Blame - src/radius/radius_server.h - android_external_wpa_supplicant_8

blob: 82466c30219f3196b80f19c84468e66b44102308 [file] [log] [blame]

Dmitry Shmidt	8d520ff	2011-05-09 14:06:53 -0700	[diff] [blame]	1	/*
				2	* RADIUS authentication server
Dmitry Shmidt	1f69aa5	2012-01-24 16:10:04 -0800	[diff] [blame]	3	* Copyright (c) 2005-2009, 2011, Jouni Malinen <j@w1.fi>
Dmitry Shmidt	8d520ff	2011-05-09 14:06:53 -0700	[diff] [blame]	4	*
Dmitry Shmidt	c5ec7f5	2012-03-06 16:33:24 -0800	[diff] [blame^]	5	* This software may be distributed under the terms of the BSD license.
				6	* See README for more details.
Dmitry Shmidt	8d520ff	2011-05-09 14:06:53 -0700	[diff] [blame]	7	*/
				8
				9	#ifndef RADIUS_SERVER_H
				10	#define RADIUS_SERVER_H
				11
				12	struct radius_server_data;
				13	struct eap_user;
				14
				15	/**
				16	* struct radius_server_conf - RADIUS server configuration
				17	*/
				18	struct radius_server_conf {
				19	/**
				20	* auth_port - UDP port to listen to as an authentication server
				21	*/
				22	int auth_port;
				23
				24	/**
				25	* client_file - RADIUS client configuration file
				26	*
				27	* This file contains the RADIUS clients and the shared secret to be
				28	* used with them in a format where each client is on its own line. The
				29	* first item on the line is the IPv4 or IPv6 address of the client
				30	* with an optional address mask to allow full network to be specified
				31	* (e.g., 192.168.1.2 or 192.168.1.0/24). This is followed by white
				32	* space (space or tabulator) and the shared secret. Lines starting
				33	* with '#' are skipped and can be used as comments.
				34	*/
				35	char *client_file;
				36
				37	/**
				38	* conf_ctx - Context pointer for callbacks
				39	*
				40	* This is used as the ctx argument in get_eap_user() calls.
				41	*/
				42	void *conf_ctx;
				43
				44	/**
				45	* eap_sim_db_priv - EAP-SIM/AKA database context
				46	*
				47	* This is passed to the EAP-SIM/AKA server implementation as a
				48	* callback context.
				49	*/
				50	void *eap_sim_db_priv;
				51
				52	/**
				53	* ssl_ctx - TLS context
				54	*
				55	* This is passed to the EAP server implementation as a callback
				56	* context for TLS operations.
				57	*/
				58	void *ssl_ctx;
				59
				60	/**
				61	* pac_opaque_encr_key - PAC-Opaque encryption key for EAP-FAST
				62	*
				63	* This parameter is used to set a key for EAP-FAST to encrypt the
				64	* PAC-Opaque data. It can be set to %NULL if EAP-FAST is not used. If
				65	* set, must point to a 16-octet key.
				66	*/
				67	u8 *pac_opaque_encr_key;
				68
				69	/**
				70	* eap_fast_a_id - EAP-FAST authority identity (A-ID)
				71	*
				72	* If EAP-FAST is not used, this can be set to %NULL. In theory, this
				73	* is a variable length field, but due to some existing implementations
				74	* requiring A-ID to be 16 octets in length, it is recommended to use
				75	* that length for the field to provide interoperability with deployed
				76	* peer implementations.
				77	*/
				78	u8 *eap_fast_a_id;
				79
				80	/**
				81	* eap_fast_a_id_len - Length of eap_fast_a_id buffer in octets
				82	*/
				83	size_t eap_fast_a_id_len;
				84
				85	/**
				86	* eap_fast_a_id_info - EAP-FAST authority identifier information
				87	*
				88	* This A-ID-Info contains a user-friendly name for the A-ID. For
				89	* example, this could be the enterprise and server names in
				90	* human-readable format. This field is encoded as UTF-8. If EAP-FAST
				91	* is not used, this can be set to %NULL.
				92	*/
				93	char *eap_fast_a_id_info;
				94
				95	/**
				96	* eap_fast_prov - EAP-FAST provisioning modes
				97	*
				98	* 0 = provisioning disabled, 1 = only anonymous provisioning allowed,
				99	* 2 = only authenticated provisioning allowed, 3 = both provisioning
				100	* modes allowed.
