xref: /freebsd/contrib/wpa/src/radius/radius_client.h (revision aa0a1e58) 
1 /*
2  * RADIUS client
3  * Copyright (c) 2002-2009, Jouni Malinen <j@w1.fi>
4  *
5  * This program is free software; you can redistribute it and/or modify
6  * it under the terms of the GNU General Public License version 2 as
7  * published by the Free Software Foundation.
8  *
9  * Alternatively, this software may be distributed under the terms of BSD
10  * license.
11  *
12  * See README and COPYING for more details.
13  */
14 
15 #ifndef RADIUS_CLIENT_H
16 #define RADIUS_CLIENT_H
17 
18 #include "ip_addr.h"
19 
20 struct radius_msg;
21 
22 /**
23  * struct hostapd_radius_server - RADIUS server information for RADIUS client
24  *
25  * This structure contains information about a RADIUS server. The values are
26  * mainly for MIB information. The MIB variable prefix (radiusAuth or
27  * radiusAcc) depends on whether this is an authentication or accounting
28  * server.
29  *
30  * radiusAuthClientPendingRequests (or radiusAccClientPendingRequests) is the
31  * number struct radius_client_data::msgs for matching msg_type.
32  */
33 struct hostapd_radius_server {
34 	/**
35 	 * addr - radiusAuthServerAddress or radiusAccServerAddress
36 	 */
37 	struct hostapd_ip_addr addr;
38 
39 	/**
40 	 * port - radiusAuthClientServerPortNumber or radiusAccClientServerPortNumber
41 	 */
42 	int port;
43 
44 	/**
45 	 * shared_secret - Shared secret for authenticating RADIUS messages
46 	 */
47 	u8 *shared_secret;
48 
49 	/**
50 	 * shared_secret_len - Length of shared_secret in octets
51 	 */
52 	size_t shared_secret_len;
53 
54 	/* Dynamic (not from configuration file) MIB data */
55 
56 	/**
57 	 * index - radiusAuthServerIndex or radiusAccServerIndex
58 	 */
59 	int index;
60 
61 	/**
62 	 * round_trip_time - radiusAuthClientRoundTripTime or radiusAccClientRoundTripTime
63 	 * Round-trip time in hundredths of a second.
64 	 */
65 	int round_trip_time;
66 
67 	/**
68 	 * requests - radiusAuthClientAccessRequests or radiusAccClientRequests
69 	 */
70 	u32 requests;
71 
72 	/**
73 	 * retransmissions - radiusAuthClientAccessRetransmissions or radiusAccClientRetransmissions
74 	 */
75 	u32 retransmissions;
76 
77 	/**
78 	 * access_accepts - radiusAuthClientAccessAccepts
79 	 */
80 	u32 access_accepts;
81 
82 	/**
83 	 * access_rejects - radiusAuthClientAccessRejects
84 	 */
85 	u32 access_rejects;
86 
87 	/**
88 	 * access_challenges - radiusAuthClientAccessChallenges
89 	 */
90 	u32 access_challenges;
91 
92 	/**
93 	 * responses - radiusAccClientResponses
94 	 */
95 	u32 responses;
96 
97 	/**
98 	 * malformed_responses - radiusAuthClientMalformedAccessResponses or radiusAccClientMalformedResponses
99 	 */
100 	u32 malformed_responses;
101 
102 	/**
103 	 * bad_authenticators - radiusAuthClientBadAuthenticators or radiusAccClientBadAuthenticators
104 	 */
105 	u32 bad_authenticators;
106 
107 	/**
108 	 * timeouts - radiusAuthClientTimeouts or radiusAccClientTimeouts
109 	 */
110 	u32 timeouts;
111 
112 	/**
113 	 * unknown_types - radiusAuthClientUnknownTypes or radiusAccClientUnknownTypes
114 	 */
115 	u32 unknown_types;
116 
117 	/**
118 	 * packets_dropped - radiusAuthClientPacketsDropped or radiusAccClientPacketsDropped
119 	 */
120 	u32 packets_dropped;
121 };
122 
123 /**
124  * struct hostapd_radius_servers - RADIUS servers for RADIUS client
125  */
126 struct hostapd_radius_servers {
127 	/**
128 	 * auth_servers - RADIUS Authentication servers in priority order
129 	 */
130 	struct hostapd_radius_server *auth_servers;
131 
132 	/**
133 	 * num_auth_servers - Number of auth_servers entries
134 	 */
135 	int num_auth_servers;
136 
137 	/**
138 	 * auth_server - The current Authentication server
139 	 */
140 	struct hostapd_radius_server *auth_server;
141 
142 	/**
143 	 * acct_servers - RADIUS Accounting servers in priority order
144 	 */
145 	struct hostapd_radius_server *acct_servers;
146 
147 	/**
148 	 * num_acct_servers - Number of acct_servers entries
149 	 */
150 	int num_acct_servers;
151 
152 	/**
153 	 * acct_server - The current Accounting server
154 	 */
155 	struct hostapd_radius_server *acct_server;
156 
157 	/**
158 	 * retry_primary_interval - Retry interval for trying primary server
159 	 *
160 	 * This specifies a retry interval in sexconds for trying to return to
161 	 * the primary RADIUS server. RADIUS client code will automatically try
162 	 * to use the next server when the current server is not replying to
163 	 * requests. If this interval is set (non-zero), the primary server
164 	 * will be retried after the specified number of seconds has passed
165 	 * even if the current used secondary server is still working.
