1e5b75505Sopenharmony_ci/* 2e5b75505Sopenharmony_ci * RADIUS client 3e5b75505Sopenharmony_ci * Copyright (c) 2002-2009, Jouni Malinen <j@w1.fi> 4e5b75505Sopenharmony_ci * 5e5b75505Sopenharmony_ci * This software may be distributed under the terms of the BSD license. 6e5b75505Sopenharmony_ci * See README for more details. 7e5b75505Sopenharmony_ci */ 8e5b75505Sopenharmony_ci 9e5b75505Sopenharmony_ci#ifndef RADIUS_CLIENT_H 10e5b75505Sopenharmony_ci#define RADIUS_CLIENT_H 11e5b75505Sopenharmony_ci 12e5b75505Sopenharmony_ci#include "ip_addr.h" 13e5b75505Sopenharmony_ci 14e5b75505Sopenharmony_cistruct radius_msg; 15e5b75505Sopenharmony_ci 16e5b75505Sopenharmony_ci/** 17e5b75505Sopenharmony_ci * struct hostapd_radius_server - RADIUS server information for RADIUS client 18e5b75505Sopenharmony_ci * 19e5b75505Sopenharmony_ci * This structure contains information about a RADIUS server. The values are 20e5b75505Sopenharmony_ci * mainly for MIB information. The MIB variable prefix (radiusAuth or 21e5b75505Sopenharmony_ci * radiusAcc) depends on whether this is an authentication or accounting 22e5b75505Sopenharmony_ci * server. 23e5b75505Sopenharmony_ci * 24e5b75505Sopenharmony_ci * radiusAuthClientPendingRequests (or radiusAccClientPendingRequests) is the 25e5b75505Sopenharmony_ci * number struct radius_client_data::msgs for matching msg_type. 26e5b75505Sopenharmony_ci */ 27e5b75505Sopenharmony_cistruct hostapd_radius_server { 28e5b75505Sopenharmony_ci /** 29e5b75505Sopenharmony_ci * addr - radiusAuthServerAddress or radiusAccServerAddress 30e5b75505Sopenharmony_ci */ 31e5b75505Sopenharmony_ci struct hostapd_ip_addr addr; 32e5b75505Sopenharmony_ci 33e5b75505Sopenharmony_ci /** 34e5b75505Sopenharmony_ci * port - radiusAuthClientServerPortNumber or radiusAccClientServerPortNumber 35e5b75505Sopenharmony_ci */ 36e5b75505Sopenharmony_ci int port; 37e5b75505Sopenharmony_ci 38e5b75505Sopenharmony_ci /** 39e5b75505Sopenharmony_ci * shared_secret - Shared secret for authenticating RADIUS messages 40e5b75505Sopenharmony_ci */ 41e5b75505Sopenharmony_ci u8 *shared_secret; 42e5b75505Sopenharmony_ci 43e5b75505Sopenharmony_ci /** 44e5b75505Sopenharmony_ci * shared_secret_len - Length of shared_secret in octets 45e5b75505Sopenharmony_ci */ 46e5b75505Sopenharmony_ci size_t shared_secret_len; 47e5b75505Sopenharmony_ci 48e5b75505Sopenharmony_ci /* Dynamic (not from configuration file) MIB data */ 49e5b75505Sopenharmony_ci 50e5b75505Sopenharmony_ci /** 51e5b75505Sopenharmony_ci * index - radiusAuthServerIndex or radiusAccServerIndex 52e5b75505Sopenharmony_ci */ 53e5b75505Sopenharmony_ci int index; 54e5b75505Sopenharmony_ci 55e5b75505Sopenharmony_ci /** 56e5b75505Sopenharmony_ci * round_trip_time - radiusAuthClientRoundTripTime or radiusAccClientRoundTripTime 57e5b75505Sopenharmony_ci * Round-trip time in hundredths of a second. 