139beb93cSSam Leffler /* 2*e28a4053SRui Paulo * RADIUS client 3*e28a4053SRui Paulo * Copyright (c) 2002-2009, Jouni Malinen <j@w1.fi> 439beb93cSSam Leffler * 539beb93cSSam Leffler * This program is free software; you can redistribute it and/or modify 639beb93cSSam Leffler * it under the terms of the GNU General Public License version 2 as 739beb93cSSam Leffler * published by the Free Software Foundation. 839beb93cSSam Leffler * 939beb93cSSam Leffler * Alternatively, this software may be distributed under the terms of BSD 1039beb93cSSam Leffler * license. 1139beb93cSSam Leffler * 1239beb93cSSam Leffler * See README and COPYING for more details. 1339beb93cSSam Leffler */ 1439beb93cSSam Leffler 1539beb93cSSam Leffler #ifndef RADIUS_CLIENT_H 1639beb93cSSam Leffler #define RADIUS_CLIENT_H 1739beb93cSSam Leffler 1839beb93cSSam Leffler #include "ip_addr.h" 1939beb93cSSam Leffler 2039beb93cSSam Leffler struct radius_msg; 2139beb93cSSam Leffler 22*e28a4053SRui Paulo /** 23*e28a4053SRui Paulo * struct hostapd_radius_server - RADIUS server information for RADIUS client 24*e28a4053SRui Paulo * 25*e28a4053SRui Paulo * This structure contains information about a RADIUS server. The values are 26*e28a4053SRui Paulo * mainly for MIB information. The MIB variable prefix (radiusAuth or 27*e28a4053SRui Paulo * radiusAcc) depends on whether this is an authentication or accounting 28*e28a4053SRui Paulo * server. 29*e28a4053SRui Paulo * 30*e28a4053SRui Paulo * radiusAuthClientPendingRequests (or radiusAccClientPendingRequests) is the 31*e28a4053SRui Paulo * number struct radius_client_data::msgs for matching msg_type. 32*e28a4053SRui Paulo */ 3339beb93cSSam Leffler struct hostapd_radius_server { 34*e28a4053SRui Paulo /** 35*e28a4053SRui Paulo * addr - radiusAuthServerAddress or radiusAccServerAddress 36*e28a4053SRui Paulo */ 37*e28a4053SRui Paulo struct hostapd_ip_addr addr; 38*e28a4053SRui Paulo 39*e28a4053SRui Paulo /** 40*e28a4053SRui Paulo * port - radiusAuthClientServerPortNumber or radiusAccClientServerPortNumber 41*e28a4053SRui Paulo */ 42*e28a4053SRui Paulo int port; 43*e28a4053SRui Paulo 44*e28a4053SRui Paulo /** 45*e28a4053SRui Paulo * shared_secret - Shared secret for authenticating RADIUS messages 46*e28a4053SRui Paulo */ 4739beb93cSSam Leffler u8 *shared_secret; 48*e28a4053SRui Paulo 49*e28a4053SRui Paulo /** 50*e28a4053SRui Paulo * shared_secret_len - Length of shared_secret in octets 51*e28a4053SRui Paulo */ 5239beb93cSSam Leffler size_t shared_secret_len; 5339beb93cSSam Leffler 5439beb93cSSam Leffler /* Dynamic (not from configuration file) MIB data */ 55*e28a4053SRui Paulo 56*e28a4053SRui Paulo /** 57*e28a4053SRui Paulo * index - radiusAuthServerIndex or radiusAccServerIndex 58*e28a4053SRui Paulo */ 59*e28a4053SRui Paulo int index; 60*e28a4053SRui Paulo 61*e28a4053SRui Paulo /** 62*e28a4053SRui Paulo * round_trip_time - radiusAuthClientRoundTripTime or radiusAccClientRoundTripTime 63*e28a4053SRui Paulo * Round-trip time in hundredths of a second. 