1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
|
/*
* $Id: radiusclient.h,v 1.9 2002/11/13 18:19:26 fcusack Exp $
*
* Copyright (C) 1995,1996,1997,1998 Lars Fenneberg
*
* Copyright 1992 Livingston Enterprises, Inc.
*
* Copyright 1992,1993, 1994,1995 The Regents of the University of Michigan
* and Merit Network, Inc. All Rights Reserved
*
* See the file COPYRIGHT for the respective terms and conditions.
* If the file is missing contact me at lf@elemental.net
* and I'll send you a copy.
*
*/
#ifndef RADIUSCLIENT_H
#define RADIUSCLIENT_H
#include <sys/types.h>
#include <stdio.h>
#include <time.h>
#undef __BEGIN_DECLS
#undef __END_DECLS
#ifdef __cplusplus
# define __BEGIN_DECLS extern "C" {
# define __END_DECLS }
#else
# define __BEGIN_DECLS /* empty */
# define __END_DECLS /* empty */
#endif
#undef __P
#if defined (__STDC__) || defined (_AIX) || (defined (__mips) && defined (_SYSTYPE_SVR4)) || defined(WIN32) || defined(__cplusplus)
# define __P(protos) protos
#else
# define __P(protos) ()
#endif
#ifndef _UINT4_T
#ifdef _LP64
typedef unsigned int UINT4;
typedef int INT4;
#else
typedef unsigned long UINT4;
typedef long INT4;
#endif
#endif
#define AUTH_VECTOR_LEN 16
#define AUTH_PASS_LEN (3 * 16) /* multiple of 16 */
#define AUTH_ID_LEN 64
#define AUTH_STRING_LEN 128 /* maximum of 253 */
#define BUFFER_LEN 8192
#define NAME_LENGTH 32
#define GETSTR_LENGTH 128 /* must be bigger than AUTH_PASS_LEN */
/* codes for radius_buildreq, radius_getport, etc. */
#define AUTH 0
#define ACCT 1
/* defines for config.c */
#define SERVER_MAX 8
#define AUTH_LOCAL_FST (1<<0)
#define AUTH_RADIUS_FST (1<<1)
#define AUTH_LOCAL_SND (1<<2)
#define AUTH_RADIUS_SND (1<<3)
typedef struct server {
int max;
char *name[SERVER_MAX];
unsigned short port[SERVER_MAX];
} SERVER;
typedef struct pw_auth_hdr
{
u_char code;
u_char id;
u_short length;
u_char vector[AUTH_VECTOR_LEN];
u_char data[2];
} AUTH_HDR;
#define AUTH_HDR_LEN 20
#define MAX_SECRET_LENGTH (3 * 16) /* MUST be multiple of 16 */
#define CHAP_VALUE_LENGTH 16
#define PW_AUTH_UDP_PORT 1812
#define PW_ACCT_UDP_PORT 1813
#define PW_TYPE_STRING 0
#define PW_TYPE_INTEGER 1
#define PW_TYPE_IPADDR 2
#define PW_TYPE_DATE 3
/* standard RADIUS codes */
#define PW_ACCESS_REQUEST 1
#define PW_ACCESS_ACCEPT 2
#define PW_ACCESS_REJECT 3
#define PW_ACCOUNTING_REQUEST 4
#define PW_ACCOUNTING_RESPONSE 5
#define PW_ACCOUNTING_STATUS 6
#define PW_PASSWORD_REQUEST 7
#define PW_PASSWORD_ACK 8
#define PW_PASSWORD_REJECT 9
#define PW_ACCOUNTING_MESSAGE 10
#define PW_ACCESS_CHALLENGE 11
#define PW_STATUS_SERVER 12
#define PW_STATUS_CLIENT 13
/* standard RADIUS attribute-value pairs */
#define PW_USER_NAME 1 /* string */
#define PW_USER_PASSWORD 2 /* string */
#define PW_CHAP_PASSWORD 3 /* string */
#define PW_NAS_IP_ADDRESS 4 /* ipaddr */
#define PW_NAS_PORT 5 /* integer */
#define PW_SERVICE_TYPE 6 /* integer */
#define PW_FRAMED_PROTOCOL 7 /* integer */
#define PW_FRAMED_IP_ADDRESS 8 /* ipaddr */
#define PW_FRAMED_IP_NETMASK 9 /* ipaddr */
#define PW_FRAMED_ROUTING 10 /* integer */
#define PW_FILTER_ID 11 /* string */
#define PW_FRAMED_MTU 12 /* integer */
#define PW_FRAMED_COMPRESSION 13 /* integer */
