wpa_supplicant_node: wpa_supplicant_node: radius.h Source File

00001 /*
00002  * RADIUS message processing
00003  * Copyright (c) 2002-2009, Jouni Malinen <j@w1.fi>
00004  *
00005  * This program is free software; you can redistribute it and/or modify
00006  * it under the terms of the GNU General Public License version 2 as
00007  * published by the Free Software Foundation.
00008  *
00009  * Alternatively, this software may be distributed under the terms of BSD
00010  * license.
00011  *
00012  * See README and COPYING for more details.
00013  */
00014 
00015 #ifndef RADIUS_H
00016 #define RADIUS_H
00017 
00018 /* RFC 2865 - RADIUS */
00019 
00020 #ifdef _MSC_VER
00021 #pragma pack(push, 1)
00022 #endif /* _MSC_VER */
00023 
00024 struct radius_hdr {
00025         u8 code;
00026         u8 identifier;
00027         u16 length; /* including this header */
00028         u8 authenticator[16];
00029         /* followed by length-20 octets of attributes */
00030 } STRUCT_PACKED;
00031 
00032 enum { RADIUS_CODE_ACCESS_REQUEST = 1,
00033        RADIUS_CODE_ACCESS_ACCEPT = 2,
00034        RADIUS_CODE_ACCESS_REJECT = 3,
00035        RADIUS_CODE_ACCOUNTING_REQUEST = 4,
00036        RADIUS_CODE_ACCOUNTING_RESPONSE = 5,
00037        RADIUS_CODE_ACCESS_CHALLENGE = 11,
00038        RADIUS_CODE_STATUS_SERVER = 12,
00039        RADIUS_CODE_STATUS_CLIENT = 13,
00040        RADIUS_CODE_RESERVED = 255
00041 };
00042 
00043 struct radius_attr_hdr {
00044         u8 type;
00045         u8 length; /* including this header */
00046         /* followed by length-2 octets of attribute value */
00047 } STRUCT_PACKED;
00048 
00049 #define RADIUS_MAX_ATTR_LEN (255 - sizeof(struct radius_attr_hdr))
00050 
00051 enum { RADIUS_ATTR_USER_NAME = 1,
00052        RADIUS_ATTR_USER_PASSWORD = 2,
00053        RADIUS_ATTR_NAS_IP_ADDRESS = 4,
00054        RADIUS_ATTR_NAS_PORT = 5,
00055        RADIUS_ATTR_FRAMED_MTU = 12,
00056        RADIUS_ATTR_REPLY_MESSAGE = 18,
00057        RADIUS_ATTR_STATE = 24,
00058        RADIUS_ATTR_CLASS = 25,
00059        RADIUS_ATTR_VENDOR_SPECIFIC = 26,
00060        RADIUS_ATTR_SESSION_TIMEOUT = 27,
00061        RADIUS_ATTR_IDLE_TIMEOUT = 28,
00062        RADIUS_ATTR_TERMINATION_ACTION = 29,
00063        RADIUS_ATTR_CALLED_STATION_ID = 30,
00064        RADIUS_ATTR_CALLING_STATION_ID = 31,
00065        RADIUS_ATTR_NAS_IDENTIFIER = 32,
00066        RADIUS_ATTR_PROXY_STATE = 33,
00067        RADIUS_ATTR_ACCT_STATUS_TYPE = 40,
00068        RADIUS_ATTR_ACCT_DELAY_TIME = 41,
00069        RADIUS_ATTR_ACCT_INPUT_OCTETS = 42,
00070        RADIUS_ATTR_ACCT_OUTPUT_OCTETS = 43,
00071        RADIUS_ATTR_ACCT_SESSION_ID = 44,
00072        RADIUS_ATTR_ACCT_AUTHENTIC = 45,
00073        RADIUS_ATTR_ACCT_SESSION_TIME = 46,
00074        RADIUS_ATTR_ACCT_INPUT_PACKETS = 47,
00075        RADIUS_ATTR_ACCT_OUTPUT_PACKETS = 48,