58e5b75505Sopenharmony_ci */ 59e5b75505Sopenharmony_ci int round_trip_time; 60e5b75505Sopenharmony_ci 61e5b75505Sopenharmony_ci /** 62e5b75505Sopenharmony_ci * requests - radiusAuthClientAccessRequests or radiusAccClientRequests 63e5b75505Sopenharmony_ci */ 64e5b75505Sopenharmony_ci u32 requests; 65e5b75505Sopenharmony_ci 66e5b75505Sopenharmony_ci /** 67e5b75505Sopenharmony_ci * retransmissions - radiusAuthClientAccessRetransmissions or radiusAccClientRetransmissions 68e5b75505Sopenharmony_ci */ 69e5b75505Sopenharmony_ci u32 retransmissions; 70e5b75505Sopenharmony_ci 71e5b75505Sopenharmony_ci /** 72e5b75505Sopenharmony_ci * access_accepts - radiusAuthClientAccessAccepts 73e5b75505Sopenharmony_ci */ 74e5b75505Sopenharmony_ci u32 access_accepts; 75e5b75505Sopenharmony_ci 76e5b75505Sopenharmony_ci /** 77e5b75505Sopenharmony_ci * access_rejects - radiusAuthClientAccessRejects 78e5b75505Sopenharmony_ci */ 79e5b75505Sopenharmony_ci u32 access_rejects; 80e5b75505Sopenharmony_ci 81e5b75505Sopenharmony_ci /** 82e5b75505Sopenharmony_ci * access_challenges - radiusAuthClientAccessChallenges 83e5b75505Sopenharmony_ci */ 84e5b75505Sopenharmony_ci u32 access_challenges; 85e5b75505Sopenharmony_ci 86e5b75505Sopenharmony_ci /** 87e5b75505Sopenharmony_ci * responses - radiusAccClientResponses 88e5b75505Sopenharmony_ci */ 89e5b75505Sopenharmony_ci u32 responses; 90e5b75505Sopenharmony_ci 91e5b75505Sopenharmony_ci /** 92e5b75505Sopenharmony_ci * malformed_responses - radiusAuthClientMalformedAccessResponses or radiusAccClientMalformedResponses 93e5b75505Sopenharmony_ci */ 94e5b75505Sopenharmony_ci u32 malformed_responses; 95e5b75505Sopenharmony_ci 96e5b75505Sopenharmony_ci /** 97e5b75505Sopenharmony_ci * bad_authenticators - radiusAuthClientBadAuthenticators or radiusAccClientBadAuthenticators 98e5b75505Sopenharmony_ci */ 99e5b75505Sopenharmony_ci u32 bad_authenticators; 100e5b75505Sopenharmony_ci 101e5b75505Sopenharmony_ci /** 102e5b75505Sopenharmony_ci * timeouts - radiusAuthClientTimeouts or radiusAccClientTimeouts 103e5b75505Sopenharmony_ci */ 104e5b75505Sopenharmony_ci u32 timeouts; 105e5b75505Sopenharmony_ci 106e5b75505Sopenharmony_ci /** 107e5b75505Sopenharmony_ci * unknown_types - radiusAuthClientUnknownTypes or radiusAccClientUnknownTypes 108e5b75505Sopenharmony_ci */ 109e5b75505Sopenharmony_ci u32 unknown_types; 110e5b75505Sopenharmony_ci 111e5b75505Sopenharmony_ci /** 112e5b75505Sopenharmony_ci * packets_dropped - radiusAuthClientPacketsDropped or radiusAccClientPacketsDropped 113e5b75505Sopenharmony_ci */ 114e5b75505Sopenharmony_ci u32 packets_dropped; 115e5b75505Sopenharmony_ci}; 116e5b75505Sopenharmony_ci 117e5b75505Sopenharmony_ci/** 118e5b75505Sopenharmony_ci * struct hostapd_radius_servers - RADIUS servers for RADIUS client 119e5b75505Sopenharmony_ci */ 120e5b75505Sopenharmony_cistruct hostapd_radius_servers { 121e5b75505Sopenharmony_ci /** 122e5b75505Sopenharmony_ci * auth_servers - RADIUS Authentication servers in priority order 123e5b75505Sopenharmony_ci */ 124e5b75505Sopenharmony_ci struct hostapd_radius_server *auth_servers; 125e5b75505Sopenharmony_ci 126e5b75505Sopenharmony_ci /** 127e5b75505Sopenharmony_ci * num_auth_servers - Number of auth_servers entries 128e5b75505Sopenharmony_ci */ 129e5b75505Sopenharmony_ci int num_auth_servers; 130e5b75505Sopenharmony_ci 131e5b75505Sopenharmony_ci /** 132e5b75505Sopenharmony_ci * auth_server - The current Authentication server 133e5b75505Sopenharmony_ci */ 134e5b75505Sopenharmony_ci struct hostapd_radius_server *auth_server; 135e5b75505Sopenharmony_ci 136e5b75505Sopenharmony_ci /** 137e5b75505Sopenharmony_ci * acct_servers - RADIUS Accounting servers in priority order 138e5b75505Sopenharmony_ci */ 139e5b75505Sopenharmony_ci struct hostapd_radius_server *acct_servers; 140e5b75505Sopenharmony_ci 141e5b75505Sopenharmony_ci /** 142e5b75505Sopenharmony_ci * num_acct_servers - Number of acct_servers entries 143e5b75505Sopenharmony_ci */ 144e5b75505Sopenharmony_ci int num_acct_servers; 145e5b75505Sopenharmony_ci 146e5b75505Sopenharmony_ci /** 147e5b75505Sopenharmony_ci * acct_server - The current Accounting server 148e5b75505Sopenharmony_ci */ 149e5b75505Sopenharmony_ci struct hostapd_radius_server *acct_server; 150e5b75505Sopenharmony_ci 151e5b75505Sopenharmony_ci /** 152e5b75505Sopenharmony_ci * retry_primary_interval - Retry interval for trying primary server 153e5b75505Sopenharmony_ci * 154e5b75505Sopenharmony_ci * This specifies a retry interval in sexconds for trying to return to 155e5b75505Sopenharmony_ci * the primary RADIUS server. RADIUS client code will automatically try 156e5b75505Sopenharmony_ci * to use the next server when the current server is not replying to 157e5b75505Sopenharmony_ci * requests. If this interval is set (non-zero), the primary server 158e5b75505Sopenharmony_ci * will be retried after the specified number of seconds has passed 159e5b75505Sopenharmony_ci * even if the current used secondary server is still working. 160e5b75505Sopenharmony_ci */ 161e5b75505Sopenharmony_ci int retry_primary_interval; 162e5b75505Sopenharmony_ci 163e5b75505Sopenharmony_ci /** 164e5b75505Sopenharmony_ci * msg_dumps - Whether RADIUS message details are shown in stdout 165e5b75505Sopenharmony_ci */ 166e5b75505Sopenharmony_ci int msg_dumps; 167e5b75505Sopenharmony_ci 168e5b75505Sopenharmony_ci /** 169e5b75505Sopenharmony_ci * client_addr - Client (local) address to use if force_client_addr 170e5b75505Sopenharmony_ci */ 171e5b75505Sopenharmony_ci struct hostapd_ip_addr client_addr; 172e5b75505Sopenharmony_ci 173e5b75505Sopenharmony_ci /** 174e5b75505Sopenharmony_ci * force_client_addr - Whether to force client (local) address 175e5b75505Sopenharmony_ci */ 176e5b75505Sopenharmony_ci int force_client_addr; 177e5b75505Sopenharmony_ci}; 178e5b75505Sopenharmony_ci 179e5b75505Sopenharmony_ci 180e5b75505Sopenharmony_ci/** 181e5b75505Sopenharmony_ci * RadiusType - RADIUS server type for RADIUS client 182e5b75505Sopenharmony_ci */ 183e5b75505Sopenharmony_citypedef enum { 184e5b75505Sopenharmony_ci /** 185e5b75505Sopenharmony_ci * RADIUS authentication 186e5b75505Sopenharmony_ci */ 187e5b75505Sopenharmony_ci RADIUS_AUTH, 188e5b75505Sopenharmony_ci 189e5b75505Sopenharmony_ci /** 190e5b75505Sopenharmony_ci * RADIUS_ACCT - RADIUS accounting 191e5b75505Sopenharmony_ci */ 192e5b75505Sopenharmony_ci RADIUS_ACCT, 193e5b75505Sopenharmony_ci 194e5b75505Sopenharmony_ci /** 195e5b75505Sopenharmony_ci * RADIUS_ACCT_INTERIM - RADIUS interim accounting message 196e5b75505Sopenharmony_ci * 197e5b75505Sopenharmony_ci * Used only with radius_client_send(). This behaves just like 198e5b75505Sopenharmony_ci * RADIUS_ACCT, but removes any pending interim RADIUS Accounting 199e5b75505Sopenharmony_ci * messages for the same STA before sending the new interim update. 