16d49e1aeSJan Lentfer /* 23ff40c12SJohn Marino * RADIUS client 33ff40c12SJohn Marino * Copyright (c) 2002-2009, Jouni Malinen <j@w1.fi> 46d49e1aeSJan Lentfer * 53ff40c12SJohn Marino * This software may be distributed under the terms of the BSD license. 63ff40c12SJohn Marino * See README for more details. 76d49e1aeSJan Lentfer */ 86d49e1aeSJan Lentfer 96d49e1aeSJan Lentfer #ifndef RADIUS_CLIENT_H 106d49e1aeSJan Lentfer #define RADIUS_CLIENT_H 116d49e1aeSJan Lentfer 126d49e1aeSJan Lentfer #include "ip_addr.h" 136d49e1aeSJan Lentfer 146d49e1aeSJan Lentfer struct radius_msg; 156d49e1aeSJan Lentfer 163ff40c12SJohn Marino /** 173ff40c12SJohn Marino * struct hostapd_radius_server - RADIUS server information for RADIUS client 183ff40c12SJohn Marino * 193ff40c12SJohn Marino * This structure contains information about a RADIUS server. The values are 203ff40c12SJohn Marino * mainly for MIB information. The MIB variable prefix (radiusAuth or 213ff40c12SJohn Marino * radiusAcc) depends on whether this is an authentication or accounting 223ff40c12SJohn Marino * server. 233ff40c12SJohn Marino * 243ff40c12SJohn Marino * radiusAuthClientPendingRequests (or radiusAccClientPendingRequests) is the 253ff40c12SJohn Marino * number struct radius_client_data::msgs for matching msg_type. 263ff40c12SJohn Marino */ 276d49e1aeSJan Lentfer struct hostapd_radius_server { 283ff40c12SJohn Marino /** 293ff40c12SJohn Marino * addr - radiusAuthServerAddress or radiusAccServerAddress 303ff40c12SJohn Marino */ 313ff40c12SJohn Marino struct hostapd_ip_addr addr; 323ff40c12SJohn Marino 333ff40c12SJohn Marino /** 343ff40c12SJohn Marino * port - radiusAuthClientServerPortNumber or radiusAccClientServerPortNumber 353ff40c12SJohn Marino */ 363ff40c12SJohn Marino int port; 373ff40c12SJohn Marino 383ff40c12SJohn Marino /** 393ff40c12SJohn Marino * shared_secret - Shared secret for authenticating RADIUS messages 403ff40c12SJohn Marino */ 416d49e1aeSJan Lentfer u8 *shared_secret; 423ff40c12SJohn Marino 433ff40c12SJohn Marino /** 443ff40c12SJohn Marino * shared_secret_len - Length of shared_secret in octets 453ff40c12SJohn Marino */ 466d49e1aeSJan Lentfer size_t shared_secret_len; 476d49e1aeSJan Lentfer 486d49e1aeSJan Lentfer /* Dynamic (not from configuration file) MIB data */ 493ff40c12SJohn Marino 503ff40c12SJohn Marino /** 513ff40c12SJohn Marino * index - radiusAuthServerIndex or radiusAccServerIndex 523ff40c12SJohn Marino */ 533ff40c12SJohn Marino int index; 543ff40c12SJohn Marino 553ff40c12SJohn Marino /** 563ff40c12SJohn Marino * round_trip_time - radiusAuthClientRoundTripTime or radiusAccClientRoundTripTime 573ff40c12SJohn Marino * Round-trip time in hundredths of a second. 