1/* $OpenBSD: radius.h,v 1.7 2024/06/29 11:50:31 yasuoka Exp $ */ 2 3/*- 4 * Copyright (c) 2009 Internet Initiative Japan Inc. 5 * All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 17 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 18 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 19 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 20 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 21 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 22 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 23 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 24 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 25 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 26 * SUCH DAMAGE. 27 */ 28 29#ifndef _RADIUS_H 30#define _RADIUS_H 31 32#define RADIUS_DEFAULT_PORT 1812 33#define RADIUS_ACCT_DEFAULT_PORT 1813 34#define RADIUS_DAE_DEFAULT_PORT 3799 35 36/* RADIUS codes */ 37#define RADIUS_CODE_ACCESS_REQUEST 1 38#define RADIUS_CODE_ACCESS_ACCEPT 2 39#define RADIUS_CODE_ACCESS_REJECT 3 40#define RADIUS_CODE_ACCOUNTING_REQUEST 4 41#define RADIUS_CODE_ACCOUNTING_RESPONSE 5 42#define RADIUS_CODE_ACCESS_CHALLENGE 11 43#define RADIUS_CODE_STATUS_SERVER 12 44#define RADIUS_CODE_STATUS_CLIENT 13 45 46#define RADIUS_CODE_DISCONNECT_REQUEST 40 47#define RADIUS_CODE_DISCONNECT_ACK 41 48#define RADIUS_CODE_DISCONNECT_NAK 42 49#define RADIUS_CODE_COA_REQUEST 43 50#define RADIUS_CODE_COA_ACK 44 51#define RADIUS_CODE_COA_NAK 45 52 53/* RADIUS attributes */ 54#define RADIUS_TYPE_USER_NAME 1 55#define RADIUS_TYPE_USER_PASSWORD 2 56#define RADIUS_TYPE_CHAP_PASSWORD 3 57#define RADIUS_TYPE_NAS_IP_ADDRESS 4 58#define RADIUS_TYPE_NAS_PORT 5 59#define RADIUS_TYPE_SERVICE_TYPE 6 60#define RADIUS_TYPE_FRAMED_PROTOCOL 7 61#define RADIUS_TYPE_FRAMED_IP_ADDRESS 8 62#define RADIUS_TYPE_FRAMED_IP_NETMASK 9 63#define RADIUS_TYPE_FRAMED_ROUTING 10 64#define RADIUS_TYPE_FILTER_ID 11 65#define RADIUS_TYPE_FRAMED_MTU 12 66#define RADIUS_TYPE_FRAMED_COMPRESSION 13 67#define RADIUS_TYPE_LOGIN_IP_HOST 14 68#define RADIUS_TYPE_LOGIN_SERVICE 15 69#define RADIUS_TYPE_LOGIN_TCP_PORT 16 70/* unassigned 17 */ 71#define RADIUS_TYPE_REPLY_MESSAGE 18 72#define RADIUS_TYPE_CALLBACK_NUMBER 19 73#define RADIUS_TYPE_CALLBACK_ID 20 74/* unassigned 21 */ 75#define RADIUS_TYPE_FRAMED_ROUTE 22 76#define RADIUS_TYPE_FRAMED_IPX_NETWORK 23 77#define RADIUS_TYPE_STATE 24 78#define RADIUS_TYPE_CLASS 25 79#define RADIUS_TYPE_VENDOR_SPECIFIC 26 80#define RADIUS_TYPE_SESSION_TIMEOUT 27 81#define RADIUS_TYPE_IDLE_TIMEOUT 28 82#define RADIUS_TYPE_TERMINATION_ACTION 29 83#define RADIUS_TYPE_CALLED_STATION_ID 30 84#define RADIUS_TYPE_CALLING_STATION_ID 31 85#define RADIUS_TYPE_NAS_IDENTIFIER 32 86#define RADIUS_TYPE_PROXY_STATE 33 87#define RADIUS_TYPE_LOGIN_LAT_SERVICE 34 88#define RADIUS_TYPE_LOGIN_LAT_NODE 35 89#define RADIUS_TYPE_LOGIN_LAT_GROUP 36 90#define RADIUS_TYPE_FRAMED_APPLETALK_LINK 