Blame - src/radius/radius_client.h - android_external_wpa_supplicant_8

blob: db40637ea03bbef4f1c52797237a4fc368d64fba [file] [log] [blame]

Dmitry Shmidt	8d520ff	2011-05-09 14:06:53 -0700	[diff] [blame]	1	/*
				2	* RADIUS client
Sunil Ravi	99c035e	2024-07-12 01:42:03 +0000	[diff] [blame]	3	* Copyright (c) 2002-2024, Jouni Malinen <j@w1.fi>
Dmitry Shmidt	8d520ff	2011-05-09 14:06:53 -0700	[diff] [blame]	4	*
Dmitry Shmidt	c5ec7f5	2012-03-06 16:33:24 -0800	[diff] [blame]	5	* This software may be distributed under the terms of the BSD license.
				6	* See README for more details.
Dmitry Shmidt	8d520ff	2011-05-09 14:06:53 -0700	[diff] [blame]	7	*/
				8
				9	#ifndef RADIUS_CLIENT_H
				10	#define RADIUS_CLIENT_H
				11
				12	#include "ip_addr.h"
				13
				14	struct radius_msg;
				15
				16	/**
				17	* struct hostapd_radius_server - RADIUS server information for RADIUS client
				18	*
				19	* This structure contains information about a RADIUS server. The values are
				20	* mainly for MIB information. The MIB variable prefix (radiusAuth or
				21	* radiusAcc) depends on whether this is an authentication or accounting
				22	* server.
				23	*
				24	* radiusAuthClientPendingRequests (or radiusAccClientPendingRequests) is the
				25	* number struct radius_client_data::msgs for matching msg_type.
				26	*/
				27	struct hostapd_radius_server {
				28	/**
				29	* addr - radiusAuthServerAddress or radiusAccServerAddress
				30	*/
				31	struct hostapd_ip_addr addr;
				32
				33	/**
				34	* port - radiusAuthClientServerPortNumber or radiusAccClientServerPortNumber
				35	*/
				36	int port;
				37
				38	/**
Sunil Ravi	99c035e	2024-07-12 01:42:03 +0000	[diff] [blame]	39	* tls - Whether to use RADIUS/TLS instead of RADIUS/UDP
				40	*/
				41	bool tls;
				42
				43	/**
Dmitry Shmidt	8d520ff	2011-05-09 14:06:53 -0700	[diff] [blame]	44	* shared_secret - Shared secret for authenticating RADIUS messages
				45	*/
				46	u8 *shared_secret;
				47
				48	/**
				49	* shared_secret_len - Length of shared_secret in octets
				50	*/
				51	size_t shared_secret_len;
				52
Sunil Ravi	99c035e	2024-07-12 01:42:03 +0000	[diff] [blame]	53	/**
				54	* ca_cert - Path to trusted CA certificate(s) for RADIUS/TLS
				55	*/
				56	char *ca_cert;
				57
				58	/**
				59	* client_cert - Path to client certificate for RADIUS/TLS
				60	*/
				61	char *client_cert;
				62
				63	/**
				64	* private_key - Path to clienbt private key for RADIUS/TLS
				65	*/
				66	char *private_key;
				67
				68	/**
				69	* private_key_passwd - Password for the private key for RADIUS/TLS
				70	*/
				71	char *private_key_passwd;
				72
Dmitry Shmidt	8d520ff	2011-05-09 14:06:53 -0700	[diff] [blame]	73	/* Dynamic (not from configuration file) MIB data */
				74
				75	/**
				76	* index - radiusAuthServerIndex or radiusAccServerIndex
				77	*/
				78	int index;
				79
				80	/**
				81	* round_trip_time - radiusAuthClientRoundTripTime or radiusAccClientRoundTripTime
				82	* Round-trip time in hundredths of a second.
				83	*/
				84	int round_trip_time;
				85
				86	/**
				87	* requests - radiusAuthClientAccessRequests or radiusAccClientRequests
				88	*/
				89	u32 requests;
				90
				91	/**
				92	* retransmissions - radiusAuthClientAccessRetransmissions or radiusAccClientRetransmissions
				93	*/
				94	u32 retransmissions;
				95
				96	/**
				97	* access_accepts - radiusAuthClientAccessAccepts
				98	*/
				99	u32 access_accepts;
				100
				101	/**
				102	* access_rejects - radiusAuthClientAccessRejects
				103	*/
				104	u32 access_rejects;
				105
				106	/**
				107	* access_challenges - radiusAuthClientAccessChallenges
				108	*/
				109	u32 access_challenges;
				110
				111	/**
				112	* responses - radiusAccClientResponses
				113	*/
				114	u32 responses;
				115
				116	/**
				117	* malformed_responses - radiusAuthClientMalformedAccessResponses or radiusAccClientMalformedResponses
				118	*/
				119	u32 malformed_responses;
				120
				121	/**
				122	* bad_authenticators - radiusAuthClientBadAuthenticators or radiusAccClientBadAuthenticators
				123	*/
				124	u32 bad_authenticators;
				125
				126	/**
				127	* timeouts - radiusAuthClientTimeouts or radiusAccClientTimeouts
				128	*/
				129	u32 timeouts;
				130
				131	/**
				132	* unknown_types - radiusAuthClientUnknownTypes or radiusAccClientUnknownTypes
				133	*/
				134	u32 unknown_types;
				135
				136	/**
				137	* packets_dropped - radiusAuthClientPacketsDropped or radiusAccClientPacketsDropped
				138	*/
				139	u32 packets_dropped;
				140	};
				141
				142	/**
				143	* struct hostapd_radius_servers - RADIUS servers for RADIUS client
				144	*/
				145	struct hostapd_radius_servers {
				146	/**
				147	* auth_servers - RADIUS Authentication servers in priority order
				148	*/
				149	struct hostapd_radius_server *auth_servers;
				150
				151	/**
				152	* num_auth_servers - Number of auth_servers entries
				153	*/
				154	int num_auth_servers;
				155
				156	/**
				157	* auth_server - The current Authentication server
				158	*/
				159	struct hostapd_radius_server *auth_server;
				160
				161	/**
				162	* acct_servers - RADIUS Accounting servers in priority order
				163	*/
				164	struct hostapd_radius_server *acct_servers;
				165
				166	/**
				167	* num_acct_servers - Number of acct_servers entries
				168	*/
				169	int num_acct_servers;
				170
				171	/**
				172	* acct_server - The current Accounting server
				173	*/
				174	struct hostapd_radius_server *acct_server;
				175
				176	/**
				177	* retry_primary_interval - Retry interval for trying primary server
				178	*
				179	* This specifies a retry interval in sexconds for trying to return to
				180	* the primary RADIUS server. RADIUS client code will automatically try
				181	* to use the next server when the current server is not replying to
				182	* requests. If this interval is set (non-zero), the primary server
				183	* will be retried after the specified number of seconds has passed
				184	* even if the current used secondary server is still working.
