139beb93cSSam Leffler /* 2e28a4053SRui Paulo * RADIUS client 3e28a4053SRui Paulo * Copyright (c) 2002-2009, Jouni Malinen <j@w1.fi> 439beb93cSSam Leffler * 5f05cddf9SRui Paulo * This software may be distributed under the terms of the BSD license. 6f05cddf9SRui Paulo * See README for more details. 739beb93cSSam Leffler */ 839beb93cSSam Leffler 939beb93cSSam Leffler #ifndef RADIUS_CLIENT_H 1039beb93cSSam Leffler #define RADIUS_CLIENT_H 1139beb93cSSam Leffler 1239beb93cSSam Leffler #include "ip_addr.h" 1339beb93cSSam Leffler 1439beb93cSSam Leffler struct radius_msg; 1539beb93cSSam Leffler 16e28a4053SRui Paulo /** 17e28a4053SRui Paulo * struct hostapd_radius_server - RADIUS server information for RADIUS client 18e28a4053SRui Paulo * 19e28a4053SRui Paulo * This structure contains information about a RADIUS server. The values are 20e28a4053SRui Paulo * mainly for MIB information. The MIB variable prefix (radiusAuth or 21e28a4053SRui Paulo * radiusAcc) depends on whether this is an authentication or accounting 22e28a4053SRui Paulo * server. 23e28a4053SRui Paulo * 24e28a4053SRui Paulo * radiusAuthClientPendingRequests (or radiusAccClientPendingRequests) is the 25e28a4053SRui Paulo * number struct radius_client_data::msgs for matching msg_type. 26e28a4053SRui Paulo */ 2739beb93cSSam Leffler struct hostapd_radius_server { 28e28a4053SRui Paulo /** 29e28a4053SRui Paulo * addr - radiusAuthServerAddress or radiusAccServerAddress 30e28a4053SRui Paulo */ 31e28a4053SRui Paulo struct hostapd_ip_addr addr; 32e28a4053SRui Paulo 33e28a4053SRui Paulo /** 34e28a4053SRui Paulo * port - radiusAuthClientServerPortNumber or radiusAccClientServerPortNumber 35e28a4053SRui Paulo */ 36e28a4053SRui Paulo int port; 37e28a4053SRui Paulo 38e28a4053SRui Paulo /** 39e28a4053SRui Paulo * shared_secret - Shared secret for authenticating RADIUS messages 40e28a4053SRui Paulo */ 4139beb93cSSam Leffler u8 *shared_secret; 42e28a4053SRui Paulo 43e28a4053SRui Paulo /** 44e28a4053SRui Paulo * shared_secret_len - Length of shared_secret in octets 45e28a4053SRui Paulo */ 4639beb93cSSam Leffler size_t shared_secret_len; 4739beb93cSSam Leffler 4839beb93cSSam Leffler /* Dynamic (not from configuration file) MIB data */ 49e28a4053SRui Paulo 50e28a4053SRui Paulo /** 51e28a4053SRui Paulo * index - radiusAuthServerIndex or radiusAccServerIndex 52e28a4053SRui Paulo */ 53e28a4053SRui Paulo int index; 54e28a4053SRui Paulo 55e28a4053SRui Paulo /** 56e28a4053SRui Paulo * round_trip_time - radiusAuthClientRoundTripTime or radiusAccClientRoundTripTime 57e28a4053SRui Paulo * Round-trip time in hundredths of a second. 