37 91#define RADIUS_TYPE_FRAMED_APPLETALK_NETWORK 38 92#define RADIUS_TYPE_FRAMED_APPLETALK_ZONE 39 93#define RADIUS_TYPE_ACCT_STATUS_TYPE 40 94#define RADIUS_TYPE_ACCT_DELAY_TIME 41 95#define RADIUS_TYPE_ACCT_INPUT_OCTETS 42 96#define RADIUS_TYPE_ACCT_OUTPUT_OCTETS 43 97#define RADIUS_TYPE_ACCT_SESSION_ID 44 98#define RADIUS_TYPE_ACCT_AUTHENTIC 45 99#define RADIUS_TYPE_ACCT_SESSION_TIME 46 100#define RADIUS_TYPE_ACCT_INPUT_PACKETS 47 101#define RADIUS_TYPE_ACCT_OUTPUT_PACKETS 48 102#define RADIUS_TYPE_ACCT_TERMINATE_CAUSE 49 103#define RADIUS_TYPE_ACCT_MULTI_SESSION_ID 50 104#define RADIUS_TYPE_ACCT_LINK_COUNT 51 105#define RADIUS_TYPE_ACCT_INPUT_GIGAWORDS 52 106#define RADIUS_TYPE_ACCT_OUTPUT_GIGAWORDS 53 107/* unassigned (for accounting) 54 */ 108#define RADIUS_TYPE_EVENT_TIMESTAMP 55 109/* unassigned (for accounting) 56 */ 110/* unassigned (for accounting) 57 */ 111/* unassigned (for accounting) 58 */ 112/* unassigned (for accounting) 59 */ 113#define RADIUS_TYPE_CHAP_CHALLENGE 60 114#define RADIUS_TYPE_NAS_PORT_TYPE 61 115#define RADIUS_TYPE_PORT_LIMIT 62 116#define RADIUS_TYPE_LOGIN_LAT_PORT 63 117#define RADIUS_TYPE_TUNNEL_TYPE 64 118#define RADIUS_TYPE_TUNNEL_MEDIUM_TYPE 65 119#define RADIUS_TYPE_TUNNEL_CLIENT_ENDPOINT 66 120#define RADIUS_TYPE_TUNNEL_SERVER_ENDPOINT 67 121#define RADIUS_TYPE_ACCT_TUNNEL_CONNECTION 68 122#define RADIUS_TYPE_TUNNEL_PASSWORD 69 123#define RADIUS_TYPE_ARAP_PASSWORD 70 124#define RADIUS_TYPE_ARAP_FEATURES 71 125#define RADIUS_TYPE_ARAP_ZONE_ACCESS 72 126#define RADIUS_TYPE_ARAP_SECURITY 73 127#define RADIUS_TYPE_ARAP_SECURITY_DATA 74 128#define RADIUS_TYPE_PASSWORD_RETRY 75 129#define RADIUS_TYPE_PROMPT 76 130#define RADIUS_TYPE_CONNECT_INFO 77 131#define RADIUS_TYPE_CONFIGURATION_TOKEN 78 132#define RADIUS_TYPE_EAP_MESSAGE 79 133#define RADIUS_TYPE_MESSAGE_AUTHENTICATOR 80 134#define RADIUS_TYPE_TUNNEL_PRIVATE_GROUP_ID 81 135#define RADIUS_TYPE_TUNNEL_ASSIGNMENT_ID 82 136#define RADIUS_TYPE_TUNNEL_PREFERENCE 83 137#define RADIUS_TYPE_ARAP_CHALLENGE_RESPONSE 84 138#define RADIUS_TYPE_ACCT_INTERIM_INTERVAL 85 139#define RADIUS_TYPE_ACCT_TUNNEL_PACKETS_LOST 86 140#define RADIUS_TYPE_NAS_PORT_ID 87 141#define RADIUS_TYPE_FRAMED_POOL 88 142/* unassigned 89 */ 143#define RADIUS_TYPE_TUNNEL_CLIENT_AUTH_ID 90 144#define RADIUS_TYPE_TUNNEL_SERVER_AUTH_ID 91 145/* unassigned 92-94 */ 146#define RADIUS_TYPE_NAS_IPV6_ADDRESS 95 147#define RADIUS_TYPE_FRAMED_INTERFACE_ID 96 148#define RADIUS_TYPE_FRAMED_IPV6_PREFIX 97 149#define RADIUS_TYPE_LOGIN_IPV6_HOST 98 150#define RADIUS_TYPE_FRAMED_IPV6_ROUTE 99 151#define RADIUS_TYPE_FRAMED_IPV6_POOL 100 152 153/* RFC 5176 3.5. Error-Cause */ 154#define RADIUS_TYPE_ERROR_CAUSE 101 155 156/* RFC 6911 3. Attributes */ 157#define RADIUS_TYPE_FRAMED_IPV6_ADDRESS 168 158#define RADIUS_TYPE_DNS_SERVER_IPV6_ADDRESS 169 159#define RADIUS_TYPE_ROUTE_IPV6_INFORMATION 