00076        RADIUS_ATTR_ACCT_TERMINATE_CAUSE = 49,
00077        RADIUS_ATTR_ACCT_MULTI_SESSION_ID = 50,
00078        RADIUS_ATTR_ACCT_LINK_COUNT = 51,
00079        RADIUS_ATTR_ACCT_INPUT_GIGAWORDS = 52,
00080        RADIUS_ATTR_ACCT_OUTPUT_GIGAWORDS = 53,
00081        RADIUS_ATTR_EVENT_TIMESTAMP = 55,
00082        RADIUS_ATTR_NAS_PORT_TYPE = 61,
00083        RADIUS_ATTR_TUNNEL_TYPE = 64,
00084        RADIUS_ATTR_TUNNEL_MEDIUM_TYPE = 65,
00085        RADIUS_ATTR_CONNECT_INFO = 77,
00086        RADIUS_ATTR_EAP_MESSAGE = 79,
00087        RADIUS_ATTR_MESSAGE_AUTHENTICATOR = 80,
00088        RADIUS_ATTR_TUNNEL_PRIVATE_GROUP_ID = 81,
00089        RADIUS_ATTR_ACCT_INTERIM_INTERVAL = 85,
00090        RADIUS_ATTR_CHARGEABLE_USER_IDENTITY = 89,
00091        RADIUS_ATTR_NAS_IPV6_ADDRESS = 95
00092 };
00093 
00094 
00095 /* Termination-Action */
00096 #define RADIUS_TERMINATION_ACTION_DEFAULT 0
00097 #define RADIUS_TERMINATION_ACTION_RADIUS_REQUEST 1
00098 
00099 /* NAS-Port-Type */
00100 #define RADIUS_NAS_PORT_TYPE_IEEE_802_11 19
00101 
00102 /* Acct-Status-Type */
00103 #define RADIUS_ACCT_STATUS_TYPE_START 1
00104 #define RADIUS_ACCT_STATUS_TYPE_STOP 2
00105 #define RADIUS_ACCT_STATUS_TYPE_INTERIM_UPDATE 3
00106 #define RADIUS_ACCT_STATUS_TYPE_ACCOUNTING_ON 7
00107 #define RADIUS_ACCT_STATUS_TYPE_ACCOUNTING_OFF 8
00108 
00109 /* Acct-Authentic */
00110 #define RADIUS_ACCT_AUTHENTIC_RADIUS 1
00111 #define RADIUS_ACCT_AUTHENTIC_LOCAL 2
00112 #define RADIUS_ACCT_AUTHENTIC_REMOTE 3
00113 
00114 /* Acct-Terminate-Cause */
00115 #define RADIUS_ACCT_TERMINATE_CAUSE_USER_REQUEST 1
00116 #define RADIUS_ACCT_TERMINATE_CAUSE_LOST_CARRIER 2
00117 #define RADIUS_ACCT_TERMINATE_CAUSE_LOST_SERVICE 3
00118 #define RADIUS_ACCT_TERMINATE_CAUSE_IDLE_TIMEOUT 4
00119 #define RADIUS_ACCT_TERMINATE_CAUSE_SESSION_TIMEOUT 5
00120 #define RADIUS_ACCT_TERMINATE_CAUSE_ADMIN_RESET 6
00121 #define RADIUS_ACCT_TERMINATE_CAUSE_ADMIN_REBOOT 7
00122 #define RADIUS_ACCT_TERMINATE_CAUSE_PORT_ERROR 8
00123 #define RADIUS_ACCT_TERMINATE_CAUSE_NAS_ERROR 9
00124 #define RADIUS_ACCT_TERMINATE_CAUSE_NAS_REQUEST 10
00125 #define RADIUS_ACCT_TERMINATE_CAUSE_NAS_REBOOT 11
00126 #define RADIUS_ACCT_TERMINATE_CAUSE_PORT_UNNEEDED 12
00127 #define RADIUS_ACCT_TERMINATE_CAUSE_PORT_PREEMPTED 13
00128 #define RADIUS_ACCT_TERMINATE_CAUSE_PORT_SUSPENDED 14
00129 #define RADIUS_ACCT_TERMINATE_CAUSE_SERVICE_UNAVAILABLE 15
00130 #define RADIUS_ACCT_TERMINATE_CAUSE_CALLBACK 16
00131 #define RADIUS_ACCT_TERMINATE_CAUSE_USER_ERROR 17
00132 #define RADIUS_ACCT_TERMINATE_CAUSE_HOST_REQUEST 18
00133 
00134 #define RADIUS_TUNNEL_TAGS 32
00135 
00136 /* Tunnel-Type */
00137 #define RADIUS_TUNNEL_TYPE_PPTP 1
00138 #define RADIUS_TUNNEL_TYPE_L2TP 3
00139 #define RADIUS_TUNNEL_TYPE_IPIP 7
00140 #define RADIUS_TUNNEL_TYPE_GRE 10
00141 #define RADIUS_TUNNEL_TYPE_VLAN 13