58e28a4053SRui Paulo */ 59e28a4053SRui Paulo int round_trip_time; 60e28a4053SRui Paulo 61e28a4053SRui Paulo /** 62e28a4053SRui Paulo * requests - radiusAuthClientAccessRequests or radiusAccClientRequests 63e28a4053SRui Paulo */ 64e28a4053SRui Paulo u32 requests; 65e28a4053SRui Paulo 66e28a4053SRui Paulo /** 67e28a4053SRui Paulo * retransmissions - radiusAuthClientAccessRetransmissions or radiusAccClientRetransmissions 68e28a4053SRui Paulo */ 69e28a4053SRui Paulo u32 retransmissions; 70e28a4053SRui Paulo 71e28a4053SRui Paulo /** 72e28a4053SRui Paulo * access_accepts - radiusAuthClientAccessAccepts 73e28a4053SRui Paulo */ 74e28a4053SRui Paulo u32 access_accepts; 75e28a4053SRui Paulo 76e28a4053SRui Paulo /** 77e28a4053SRui Paulo * access_rejects - radiusAuthClientAccessRejects 78e28a4053SRui Paulo */ 79e28a4053SRui Paulo u32 access_rejects; 80e28a4053SRui Paulo 81e28a4053SRui Paulo /** 82e28a4053SRui Paulo * access_challenges - radiusAuthClientAccessChallenges 83e28a4053SRui Paulo */ 84e28a4053SRui Paulo u32 access_challenges; 85e28a4053SRui Paulo 86e28a4053SRui Paulo /** 87e28a4053SRui Paulo * responses - radiusAccClientResponses 88e28a4053SRui Paulo */ 89e28a4053SRui Paulo u32 responses; 90e28a4053SRui Paulo 91e28a4053SRui Paulo /** 92e28a4053SRui Paulo * malformed_responses - radiusAuthClientMalformedAccessResponses or radiusAccClientMalformedResponses 93e28a4053SRui Paulo */ 94e28a4053SRui Paulo u32 malformed_responses; 95e28a4053SRui Paulo 96e28a4053SRui Paulo /** 97e28a4053SRui Paulo * bad_authenticators - radiusAuthClientBadAuthenticators or radiusAccClientBadAuthenticators 98e28a4053SRui Paulo */ 99e28a4053SRui Paulo u32 bad_authenticators; 100e28a4053SRui Paulo 101e28a4053SRui Paulo /** 102e28a4053SRui Paulo * timeouts - radiusAuthClientTimeouts or radiusAccClientTimeouts 103e28a4053SRui Paulo */ 104e28a4053SRui Paulo u32 timeouts; 105e28a4053SRui Paulo 106e28a4053SRui Paulo /** 107e28a4053SRui Paulo * unknown_types - radiusAuthClientUnknownTypes or radiusAccClientUnknownTypes 108e28a4053SRui Paulo */ 109e28a4053SRui Paulo u32 unknown_types; 110e28a4053SRui Paulo 111e28a4053SRui Paulo /** 112e28a4053SRui Paulo * packets_dropped - radiusAuthClientPacketsDropped or radiusAccClientPacketsDropped 113e28a4053SRui Paulo */ 114e28a4053SRui Paulo u32 packets_dropped; 11539beb93cSSam Leffler }; 11639beb93cSSam Leffler 117e28a4053SRui Paulo /** 118e28a4053SRui Paulo * struct hostapd_radius_servers - RADIUS servers for RADIUS client 119e28a4053SRui Paulo */ 12039beb93cSSam Leffler struct hostapd_radius_servers { 121e28a4053SRui Paulo /** 122e28a4053SRui Paulo * auth_servers - RADIUS Authentication servers in priority order 123e28a4053SRui Paulo */ 124e28a4053SRui Paulo struct hostapd_radius_server *auth_servers; 125e28a4053SRui Paulo 126e28a4053SRui Paulo /** 127e28a4053SRui Paulo * num_auth_servers - Number of auth_servers entries 128e28a4053SRui Paulo */ 12939beb93cSSam Leffler int num_auth_servers; 130e28a4053SRui Paulo 131e28a4053SRui Paulo /** 132e28a4053SRui Paulo * auth_server - The current Authentication server 133e28a4053SRui Paulo */ 134e28a4053SRui Paulo struct hostapd_radius_server *auth_server; 135e28a4053SRui Paulo 136e28a4053SRui Paulo /** 137e28a4053SRui Paulo * acct_servers - RADIUS Accounting servers in priority order 138e28a4053SRui Paulo */ 139e28a4053SRui Paulo struct hostapd_radius_server *acct_servers; 140e28a4053SRui Paulo 141e28a4053SRui Paulo /** 142e28a4053SRui Paulo * num_acct_servers - Number of