170 160#define RADIUS_TYPE_DELEGATED_IPV6_PREFIX_POOL 171 161#define RADIUS_TYPE_STATEFUL_IPV6_ADDRESS_POOL 172 162 163 164/* RFC 2865 5.7. Framed-Protocol */ 165#define RADIUS_FRAMED_PROTOCOL_PPP 1 /* PPP */ 166#define RADIUS_FRAMED_PROTOCOL_SLIP 2 /* SLIP */ 167#define RADIUS_FRAMED_PROTOCOL_ARAP 3 /* AppleTalk Remote Access 168 * Protocol (ARAP) */ 169#define RADIUS_FRAMED_PROTOCOL_GANDALF 4 /* Gandalf proprietary 170 * SingleLink/MultiLink 171 * protocol */ 172#define RADIUS_FRAMED_PROTOCOL_XYLOGICS 5 /* Xylogics proprietary 173 * IPX/SLIP */ 174#define RADIUS_FRAMED_PROTOCOL_X75 6 /* X.75 Synchronous */ 175 176 177/* RFC 2865 5.6. Service-Type */ 178#define RADIUS_SERVICE_TYPE_LOGIN 1 179#define RADIUS_SERVICE_TYPE_FRAMED 2 180#define RADIUS_SERVICE_TYPE_CB_LOGIN 3 181#define RADIUS_SERVICE_TYPE_CB_FRAMED 4 182#define RADIUS_SERVICE_TYPE_OUTBOUND 5 183#define RADIUS_SERVICE_TYPE_ADMINISTRATIVE 6 184#define RADIUS_SERVICE_TYPE_NAS_PROMPT 7 185#define RADIUS_SERVICE_TYPE_AUTHENTICAT_ONLY 8 186#define RADIUS_SERVICE_TYPE_CB_NAS_PROMPT 9 187#define RADIUS_SERVICE_TYPE_CALL_CHECK 10 188#define RADIUS_SERVICE_TYPE_CB_ADMINISTRATIVE 11 189 190 191/* Microsoft vendor specific attributes: see RFC2548*/ 192#define RADIUS_VENDOR_MICROSOFT 311 193#define RADIUS_VTYPE_MS_CHAP_RESPONSE 1 194#define RADIUS_VTYPE_MS_CHAP_ERROR 2 195#define RADIUS_VTYPE_MS_CHAP_PW_1 3 196#define RADIUS_VTYPE_MS_CHAP_PW_2 4 197#define RADIUS_VTYPE_MS_CHAP_LM_ENC_PW 5 198#define RADIUS_VTYPE_MS_CHAP_NT_ENC_PW 6 199#define RADIUS_VTYPE_MPPE_ENCRYPTION_POLICY 7 200#define RADIUS_VTYPE_MPPE_ENCRYPTION_TYPES 8 201#define RADIUS_VTYPE_MS_RAS_VENDOR 9 202#define RADIUS_VTYPE_MS_CHAP_CHALLENGE 11 203#define RADIUS_VTYPE_MS_CHAP_MPPE_KEYS 12 204#define RADIUS_VTYPE_MS_BAP_USAGE 13 205#define RADIUS_VTYPE_MS_LINK_UTILIZATION_THRESHOLD 14 206#define RADIUS_VTYPE_MS_LINK_DROP_TIME_LIMIT 15 207#define RADIUS_VTYPE_MPPE_SEND_KEY 16 208#define RADIUS_VTYPE_MPPE_RECV_KEY 17 209#define RADIUS_VTYPE_MS_RAS_VERSION 18 210#define RADIUS_VTYPE_MS_OLD_ARAP_PASSWORD 19 211#define RADIUS_VTYPE_MS_NEW_ARAP_PASSWORD 20 212#define RADIUS_VTYPE_MS_ARAP_PASSWORD_CHANGE_REASON 21 213#define RADIUS_VTYPE_MS_FILTER 22 214#define RADIUS_VTYPE_MS_ACCT_AUTH_TYPE 23 215#define RADIUS_VTYPE_MS_ACCT_EAP_TYPE 24 216#define RADIUS_VTYPE_MS_CHAP2_RESPONSE 25 217#define RADIUS_VTYPE_MS_CHAP2_SUCCESS 26 218#define RADIUS_VTYPE_MS_CHAP2_PW 27 219#define RADIUS_VTYPE_MS_PRIMARY_DNS_SERVER 28 220#define RADIUS_VTYPE_MS_SECONDARY_DNS_SERVER 29 221#define RADIUS_VTYPE_MS_PRIMARY_NBNS_SERVER 30 222#define RADIUS_VTYPE_MS_SECONDARY_NBNS_SERVER 31 223/* unassigned? 