583ff40c12SJohn Marino */ 593ff40c12SJohn Marino int round_trip_time; 603ff40c12SJohn Marino 613ff40c12SJohn Marino /** 623ff40c12SJohn Marino * requests - radiusAuthClientAccessRequests or radiusAccClientRequests 633ff40c12SJohn Marino */ 643ff40c12SJohn Marino u32 requests; 653ff40c12SJohn Marino 663ff40c12SJohn Marino /** 673ff40c12SJohn Marino * retransmissions - radiusAuthClientAccessRetransmissions or radiusAccClientRetransmissions 683ff40c12SJohn Marino */ 693ff40c12SJohn Marino u32 retransmissions; 703ff40c12SJohn Marino 713ff40c12SJohn Marino /** 723ff40c12SJohn Marino * access_accepts - radiusAuthClientAccessAccepts 733ff40c12SJohn Marino */ 743ff40c12SJohn Marino u32 access_accepts; 753ff40c12SJohn Marino 763ff40c12SJohn Marino /** 773ff40c12SJohn Marino * access_rejects - radiusAuthClientAccessRejects 783ff40c12SJohn Marino */ 793ff40c12SJohn Marino u32 access_rejects; 803ff40c12SJohn Marino 813ff40c12SJohn Marino /** 823ff40c12SJohn Marino * access_challenges - radiusAuthClientAccessChallenges 833ff40c12SJohn Marino */ 843ff40c12SJohn Marino u32 access_challenges; 853ff40c12SJohn Marino 863ff40c12SJohn Marino /** 873ff40c12SJohn Marino * responses - radiusAccClientResponses 883ff40c12SJohn Marino */ 893ff40c12SJohn Marino u32 responses; 903ff40c12SJohn Marino 913ff40c12SJohn Marino /** 923ff40c12SJohn Marino * malformed_responses - radiusAuthClientMalformedAccessResponses or radiusAccClientMalformedResponses 933ff40c12SJohn Marino */ 943ff40c12SJohn Marino u32 malformed_responses; 953ff40c12SJohn Marino 963ff40c12SJohn Marino /** 973ff40c12SJohn Marino * bad_authenticators - radiusAuthClientBadAuthenticators or radiusAccClientBadAuthenticators 983ff40c12SJohn Marino */ 993ff40c12SJohn Marino u32 bad_authenticators; 1003ff40c12SJohn Marino 1013ff40c12SJohn Marino /** 1023ff40c12SJohn Marino * timeouts - radiusAuthClientTimeouts or radiusAccClientTimeouts 1033ff40c12SJohn Marino */ 1043ff40c12SJohn Marino u32 timeouts; 1053ff40c12SJohn Marino 1063ff40c12SJohn Marino /** 1073ff40c12SJohn Marino * unknown_types - radiusAuthClientUnknownTypes or radiusAccClientUnknownTypes 1083ff40c12SJohn Marino */ 1093ff40c12SJohn Marino u32 unknown_types; 1103ff40c12SJohn Marino 1113ff40c12SJohn Marino /** 1123ff40c12SJohn Marino * packets_dropped - radiusAuthClientPacketsDropped or radiusAccClientPacketsDropped 1133ff40c12SJohn Marino */ 1143ff40c12SJohn Marino u32 packets_dropped; 1156d49e1aeSJan Lentfer }; 1166d49e1aeSJan Lentfer 1173ff40c12SJohn Marino /** 1183ff40c12SJohn Marino * struct hostapd_radius_servers - RADIUS servers for RADIUS client 1193ff40c12SJohn Marino */ 1206d49e1aeSJan Lentfer struct hostapd_radius_servers { 1213ff40c12SJohn Marino /** 1223ff40c12SJohn Marino * auth_servers - RADIUS Authentication servers in priority order 1233ff40c12SJohn Marino */ 1243ff40c12SJohn Marino struct hostapd_radius_server *auth_servers; 1253ff40c12SJohn Marino 1263ff40c12SJohn Marino /** 1273ff40c12SJohn Marino * num_auth_servers - Number of auth_servers entries 1283ff40c12SJohn Marino */ 1296d49e1aeSJan Lentfer int num_auth_servers; 1303ff40c12SJohn Marino 1313ff40c12SJohn Marino /** 1323ff40c12SJohn Marino * auth_server - The current Authentication server 1333ff40c12SJohn Marino */ 1343ff40c12SJohn Marino struct hostapd_radius_server *auth_server; 1353ff40c12SJohn Marino 1363ff40c12SJohn Marino /** 1373ff40c12SJohn Marino * acct_servers - RADIUS Accounting servers in priority order 1383ff40c12SJohn Marino */ 1393ff40c12SJohn