64*e28a4053SRui Paulo */ 65*e28a4053SRui Paulo int round_trip_time; 66*e28a4053SRui Paulo 67*e28a4053SRui Paulo /** 68*e28a4053SRui Paulo * requests - radiusAuthClientAccessRequests or radiusAccClientRequests 69*e28a4053SRui Paulo */ 70*e28a4053SRui Paulo u32 requests; 71*e28a4053SRui Paulo 72*e28a4053SRui Paulo /** 73*e28a4053SRui Paulo * retransmissions - radiusAuthClientAccessRetransmissions or radiusAccClientRetransmissions 74*e28a4053SRui Paulo */ 75*e28a4053SRui Paulo u32 retransmissions; 76*e28a4053SRui Paulo 77*e28a4053SRui Paulo /** 78*e28a4053SRui Paulo * access_accepts - radiusAuthClientAccessAccepts 79*e28a4053SRui Paulo */ 80*e28a4053SRui Paulo u32 access_accepts; 81*e28a4053SRui Paulo 82*e28a4053SRui Paulo /** 83*e28a4053SRui Paulo * access_rejects - radiusAuthClientAccessRejects 84*e28a4053SRui Paulo */ 85*e28a4053SRui Paulo u32 access_rejects; 86*e28a4053SRui Paulo 87*e28a4053SRui Paulo /** 88*e28a4053SRui Paulo * access_challenges - radiusAuthClientAccessChallenges 89*e28a4053SRui Paulo */ 90*e28a4053SRui Paulo u32 access_challenges; 91*e28a4053SRui Paulo 92*e28a4053SRui Paulo /** 93*e28a4053SRui Paulo * responses - radiusAccClientResponses 94*e28a4053SRui Paulo */ 95*e28a4053SRui Paulo u32 responses; 96*e28a4053SRui Paulo 97*e28a4053SRui Paulo /** 98*e28a4053SRui Paulo * malformed_responses - radiusAuthClientMalformedAccessResponses or radiusAccClientMalformedResponses 99*e28a4053SRui Paulo */ 100*e28a4053SRui Paulo u32 malformed_responses; 101*e28a4053SRui Paulo 102*e28a4053SRui Paulo /** 103*e28a4053SRui Paulo * bad_authenticators - radiusAuthClientBadAuthenticators or radiusAccClientBadAuthenticators 104*e28a4053SRui Paulo */ 105*e28a4053SRui Paulo u32 bad_authenticators; 106*e28a4053SRui Paulo 107*e28a4053SRui Paulo /** 108*e28a4053SRui Paulo * timeouts - radiusAuthClientTimeouts or radiusAccClientTimeouts 109*e28a4053SRui Paulo */ 110*e28a4053SRui Paulo u32 timeouts; 111*e28a4053SRui Paulo 112*e28a4053SRui Paulo /** 113*e28a4053SRui Paulo * unknown_types - radiusAuthClientUnknownTypes or radiusAccClientUnknownTypes 114*e28a4053SRui Paulo */ 115*e28a4053SRui Paulo u32 unknown_types; 116*e28a4053SRui Paulo 117*e28a4053SRui Paulo /** 118*e28a4053SRui Paulo * packets_dropped - radiusAuthClientPacketsDropped or radiusAccClientPacketsDropped 119*e28a4053SRui Paulo */ 120*e28a4053SRui Paulo u32 packets_dropped; 12139beb93cSSam Leffler }; 12239beb93cSSam Leffler 123*e28a4053SRui Paulo /** 124*e28a4053SRui Paulo * struct hostapd_radius_servers - RADIUS servers for RADIUS client 125*e28a4053SRui Paulo */ 12639beb93cSSam Leffler struct hostapd_radius_servers { 127*e28a4053SRui Paulo /** 128*e28a4053SRui Paulo * auth_servers - RADIUS Authentication servers in priority order 129*e28a4053SRui Paulo */ 130*e28a4053SRui Paulo struct hostapd_radius_server *auth_servers; 131*e28a4053SRui Paulo 132*e28a4053SRui Paulo /** 133*e28a4053SRui Paulo * num_auth_servers - Number of auth_servers entries 134*e28a4053SRui Paulo */ 13539beb93cSSam Leffler int num_auth_servers; 136*e28a4053SRui Paulo 137*e28a4053SRui Paulo /** 138*e28a4053SRui