xref: /freebsd/contrib/wpa/src/radius/radius_server.h (revision 8aac90f18aef7c9eea906c3ff9a001ca7b94f375)
1 /*
2  * RADIUS authentication server
3  * Copyright (c) 2005-2009, 2011, Jouni Malinen <j@w1.fi>
4  *
5  * This software may be distributed under the terms of the BSD license.
6  * See README for more details.
7  */
8 
9 #ifndef RADIUS_SERVER_H
10 #define RADIUS_SERVER_H
11 
12 struct radius_server_data;
13 struct eap_user;
14 
15 /**
16  * struct radius_server_conf - RADIUS server configuration
17  */
18 struct radius_server_conf {
19 	/**
20 	 * auth_port - UDP port to listen to as an authentication server
21 	 */
22 	int auth_port;
23 
24 	/**
25 	 * acct_port - UDP port to listen to as an accounting server
26 	 */
27 	int acct_port;
28 
29 	/**
30 	 * client_file - RADIUS client configuration file
31 	 *
32 	 * This file contains the RADIUS clients and the shared secret to be
33 	 * used with them in a format where each client is on its own line. The
34 	 * first item on the line is the IPv4 or IPv6 address of the client
35 	 * with an optional address mask to allow full network to be specified
36 	 * (e.g., 192.168.1.2 or 192.168.1.0/24). This is followed by white
37 	 * space (space or tabulator) and the shared secret. Lines starting
38 	 * with '#' are skipped and can be used as comments.
39 	 */
40 	char *client_file;
41 
42 	/**
43 	 * sqlite_file - SQLite database for storing debug log information
44 	 */
45 	const char *sqlite_file;
46 
47 	/**
48 	 * conf_ctx - Context pointer for callbacks
49 	 *
50 	 * This is used as the ctx argument in get_eap_user() calls.
51 	 */
52 	void *conf_ctx;
53 
54 	const char *erp_domain;
55 
56 	/**
57 	 * ipv6 - Whether to enable IPv6 support in the RADIUS server
58 	 */
59 	int ipv6;
60 
61 	/**
62 	 * get_eap_user - Callback for fetching EAP user information
63 	 * @ctx: Context data from conf_ctx
64 	 * @identity: User identity
65 	 * @identity_len: identity buffer length in octets
66 	 * @phase2: Whether this is for Phase 2 identity
67 	 * @user: Data structure for filling in the user information
68 	 * Returns: 0 on success, -1 on failure
69 	 *
70 	 * This is used to fetch information from user database. The callback
71 	 * will fill in information about allowed EAP methods and the user
72 	 * password. The password field will be an allocated copy of the
73 	 * password data and RADIUS server will free it after use.
74 	 */
75 	int (*get_eap_user)(void *ctx, const u8 *identity, size_t identity_len,
76 			    int phase2, struct eap_user *user);
77 
78 	/**
79 	 * eap_req_id_text - Optional data for EAP-Request/Identity
80 	 *
81 	 * This can be used to configure an optional, displayable message that
82 	 * will be sent in EAP-Request/Identity. This string can contain an
83 	 * ASCII-0 character (nul) to separate network infromation per RFC
84 	 * 4284. The actual string length is explicit provided in
85 	 * eap_req_id_text_len since nul character will not be used as a string
86 	 * terminator.
87 	 */
88 	const char *eap_req_id_text;
89 
90 	/**
91 	 * eap_req_id_text_len - Length of eap_req_id_text buffer in octets
92 	 */
93 	size_t eap_req_id_text_len;
94 
95 #ifdef CONFIG_RADIUS_TEST
96 	const char *dump_msk_file;
97 #endif /* CONFIG_RADIUS_TEST */
98 
99 	char *subscr_remediation_url;
100 	u8 subscr_remediation_method;
101 	char *hs20_sim_provisioning_url;
102 
103 	char *t_c_server_url;
104 
105 	struct eap_config *eap_cfg;
106 };
107 
108 
109 struct radius_server_data *
110 radius_server_init(struct radius_server_conf *conf);
111 
112 void radius_server_erp_flush(struct radius_server_data *data);
113 void radius_server_deinit(struct radius_server_data *data);
114 
115 int radius_server_get_mib(struct radius_server_data *data, char *buf,
116 			  size_t buflen);
117 
118 void radius_server_eap_pending_cb(struct radius_server_data *data, void *ctx);
119 int radius_server_dac_request(struct radius_server_data *data, const char *req);
120 
121 #endif /* RADIUS_SERVER_H */
122