summaryrefslogtreecommitdiff
path: root/lib/include/radsec
diff options
context:
space:
mode:
Diffstat (limited to 'lib/include/radsec')
-rw-r--r--lib/include/radsec/.gitignore1
-rw-r--r--lib/include/radsec/radsec-impl.h14
-rw-r--r--lib/include/radsec/radsec.h333
-rw-r--r--lib/include/radsec/request-impl.h7
-rw-r--r--lib/include/radsec/request.h18
5 files changed, 330 insertions, 43 deletions
diff --git a/lib/include/radsec/.gitignore b/lib/include/radsec/.gitignore
new file mode 100644
index 0000000..c20d18b
--- /dev/null
+++ b/lib/include/radsec/.gitignore
@@ -0,0 +1 @@
+radius.h
diff --git a/lib/include/radsec/radsec-impl.h b/lib/include/radsec/radsec-impl.h
index 752ea71..a4d97f0 100644
--- a/lib/include/radsec/radsec-impl.h
+++ b/lib/include/radsec/radsec-impl.h
@@ -1,9 +1,11 @@
/** @file libradsec-impl.h
@brief Libraray internal header file for libradsec. */
-/* See the file COPYING for licensing information. */
+/* See LICENSE for licensing information. */
+
+#ifndef _RADSEC_RADSEC_IMPL_H_
+#define _RADSEC_RADSEC_IMPL_H_ 1
-#include <freeradius/libradius.h>
#include <event2/util.h>
#include <confuse.h>
#if defined(RS_ENABLE_TLS)
@@ -74,7 +76,6 @@ struct rs_realm {
/** Top configuration object. */
struct rs_config {
- char *dictionary;
struct rs_realm *realms;
cfg_t *cfg;
};
@@ -83,7 +84,6 @@ struct rs_context {
struct rs_config *config;
struct rs_alloc_scheme alloc_scheme;
struct rs_error *err;
- fr_randctx fr_randctx;
};
struct rs_connection {
@@ -121,11 +121,13 @@ enum rs_packet_flags {
rs_packet_sent_flag,
};
+struct radius_packet;
+
struct rs_packet {
struct rs_connection *conn;
unsigned int flags;
uint8_t hdr[RS_HEADER_LEN];
- RADIUS_PACKET *rpkt; /* FreeRADIUS object. */
+ struct radius_packet *rpkt; /* FreeRADIUS object. */
struct rs_packet *next; /* Used for UDP output queue. */
};
@@ -145,6 +147,8 @@ struct rs_packet {
#define min(a, b) ((a) < (b) ? (a) : (b))
#define max(a, b) ((a) > (b) ? (a) : (b))
+#endif /* _RADSEC_RADSEC_IMPL_H_ */
+
/* Local Variables: */
/* c-file-style: "stroustrup" */
/* End: */
diff --git a/lib/include/radsec/radsec.h b/lib/include/radsec/radsec.h
index e62986e..7bd7f10 100644
--- a/lib/include/radsec/radsec.h
+++ b/lib/include/radsec/radsec.h
@@ -1,16 +1,26 @@
/** \file radsec.h
\brief Public interface for libradsec. */
-/* See the file COPYING for licensing information. */
+/* See LICENSE for licensing information. */
-#include <unistd.h>
-#include <sys/time.h>
+#ifndef _RADSEC_RADSEC_H_
+#define _RADSEC_RADSEC_H_ 1
-#ifdef SYSCONFDIR
-#define RS_FREERADIUS_DICT SYSCONFDIR "/raddb/dictionary"
-#else /* !SYSCONFDIR */
-#define RS_FREERADIUS_DICT "/usr/local/raddb/dictionary"
-#endif /* !SYSCONFDIR */
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+#ifdef HAVE_SYS_TIME_H
+#include <sys/time.h>
+#endif
+#ifdef HAVE_ARPA_INET_H
+#include <arpa/inet.h>
+#endif
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+#ifdef HAVE_STDINT_H
+#include <stdint.h>
+#endif
enum rs_error_code {
RSE_OK = 0,
@@ -19,7 +29,7 @@ enum rs_error_code {
RSE_INVALID_CTX = 3,
RSE_INVALID_CONN = 4,
RSE_CONN_TYPE_MISMATCH = 5,