Paulo * auth_server - The current Authentication server 139*e28a4053SRui Paulo */ 140*e28a4053SRui Paulo struct hostapd_radius_server *auth_server; 141*e28a4053SRui Paulo 142*e28a4053SRui Paulo /** 143*e28a4053SRui Paulo * acct_servers - RADIUS Accounting servers in priority order 144*e28a4053SRui Paulo */ 145*e28a4053SRui Paulo struct hostapd_radius_server *acct_servers; 146*e28a4053SRui Paulo 147*e28a4053SRui Paulo /** 148*e28a4053SRui Paulo * num_acct_servers - Number of acct_servers entries 149*e28a4053SRui Paulo */ 15039beb93cSSam Leffler int num_acct_servers; 15139beb93cSSam Leffler 152*e28a4053SRui Paulo /** 153*e28a4053SRui Paulo * acct_server - The current Accounting server 154*e28a4053SRui Paulo */ 155*e28a4053SRui Paulo struct hostapd_radius_server *acct_server; 15639beb93cSSam Leffler 157*e28a4053SRui Paulo /** 158*e28a4053SRui Paulo * retry_primary_interval - Retry interval for trying primary server 159*e28a4053SRui Paulo * 160*e28a4053SRui Paulo * This specifies a retry interval in sexconds for trying to return to 161*e28a4053SRui Paulo * the primary RADIUS server. RADIUS client code will automatically try 162*e28a4053SRui Paulo * to use the next server when the current server is not replying to 163*e28a4053SRui Paulo * requests. If this interval is set (non-zero), the primary server 164*e28a4053SRui Paulo * will be retried after the specified number of seconds has passed 165*e28a4053SRui Paulo * even if the current used secondary server is still working. 166*e28a4053SRui Paulo */ 167*e28a4053SRui Paulo int retry_primary_interval; 168*e28a4053SRui Paulo 169*e28a4053SRui Paulo /** 170*e28a4053SRui Paulo * msg_dumps - Whether RADIUS message details are shown in stdout 171*e28a4053SRui Paulo */ 17239beb93cSSam Leffler int msg_dumps; 17339beb93cSSam Leffler 174*e28a4053SRui Paulo /** 175*e28a4053SRui Paulo * client_addr - Client (local) address to use if force_client_addr 176*e28a4053SRui Paulo */ 17739beb93cSSam Leffler struct hostapd_ip_addr client_addr; 178*e28a4053SRui Paulo 179*e28a4053SRui Paulo /** 180*e28a4053SRui Paulo * force_client_addr - Whether to force client (local) address 181*e28a4053SRui Paulo */ 18239beb93cSSam Leffler int force_client_addr; 18339beb93cSSam Leffler }; 18439beb93cSSam Leffler 18539beb93cSSam Leffler 186*e28a4053SRui Paulo /** 187*e28a4053SRui Paulo * RadiusType - RADIUS server type for RADIUS client 188*e28a4053SRui Paulo */ 18939beb93cSSam Leffler typedef enum { 190*e28a4053SRui Paulo /** 191*e28a4053SRui Paulo * RADIUS authentication 192*e28a4053SRui Paulo */ 19339beb93cSSam Leffler RADIUS_AUTH, 194*e28a4053SRui Paulo 195*e28a4053SRui Paulo /** 196*e28a4053SRui Paulo * RADIUS_ACCT - RADIUS accounting 197*e28a4053SRui Paulo */ 19839beb93cSSam Leffler RADIUS_ACCT, 199*e28a4053SRui Paulo 200*e28a4053SRui Paulo /** 201*e28a4053SRui Paulo * RADIUS_ACCT_INTERIM - RADIUS interim accounting message 202*e28a4053SRui Paulo * 203*e28a4053SRui Paulo * Used only with radius_client_send(). This behaves just like 204*e28a4053SRui Paulo * RADIUS_ACCT, but removes any pending interim RADIUS Accounting 205*e28a4053SRui Paulo * messages for the same STA before sending the new interim update. 