET *, 517 uint8_t, const struct in6_addr *); 518 int radius_put_vs_ipv6_attr(RADIUS_PACKET *, 519 uint32_t, uint8_t, const struct in6_addr *); 520 int radius_set_ipv6_attr(RADIUS_PACKET *, 521 uint8_t, const struct in6_addr *); 522 int radius_set_vs_ipv6_attr(RADIUS_PACKET *, 523 uint32_t, uint8_t, const struct in6_addr *); 524 525 /* message authenticator */ 526 int radius_put_message_authenticator(RADIUS_PACKET *, 527 const char *); 528 int radius_set_message_authenticator(RADIUS_PACKET *, 529 const char *); 530 int radius_check_message_authenticator(RADIUS_PACKET *, 531 const char *); 532 533 /* encryption */ 534 int radius_encrypt_user_password_attr(void *, size_t *, 535 const char *, const void *, const char *); 536 int radius_decrypt_user_password_attr(char *, size_t, 537 const void *, size_t, const void *, const char *); 538 int radius_encrypt_mppe_key_attr(void *, size_t *, 539 const void *, size_t, const void *, const char *); 540 int radius_decrypt_mppe_key_attr(void *, size_t *, const void *, 541 size_t, const void *, const char *); 542 543 /* encrypted attribute */ 544 int radius_get_user_password_attr(const RADIUS_PACKET *, 545 char *, size_t, const char *); 546 int radius_put_user_password_attr(RADIUS_PACKET *, 547 const char *, const char *); 548 int radius_get_mppe_send_key_attr(const RADIUS_PACKET *, void *, 549 size_t *, const char *); 550 int radius_put_mppe_send_key_attr(RADIUS_PACKET *, 551 const void *, size_t, const char *); 552 int radius_get_mppe_recv_key_attr(const RADIUS_PACKET *, 553 void *, size_t *, const char *); 554 int radius_put_mppe_recv_key_attr(RADIUS_PACKET *, const void *, 555 size_t, const char *); 556 557 int radius_get_eap_msk(const RADIUS_PACKET *, void *, size_t *, 558 const char *); 559 560 /* helpers */ 561 RADIUS_PACKET *radius_recvfrom(int, int, struct sockaddr *, socklen_t *); 562 int radius_sendto(int, const RADIUS_PACKET *, int flags, 563 const struct sockaddr *, socklen_t); 564 RADIUS_PACKET *radius_recv(int, int); 565 int radius_send(int, const RADIUS_PACKET *, int); 566 RADIUS_PACKET *radius_recvmsg(int, struct msghdr *, int); 567 int radius_sendmsg(int, const RADIUS_PACKET *, 568 const struct msghdr *, int); 569 570 __END_DECLS 571 572 #endif 573