acct_servers entries 143e28a4053SRui Paulo */ 14439beb93cSSam Leffler int num_acct_servers; 14539beb93cSSam Leffler 146e28a4053SRui Paulo /** 147e28a4053SRui Paulo * acct_server - The current Accounting server 148e28a4053SRui Paulo */ 149e28a4053SRui Paulo struct hostapd_radius_server *acct_server; 15039beb93cSSam Leffler 151e28a4053SRui Paulo /** 152e28a4053SRui Paulo * retry_primary_interval - Retry interval for trying primary server 153e28a4053SRui Paulo * 154e28a4053SRui Paulo * This specifies a retry interval in sexconds for trying to return to 155e28a4053SRui Paulo * the primary RADIUS server. RADIUS client code will automatically try 156e28a4053SRui Paulo * to use the next server when the current server is not replying to 157e28a4053SRui Paulo * requests. If this interval is set (non-zero), the primary server 158e28a4053SRui Paulo * will be retried after the specified number of seconds has passed 159e28a4053SRui Paulo * even if the current used secondary server is still working. 160e28a4053SRui Paulo */ 161e28a4053SRui Paulo int retry_primary_interval; 162e28a4053SRui Paulo 163e28a4053SRui Paulo /** 164e28a4053SRui Paulo * msg_dumps - Whether RADIUS message details are shown in stdout 165e28a4053SRui Paulo */ 16639beb93cSSam Leffler int msg_dumps; 16739beb93cSSam Leffler 168e28a4053SRui Paulo /** 169e28a4053SRui Paulo * client_addr - Client (local) address to use if force_client_addr 170e28a4053SRui Paulo */ 17139beb93cSSam Leffler struct hostapd_ip_addr client_addr; 172e28a4053SRui Paulo 173e28a4053SRui Paulo /** 174e28a4053SRui Paulo * force_client_addr - Whether to force client (local) address 175e28a4053SRui Paulo */ 17639beb93cSSam Leffler int force_client_addr; 177*c1d255d3SCy Schubert 178*c1d255d3SCy Schubert /** 179*c1d255d3SCy Schubert * force_client_dev - Bind the socket to a specified interface, if set 180*c1d255d3SCy Schubert */ 181*c1d255d3SCy Schubert char *force_client_dev; 18239beb93cSSam Leffler }; 18339beb93cSSam Leffler 18439beb93cSSam Leffler 185e28a4053SRui Paulo /** 186e28a4053SRui Paulo * RadiusType - RADIUS server type for RADIUS client 187e28a4053SRui Paulo */ 18839beb93cSSam Leffler typedef enum { 189e28a4053SRui Paulo /** 190e28a4053SRui Paulo * RADIUS authentication 191e28a4053SRui Paulo */ 19239beb93cSSam Leffler RADIUS_AUTH, 193e28a4053SRui Paulo 194e28a4053SRui Paulo /** 195e28a4053SRui Paulo * RADIUS_ACCT - RADIUS accounting 196e28a4053SRui Paulo */ 19739beb93cSSam Leffler RADIUS_ACCT, 198e28a4053SRui Paulo 199e28a4053SRui Paulo /** 200e28a4053SRui Paulo * RADIUS_ACCT_INTERIM - RADIUS interim accounting message 201e28a4053SRui Paulo * 202e28a4053SRui Paulo * Used only with radius_client_send(). This behaves just like 203e28a4053SRui Paulo * RADIUS_ACCT, but removes any pending interim RADIUS Accounting 204e28a4053SRui Paulo * messages for the same STA before sending the new interim update. 