Marino struct hostapd_radius_server *acct_servers; 1403ff40c12SJohn Marino 1413ff40c12SJohn Marino /** 1423ff40c12SJohn Marino * num_acct_servers - Number of acct_servers entries 1433ff40c12SJohn Marino */ 1446d49e1aeSJan Lentfer int num_acct_servers; 1456d49e1aeSJan Lentfer 1463ff40c12SJohn Marino /** 1473ff40c12SJohn Marino * acct_server - The current Accounting server 1483ff40c12SJohn Marino */ 1493ff40c12SJohn Marino struct hostapd_radius_server *acct_server; 1506d49e1aeSJan Lentfer 1513ff40c12SJohn Marino /** 1523ff40c12SJohn Marino * retry_primary_interval - Retry interval for trying primary server 1533ff40c12SJohn Marino * 1543ff40c12SJohn Marino * This specifies a retry interval in sexconds for trying to return to 1553ff40c12SJohn Marino * the primary RADIUS server. RADIUS client code will automatically try 1563ff40c12SJohn Marino * to use the next server when the current server is not replying to 1573ff40c12SJohn Marino * requests. If this interval is set (non-zero), the primary server 1583ff40c12SJohn Marino * will be retried after the specified number of seconds has passed 1593ff40c12SJohn Marino * even if the current used secondary server is still working. 1603ff40c12SJohn Marino */ 1613ff40c12SJohn Marino int retry_primary_interval; 1623ff40c12SJohn Marino 1633ff40c12SJohn Marino /** 1643ff40c12SJohn Marino * msg_dumps - Whether RADIUS message details are shown in stdout 1653ff40c12SJohn Marino */ 1666d49e1aeSJan Lentfer int msg_dumps; 1676d49e1aeSJan Lentfer 1683ff40c12SJohn Marino /** 1693ff40c12SJohn Marino * client_addr - Client (local) address to use if force_client_addr 1703ff40c12SJohn Marino */ 1716d49e1aeSJan Lentfer struct hostapd_ip_addr client_addr; 1723ff40c12SJohn Marino 1733ff40c12SJohn Marino /** 1743ff40c12SJohn Marino * force_client_addr - Whether to force client (local) address 1753ff40c12SJohn Marino */ 1766d49e1aeSJan Lentfer int force_client_addr; 1776d49e1aeSJan Lentfer }; 1786d49e1aeSJan Lentfer 1796d49e1aeSJan Lentfer 1803ff40c12SJohn Marino /** 1813ff40c12SJohn Marino * RadiusType - RADIUS server type for RADIUS client 1823ff40c12SJohn Marino */ 1836d49e1aeSJan Lentfer typedef enum { 1843ff40c12SJohn Marino /** 1853ff40c12SJohn Marino * RADIUS authentication 1863ff40c12SJohn Marino */ 1876d49e1aeSJan Lentfer RADIUS_AUTH, 1883ff40c12SJohn Marino 1893ff40c12SJohn Marino /** 1903ff40c12SJohn Marino * RADIUS_ACCT - RADIUS accounting 1913ff40c12SJohn Marino */ 1926d49e1aeSJan Lentfer RADIUS_ACCT, 1933ff40c12SJohn Marino 1943ff40c12SJohn Marino /** 1953ff40c12SJohn Marino * RADIUS_ACCT_INTERIM - RADIUS interim accounting message 1963ff40c12SJohn Marino * 1973ff40c12SJohn Marino * Used only with radius_client_send(). This behaves just like 1983ff40c12SJohn Marino * RADIUS_ACCT, but removes any pending interim RADIUS Accounting 1993ff40c12SJohn Marino * messages for the same STA before sending the new interim update. 