#define PW_LOGIN_IP_HOST 14 /* ipaddr */
#define PW_LOGIN_SERVICE 15 /* integer */
#define PW_LOGIN_PORT 16 /* integer */
#define PW_OLD_PASSWORD 17 /* string */ /* deprecated */
#define PW_REPLY_MESSAGE 18 /* string */
#define PW_LOGIN_CALLBACK_NUMBER 19 /* string */
#define PW_FRAMED_CALLBACK_ID 20 /* string */
#define PW_EXPIRATION 21 /* date */ /* deprecated */
#define PW_FRAMED_ROUTE 22 /* string */
#define PW_FRAMED_IPX_NETWORK 23 /* integer */
#define PW_STATE 24 /* string */
#define PW_CLASS 25 /* string */
#define PW_VENDOR_SPECIFIC 26 /* string */
#define PW_SESSION_TIMEOUT 27 /* integer */
#define PW_IDLE_TIMEOUT 28 /* integer */
#define PW_TERMINATION_ACTION 29 /* integer */
#define PW_CALLED_STATION_ID 30 /* string */
#define PW_CALLING_STATION_ID 31 /* string */
#define PW_NAS_IDENTIFIER 32 /* string */
#define PW_PROXY_STATE 33 /* string */
#define PW_LOGIN_LAT_SERVICE 34 /* string */
#define PW_LOGIN_LAT_NODE 35 /* string */
#define PW_LOGIN_LAT_GROUP 36 /* string */
#define PW_FRAMED_APPLETALK_LINK 37 /* integer */
#define PW_FRAMED_APPLETALK_NETWORK 38 /* integer */
#define PW_FRAMED_APPLETALK_ZONE 39 /* string */
#define PW_CHAP_CHALLENGE 60 /* string */
#define PW_NAS_PORT_TYPE 61 /* integer */
#define PW_PORT_LIMIT 62 /* integer */
#define PW_LOGIN_LAT_PORT 63 /* string */
/* Vendor RADIUS attribute-value pairs */
#define PW_MS_CHAP_CHALLENGE 11 /* string */
#define PW_MS_CHAP_RESPONSE 1 /* string */
#define PW_MS_CHAP2_RESPONSE 25 /* string */
#define PW_MS_CHAP2_SUCCESS 26 /* string */
#define PW_MS_MPPE_ENCRYPTION_POLICY 7 /* string */
#define PW_MS_MPPE_ENCRYPTION_TYPE 8 /* string */
#define PW_MS_MPPE_ENCRYPTION_TYPES PW_MS_MPPE_ENCRYPTION_TYPE
#define PW_MS_CHAP_MPPE_KEYS 12 /* string */
#define PW_MS_MPPE_SEND_KEY 16 /* string */
#define PW_MS_MPPE_RECV_KEY 17 /* string */
/* Accounting */
#define PW_ACCT_STATUS_TYPE 40 /* integer */
#define PW_ACCT_DELAY_TIME 41 /* integer */
#define PW_ACCT_INPUT_OCTETS 42 /* integer */
#define PW_ACCT_OUTPUT_OCTETS 43 /* integer */
#define PW_ACCT_SESSION_ID 44 /* string */
#define PW_ACCT_AUTHENTIC 45 /* integer */
#define PW_ACCT_SESSION_TIME 46 /* integer */
#define PW_ACCT_INPUT_PACKETS 47 /* integer */
#define PW_ACCT_OUTPUT_PACKETS 48 /* integer */
#define PW_ACCT_TERMINATE_CAUSE 49 /* integer */
#define PW_ACCT_MULTI_SESSION_ID 50 /* string */
#define PW_ACCT_LINK_COUNT 51 /* integer */
/* From RFC 2869 */
#define PW_ACCT_INTERIM_INTERVAL 85 /* integer */
/* Merit Experimental Extensions */
#define PW_USER_ID 222 /* string */
#define PW_USER_REALM 223 /* string */
/* Session limits */
#define PW_SESSION_OCTETS_LIMIT 227 /* integer */
#define PW_OCTETS_DIRECTION 228 /* integer */
/* Integer Translations */
/* SERVICE TYPES */
#define PW_LOGIN 1
#define PW_FRAMED 2
#define PW_CALLBACK_LOGIN 3
#define PW_CALLBACK_FRAMED 4
#define PW_OUTBOUND 5
#define PW_ADMINISTRATIVE 6
#define PW_NAS_PROMPT 7
#define PW_AUTHENTICATE_ONLY 8
#define PW_CALLBACK_NAS_PROMPT 9
/* FRAMED PROTOCOLS */
#define PW_PPP 1
#define PW_SLIP 2
#define PW_ARA 3
#define PW_GANDALF 4
#define PW_XYLOGICS 5
/* FRAMED ROUTING VALUES */
#define PW_NONE 0
#define PW_BROADCAST 1