32 */ 224#define RADIUS_VTYPE_MS_ARAP_CHALLENGE 33 225 226 227/* RFC 2865 5.41. NAS-Port-Type */ 228#define RADIUS_NAS_PORT_TYPE_ASYNC 0 /* Async */ 229#define RADIUS_NAS_PORT_TYPE_SYNC 1 /* Sync */ 230#define RADIUS_NAS_PORT_TYPE_ISDN_SYNC 2 /* ISDN Sync */ 231#define RADIUS_NAS_PORT_TYPE_ISDN_ASYNC_V120 3 /* ISDN Async V.120 */ 232#define RADIUS_NAS_PORT_TYPE_ISDN_ASYNC_V110 4 /* ISDN Async V.110 */ 233#define RADIUS_NAS_PORT_TYPE_VIRTUAL 5 /* Virtual */ 234#define RADIUS_NAS_PORT_TYPE_PIAFS 6 /* PIAFS */ 235#define RADIUS_NAS_PORT_TYPE_HDLC_CLEAR_CHANNEL 7 /* HDLC Clear Channel */ 236#define RADIUS_NAS_PORT_TYPE_X_25 8 /* X.25 */ 237#define RADIUS_NAS_PORT_TYPE_X_75 9 /* X.75 */ 238#define RADIUS_NAS_PORT_TYPE_G3_FAX 10 /* G.3 Fax */ 239#define RADIUS_NAS_PORT_TYPE_SDSL 11 /* SDSL - Symmetric DSL */ 240#define RADIUS_NAS_PORT_TYPE_ADSL_CAP 12 /* ADSL-CAP - Asymmetric 241 * DSL, Carrierless 242 * Amplitude Phase 243 * Modulation */ 244#define RADIUS_NAS_PORT_TYPE_ADSL_DMT 13 /* ADSL-DMT - Asymmetric 245 * DSL, Discrete 246 * Multi-Tone */ 247#define RADIUS_NAS_PORT_TYPE_IDSL 14 /* IDSL - ISDN Digital 248 * Subscriber Line */ 249#define RADIUS_NAS_PORT_TYPE_ETHERNET 15 /* Ethernet */ 250#define RADIUS_NAS_PORT_TYPE_XDSL 16 /* xDSL - Digital 251 * Subscriber Line of 252 * unknown type */ 253#define RADIUS_NAS_PORT_TYPE_CABLE 17 /* Cable */ 254#define RADIUS_NAS_PORT_TYPE_WIRELESS 18 /* Wireless - Other */ 255#define RADIUS_NAS_PORT_TYPE_WIRELESS_802_11 19 /* Wireless - IEEE 256 * 802.11 */ 257 258 259/* RFC 2866 5.1. Acct-Status-Type */ 260#define RADIUS_ACCT_STATUS_TYPE_START 1 /* Start */ 261#define RADIUS_ACCT_STATUS_TYPE_STOP 2 /* Stop */ 262#define RADIUS_ACCT_STATUS_TYPE_INTERIM_UPDATE 3 /* Interim-Update */ 263#define RADIUS_ACCT_STATUS_TYPE_ACCT_ON 7 /* Accounting-On */ 264#define RADIUS_ACCT_STATUS_TYPE_ACCT_OFF 8 /* Accounting-Off */ 265 266 267/* RFC 2866 5.6. Acct-Authentic */ 268#define RADIUS_ACCT_AUTHENTIC_RADIUS 1 /* RADIUS */ 269#define RADIUS_ACCT_AUTHENTIC_LOCAL 2 /* Local */ 270#define RADIUS_ACCT_AUTHENTIC_REMOTE 3 /* Remote */ 271 272 273/* RFC 2866 5.10. Acct-Terminate-Cause */ 274#define RADIUS_TERMNATE_CAUSE_USER_REQUEST 1 /* User Request */ 275#define RADIUS_TERMNATE_CAUSE_LOST_CARRIER 2 /* Lost Carrier */ 276#define RADIUS_TERMNATE_CAUSE_LOST_SERVICE 3 /* Lost Service */ 277#define RADIUS_TERMNATE_CAUSE_IDLE_TIMEOUT 4 /* Idle Timeout */ 278#define RADIUS_TERMNATE_CAUSE_SESSION_TIMEOUT 5 /* Session Timeout */ 279#define RADIUS_TERMNATE_CAUSE_ADMIN_RESET 6 /* Admin Reset */ 280#define RADIUS_TERMNATE_CAUSE_ADMIN_REBOOT 7 /* Admin Reboot */ 281#define RADIUS_TERMNATE_CAUSE_PORT_ERROR 8 /* Port Error */ 282#define RADIUS_TERMNATE_CAUSE_NAS_ERROR 9 /* NAS Error */ 283#define RADIUS_TERMNATE_CAUSE_NAS_RESET 10 /* NAS Request */ 284#define RADIUS_TERMNATE_CAUSE_NAS_REBOOT 11 /* NAS Reboot */ 285#define RADIUS_TERMNATE_CAUSE_PORT_UNNEEDED 12 /* Port Unneeded */ 286#define RADIUS_TERMNATE_CAUSE_PORT_PREEMPTED 13 /* Port Preempted */ 287#define RADIUS_TERMNATE_CAUSE_PORT_SUSPENDED 14 /* Port Suspended */ 288#define RADIUS_TERMNATE_CAUSE_SERVICE_UNAVAIL 15 /* Service Unavailable */ 289#define RADIUS_TERMNATE_CAUSE_CALLBACK 16 /* Callback */ 290#define RADIUS_TERMNATE_CAUSE_USER_ERROR 17 /* User Error */ 291#define RADIUS_TERMNATE_CAUSE_HOST_REQUEST 18 /* Host Request */ 292 293 294/* RFC 2868 3.1. Tunnel-Type */ 295#define RADIUS_TUNNEL_TYPE_PPTP 1 /* Point-to-Point Tunneling 296 * Protocol (PPTP) */ 297#define RADIUS_TUNNEL_TYPE_L2F 2 /* Layer Two Forwarding (L2F) */ 298#define RADIUS_TUNNEL_TYPE_L2TP 3 /* Layer Two Tunneling 299 * Protocol (L2TP) */ 300#define RADIUS_TUNNEL_TYPE_ATMP 4 /* Ascend Tunnel Management 301 * Protocol (ATMP) */ 302#define RADIUS_TUNNEL_TYPE_VTP 5 /* Virtual Tunneling Protocol 303 * (VTP) */ 304#define RADIUS_TUNNEL_TYPE_AH 6 /* IP Authentication Header in 305 * the Tunnel-mode (AH) */ 306#define RADIUS_TUNNEL_TYPE_IP 7 /* IP-in-IP Encapsulation 307 * (IP-IP) */ 308#define RADIUS_TUNNEL_TYPE_MOBILE 8 /* Minimal IP-in-IP 309 * Encapsulation (MIN-IP-IP) */ 310#define RADIUS_TUNNEL_TYPE_ESP 9 /* IP Encapsulating Security 311 * Payload in the Tunnel-mode 312 * (ESP) */ 313#define RADIUS_TUNNEL_TYPE_GRE 10 /* Generic Route Encapsulation 314 * (GRE) */ 315#define RADIUS_TUNNEL_TYPE_VDS 11 /* Bay Dial Virtual Services 316 * (DVS) */ 317#define RADIUS_TUNNEL_TYPE_IPIP 12 /* IP-in-IP Tunneling */ 318 319 320/* RFC 2868 3.2. Tunnel-Medium-Type */ 321#define RADIUS_TUNNEL_MEDIUM_TYPE_IPV4 1 /* IPv4 (IP version 4) */ 322#define RADIUS_TUNNEL_MEDIUM_TYPE_IPV6 2 /* IPv6 (IP version 6) */ 323#define RADIUS_TUNNEL_MEDIUM_TYPE_NSAP 3 /* NSAP */ 324#define RADIUS_TUNNEL_MEDIUM_TYPE_HDLC 4 /* HDLC (8-bit 325 * multidrop) */ 326#define RADIUS_TUNNEL_MEDIUM_TYPE_BBN1822 5 /* BBN 1822 */ 327#define RADIUS_TUNNEL_MEDIUM_TYPE_802 6 /* 802 (includes all 802 328 * media plus Ethernet 329 * "canonical format")*/ 330#define RADIUS_TUNNEL_MEDIUM_TYPE_E163 7 /* E.163 (POTS) */ 331#define RADIUS_TUNNEL_MEDIUM_TYPE_E164 8 /* E.164 (SMDS, Frame 332 * Relay, ATM) */ 333/* RFC 5167 3.5. Error-Cause */ 334/* Residual Session Context Removed */ 335#define RADIUS_ERROR_CAUSE_RESIDUAL_SESSION_REMOVED 201 336/* Invalid EAP Packet (Ignored) */ 337#define RADIUS_ERROR_CAUSE_INVALID_EAP_PACKET 202 338/* Unsupported Attribute */ 339#define RADIUS_ERROR_CAUSE_UNSUPPORTED_ATTRIBUTE 401 340/* Missing Attribute */ 341#define RADIUS_ERROR_CAUSE_MISSING_ATTRIBUTE 402 342/* NAS Identification Mismatch */ 343#define RADIUS_ERROR_CAUSE_NAS_IDENTIFICATION_MISMATCH 403 344/* Invalid Request */ 345#define RADIUS_ERROR_CAUSE_INVALID_REQUEST 404 346/* Unsupported Service */ 347#define RADIUS_ERROR_CAUSE_UNSUPPORTED_SERVICE 405 348/* Unsupported Extension */ 349#define RADIUS_ERROR_CAUSE_UNSUPPORTED_EXTENSION 406 350/* Invalid Attribute Valu */ 351#define RADIUS_ERROR_CAUSE_INVALID_ATTRIBUTE_VALUE 407 352/* Administratively Prohibited */ 353#define RADIUS_ERROR_CAUSE_ADMINISTRATIVELY_PROHIBITED 501 354/* Request Not Routable (Proxy) */ 355#define