205e28a4053SRui Paulo */ 206e28a4053SRui Paulo RADIUS_ACCT_INTERIM 20739beb93cSSam Leffler } RadiusType; 20839beb93cSSam Leffler 209e28a4053SRui Paulo /** 210e28a4053SRui Paulo * RadiusRxResult - RADIUS client RX handler result 211e28a4053SRui Paulo */ 21239beb93cSSam Leffler typedef enum { 213e28a4053SRui Paulo /** 214e28a4053SRui Paulo * RADIUS_RX_PROCESSED - Message processed 215e28a4053SRui Paulo * 216e28a4053SRui Paulo * This stops handler calls and frees the message. 217e28a4053SRui Paulo */ 21839beb93cSSam Leffler RADIUS_RX_PROCESSED, 219e28a4053SRui Paulo 220e28a4053SRui Paulo /** 221e28a4053SRui Paulo * RADIUS_RX_QUEUED - Message has been queued 222e28a4053SRui Paulo * 223e28a4053SRui Paulo * This stops handler calls, but does not free the message; the handler 224e28a4053SRui Paulo * that returned this is responsible for eventually freeing the 225e28a4053SRui Paulo * message. 226e28a4053SRui Paulo */ 22739beb93cSSam Leffler RADIUS_RX_QUEUED, 228e28a4053SRui Paulo 229e28a4053SRui Paulo /** 230e28a4053SRui Paulo * RADIUS_RX_UNKNOWN - Message is not for this handler 231e28a4053SRui Paulo */ 23239beb93cSSam Leffler RADIUS_RX_UNKNOWN, 233e28a4053SRui Paulo 234e28a4053SRui Paulo /** 235e28a4053SRui Paulo * RADIUS_RX_INVALID_AUTHENTICATOR - Message has invalid Authenticator 236e28a4053SRui Paulo */ 23739beb93cSSam Leffler RADIUS_RX_INVALID_AUTHENTICATOR 23839beb93cSSam Leffler } RadiusRxResult; 23939beb93cSSam Leffler 24039beb93cSSam Leffler struct radius_client_data; 24139beb93cSSam Leffler 24239beb93cSSam Leffler int radius_client_register(struct radius_client_data *radius, 24339beb93cSSam Leffler RadiusType msg_type, 24439beb93cSSam Leffler RadiusRxResult (*handler) 24539beb93cSSam Leffler (struct radius_msg *msg, struct radius_msg *req, 24639beb93cSSam Leffler const u8 *shared_secret, size_t shared_secret_len, 24739beb93cSSam Leffler void *data), 24839beb93cSSam Leffler void *data); 249780fb4a2SCy Schubert void radius_client_set_interim_error_cb(struct radius_client_data *radius, 250780fb4a2SCy Schubert void (*cb)(const u8 *addr, void *ctx), 251780fb4a2SCy Schubert void *ctx); 25239beb93cSSam Leffler int radius_client_send(struct radius_client_data *radius, 25339beb93cSSam Leffler struct radius_msg *msg, 25439beb93cSSam Leffler RadiusType msg_type, const u8 *addr); 25539beb93cSSam Leffler u8 radius_client_get_id(struct radius_client_data *radius); 25639beb93cSSam Leffler void radius_client_flush(struct radius_client_data *radius, int only_auth); 25739beb93cSSam Leffler struct radius_client_data * 25839beb93cSSam Leffler radius_client_init(void *ctx, struct hostapd_radius_servers *conf); 25939beb93cSSam Leffler void radius_client_deinit(struct radius_client_data *radius); 260e28a4053SRui Paulo void radius_client_flush_auth(struct radius_client_data *radius, 261e28a4053SRui Paulo const u8 *addr); 26239beb93cSSam Leffler int radius_client_get_mib(struct radius_client_data *radius, char *buf, 26339beb93cSSam Leffler size_t buflen); 264f05cddf9SRui Paulo void radius_client_reconfig(struct radius_client_data *radius, 265f05cddf9SRui Paulo struct hostapd_radius_servers *conf); 26639beb93cSSam Leffler 26739beb93cSSam Leffler #endif /* RADIUS_CLIENT_H */ 268