- RSE_FR = 6, /* FreeRADIUS error. */
+ RSE_FR = 6,
RSE_BADADDR = 7,
RSE_NOPEER = 8,
RSE_EVENT = 9, /* libevent error. */
@@ -34,8 +44,31 @@ enum rs_error_code {
RSE_TIMEOUT_IO = 18, /* I/O timeout. */
RSE_TIMEOUT = 19, /* High level timeout. */
RSE_DISCO = 20,
- RSE_CRED = 21, /* Credentials. */
- RSE_CERT = 22, /* Cert validation. */
+ RSE_INUSE = 21,
+ RSE_PACKET_TOO_SMALL = 22,
+ RSE_PACKET_TOO_LARGE = 23,
+ RSE_ATTR_OVERFLOW = 24,
+ RSE_ATTR_TOO_SMALL = 25,
+ RSE_ATTR_TOO_LARGE = 26,
+ RSE_ATTR_UNKNOWN = 27,
+ RSE_ATTR_BAD_NAME = 28,
+ RSE_ATTR_VALUE_MALFORMED = 29,
+ RSE_ATTR_INVALID = 30,
+ RSE_TOO_MANY_ATTRS = 31,
+ RSE_ATTR_TYPE_UNKNOWN = 32,
+ RSE_MSG_AUTH_LEN = 33,
+ RSE_MSG_AUTH_WRONG = 34,
+ RSE_REQUEST_REQUIRED = 35,
+ RSE_INVALID_REQUEST_CODE = 36,
+ RSE_AUTH_VECTOR_WRONG = 37,
+ RSE_INVALID_RESPONSE_CODE = 38,
+ RSE_INVALID_RESPONSE_ID = 39,
+ RSE_INVALID_RESPONSE_SRC = 40,
+ RSE_NO_PACKET_DATA = 41,
+ RSE_VENDOR_UNKNOWN = 42,
+ RSE_CRED = 43,
+ RSE_CERT = 44,
+ RSE_MAX = RSE_CERT
};
enum rs_conn_type {
@@ -47,6 +80,39 @@ enum rs_conn_type {
};
typedef unsigned int rs_conn_type_t;
+typedef enum rs_attr_type_t {
+ RS_TYPE_INVALID = 0, /**< Invalid data type */
+ RS_TYPE_STRING, /**< printable-text */
+ RS_TYPE_INTEGER, /**< a 32-bit unsigned integer */
+ RS_TYPE_IPADDR, /**< an IPv4 address */
+ RS_TYPE_DATE, /**< a 32-bit date, of seconds since January 1, 1970 */
+ RS_TYPE_OCTETS, /**< a sequence of binary octets */
+ RS_TYPE_IFID, /**< an Interface Id */
+ RS_TYPE_IPV6ADDR, /**< an IPv6 address */
+ RS_TYPE_IPV6PREFIX, /**< an IPv6 prefix */
+ RS_TYPE_BYTE, /**< an 8-bit integer */
+ RS_TYPE_SHORT, /**< a 16-bit integer */
+} rs_attr_type_t;
+
+#define PW_ACCESS_REQUEST 1
+#define PW_ACCESS_ACCEPT 2
+#define PW_ACCESS_REJECT 3
+#define PW_ACCOUNTING_REQUEST 4
+#define PW_ACCOUNTING_RESPONSE 5
+#define PW_ACCOUNTING_STATUS 6
+#define PW_PASSWORD_REQUEST 7
+#define PW_PASSWORD_ACK 8
+#define PW_PASSWORD_REJECT 9
+#define PW_ACCOUNTING_MESSAGE 10
+#define PW_ACCESS_CHALLENGE 11
+#define PW_STATUS_SERVER 12
+#define PW_STATUS_CLIENT 13
+#define PW_DISCONNECT_REQUEST 40
+#define PW_DISCONNECT_ACK 41
+#define PW_DISCONNECT_NAK 42
+#define PW_COA_REQUEST 43
+#define PW_COA_ACK 44
+#define PW_COA_NAK 45
#if defined (__cplusplus)
extern "C" {
@@ -59,7 +125,8 @@ struct rs_packet; /* radsec-impl.h */
struct rs_conn; /* radsec-impl.h */
struct rs_error; /* radsec-impl.h */
struct rs_peer; /* radsec-impl.h */
-struct radius_packet; /* <freeradius/libradius.h> */
+struct radius_packet; /* <radius/client.h> */
+struct value_pair; /* <radius/client.h> */
struct event_base; /* <event2/event-internal.h> */
typedef void *(*rs_calloc_fp) (size_t nmemb, size_t size);
@@ -89,6 +156,8 @@ struct rs_conn_callbacks {
rs_conn_packet_sent_cb sent_cb;
};
+typedef struct value_pair rs_avp;
+typedef const struct value_pair rs_const_avp;
/* Function prototypes. */
@@ -109,20 +178,6 @@ int rs_context_create(struct rs_context **ctx);
all other libradsec objects have been freed. */
void rs_context_destroy(struct rs_context *ctx);
-/** Initialize FreeRADIUS dictionary needed for creating packets.