RADIUS_ERROR_CAUSE_REQUEST_NOT_ROUTABLE 502 356/* Session Context Not Found */ 357#define RADIUS_ERROR_CAUSE_SESSION_NOT_FOUND 503 358/* Session Context Not Removable */ 359#define RADIUS_ERROR_CAUSE_SESSION_NOT_REMOVABLE 504 360/* Other Proxy Processing Error */ 361#define RADIUS_ERROR_CAUSE_OTHER_PROXY_PROCESSING_ERROR 505 362/* Resources Unavailable */ 363#define RADIUS_ERROR_CAUSE_RESOURCES_UNAVAILABLE 506 364/* Request Initiated */ 365#define RADIUS_ERROR_CAUSE_REQUEST_INITIATED 507 366/* Multiple Session Selection Unsupported */ 367#define RADIUS_ERROR_CAUSE_MULTI_SELECTION_UNSUPPORTED 508 368 369#include <sys/socket.h> 370#include <sys/cdefs.h> 371 372#include <stdbool.h> 373#include <stdint.h> 374 375struct in_addr; 376struct in6_addr; 377 378__BEGIN_DECLS 379 380/******* packet manipulation support *******/ 381 382typedef struct _RADIUS_PACKET RADIUS_PACKET; 383 384/* constructors */ 385RADIUS_PACKET *radius_new_request_packet(uint8_t); 386RADIUS_PACKET *radius_new_response_packet(uint8_t, const RADIUS_PACKET *); 387RADIUS_PACKET *radius_convert_packet(const void *, size_t); 388 389/* destructor */ 390int radius_delete_packet(RADIUS_PACKET *); 391 392/* accessors - header values */ 393uint8_t radius_get_id(const RADIUS_PACKET *); 394void radius_update_id(RADIUS_PACKET * packet); 395void radius_set_id(RADIUS_PACKET *, uint8_t); 396uint8_t radius_get_code(const RADIUS_PACKET *); 397void radius_get_authenticator(const RADIUS_PACKET *, void *); 398void radius_set_request_packet(RADIUS_PACKET *, 399 const RADIUS_PACKET *); 400const RADIUS_PACKET * 401 radius_get_request_packet(const RADIUS_PACKET *); 402int radius_check_response_authenticator(const RADIUS_PACKET *, 403 const char *); 404int radius_check_accounting_request_authenticator( 405 const RADIUS_PACKET *, const char *); 406uint8_t *radius_get_authenticator_retval(const RADIUS_PACKET *); 407uint8_t *radius_get_request_authenticator_retval(const RADIUS_PACKET *); 408void radius_set_accounting_request_authenticator(RADIUS_PACKET *, 409 const char *); 410void radius_set_response_authenticator(RADIUS_PACKET *, 411 const char *); 412uint16_t radius_get_length(const RADIUS_PACKET *); 413const void *radius_get_data(const RADIUS_PACKET *); 414 415int radius_get_raw_attr(const RADIUS_PACKET *, uint8_t, void *, 416 size_t *); 417int radius_get_vs_raw_attr(const RADIUS_PACKET *, uint32_t, 418 uint8_t, void *, size_t *); 419int radius_put_raw_attr(RADIUS_PACKET *, uint8_t, const void *, 420 size_t); 421int radius_put_vs_raw_attr(RADIUS_PACKET *, uint32_t, uint8_t, 422 const void *, size_t); 423int radius_get_raw_attr_ptr(const RADIUS_PACKET *, uint8_t, 424 const void **, size_t *); 425int radius_get_vs_raw_attr_ptr(const RADIUS_PACKET *, uint32_t, 426 uint8_t, const void **, size_t *); 427int radius_get_raw_attr_cat(const RADIUS_PACKET *, uint8_t, 428 void *, size_t *); 429int