1 /* 2 * RADIUS client 3 * Copyright (c) 2002-2009, Jouni Malinen <j@w1.fi> 4 * 5 * This software may be distributed under the terms of the BSD license. 6 * See README for more details. 7 */ 8 9 #ifndef RADIUS_CLIENT_H 10 #define RADIUS_CLIENT_H 11 12 #include "ip_addr.h" 13 14 struct radius_msg; 15 16 /** 17 * struct hostapd_radius_server - RADIUS server information for RADIUS client 18 * 19 * This structure contains information about a RADIUS server. The values are 20 * mainly for MIB information. The MIB variable prefix (radiusAuth or 21 * radiusAcc) depends on whether this is an authentication or accounting 22 * server. 23 * 24 * radiusAuthClientPendingRequests (or radiusAccClientPendingRequests) is the 25 * number struct radius_client_data::msgs for matching msg_type. 26 */ 27 struct hostapd_radius_server { 28 /** 29 * addr - radiusAuthServerAddress or radiusAccServerAddress 30 */ 31 struct hostapd_ip_addr addr; 32 33 /** 34 * port - radiusAuthClientServerPortNumber or radiusAccClientServerPortNumber 35 */ 36 int port; 37 38 /** 39 * shared_secret - Shared secret for authenticating RADIUS messages 40 */ 41 u8 *shared_secret; 42 43 /** 44 * shared_secret_len - Length of shared_secret in octets 45 */ 46 size_t shared_secret_len; 47 48 /* Dynamic (not from configuration file) MIB data */ 49 50 /** 51 * index - radiusAuthServerIndex or radiusAccServerIndex 52 */ 53 int index; 54 55 /** 56 * round_trip_time - radiusAuthClientRoundTripTime or radiusAccClientRoundTripTime 57 * Round-trip time in hundredths of a second. 58 */ 59 int round_trip_time; 60 61 /** 62 * requests - radiusAuthClientAccessRequests or radiusAccClientRequests 63 */ 64 u32 requests; 65 66 /** 67 * retransmissions - radiusAuthClientAccessRetransmissions or radiusAccClientRetransmissions 68 */ 69 u32 retransmissions; 70 71 /** 72 * access_accepts - radiusAuthClientAccessAccepts 73 */ 74 u32 access_accepts; 75 76 /** 77 * access_rejects - radiusAuthClientAccessRejects 78 */ 79 u32 access_rejects; 80 81 /** 82 * access_challenges - radiusAuthClientAccessChallenges 83 */ 84 u32 access_challenges; 85 86 /** 87 * responses - radiusAccClientResponses 88 */ 89 u32 responses; 90 91 /** 92 * malformed_responses - radiusAuthClientMalformedAccessResponses or radiusAccClientMalformedResponses 93 */ 94 u32 malformed_responses; 95 96 /** 97 * bad_authenticators - radiusAuthClientBadAuthenticators or radiusAccClientBadAuthenticators 98 */ 99 u32 bad_authenticators; 100 101 /** 102 * timeouts - radiusAuthClientTimeouts or radiusAccClientTimeouts 103 */ 104 u32 timeouts; 105 106 /** 107 * unknown_types - radiusAuthClientUnknownTypes or radiusAccClientUnknownTypes 108 */ 109 u32 unknown_types; 110 111 /** 112 * packets_dropped - radiusAuthClientPacketsDropped or radiusAccClientPacketsDropped 113 */ 114 u32 packets_dropped; 115 }; 116 117 /** 118 * struct hostapd_radius_servers - RADIUS servers for RADIUS client 119 */ 120 struct hostapd_radius_servers { 121 /** 122 * auth_servers - RADIUS Authentication servers in priority order 123 */ 124 struct hostapd_radius_server *auth_servers; 125 126 /** 127 * num_auth_servers - Number of auth_servers entries 128 */ 129 int num_auth_servers; 130 131 /** 132 * auth_server - The current Authentication server 133 */ 134 struct hostapd_radius_server *auth_server; 135 136 /** 137 * acct_servers - RADIUS Accounting servers in priority order 138 */ 139 struct hostapd_radius_server *acct_servers; 140 141 /** 142 * num_acct_servers - Number of acct_servers entries 143 */ 144 int num_acct_servers; 145 146 /** 147 * acct_server - The current Accounting server 148 */ 149 struct hostapd_radius_server *acct_server; 150 151 /** 152 * retry_primary_interval - Retry interval for trying primary server 153 * 154 * This specifies a retry interval in sexconds for trying to return to 155 * the primary RADIUS server. RADIUS client code will automatically try 156 * to use the next server when the current server is not replying to 157 * requests. If this interval is set (non-zero), the primary server 158 * will be retried after the specified number of seconds has passed 159 * even if the current used secondary server is still working. 160 */ 161 int retry_primary_interval; 162 163 /** 164 * msg_dumps - Whether RADIUS message details are shown in stdout 165 */ 166 int msg_dumps; 167 168 /** 169 * client_addr - Client (local) address to use if force_client_addr 170 */ 171 struct hostapd_ip_addr client_addr; 172 173 /** 174 * force_client_addr - Whether to force client (local) address 175 */ 176 int force_client_addr; 177 }; 178 179 180 /** 181 * RadiusType - RADIUS server type for RADIUS client 182 */ 183 typedef enum { 184 /** 185 * RADIUS authentication 186 */ 187 RADIUS_AUTH, 188 189 /** 190 * RADIUS_ACCT - RADIUS accounting 191 */ 192 RADIUS_ACCT, 193 194 /** 195 * RADIUS_ACCT_INTERIM - RADIUS interim accounting message 196 * 197 * Used only with radius_client_send(). This behaves just like 198 * RADIUS_ACCT, but removes any pending interim RADIUS Accounting 199 * messages for the same STA before sending the new interim update. 200 */ 201 RADIUS_ACCT_INTERIM 202 } RadiusType; 203 204 /** 205 * RadiusRxResult - RADIUS client RX handler result 206 */ 207 typedef enum { 208 /** 209 * RADIUS_RX_PROCESSED - Message processed 210 * 211 * This stops handler calls and frees the message. 212 */ 213 RADIUS_RX_PROCESSED, 214 215 /** 216 * RADIUS_RX_QUEUED - Message has been queued 217 * 218 * This stops handler calls, but does not free the message; the handler 219 * that returned this is responsible for eventually freeing the 220 * message. 221 */ 222 RADIUS_RX_QUEUED, 223 224 /** 225 * RADIUS_RX_UNKNOWN - Message is not for this handler 226 */ 227 RADIUS_RX_UNKNOWN, 228 229 /** 230 * RADIUS_RX_INVALID_AUTHENTICATOR - Message has invalid Authenticator 231 */ 232 RADIUS_RX_INVALID_AUTHENTICATOR 233 } RadiusRxResult; 234 235 struct radius_client_data; 236 237 int radius_client_register(struct radius_client_data *radius, 238 RadiusType msg_type, 239 RadiusRxResult (*handler) 240 (struct radius_msg *msg, struct radius_msg *req, 241 const u8 *shared_secret, size_t shared_secret_len, 242 void *data), 243 void *data); 244 void radius_client_set_interim_error_cb(struct radius_client_data *radius, 245 void (*cb)(const u8 *addr, void *ctx), 246 void *ctx); 247 int radius_client_send(struct radius_client_data *radius, 248 struct radius_msg *msg, 249 RadiusType msg_type, const u8 *addr); 250 u8 radius_client_get_id(struct radius_client_data *radius); 251 void radius_client_flush(struct radius_client_data *radius, int only_auth); 252 struct radius_client_data * 253 radius_client_init(void *ctx, struct hostapd_radius_servers *conf); 254 void radius_client_deinit(struct radius_client_data *radius); 255 void radius_client_flush_auth(struct radius_client_data *radius, 256 const u8 *addr); 257 int radius_client_get_mib(struct radius_client_data *radius, char *buf, 258 size_t buflen); 259 void radius_client_reconfig(struct radius_client_data *radius, 260 struct hostapd_radius_servers *conf); 261 262 #endif /* RADIUS_CLIENT_H */ 263