Gitiles
Code Review Sign In
gerrit.omnirom.org / android_external_wpa_supplicant_8 / 950d1568eb203b1f9e09ecfa7a0ba575ee2f0172 / . / src / radius / radius_client.h
blob: 18e729041b30d653ffe7b334df8cbfd825520cf8 [file] [log] [blame]
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]1/*
2 * RADIUS client
3 * Copyright (c) 2002-2009, Jouni Malinen <j@w1.fi>
4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License version 2 as
7 * published by the Free Software Foundation.
8 *
9 * Alternatively, this software may be distributed under the terms of BSD
10 * license.
11 *
12 * See README and COPYING for more details.
13 */
14
15#ifndef RADIUS_CLIENT_H
16#define RADIUS_CLIENT_H
17
18#include "ip_addr.h"
19
20struct radius_msg;
21
22/**
23 * struct hostapd_radius_server - RADIUS server information for RADIUS client
24 *
25 * This structure contains information about a RADIUS server. The values are
26 * mainly for MIB information. The MIB variable prefix (radiusAuth or
27 * radiusAcc) depends on whether this is an authentication or accounting
28 * server.
29 *
30 * radiusAuthClientPendingRequests (or radiusAccClientPendingRequests) is the
31 * number struct radius_client_data::msgs for matching msg_type.
32 */
33struct hostapd_radius_server {
34 /**
35 * addr - radiusAuthServerAddress or radiusAccServerAddress
36 */
37 struct hostapd_ip_addr addr;
38
39 /**
40 * port - radiusAuthClientServerPortNumber or radiusAccClientServerPortNumber
41 */
42 int port;
43
44 /**
45 * shared_secret - Shared secret for authenticating RADIUS messages
46 */
47 u8 *shared_secret;
48
49 /**
50 * shared_secret_len - Length of shared_secret in octets
51 */
52 size_t shared_secret_len;
53
54 /* Dynamic (not from configuration file) MIB data */
55
56 /**
57 * index - radiusAuthServerIndex or radiusAccServerIndex
58 */
59 int index;
60
61 /**
62 * round_trip_time - radiusAuthClientRoundTripTime or radiusAccClientRoundTripTime
63 * Round-trip time in hundredths of a second.
64 */
65 int round_trip_time;
66
67 /**
68 * requests - radiusAuthClientAccessRequests or radiusAccClientRequests
69 */
70 u32 requests;
71
72 /**
73 * retransmissions - radiusAuthClientAccessRetransmissions or radiusAccClientRetransmissions
74 */
75 u32 retransmissions;
76
77 /**
78 * access_accepts - radiusAuthClientAccessAccepts
79 */
80 u32 access_accepts;
81
82 /**
83 * access_rejects - radiusAuthClientAccessRejects
84 */
85 u32 access_rejects;
86
87 /**
88 * access_challenges - radiusAuthClientAccessChallenges
89 */
90 u32 access_challenges;
91
92 /**
93 * responses - radiusAccClientResponses
94 */
95 u32 responses;
96
97 /**
98 * malformed_responses - radiusAuthClientMalformedAccessResponses or radiusAccClientMalformedResponses
99 */
100 u32 malformed_responses;
101
102 /**
103 * bad_authenticators - radiusAuthClientBadAuthenticators or radiusAccClientBadAuthenticators
104 */
105 u32 bad_authenticators;
106
107 /**
108 * timeouts - radiusAuthClientTimeouts or radiusAccClientTimeouts
109 */
110 u32 timeouts;
111
112 /**
113 * unknown_types - radiusAuthClientUnknownTypes or radiusAccClientUnknownTypes
114 */
115 u32 unknown_types;
116
117 /**
118 * packets_dropped - radiusAuthClientPacketsDropped or radiusAccClientPacketsDropped
119 */
120 u32 packets_dropped;
121};
122
123/**
124 * struct hostapd_radius_servers - RADIUS servers for RADIUS client
125 */
126struct hostapd_radius_servers {
127 /**
128 * auth_servers - RADIUS Authentication servers in priority order
129 */
130 struct hostapd_radius_server *auth_servers;
131
132 /**
133 * num_auth_servers - Number of auth_servers entries
134 */
135 int num_auth_servers;
136
137 /**
138 * auth_server - The current Authentication server
139 */
140 struct hostapd_radius_server *auth_server;
141
142 /**
143 * acct_servers - RADIUS Accounting servers in priority order
144 */
145 struct hostapd_radius_server *acct_servers;
146
147 /**
148 * num_acct_servers - Number of acct_servers entries
149 */
150 int num_acct_servers;
151
152 /**
153 * acct_server - The current Accounting server
154 */
155 struct hostapd_radius_server *acct_server;
156
157 /**
158 * retry_primary_interval - Retry interval for trying primary server
159 *
160 * This specifies a retry interval in sexconds for trying to return to
161 * the primary RADIUS server. RADIUS client code will automatically try
162 * to use the next server when the current server is not replying to
163 * requests. If this interval is set (non-zero), the primary server
164 * will be retried after the specified number of seconds has passed
165 * even if the current used secondary server is still working.