radius_get_vs_raw_attr_cat(const RADIUS_PACKET *, uint32_t, 430 uint8_t, void *, size_t *); 431int radius_put_raw_attr_cat(RADIUS_PACKET *, uint8_t, 432 const void *, size_t); 433int radius_put_vs_raw_attr_cat(RADIUS_PACKET *, uint32_t, uint8_t, 434 const void *, size_t); 435int radius_set_raw_attr(RADIUS_PACKET *, uint8_t, const void *, 436 size_t); 437int radius_set_vs_raw_attr(RADIUS_PACKET *, uint32_t, uint8_t, 438 const void *, size_t); 439 440int radius_del_attr_all(RADIUS_PACKET *, uint8_t); 441int radius_del_vs_attr_all(RADIUS_PACKET *, uint32_t, uint8_t); 442 443bool radius_has_attr(const RADIUS_PACKET *, uint8_t); 444bool radius_has_vs_attr(const RADIUS_PACKET *, uint32_t, uint8_t); 445 446/* typed attribute accessor (string) */ 447int radius_get_string_attr(const RADIUS_PACKET *, uint8_t, char *, 448 size_t); 449int radius_get_vs_string_attr(const RADIUS_PACKET *, uint32_t, 450 uint8_t, char *, size_t); 451int radius_put_string_attr(RADIUS_PACKET *, uint8_t, const char *); 452int radius_put_vs_string_attr(RADIUS_PACKET *, uint32_t, uint8_t, 453 const char *); 454 455/* typed attribute accessor (uint16_t) */ 456int radius_get_uint16_attr(const RADIUS_PACKET *, 457 uint8_t, uint16_t *); 458int radius_get_vs_uint16_attr(const RADIUS_PACKET *, 459 uint32_t, uint8_t, uint16_t *); 460int radius_put_uint16_attr(RADIUS_PACKET *, 461 uint8_t, const uint16_t); 462int radius_put_vs_uint16_attr(RADIUS_PACKET *, 463 uint32_t, uint8_t, const uint16_t); 464int radius_set_uint16_attr(RADIUS_PACKET *, 465 uint8_t, const uint16_t); 466int radius_set_vs_uint16_attr(RADIUS_PACKET *, 467 uint32_t, uint8_t, const uint16_t); 468 469/* typed attribute accessor (uint32_t) */ 470int radius_get_uint32_attr(const RADIUS_PACKET *, 471 uint8_t, uint32_t *); 472int radius_get_vs_uint32_attr(const RADIUS_PACKET *, 473 uint32_t, uint8_t, uint32_t *); 474int radius_put_uint32_attr(RADIUS_PACKET *, 475 uint8_t, const uint32_t); 476int radius_put_vs_uint32_attr(RADIUS_PACKET *, 477 uint32_t, uint8_t, const uint32_t); 478int radius_set_uint32_attr(RADIUS_PACKET *, 479 uint8_t, const uint32_t); 480int radius_set_vs_uint32_attr(RADIUS_PACKET *, 481 uint32_t, uint8_t, const uint32_t); 482 483/* typed attribute accessor (uint64_t) */ 484int radius_get_uint64_attr(const RADIUS_PACKET *, 485 uint8_t, uint64_t *); 486int radius_get_vs_uint64_attr(const RADIUS_PACKET *, 487 uint32_t, uint8_t, uint64_t *); 488int radius_put_uint64_attr(RADIUS_PACKET *, 489 uint8_t, const uint64_t); 490int radius_put_vs_uint64_attr(RADIUS_PACKET *, 491 uint32_t, uint8_t, const uint64_t); 492int radius_set_uint64_attr(RADIUS_PACKET *, 493 uint8_t, const uint64_t); 494int radius_set_vs_uint64_attr(RADIUS_PACKET *, 495 uint32_t, uint8_t, const uint64_t); 496 497/* typed attribute accessor (ipv4) */ 498int radius_get_ipv4_attr(const RADIUS_PACKET *, 499 uint8_t, struct in_addr *); 500int radius_get_vs_ipv4_attr(const