#define PW_LISTEN 2
#define PW_BROADCAST_LISTEN 3
/* FRAMED COMPRESSION TYPES */
#define PW_VAN_JACOBSON_TCP_IP 1
#define PW_IPX_HEADER_COMPRESSION 2
/* LOGIN SERVICES */
#define PW_TELNET 0
#define PW_RLOGIN 1
#define PW_TCP_CLEAR 2
#define PW_PORTMASTER 3
#define PW_LAT 4
#define PW_X25_PAD 5
#define PW_X25_T3POS 6
/* TERMINATION ACTIONS */
#define PW_DEFAULT 0
#define PW_RADIUS_REQUEST 1
/* PROHIBIT PROTOCOL */
#define PW_DUMB 0 /* 1 and 2 are defined in FRAMED PROTOCOLS */
#define PW_AUTH_ONLY 3
#define PW_ALL 255
/* ACCOUNTING STATUS TYPES */
#define PW_STATUS_START 1
#define PW_STATUS_STOP 2
#define PW_STATUS_ALIVE 3
#define PW_STATUS_MODEM_START 4
#define PW_STATUS_MODEM_STOP 5
#define PW_STATUS_CANCEL 6
#define PW_ACCOUNTING_ON 7
#define PW_ACCOUNTING_OFF 8
/* ACCOUNTING TERMINATION CAUSES */
#define PW_USER_REQUEST 1
#define PW_LOST_CARRIER 2
#define PW_LOST_SERVICE 3
#define PW_ACCT_IDLE_TIMEOUT 4
#define PW_ACCT_SESSION_TIMEOUT 5
#define PW_ADMIN_RESET 6
#define PW_ADMIN_REBOOT 7
#define PW_PORT_ERROR 8
#define PW_NAS_ERROR 9
#define PW_NAS_REQUEST 10
#define PW_NAS_REBOOT 11
#define PW_PORT_UNNEEDED 12
#define PW_PORT_PREEMPTED 13
#define PW_PORT_SUSPENDED 14
#define PW_SERVICE_UNAVAILABLE 15
#define PW_CALLBACK 16
#define PW_USER_ERROR 17
#define PW_HOST_REQUEST 18
/* NAS PORT TYPES */
#define PW_ASYNC 0
#define PW_SYNC 1
#define PW_ISDN_SYNC 2
#define PW_ISDN_SYNC_V120 3
#define PW_ISDN_SYNC_V110 4
#define PW_VIRTUAL 5
/* AUTHENTIC TYPES */
#define PW_RADIUS 1
#define PW_LOCAL 2
#define PW_REMOTE 3
/* Session-Octets-Limit */
#define PW_OCTETS_DIRECTION_SUM 0
#define PW_OCTETS_DIRECTION_IN 1
#define PW_OCTETS_DIRECTION_OUT 2
#define PW_OCTETS_DIRECTION_MAX 3
/* Vendor codes */
#define VENDOR_NONE (-1)
#define VENDOR_MICROSOFT 311
/* Server data structures */
typedef struct dict_attr
{
char name[NAME_LENGTH + 1]; /* attribute name */
int value; /* attribute index */
int type; /* string, int, etc. */
int vendorcode; /* vendor code */
struct dict_attr *next;
} DICT_ATTR;
typedef struct dict_value
{
char attrname[NAME_LENGTH +1];
char name[NAME_LENGTH + 1];
int value;
struct dict_value *next;
} DICT_VALUE;
typedef struct vendor_dict
{
char vendorname[NAME_LENGTH + 1];
int vendorcode;
DICT_ATTR *attributes;
struct vendor_dict *next;
} VENDOR_DICT;
typedef struct value_pair
{
char name[NAME_LENGTH + 1];
int attribute;
int vendorcode;
int type;
UINT4 lvalue;
u_char strvalue[AUTH_STRING_LEN + 1];
struct value_pair *next;
} VALUE_PAIR;
/* don't change this, as it has to be the same as in the Merit radiusd code */
#define MGMT_POLL_SECRET "Hardlyasecret"
/* Define return codes from "SendServer" utility */
#define BADRESP_RC -2
#define ERROR_RC -1
#define OK_RC 0
#define TIMEOUT_RC 1
typedef struct send_data /* Used to pass information to sendserver() function */
{
u_char code; /* RADIUS packet code */
u_char seq_nbr; /* Packet sequence number */
char *server; /* Name/addrress of RADIUS server */
int svc_port; /* RADIUS protocol destination port */
int timeout; /* Session timeout in seconds */
int retries;
VALUE_PAIR *send_pairs; /* More a/v pairs to send */
VALUE_PAIR *receive_pairs; /* Where to place received a/v pairs */