				185	*/
				186	int retry_primary_interval;
				187
				188	/**
				189	* msg_dumps - Whether RADIUS message details are shown in stdout
				190	*/
				191	int msg_dumps;
				192
				193	/**
				194	* client_addr - Client (local) address to use if force_client_addr
				195	*/
				196	struct hostapd_ip_addr client_addr;
				197
				198	/**
				199	* force_client_addr - Whether to force client (local) address
				200	*/
				201	int force_client_addr;
Hai Shalom	a20dcd7	2022-02-04 13:43:00 -0800	[diff] [blame]	202
				203	/**
				204	* force_client_dev - Bind the socket to a specified interface, if set
				205	*/
				206	char *force_client_dev;
Dmitry Shmidt	8d520ff	2011-05-09 14:06:53 -0700	[diff] [blame]	207	};
				208
				209
				210	/**
				211	* RadiusType - RADIUS server type for RADIUS client
				212	*/
				213	typedef enum {
				214	/**
				215	* RADIUS authentication
				216	*/
				217	RADIUS_AUTH,
				218
				219	/**
				220	* RADIUS_ACCT - RADIUS accounting
				221	*/
				222	RADIUS_ACCT,
				223
				224	/**
				225	* RADIUS_ACCT_INTERIM - RADIUS interim accounting message
				226	*
				227	* Used only with radius_client_send(). This behaves just like
				228	* RADIUS_ACCT, but removes any pending interim RADIUS Accounting
				229	* messages for the same STA before sending the new interim update.
				230	*/
				231	RADIUS_ACCT_INTERIM
				232	} RadiusType;
				233
				234	/**
				235	* RadiusRxResult - RADIUS client RX handler result
				236	*/
				237	typedef enum {
				238	/**
				239	* RADIUS_RX_PROCESSED - Message processed
				240	*
				241	* This stops handler calls and frees the message.
				242	*/
				243	RADIUS_RX_PROCESSED,
				244
				245	/**
				246	* RADIUS_RX_QUEUED - Message has been queued
				247	*
				248	* This stops handler calls, but does not free the message; the handler
				249	* that returned this is responsible for eventually freeing the
				250	* message.
				251	*/
				252	RADIUS_RX_QUEUED,
				253
				254	/**
				255	* RADIUS_RX_UNKNOWN - Message is not for this handler
				256	*/
				257	RADIUS_RX_UNKNOWN,
				258
				259	/**
				260	* RADIUS_RX_INVALID_AUTHENTICATOR - Message has invalid Authenticator
				261	*/
				262	RADIUS_RX_INVALID_AUTHENTICATOR
				263	} RadiusRxResult;
				264
				265	struct radius_client_data;
				266
				267	int radius_client_register(struct radius_client_data *radius,
				268	RadiusType msg_type,
				269	RadiusRxResult (*handler)
				270	(struct radius_msg msg, struct radius_msg req,
				271	const u8 *shared_secret, size_t shared_secret_len,
				272	void *data),
				273	void *data);
Dmitry Shmidt	9c17526	2016-03-03 10:20:07 -0800	[diff] [blame]	274	void radius_client_set_interim_error_cb(struct radius_client_data *radius,
				275	void (cb)(const u8 addr, void *ctx),
				276	void *ctx);
Dmitry Shmidt	8d520ff	2011-05-09 14:06:53 -0700	[diff] [blame]	277	int radius_client_send(struct radius_client_data *radius,
				278	struct radius_msg *msg,
				279	RadiusType msg_type, const u8 *addr);
				280	u8 radius_client_get_id(struct radius_client_data *radius);
				281	void radius_client_flush(struct radius_client_data *radius, int only_auth);
				282	struct radius_client_data *
				283	radius_client_init(void ctx, struct hostapd_radius_servers conf);
				284	void radius_client_deinit(struct radius_client_data *radius);
				285	void radius_client_flush_auth(struct radius_client_data *radius,
				286	const u8 *addr);
				287	int radius_client_get_mib(struct radius_client_data radius, char buf,
				288	size_t buflen);
				289	void radius_client_reconfig(struct radius_client_data *radius,
				290	struct hostapd_radius_servers *conf);
				291
				292	#endif /* RADIUS_CLIENT_H */