00142 
00143 /* Tunnel-Medium-Type */
00144 #define RADIUS_TUNNEL_MEDIUM_TYPE_IPV4 1
00145 #define RADIUS_TUNNEL_MEDIUM_TYPE_IPV6 2
00146 #define RADIUS_TUNNEL_MEDIUM_TYPE_802 6
00147 
00148 
00149 struct radius_attr_vendor {
00150         u8 vendor_type;
00151         u8 vendor_length;
00152 } STRUCT_PACKED;
00153 
00154 #define RADIUS_VENDOR_ID_CISCO 9
00155 #define RADIUS_CISCO_AV_PAIR 1
00156 
00157 /* RFC 2548 - Microsoft Vendor-specific RADIUS Attributes */
00158 #define RADIUS_VENDOR_ID_MICROSOFT 311
00159 
00160 enum { RADIUS_VENDOR_ATTR_MS_MPPE_SEND_KEY = 16,
00161        RADIUS_VENDOR_ATTR_MS_MPPE_RECV_KEY = 17
00162 };
00163 
00164 #ifdef _MSC_VER
00165 #pragma pack(pop)
00166 #endif /* _MSC_VER */
00167 
00168 struct radius_ms_mppe_keys {
00169         u8 *send;
00170         size_t send_len;
00171         u8 *recv;
00172         size_t recv_len;
00173 };
00174 
00175 
00176 struct radius_msg;
00177 
00178 /* Default size to be allocated for new RADIUS messages */
00179 #define RADIUS_DEFAULT_MSG_SIZE 1024
00180 
00181 /* Default size to be allocated for attribute array */
00182 #define RADIUS_DEFAULT_ATTR_COUNT 16
00183 
00184 
00185 /* MAC address ASCII format for IEEE 802.1X use
00186  * (draft-congdon-radius-8021x-20.txt) */
00187 #define RADIUS_802_1X_ADDR_FORMAT "%02X-%02X-%02X-%02X-%02X-%02X"
00188 /* MAC address ASCII format for non-802.1X use */
00189 #define RADIUS_ADDR_FORMAT "%02x%02x%02x%02x%02x%02x"
00190 
00191 struct radius_hdr * radius_msg_get_hdr(struct radius_msg *msg);
00192 struct wpabuf * radius_msg_get_buf(struct radius_msg *msg);
00193 struct radius_msg * radius_msg_new(u8 code, u8 identifier);
00194 void radius_msg_free(struct radius_msg *msg);
00195 void radius_msg_dump(struct radius_msg *msg);
00196 int radius_msg_finish(struct radius_msg *msg, const u8 *secret,
00197                       size_t secret_len);
00198 int radius_msg_finish_srv(struct radius_msg *msg, const u8 *secret,
00199                           size_t secret_len, const u8 *req_authenticator);
00200 void radius_msg_finish_acct(struct radius_msg *msg, const u8 *secret,
00201                             size_t secret_len);
00202 struct radius_attr_hdr * radius_msg_add_attr(struct radius_msg *msg, u8 type,
00203                                              const u8 *data, size_t data_len);
00204 struct radius_msg * radius_msg_parse(const u8 *data, size_t len);
00205 int radius_msg_add_eap(struct radius_msg *msg, const u8 *data,
00206                        size_t data_len);
00207 u8 *radius_msg_get_eap(struct radius_msg *msg, size_t *len);
00208 int radius_msg_verify(struct radius_msg *msg, const u8 *secret,
00209                       size_t secret_len, struct radius_msg *sent_msg,
00210                       int auth);
00211 int radius_msg_verify_msg_auth(struct radius_msg *msg, const u8 *secret,
