xref: /openbsd-src/usr.sbin/radiusd/radiusd_local.h (revision f2da64fbbbf1b03f09f390ab01267c93dfd77c4c) 
1 /*	$OpenBSD: radiusd_local.h,v 1.3 2015/08/21 06:16:13 deraadt Exp $	*/
2 
3 /*
4  * Copyright (c) 2013 Internet Initiative Japan Inc.
5  *
6  * Permission to use, copy, modify, and distribute this software for any
7  * purpose with or without fee is hereby granted, provided that the above
8  * copyright notice and this permission notice appear in all copies.
9  *
10  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
11  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
12  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
13  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
14  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17  */
18 
19 #include <sys/socket.h>		/* for struct sockaddr_storage */
20 #include <sys/queue.h>		/* for TAILQ_* */
21 #include <netinet/in.h>		/* for struct sockaddr_in* */
22 
23 #include <event.h>		/* for struct event */
24 #include <imsg.h>		/* for struct imsgbuf */
25 #include <stdarg.h>		/* for va_list */
26 #include <stdbool.h>		/* for bool */
27 
28 #include <radius.h>		/* for RADIUS_PACKET */
29 
30 #define	MODULE_IO_TIMEOUT	2000
31 
32 #define	CONFFILE			"/etc/radiusd.conf"
33 struct radius_query;	/* XXX */
34 
35 struct radiusd_addr {
36 	union {
37 		struct in_addr			 ipv4;
38 		struct in6_addr			 ipv6;
39 		uint32_t			 addr32[4];
40 	} addr;
41 };
42 
43 struct radiusd_listen {
44 	struct radiusd				*radiusd;
45 	struct event				 ev;
46 	int					 sock;
47 	union {
48 		struct sockaddr_in		 ipv4;
49 		struct sockaddr_in6		 ipv6;
50 	} addr;
51 	int					 stype;
52 	int					 sproto;
53 	TAILQ_ENTRY(radiusd_listen)		 next;
54 };
55 
56 TAILQ_HEAD(radiusd_listen_head, radiusd_listen);
57 
58 struct radiusd_client {
59 	char					 secret[RADIUSD_SECRET_MAX];
60 	bool					 msgauth_required;
61 	int					 af;
62 	struct radiusd_addr			 addr;
63 	struct radiusd_addr			 mask;
64 	TAILQ_ENTRY(radiusd_client)		 next;
65 };
66 
67 struct radiusd_module {
68 	char				 name[RADIUSD_MODULE_NAME_LEN];
69 	struct radiusd			*radiusd;
70 	pid_t				 pid;
71 	int				 fd;
72 	struct imsgbuf			 ibuf;
73 	struct event			 ev;
74 	bool				 writeready;
75 	bool				 stopped;
76 	uint32_t			 capabilities;
77 	u_char				*radpkt;
78 	int				 radpktsiz;
79 	int				 radpktoff;
80 	char				*secret;
81 	TAILQ_ENTRY(radiusd_module)	 next;
82 	int	 (*request_decoration)(void *, struct radius_query *);
83 	int	 (*response_decoration)(void *, struct radius_query *);
84 };
85 
86 struct radiusd_module_ref {
87 	struct radiusd_module		*module;
88 	TAILQ_ENTRY(radiusd_module_ref)	 next;
89 };
90 
91 struct radiusd_authentication {
92 	char					**username;
93 	char					 *secret;
94 	struct radiusd_module_ref		 *auth;
95 	TAILQ_HEAD(,radiusd_module_ref)		  deco;
96 	TAILQ_ENTRY(radiusd_authentication)	  next;
97 };
98 
99 struct radiusd {
100 	struct radiusd_listen_head		 listen;
101 	struct event				 ev_sigterm;
102 	struct event				 ev_sighup;
103 	struct event				 ev_sigint;
104 	struct event				 ev_sigchld;
105 	TAILQ_HEAD(,radiusd_module)		 module;
106 	TAILQ_HEAD(,radiusd_authentication)	 authen;
107 	TAILQ_HEAD(,radiusd_client)		 client;
108 	TAILQ_HEAD(,radius_query)		 query;
109 };
110 
111 struct radius_query {
112 	u_int				 id;
113 	struct sockaddr_storage		 clientaddr;
114 	int				 clientaddrlen;
115 	int				 req_id;
116 	u_char				 req_auth[16];
117 	struct radiusd_listen		*listen;
118 	struct radiusd_client		*client;
119 	struct radiusd_authentication	*authen;
120 	RADIUS_PACKET			*req;
121 	RADIUS_PACKET			*res;
122 	int				 req_modified;
123 	int				 res_modified;
124 	char				 username[256]; /* original username */
125 	TAILQ_ENTRY(radius_query)	 next;
126 };
127 #ifndef nitems
128 #define nitems(_x)    (sizeof((_x)) / sizeof((_x)[0]))
129 #endif
130 
131 #ifdef RADIUSD_DEBUG
132 #define	RADIUSD_DBG(x)	log_debug x
133 #else
134 #define	RADIUSD_DBG(x)
135 #endif
136 #define	RADIUSD_ASSERT(_cond)					\
137 	do {							\
138 		if (!(_cond)) {					\
139 			log_warnx(				\
140 			    "ASSERT(%s) failed in %s() at %s:%d",\
141 			    #_cond, __func__, __FILE__, __LINE__);\
142 			if (debug) abort();			\
143 		}						\
144 	} while (0/* CONSTCOND */)
145 
146 
147 #define	MODULE_DO_USERPASS(_m)					\
148 	((_m)->fd >= 0 &&					\
149 	    ((_m)->capabilities & RADIUSD_MODULE_CAP_USERPASS) != 0)
150 #define	MODULE_DO_ACCSREQ(_m)					\
151 	((_m)->fd >= 0 &&					\
152 	    ((_m)->capabilities & RADIUSD_MODULE_CAP_ACCSREQ) != 0)
153 
154 extern struct radiusd_module mod_standard;
155 extern struct radiusd_module mod_radius;
156 
157 int	 parse_config(const char *, struct radiusd *);
158 void	 radiusd_conf_init(struct radiusd *);
159 
160 
161 struct radiusd_module	*radiusd_module_load(struct radiusd *, const char *,
162 			    const char *);
163 void			 radiusd_module_unload(struct radiusd_module *);
164 
165 void		 radiusd_access_request_answer(struct radius_query *);
166 int		 radiusd_access_request_fixup(struct radius_query *);
167 void		 radiusd_access_request_aborted(struct radius_query *);
168 void		 radius_attr_hide(const char *, const char *, const u_char *,
169 		    u_char *, int);
170 void		 radius_attr_unhide(const char *, const char *, const u_char *,
171 		    u_char *, int);
172 
173 int radiusd_module_set(struct radiusd_module *, const char *, int, char * const *);
174