} SEND_DATA;
typedef struct request_info
{
char secret[MAX_SECRET_LENGTH + 1];
u_char request_vector[AUTH_VECTOR_LEN];
} REQUEST_INFO;
#ifndef MIN
#define MIN(a, b) ((a) < (b) ? (a) : (b))
#endif
#ifndef MAX
#define MAX(a, b) ((a) > (b) ? (a) : (b))
#endif
#ifndef PATH_MAX
#define PATH_MAX 1024
#endif
typedef struct env
{
int maxsize, size;
char **env;
} ENV;
#define ENV_SIZE 128
__BEGIN_DECLS
/* Function prototypes */
/* avpair.c */
VALUE_PAIR *rc_avpair_add __P((VALUE_PAIR **, int, void *, int, int));
int rc_avpair_assign __P((VALUE_PAIR *, void *, int));
VALUE_PAIR *rc_avpair_new __P((int, void *, int, int));
VALUE_PAIR *rc_avpair_gen __P((AUTH_HDR *));
VALUE_PAIR *rc_avpair_get __P((VALUE_PAIR *, UINT4));
VALUE_PAIR *rc_avpair_copy __P((VALUE_PAIR *));
void rc_avpair_insert __P((VALUE_PAIR **, VALUE_PAIR *, VALUE_PAIR *));
void rc_avpair_free __P((VALUE_PAIR *));
int rc_avpair_parse __P((char *, VALUE_PAIR **));
int rc_avpair_tostr __P((VALUE_PAIR *, char *, int, char *, int));
VALUE_PAIR *rc_avpair_readin __P((FILE *));
/* buildreq.c */
void rc_buildreq __P((SEND_DATA *, int, char *, unsigned short, int, int));
unsigned char rc_get_seqnbr __P((void));
int rc_auth __P((UINT4, VALUE_PAIR *, VALUE_PAIR **, char *, REQUEST_INFO *));
int rc_auth_using_server __P((SERVER *, UINT4, VALUE_PAIR *, VALUE_PAIR **,
char *, REQUEST_INFO *));
int rc_auth_proxy __P((VALUE_PAIR *, VALUE_PAIR **, char *));
int rc_acct __P((UINT4, VALUE_PAIR *));
int rc_acct_using_server __P((SERVER *, UINT4, VALUE_PAIR *));
int rc_acct_proxy __P((VALUE_PAIR *));
int rc_check __P((char *, unsigned short, char *));
/* clientid.c */
int rc_read_mapfile __P((char *));
UINT4 rc_map2id __P((char *));
/* config.c */
int rc_read_config __P((char *));
char *rc_conf_str __P((char *));
int rc_conf_int __P((char *));
SERVER *rc_conf_srv __P((char *));
int rc_find_server __P((char *, UINT4 *, char *));
/* dict.c */
int rc_read_dictionary __P((char *));
DICT_ATTR *rc_dict_getattr __P((int, int));
DICT_ATTR *rc_dict_findattr __P((char *));
DICT_VALUE *rc_dict_findval __P((char *));
DICT_VALUE * rc_dict_getval __P((UINT4, char *));
VENDOR_DICT * rc_dict_findvendor __P((char *));
VENDOR_DICT * rc_dict_getvendor __P((int));
/* ip_util.c */
UINT4 rc_get_ipaddr __P((char *));
int rc_good_ipaddr __P((char *));
const char *rc_ip_hostname __P((UINT4));
unsigned short rc_getport __P((int));
int rc_own_hostname __P((char *, int));
UINT4 rc_own_ipaddress __P((void));
/* log.c */
void rc_openlog __P((char *));
void rc_log __P((int, const char *, ...));
/* sendserver.c */
int rc_send_server __P((SEND_DATA *, char *, REQUEST_INFO *));
/* util.c */
void rc_str2tm __P((char *, struct tm *));
char *rc_mksid __P((void));
char *rc_getifname __P((char *));
char *rc_getstr __P((char *, int));
void rc_mdelay __P((int));
char *rc_mksid __P((void));
/* env.c */
struct env *rc_new_env __P((int));
void rc_free_env __P((struct env *));
int rc_add_env __P((struct env *, char *, char *));
int rc_import_env __P((struct env *, char **));
/* md5.c */
void rc_md5_calc __P((unsigned char *, unsigned char *, unsigned int));
__END_DECLS
#endif /* RADIUSCLIENT_H */
|
