1189251Ssam/* 2214734Srpaulo * RADIUS client 3214734Srpaulo * Copyright (c) 2002-2009, Jouni Malinen <j@w1.fi> 4189251Ssam * 5252726Srpaulo * This software may be distributed under the terms of the BSD license. 6252726Srpaulo * See README for more details. 7189251Ssam */ 8189251Ssam 9189251Ssam#ifndef RADIUS_CLIENT_H 10189251Ssam#define RADIUS_CLIENT_H 11189251Ssam 12189251Ssam#include "ip_addr.h" 13189251Ssam 14189251Ssamstruct radius_msg; 15189251Ssam 16214734Srpaulo/** 17214734Srpaulo * struct hostapd_radius_server - RADIUS server information for RADIUS client 18214734Srpaulo * 19214734Srpaulo * This structure contains information about a RADIUS server. The values are 20214734Srpaulo * mainly for MIB information. The MIB variable prefix (radiusAuth or 21214734Srpaulo * radiusAcc) depends on whether this is an authentication or accounting 22214734Srpaulo * server. 23214734Srpaulo * 24214734Srpaulo * radiusAuthClientPendingRequests (or radiusAccClientPendingRequests) is the 25214734Srpaulo * number struct radius_client_data::msgs for matching msg_type. 26214734Srpaulo */ 27189251Ssamstruct hostapd_radius_server { 28214734Srpaulo /** 29214734Srpaulo * addr - radiusAuthServerAddress or radiusAccServerAddress 30214734Srpaulo */ 31214734Srpaulo struct hostapd_ip_addr addr; 32214734Srpaulo 33214734Srpaulo /** 34214734Srpaulo * port - radiusAuthClientServerPortNumber or radiusAccClientServerPortNumber 35214734Srpaulo */ 36214734Srpaulo int port; 37214734Srpaulo 38214734Srpaulo /** 39214734Srpaulo * shared_secret - Shared secret for authenticating RADIUS messages 40214734Srpaulo */ 41189251Ssam u8 *shared_secret; 42214734Srpaulo 43214734Srpaulo /** 44214734Srpaulo * shared_secret_len - Length of shared_secret in octets 45214734Srpaulo */ 46189251Ssam size_t shared_secret_len; 47189251Ssam 48189251Ssam /* Dynamic (not from configuration file) MIB data */ 49214734Srpaulo 50214734Srpaulo /** 51214734Srpaulo * index - radiusAuthServerIndex or radiusAccServerIndex 52214734Srpaulo */ 53214734Srpaulo int index; 54214734Srpaulo 55214734Srpaulo /** 56214734Srpaulo * round_trip_time - radiusAuthClientRoundTripTime or radiusAccClientRoundTripTime 57214734Srpaulo * Round-trip time in hundredths of a second. 58214734Srpaulo */ 59214734Srpaulo int round_trip_time; 60214734Srpaulo 61214734Srpaulo /** 62214734Srpaulo * requests - radiusAuthClientAccessRequests or radiusAccClientRequests 63214734Srpaulo */ 64214734Srpaulo u32 requests; 65214734Srpaulo 66214734Srpaulo /** 67214734Srpaulo * retransmissions - radiusAuthClientAccessRetransmissions or radiusAccClientRetransmissions 68214734Srpaulo */ 69214734Srpaulo u32 retransmissions; 70214734Srpaulo 71214734Srpaulo /** 72214734Srpaulo * access_accepts - radiusAuthClientAccessAccepts 73214734Srpaulo */ 74214734Srpaulo u32 access_accepts; 75214734Srpaulo 76214734Srpaulo /** 77214734Srpaulo * access_rejects - radiusAuthClientAccessRejects 78214734Srpaulo */ 79214734Srpaulo u32 access_rejects; 80214734Srpaulo 81214734Srpaulo /** 82214734Srpaulo * access_challenges - radiusAuthClientAccessChallenges 83214734Srpaulo */ 84214734Srpaulo u32 access_challenges; 85214734Srpaulo 86214734Srpaulo /** 87214734Srpaulo * responses - radiusAccClientResponses 88214734Srpaulo */ 89214734Srpaulo u32 responses; 90214734Srpaulo 91214734Srpaulo /** 92214734Srpaulo * malformed_responses - radiusAuthClientMalformedAccessResponses or radiusAccClientMalformedResponses 