206*e28a4053SRui Paulo */ 207*e28a4053SRui Paulo RADIUS_ACCT_INTERIM 20839beb93cSSam Leffler } RadiusType; 20939beb93cSSam Leffler 210*e28a4053SRui Paulo /** 211*e28a4053SRui Paulo * RadiusRxResult - RADIUS client RX handler result 212*e28a4053SRui Paulo */ 21339beb93cSSam Leffler typedef enum { 214*e28a4053SRui Paulo /** 215*e28a4053SRui Paulo * RADIUS_RX_PROCESSED - Message processed 216*e28a4053SRui Paulo * 217*e28a4053SRui Paulo * This stops handler calls and frees the message. 218*e28a4053SRui Paulo */ 21939beb93cSSam Leffler RADIUS_RX_PROCESSED, 220*e28a4053SRui Paulo 221*e28a4053SRui Paulo /** 222*e28a4053SRui Paulo * RADIUS_RX_QUEUED - Message has been queued 223*e28a4053SRui Paulo * 224*e28a4053SRui Paulo * This stops handler calls, but does not free the message; the handler 225*e28a4053SRui Paulo * that returned this is responsible for eventually freeing the 226*e28a4053SRui Paulo * message. 227*e28a4053SRui Paulo */ 22839beb93cSSam Leffler RADIUS_RX_QUEUED, 229*e28a4053SRui Paulo 230*e28a4053SRui Paulo /** 231*e28a4053SRui Paulo * RADIUS_RX_UNKNOWN - Message is not for this handler 232*e28a4053SRui Paulo */ 23339beb93cSSam Leffler RADIUS_RX_UNKNOWN, 234*e28a4053SRui Paulo 235*e28a4053SRui Paulo /** 236*e28a4053SRui Paulo * RADIUS_RX_INVALID_AUTHENTICATOR - Message has invalid Authenticator 237*e28a4053SRui Paulo */ 23839beb93cSSam Leffler RADIUS_RX_INVALID_AUTHENTICATOR 23939beb93cSSam Leffler } RadiusRxResult; 24039beb93cSSam Leffler 24139beb93cSSam Leffler struct radius_client_data; 24239beb93cSSam Leffler 24339beb93cSSam Leffler int radius_client_register(struct radius_client_data *radius, 24439beb93cSSam Leffler RadiusType msg_type, 24539beb93cSSam Leffler RadiusRxResult (*handler) 24639beb93cSSam Leffler (struct radius_msg *msg, struct radius_msg *req, 24739beb93cSSam Leffler const u8 *shared_secret, size_t shared_secret_len, 24839beb93cSSam Leffler void *data), 24939beb93cSSam Leffler void *data); 25039beb93cSSam Leffler int radius_client_send(struct radius_client_data *radius, 25139beb93cSSam Leffler struct radius_msg *msg, 25239beb93cSSam Leffler RadiusType msg_type, const u8 *addr); 25339beb93cSSam Leffler u8 radius_client_get_id(struct radius_client_data *radius); 25439beb93cSSam Leffler void radius_client_flush(struct radius_client_data *radius, int only_auth); 25539beb93cSSam Leffler struct radius_client_data * 25639beb93cSSam Leffler radius_client_init(void *ctx, struct hostapd_radius_servers *conf); 25739beb93cSSam Leffler void radius_client_deinit(struct radius_client_data *radius); 258*e28a4053SRui Paulo void radius_client_flush_auth(struct radius_client_data *radius, 259*e28a4053SRui Paulo const u8 *addr); 26039beb93cSSam Leffler int radius_client_get_mib(struct radius_client_data *radius, char *buf, 26139beb93cSSam Leffler size_t buflen); 26239beb93cSSam Leffler 26339beb93cSSam Leffler #endif /* RADIUS_CLIENT_H */ 264