RADIUS_PACKET *, 501 uint32_t, uint8_t, struct in_addr *); 502int radius_put_ipv4_attr(RADIUS_PACKET *, 503 uint8_t, const struct in_addr); 504int radius_put_vs_ipv4_attr(RADIUS_PACKET *, 505 uint32_t, uint8_t, const struct in_addr); 506int radius_set_ipv4_attr(RADIUS_PACKET *, 507 uint8_t, const struct in_addr); 508int radius_set_vs_ipv4_attr(RADIUS_PACKET *, 509 uint32_t, uint8_t, const struct in_addr); 510 511/* typed attribute accessor (ipv6) */ 512int radius_get_ipv6_attr(const RADIUS_PACKET *, 513 uint8_t, struct in6_addr *); 514int radius_get_vs_ipv6_attr(const RADIUS_PACKET *, 515 uint32_t, uint8_t, struct in6_addr *); 516int radius_put_ipv6_attr(RADIUS_PACKET *, 517 uint8_t, const struct in6_addr *); 518int radius_put_vs_ipv6_attr(RADIUS_PACKET *, 519 uint32_t, uint8_t, const struct in6_addr *); 520int radius_set_ipv6_attr(RADIUS_PACKET *, 521 uint8_t, const struct in6_addr *); 522int radius_set_vs_ipv6_attr(RADIUS_PACKET *, 523 uint32_t, uint8_t, const struct in6_addr *); 524 525/* message authenticator */ 526int radius_put_message_authenticator(RADIUS_PACKET *, 527 const char *); 528int radius_set_message_authenticator(RADIUS_PACKET *, 529 const char *); 530int radius_check_message_authenticator(RADIUS_PACKET *, 531 const char *); 532 533/* encryption */ 534int radius_encrypt_user_password_attr(void *, size_t *, 535 const char *, const void *, const char *); 536int radius_decrypt_user_password_attr(char *, size_t, 537 const void *, size_t, const void *, const char *); 538int radius_encrypt_mppe_key_attr(void *, size_t *, 539 const void *, size_t, const void *, const char *); 540int radius_decrypt_mppe_key_attr(void *, size_t *, const void *, 541 size_t, const void *, const char *); 542 543/* encrypted attribute */ 544int radius_get_user_password_attr(const RADIUS_PACKET *, 545 char *, size_t, const char *); 546int radius_put_user_password_attr(RADIUS_PACKET *, 547 const char *, const char *); 548int radius_get_mppe_send_key_attr(const RADIUS_PACKET *, void *, 549 size_t *, const char *); 550int radius_put_mppe_send_key_attr(RADIUS_PACKET *, 551 const void *, size_t, const char *); 552int radius_get_mppe_recv_key_attr(const RADIUS_PACKET *, 553 void *, size_t *, const char *); 554int radius_put_mppe_recv_key_attr(RADIUS_PACKET *, const void *, 555 size_t, const char *); 556 557int radius_get_eap_msk(const RADIUS_PACKET *, void *, size_t *, 558 const char *); 559 560/* helpers */ 561RADIUS_PACKET *radius_recvfrom(int, int, struct sockaddr *, socklen_t *); 562int radius_sendto(int, const RADIUS_PACKET *, int flags, 563 const struct sockaddr *, socklen_t); 564RADIUS_PACKET *radius_recv(int, int); 565int radius_send(int, const RADIUS_PACKET *, int); 566RADIUS_PACKET *radius_recvmsg(int, struct msghdr *, int); 567int radius_sendmsg(int, const RADIUS_PACKET *, 568 const struct msghdr *, int); 569 570__END_DECLS 571 572#endif 573