166 	 */
167 	int retry_primary_interval;
168 
169 	/**
170 	 * msg_dumps - Whether RADIUS message details are shown in stdout
171 	 */
172 	int msg_dumps;
173 
174 	/**
175 	 * client_addr - Client (local) address to use if force_client_addr
176 	 */
177 	struct hostapd_ip_addr client_addr;
178 
179 	/**
180 	 * force_client_addr - Whether to force client (local) address
181 	 */
182 	int force_client_addr;
183 };
184 
185 
186 /**
187  * RadiusType - RADIUS server type for RADIUS client
188  */
189 typedef enum {
190 	/**
191 	 * RADIUS authentication
192 	 */
193 	RADIUS_AUTH,
194 
195 	/**
196 	 * RADIUS_ACCT - RADIUS accounting
197 	 */
198 	RADIUS_ACCT,
199 
200 	/**
201 	 * RADIUS_ACCT_INTERIM - RADIUS interim accounting message
202 	 *
203 	 * Used only with radius_client_send(). This behaves just like
204 	 * RADIUS_ACCT, but removes any pending interim RADIUS Accounting
205 	 * messages for the same STA before sending the new interim update.
206 	 */
207 	RADIUS_ACCT_INTERIM
208 } RadiusType;
209 
210 /**
211  * RadiusRxResult - RADIUS client RX handler result
212  */
213 typedef enum {
214 	/**
215 	 * RADIUS_RX_PROCESSED - Message processed
216 	 *
217 	 * This stops handler calls and frees the message.
218 	 */
219 	RADIUS_RX_PROCESSED,
220 
221 	/**
222 	 * RADIUS_RX_QUEUED - Message has been queued
223 	 *
224 	 * This stops handler calls, but does not free the message; the handler
225 	 * that returned this is responsible for eventually freeing the
226 	 * message.
227 	 */
228 	RADIUS_RX_QUEUED,
229 
230 	/**
231 	 * RADIUS_RX_UNKNOWN - Message is not for this handler
232 	 */
233 	RADIUS_RX_UNKNOWN,
234 
235 	/**
236 	 * RADIUS_RX_INVALID_AUTHENTICATOR - Message has invalid Authenticator
237 	 */
238 	RADIUS_RX_INVALID_AUTHENTICATOR
239 } RadiusRxResult;
240 
241 struct radius_client_data;
242 
243 int radius_client_register(struct radius_client_data *radius,
244 			   RadiusType msg_type,
245 			   RadiusRxResult (*handler)
246 			   (struct radius_msg *msg, struct radius_msg *req,
247 			    const u8 *shared_secret, size_t shared_secret_len,
248 			    void *data),
249 			   void *data);
250 int radius_client_send(struct radius_client_data *radius,
251 		       struct radius_msg *msg,
252 		       RadiusType msg_type, const u8 *addr);
253 u8 radius_client_get_id(struct radius_client_data *radius);
254 void radius_client_flush(struct radius_client_data *radius, int only_auth);
255 struct radius_client_data *
256 radius_client_init(void *ctx, struct hostapd_radius_servers *conf);
257 void radius_client_deinit(struct radius_client_data *radius);
258 void radius_client_flush_auth(struct radius_client_data *radius,
259 			      const u8 *addr);
260 int radius_client_get_mib(struct radius_client_data *radius, char *buf,
261 			  size_t buflen);
262 
263 #endif /* RADIUS_CLIENT_H */
264