00212                                size_t secret_len, const u8 *req_auth);
00213 int radius_msg_copy_attr(struct radius_msg *dst, struct radius_msg *src,
00214                          u8 type);
00215 void radius_msg_make_authenticator(struct radius_msg *msg,
00216                                    const u8 *data, size_t len);
00217 struct radius_ms_mppe_keys *
00218 radius_msg_get_ms_keys(struct radius_msg *msg, struct radius_msg *sent_msg,
00219                        const u8 *secret, size_t secret_len);
00220 struct radius_ms_mppe_keys *
00221 radius_msg_get_cisco_keys(struct radius_msg *msg, struct radius_msg *sent_msg,
00222                           const u8 *secret, size_t secret_len);
00223 int radius_msg_add_mppe_keys(struct radius_msg *msg,
00224                              const u8 *req_authenticator,
00225                              const u8 *secret, size_t secret_len,
00226                              const u8 *send_key, size_t send_key_len,
00227                              const u8 *recv_key, size_t recv_key_len);
00228 struct radius_attr_hdr *
00229 radius_msg_add_attr_user_password(struct radius_msg *msg,
00230                                   const u8 *data, size_t data_len,
00231                                   const u8 *secret, size_t secret_len);
00232 int radius_msg_get_attr(struct radius_msg *msg, u8 type, u8 *buf, size_t len);
00233 int radius_msg_get_vlanid(struct radius_msg *msg);
00234 
00235 static inline int radius_msg_add_attr_int32(struct radius_msg *msg, u8 type,
00236                                             u32 value)
00237 {
00238         u32 val = htonl(value);
00239         return radius_msg_add_attr(msg, type, (u8 *) &val, 4) != NULL;
00240 }
00241 
00242 static inline int radius_msg_get_attr_int32(struct radius_msg *msg, u8 type,
00243                                             u32 *value)
00244 {
00245         u32 val;
00246         int res;
00247         res = radius_msg_get_attr(msg, type, (u8 *) &val, 4);
00248         if (res != 4)
00249                 return -1;
00250 
00251         *value = ntohl(val);
00252         return 0;
00253 }
00254 int radius_msg_get_attr_ptr(struct radius_msg *msg, u8 type, u8 **buf,
00255                             size_t *len, const u8 *start);
00256 int radius_msg_count_attr(struct radius_msg *msg, u8 type, int min_len);
00257 
00258 
00259 struct radius_attr_data {
00260         u8 *data;
00261         size_t len;
00262 };
00263 
00264 struct radius_class_data {
00265         struct radius_attr_data *attr;
00266         size_t count;
00267 };
00268 
00269 void radius_free_class(struct radius_class_data *c);
00270 int radius_copy_class(struct radius_class_data *dst,
00271                       const struct radius_class_data *src);
00272 
00273 #endif /* RADIUS_H */