93214734Srpaulo */ 94214734Srpaulo u32 malformed_responses; 95214734Srpaulo 96214734Srpaulo /** 97214734Srpaulo * bad_authenticators - radiusAuthClientBadAuthenticators or radiusAccClientBadAuthenticators 98214734Srpaulo */ 99214734Srpaulo u32 bad_authenticators; 100214734Srpaulo 101214734Srpaulo /** 102214734Srpaulo * timeouts - radiusAuthClientTimeouts or radiusAccClientTimeouts 103214734Srpaulo */ 104214734Srpaulo u32 timeouts; 105214734Srpaulo 106214734Srpaulo /** 107214734Srpaulo * unknown_types - radiusAuthClientUnknownTypes or radiusAccClientUnknownTypes 108214734Srpaulo */ 109214734Srpaulo u32 unknown_types; 110214734Srpaulo 111214734Srpaulo /** 112214734Srpaulo * packets_dropped - radiusAuthClientPacketsDropped or radiusAccClientPacketsDropped 113214734Srpaulo */ 114214734Srpaulo u32 packets_dropped; 115189251Ssam}; 116189251Ssam 117214734Srpaulo/** 118214734Srpaulo * struct hostapd_radius_servers - RADIUS servers for RADIUS client 119214734Srpaulo */ 120189251Ssamstruct hostapd_radius_servers { 121214734Srpaulo /** 122214734Srpaulo * auth_servers - RADIUS Authentication servers in priority order 123214734Srpaulo */ 124214734Srpaulo struct hostapd_radius_server *auth_servers; 125214734Srpaulo 126214734Srpaulo /** 127214734Srpaulo * num_auth_servers - Number of auth_servers entries 128214734Srpaulo */ 129189251Ssam int num_auth_servers; 130214734Srpaulo 131214734Srpaulo /** 132214734Srpaulo * auth_server - The current Authentication server 133214734Srpaulo */ 134214734Srpaulo struct hostapd_radius_server *auth_server; 135214734Srpaulo 136214734Srpaulo /** 137214734Srpaulo * acct_servers - RADIUS Accounting servers in priority order 138214734Srpaulo */ 139214734Srpaulo struct hostapd_radius_server *acct_servers; 140214734Srpaulo 141214734Srpaulo /** 142214734Srpaulo * num_acct_servers - Number of acct_servers entries 143214734Srpaulo */ 144189251Ssam int num_acct_servers; 145189251Ssam 146214734Srpaulo /** 147214734Srpaulo * acct_server - The current Accounting server 148214734Srpaulo */ 149214734Srpaulo struct hostapd_radius_server *acct_server; 150214734Srpaulo 151214734Srpaulo /** 152214734Srpaulo * retry_primary_interval - Retry interval for trying primary server 153214734Srpaulo * 154214734Srpaulo * This specifies a retry interval in sexconds for trying to return to 155214734Srpaulo * the primary RADIUS server. RADIUS client code will automatically try 156214734Srpaulo * to use the next server when the current server is not replying to 157214734Srpaulo * requests. If this interval is set (non-zero), the primary server 158214734Srpaulo * will be retried after the specified number of seconds has passed 159214734Srpaulo * even if the current used secondary server is still working. 160214734Srpaulo */ 161189251Ssam int retry_primary_interval; 162189251Ssam 163214734Srpaulo /** 164214734Srpaulo * msg_dumps - Whether RADIUS message details are shown in stdout 165214734Srpaulo */ 166189251Ssam int msg_dumps; 167189251Ssam 168214734Srpaulo /** 169214734Srpaulo * client_addr - Client (local) address to use if force_client_addr 170214734Srpaulo */ 171189251Ssam struct hostapd_ip_addr client_addr; 172214734Srpaulo 173214734Srpaulo /** 174214734Srpaulo * force_client_addr - Whether to force client (local) address 175214734Srpaulo */ 176189251Ssam int force_client_addr; 177189251Ssam}; 178189251Ssam 179189251Ssam 180214734Srpaulo/** 181214734Srpaulo * RadiusType - RADIUS server type for RADIUS client 182214734Srpaulo */ 183189251Ssamtypedef enum { 184214734Srpaulo /** 185214734Srpaulo * RADIUS authentication 186214734Srpaulo */ 187189251Ssam RADIUS_AUTH, 188214734Srpaulo 189214734Srpaulo /** 190214734Srpaulo * RADIUS_ACCT - RADIUS accounting 191214734Srpaulo */ 192189251Ssam RADIUS_ACCT, 193214734Srpaulo 194214734Srpaulo /** 195214734Srpaulo * RADIUS_ACCT_INTERIM - RADIUS interim accounting message 196214734Srpaulo * 197214734Srpaulo * Used only with radius_client_send(). This behaves just like 198214734Srpaulo * RADIUS_ACCT, but removes any pending interim RADIUS Accounting 199214734Srpaulo * messages for the same STA before sending the new interim update. 200214734Srpaulo */ 201214734Srpaulo RADIUS_ACCT_INTERIM 202189251Ssam} RadiusType; 203189251Ssam 204214734Srpaulo/** 205214734Srpaulo * RadiusRxResult - RADIUS client RX handler result 206214734Srpaulo */ 207189251Ssamtypedef enum { 208214734Srpaulo /** 209214734Srpaulo * RADIUS_RX_PROCESSED - Message processed 210214734Srpaulo * 211214734Srpaulo * This stops handler calls and frees the message. 212214734Srpaulo */ 213189251Ssam RADIUS_RX_PROCESSED, 214214734Srpaulo 215214734Srpaulo /** 216214734Srpaulo * RADIUS_RX_QUEUED - Message has been queued 217214734Srpaulo * 218214734Srpaulo * This stops handler calls, but does not free the message; the handler 219214734Srpaulo * that returned this is responsible for eventually freeing the 220214734Srpaulo * message. 221214734Srpaulo */ 222189251Ssam RADIUS_RX_QUEUED, 223214734Srpaulo 224214734Srpaulo /** 225214734Srpaulo * RADIUS_RX_UNKNOWN - Message is not for this handler 226214734Srpaulo */ 227189251Ssam RADIUS_RX_UNKNOWN, 228214734Srpaulo 229214734Srpaulo /** 230214734Srpaulo * RADIUS_RX_INVALID_AUTHENTICATOR - Message has invalid Authenticator 231214734Srpaulo */ 232189251Ssam RADIUS_RX_INVALID_AUTHENTICATOR 233189251Ssam} RadiusRxResult; 234189251Ssam 235189251Ssamstruct radius_client_data; 236189251Ssam 237189251Ssamint radius_client_register(struct radius_client_data *radius, 238189251Ssam RadiusType msg_type, 239189251Ssam RadiusRxResult (*handler) 240189251Ssam (struct radius_msg *msg, struct radius_msg *req, 241189251Ssam const u8 *shared_secret, size_t shared_secret_len, 242189251Ssam void *data), 243189251Ssam void *data); 244337817Scyvoid radius_client_set_interim_error_cb(struct radius_client_data *radius, 245337817Scy void (*cb)(const u8 *addr, void *ctx), 246337817Scy void *ctx); 247189251Ssamint radius_client_send(struct radius_client_data *radius, 248189251Ssam struct radius_msg *msg, 249189251Ssam RadiusType msg_type, const u8 *addr); 250189251Ssamu8 radius_client_get_id(struct radius_client_data *radius); 251189251Ssamvoid radius_client_flush(struct radius_client_data *radius, int only_auth); 252189251Ssamstruct radius_client_data * 253189251Ssamradius_client_init(void *ctx, struct hostapd_radius_servers *conf); 254189251Ssamvoid radius_client_deinit(struct radius_client_data *radius); 255214734Srpaulovoid radius_client_flush_auth(struct radius_client_data *radius, 256214734Srpaulo const u8 *addr); 257189251Ssamint radius_client_get_mib(struct radius_client_data *radius, char *buf, 258189251Ssam size_t buflen); 259252726Srpaulovoid radius_client_reconfig(struct radius_client_data *radius, 260252726Srpaulo struct hostapd_radius_servers *conf); 261189251Ssam 262189251Ssam#endif /* RADIUS_CLIENT_H */ 263