				101	*/
				102	int eap_fast_prov;
				103
				104	/**
				105	* pac_key_lifetime - EAP-FAST PAC-Key lifetime in seconds
				106	*
				107	* This is the hard limit on how long a provisioned PAC-Key can be
				108	* used.
				109	*/
				110	int pac_key_lifetime;
				111
				112	/**
				113	* pac_key_refresh_time - EAP-FAST PAC-Key refresh time in seconds
				114	*
				115	* This is a soft limit on the PAC-Key. The server will automatically
				116	* generate a new PAC-Key when this number of seconds (or fewer) of the
				117	* lifetime remains.
				118	*/
				119	int pac_key_refresh_time;
				120
				121	/**
				122	* eap_sim_aka_result_ind - EAP-SIM/AKA protected success indication
				123	*
				124	* This controls whether the protected success/failure indication
				125	* (AT_RESULT_IND) is used with EAP-SIM and EAP-AKA.
				126	*/
				127	int eap_sim_aka_result_ind;
				128
				129	/**
				130	* tnc - Trusted Network Connect (TNC)
				131	*
				132	* This controls whether TNC is enabled and will be required before the
				133	* peer is allowed to connect. Note: This is only used with EAP-TTLS
				134	* and EAP-FAST. If any other EAP method is enabled, the peer will be
				135	* allowed to connect without TNC.
				136	*/
				137	int tnc;
				138
				139	/**
				140	* pwd_group - EAP-pwd D-H group
				141	*
				142	* This is used to select which D-H group to use with EAP-pwd.
				143	*/
				144	u16 pwd_group;
				145
				146	/**
				147	* wps - Wi-Fi Protected Setup context
				148	*
				149	* If WPS is used with an external RADIUS server (which is quite
				150	* unlikely configuration), this is used to provide a pointer to WPS
				151	* context data. Normally, this can be set to %NULL.
				152	*/
				153	struct wps_context *wps;
				154
				155	/**
				156	* ipv6 - Whether to enable IPv6 support in the RADIUS server
				157	*/
				158	int ipv6;
				159
				160	/**
				161	* get_eap_user - Callback for fetching EAP user information
				162	* @ctx: Context data from conf_ctx
				163	* @identity: User identity
				164	* @identity_len: identity buffer length in octets
				165	* @phase2: Whether this is for Phase 2 identity
				166	* @user: Data structure for filling in the user information
				167	* Returns: 0 on success, -1 on failure
				168	*
				169	* This is used to fetch information from user database. The callback
				170	* will fill in information about allowed EAP methods and the user
				171	* password. The password field will be an allocated copy of the
				172	* password data and RADIUS server will free it after use.
				173	*/
				174	int (get_eap_user)(void ctx, const u8 *identity, size_t identity_len,
				175	int phase2, struct eap_user *user);
				176
				177	/**
				178	* eap_req_id_text - Optional data for EAP-Request/Identity
				179	*
				180	* This can be used to configure an optional, displayable message that
				181	* will be sent in EAP-Request/Identity. This string can contain an
				182	* ASCII-0 character (nul) to separate network infromation per RFC
				183	* 4284. The actual string length is explicit provided in
				184	* eap_req_id_text_len since nul character will not be used as a string
				185	* terminator.
				186	*/
				187	const char *eap_req_id_text;
				188
				189	/**
				190	* eap_req_id_text_len - Length of eap_req_id_text buffer in octets
				191	*/
				192	size_t eap_req_id_text_len;
				193
				194	/*
				195	* msg_ctx - Context data for wpa_msg() calls
				196	*/
				197	void *msg_ctx;
Dmitry Shmidt	1f69aa5	2012-01-24 16:10:04 -0800	[diff] [blame]	198
				199	#ifdef CONFIG_RADIUS_TEST
				200	const char *dump_msk_file;
				201	#endif /* CONFIG_RADIUS_TEST */
Dmitry Shmidt	8d520ff	2011-05-09 14:06:53 -0700	[diff] [blame]	202	};
				203
				204
				205	struct radius_server_data *
				206	radius_server_init(struct radius_server_conf *conf);
				207
				208	void radius_server_deinit(struct radius_server_data *data);
				209
				210	int radius_server_get_mib(struct radius_server_data data, char buf,
				211	size_t buflen);
				212
				213	void radius_server_eap_pending_cb(struct radius_server_data data, void ctx);
				214
				215	#endif /* RADIUS_SERVER_H */