200e5b75505Sopenharmony_ci */ 201e5b75505Sopenharmony_ci RADIUS_ACCT_INTERIM 202e5b75505Sopenharmony_ci} RadiusType; 203e5b75505Sopenharmony_ci 204e5b75505Sopenharmony_ci/** 205e5b75505Sopenharmony_ci * RadiusRxResult - RADIUS client RX handler result 206e5b75505Sopenharmony_ci */ 207e5b75505Sopenharmony_citypedef enum { 208e5b75505Sopenharmony_ci /** 209e5b75505Sopenharmony_ci * RADIUS_RX_PROCESSED - Message processed 210e5b75505Sopenharmony_ci * 211e5b75505Sopenharmony_ci * This stops handler calls and frees the message. 212e5b75505Sopenharmony_ci */ 213e5b75505Sopenharmony_ci RADIUS_RX_PROCESSED, 214e5b75505Sopenharmony_ci 215e5b75505Sopenharmony_ci /** 216e5b75505Sopenharmony_ci * RADIUS_RX_QUEUED - Message has been queued 217e5b75505Sopenharmony_ci * 218e5b75505Sopenharmony_ci * This stops handler calls, but does not free the message; the handler 219e5b75505Sopenharmony_ci * that returned this is responsible for eventually freeing the 220e5b75505Sopenharmony_ci * message. 221e5b75505Sopenharmony_ci */ 222e5b75505Sopenharmony_ci RADIUS_RX_QUEUED, 223e5b75505Sopenharmony_ci 224e5b75505Sopenharmony_ci /** 225e5b75505Sopenharmony_ci * RADIUS_RX_UNKNOWN - Message is not for this handler 226e5b75505Sopenharmony_ci */ 227e5b75505Sopenharmony_ci RADIUS_RX_UNKNOWN, 228e5b75505Sopenharmony_ci 229e5b75505Sopenharmony_ci /** 230e5b75505Sopenharmony_ci * RADIUS_RX_INVALID_AUTHENTICATOR - Message has invalid Authenticator 231e5b75505Sopenharmony_ci */ 232e5b75505Sopenharmony_ci RADIUS_RX_INVALID_AUTHENTICATOR 233e5b75505Sopenharmony_ci} RadiusRxResult; 234e5b75505Sopenharmony_ci 235e5b75505Sopenharmony_cistruct radius_client_data; 236e5b75505Sopenharmony_ci 237e5b75505Sopenharmony_ciint radius_client_register(struct radius_client_data *radius, 238e5b75505Sopenharmony_ci RadiusType msg_type, 239e5b75505Sopenharmony_ci RadiusRxResult (*handler) 240e5b75505Sopenharmony_ci (struct radius_msg *msg, struct radius_msg *req, 241e5b75505Sopenharmony_ci const u8 *shared_secret, size_t shared_secret_len, 242e5b75505Sopenharmony_ci void *data), 243e5b75505Sopenharmony_ci void *data); 244e5b75505Sopenharmony_civoid radius_client_set_interim_error_cb(struct radius_client_data *radius, 245e5b75505Sopenharmony_ci void (*cb)(const u8 *addr, void *ctx), 246e5b75505Sopenharmony_ci void *ctx); 247e5b75505Sopenharmony_ciint radius_client_send(struct radius_client_data *radius, 248e5b75505Sopenharmony_ci struct radius_msg *msg, 249e5b75505Sopenharmony_ci RadiusType msg_type, const u8 *addr); 250e5b75505Sopenharmony_ciu8 radius_client_get_id(struct radius_client_data *radius); 251e5b75505Sopenharmony_civoid radius_client_flush(struct radius_client_data *radius, int only_auth); 252e5b75505Sopenharmony_cistruct radius_client_data * 253e5b75505Sopenharmony_ciradius_client_init(void *ctx, struct hostapd_radius_servers *conf); 254e5b75505Sopenharmony_civoid radius_client_deinit(struct radius_client_data *radius); 255e5b75505Sopenharmony_civoid radius_client_flush_auth(struct radius_client_data *radius, 256e5b75505Sopenharmony_ci const u8 *addr); 257e5b75505Sopenharmony_ciint radius_client_get_mib(struct radius_client_data *radius, char *buf, 258e5b75505Sopenharmony_ci size_t buflen); 259e5b75505Sopenharmony_civoid radius_client_reconfig(struct radius_client_data *radius, 260e5b75505Sopenharmony_ci struct hostapd_radius_servers *conf); 261e5b75505Sopenharmony_ci 262e5b75505Sopenharmony_ci#endif /* RADIUS_CLIENT_H */ 263