2003ff40c12SJohn Marino */ 2013ff40c12SJohn Marino RADIUS_ACCT_INTERIM 2026d49e1aeSJan Lentfer } RadiusType; 2036d49e1aeSJan Lentfer 2043ff40c12SJohn Marino /** 2053ff40c12SJohn Marino * RadiusRxResult - RADIUS client RX handler result 2063ff40c12SJohn Marino */ 2076d49e1aeSJan Lentfer typedef enum { 2083ff40c12SJohn Marino /** 2093ff40c12SJohn Marino * RADIUS_RX_PROCESSED - Message processed 2103ff40c12SJohn Marino * 2113ff40c12SJohn Marino * This stops handler calls and frees the message. 2123ff40c12SJohn Marino */ 2136d49e1aeSJan Lentfer RADIUS_RX_PROCESSED, 2143ff40c12SJohn Marino 2153ff40c12SJohn Marino /** 2163ff40c12SJohn Marino * RADIUS_RX_QUEUED - Message has been queued 2173ff40c12SJohn Marino * 2183ff40c12SJohn Marino * This stops handler calls, but does not free the message; the handler 2193ff40c12SJohn Marino * that returned this is responsible for eventually freeing the 2203ff40c12SJohn Marino * message. 2213ff40c12SJohn Marino */ 2226d49e1aeSJan Lentfer RADIUS_RX_QUEUED, 2233ff40c12SJohn Marino 2243ff40c12SJohn Marino /** 2253ff40c12SJohn Marino * RADIUS_RX_UNKNOWN - Message is not for this handler 2263ff40c12SJohn Marino */ 2276d49e1aeSJan Lentfer RADIUS_RX_UNKNOWN, 2283ff40c12SJohn Marino 2293ff40c12SJohn Marino /** 2303ff40c12SJohn Marino * RADIUS_RX_INVALID_AUTHENTICATOR - Message has invalid Authenticator 2313ff40c12SJohn Marino */ 2326d49e1aeSJan Lentfer RADIUS_RX_INVALID_AUTHENTICATOR 2336d49e1aeSJan Lentfer } RadiusRxResult; 2346d49e1aeSJan Lentfer 2356d49e1aeSJan Lentfer struct radius_client_data; 2366d49e1aeSJan Lentfer 2376d49e1aeSJan Lentfer int radius_client_register(struct radius_client_data *radius, 2386d49e1aeSJan Lentfer RadiusType msg_type, 2396d49e1aeSJan Lentfer RadiusRxResult (*handler) 2406d49e1aeSJan Lentfer (struct radius_msg *msg, struct radius_msg *req, 2416d49e1aeSJan Lentfer const u8 *shared_secret, size_t shared_secret_len, 2426d49e1aeSJan Lentfer void *data), 2436d49e1aeSJan Lentfer void *data); 244*a1157835SDaniel Fojt void radius_client_set_interim_error_cb(struct radius_client_data *radius, 245*a1157835SDaniel Fojt void (*cb)(const u8 *addr, void *ctx), 246*a1157835SDaniel Fojt void *ctx); 2476d49e1aeSJan Lentfer int radius_client_send(struct radius_client_data *radius, 2486d49e1aeSJan Lentfer struct radius_msg *msg, 2496d49e1aeSJan Lentfer RadiusType msg_type, const u8 *addr); 2506d49e1aeSJan Lentfer u8 radius_client_get_id(struct radius_client_data *radius); 2516d49e1aeSJan Lentfer void radius_client_flush(struct radius_client_data *radius, int only_auth); 2526d49e1aeSJan Lentfer struct radius_client_data * 2536d49e1aeSJan Lentfer radius_client_init(void *ctx, struct hostapd_radius_servers *conf); 2546d49e1aeSJan Lentfer void radius_client_deinit(struct radius_client_data *radius); 2553ff40c12SJohn Marino void radius_client_flush_auth(struct radius_client_data *radius, 2563ff40c12SJohn Marino const u8 *addr); 2576d49e1aeSJan Lentfer int radius_client_get_mib(struct radius_client_data *radius, char *buf, 2586d49e1aeSJan Lentfer size_t buflen); 2593ff40c12SJohn Marino void radius_client_reconfig(struct radius_client_data *radius, 2603ff40c12SJohn Marino struct hostapd_radius_servers *conf); 2616d49e1aeSJan Lentfer 2626d49e1aeSJan Lentfer #endif /* RADIUS_CLIENT_H */ 263