166 */
167 int retry_primary_interval;
168
169 /**
170 * msg_dumps - Whether RADIUS message details are shown in stdout
171 */
172 int msg_dumps;
173
174 /**
175 * client_addr - Client (local) address to use if force_client_addr
176 */
177 struct hostapd_ip_addr client_addr;
178
179 /**
180 * force_client_addr - Whether to force client (local) address
181 */
182 int force_client_addr;
183};
184
185
186/**
187 * RadiusType - RADIUS server type for RADIUS client
188 */
189typedef enum {
190 /**
191 * RADIUS authentication
192 */
193 RADIUS_AUTH,
194
195 /**
196 * RADIUS_ACCT - RADIUS accounting
197 */
198 RADIUS_ACCT,
199
200 /**
201 * RADIUS_ACCT_INTERIM - RADIUS interim accounting message
202 *
203 * Used only with radius_client_send(). This behaves just like
204 * RADIUS_ACCT, but removes any pending interim RADIUS Accounting
205 * messages for the same STA before sending the new interim update.
206 */
207 RADIUS_ACCT_INTERIM
208} RadiusType;
209
210/**
211 * RadiusRxResult - RADIUS client RX handler result
212 */
213typedef enum {
214 /**
215 * RADIUS_RX_PROCESSED - Message processed
216 *
217 * This stops handler calls and frees the message.
218 */
219 RADIUS_RX_PROCESSED,
220
221 /**
222 * RADIUS_RX_QUEUED - Message has been queued
223 *
224 * This stops handler calls, but does not free the message; the handler
225 * that returned this is responsible for eventually freeing the
226 * message.
227 */
228 RADIUS_RX_QUEUED,
229
230 /**
231 * RADIUS_RX_UNKNOWN - Message is not for this handler
232 */
233 RADIUS_RX_UNKNOWN,
234
235 /**
236 * RADIUS_RX_INVALID_AUTHENTICATOR - Message has invalid Authenticator
237 */
238 RADIUS_RX_INVALID_AUTHENTICATOR
239} RadiusRxResult;
240
241struct radius_client_data;
242
243int radius_client_register(struct radius_client_data *radius,
244 RadiusType msg_type,
245 RadiusRxResult (*handler)
246 (struct radius_msg *msg, struct radius_msg *req,
247 const u8 *shared_secret, size_t shared_secret_len,
248 void *data),
249 void *data);
250int radius_client_send(struct radius_client_data *radius,
251 struct radius_msg *msg,
252 RadiusType msg_type, const u8 *addr);
253u8 radius_client_get_id(struct radius_client_data *radius);
254void radius_client_flush(struct radius_client_data *radius, int only_auth);
255struct radius_client_data *
256radius_client_init(void *ctx, struct hostapd_radius_servers *conf);
257void radius_client_deinit(struct radius_client_data *radius);
258void radius_client_flush_auth(struct radius_client_data *radius,
259 const u8 *addr);
260int radius_client_get_mib(struct radius_client_data *radius, char *buf,
261 size_t buflen);
262void radius_client_reconfig(struct radius_client_data *radius,
263 struct hostapd_radius_servers *conf);
264
265#endif /* RADIUS_CLIENT_H */