-
- \a ctx Context.
-
- \a dict Optional string with full path to FreeRADIUS dictionary.
- If \a dict is NULL the path to the dictionary file is taken from
- the "dictionary" configuration directive. Note that the
- configuration file must be read prior to using this option (see \a
- rs_context_read_config).
-
- \return RSE_OK (0) on success, RSE_NOMEM on memory allocation
- error and RSE_FR on FreeRADIUS error. */
-int rs_context_init_freeradius_dict(struct rs_context *ctx, const char *dict);
-
/** Set allocation scheme to use. \a scheme is the allocation scheme
to use, see \a rs_alloc_scheme. \return On success, RSE_OK (0) is
returned. On error, !0 is returned and a struct \a rs_error is
@@ -253,17 +308,38 @@ void rs_packet_destroy(struct rs_packet *pkt);
rs_err_conn_pop. */
int rs_packet_send(struct rs_packet *pkt, void *user_data);
-/** Return the FreeRADIUS packet associated with packet \a pkt. */
-struct radius_packet *rs_packet_frpkt(struct rs_packet *pkt);
-
/** Create a RADIUS authentication request packet associated with
connection \a conn. Optionally, User-Name and User-Password
- attributes are added to the packet using the data in \a user_name
- and \a user_pw. */
+ attributes are added to the packet using the data in \a user_name,
+ \a user_pw and \a secret where \secret is the RADIUS shared
+ secret. */
int rs_packet_create_authn_request(struct rs_connection *conn,
struct rs_packet **pkt,
const char *user_name,
- const char *user_pw);
+ const char *user_pw,
+ const char *secret);
+
+/*** Append \a tail to packet \a pkt. */
+int
+rs_packet_append_avp(struct rs_packet *pkt,
+ unsigned int attribute, unsigned int vendor,
+ const void *data, size_t data_len);
+
+/*** Get pointer to \a pkt attribute value pairs. */
+void
+rs_packet_avps(struct rs_packet *pkt, rs_avp ***vps);
+
+/*** Get RADIUS packet type of \a pkt. */
+unsigned int
+rs_packet_code(struct rs_packet *pkt);
+
+/*** Get RADIUS AVP from \a pkt. */
+rs_const_avp *
+rs_packet_find_avp(struct rs_packet *pkt, unsigned int attr, unsigned int vendor);
+
+/*** Set packet identifier in \a pkt; returns old identifier */
+int
+rs_packet_set_id (struct rs_packet *pkt, int id);
/************/
/* Config. */
@@ -311,10 +387,203 @@ void rs_err_free(struct rs_error *err);
char *rs_err_msg(struct rs_error *err);
int rs_err_code(struct rs_error *err, int dofree_flag);
+/************/
+/* AVPs. */
+/************/
+#define rs_avp_is_string(vp) (rs_avp_typeof(vp) == RS_TYPE_STRING)
+#define rs_avp_is_integer(vp) (rs_avp_typeof(vp) == RS_TYPE_INTEGER)
+#define rs_avp_is_ipaddr(vp) (rs_avp_typeof(vp) == RS_TYPE_IPADDR)
+#define rs_avp_is_date(vp) (rs_avp_typeof(vp) == RS_TYPE_DATE)
+#define rs_avp_is_octets(vp) (rs_avp_typeof(vp) == RS_TYPE_OCTETS)
+#define rs_avp_is_ifid(vp) (rs_avp_typeof(vp) == RS_TYPE_IFID)
+#define rs_avp_is_ipv6addr(vp) (rs_avp_typeof(vp) == RS_TYPE_IPV6ADDR)
+#define rs_avp_is_ipv6prefix(vp) (rs_avp_typeof(vp) == RS_TYPE_IPV6PREFIX)
+#define rs_avp_is_byte(vp) (rs_avp_typeof(vp) == RS_TYPE_BYTE)
+#define rs_avp_is_short(vp) (rs_avp_typeof(vp) == RS_TYPE_SHORT)
+#define rs_avp_is_tlv(vp) (rs_avp_typeof(vp) == RS_TYPE_TLV)
+
+/** The maximum length of a RADIUS attribute.
+ *
+ * The RFCs require that a RADIUS attribute transport no more than
+ * 253 octets of data. We add an extra byte for a trailing NUL, so
+ * that the VALUE_PAIR::vp_strvalue field can be handled as a C
+ * string.
+ */
+#define RS_MAX_STRING_LEN 254
+
+/** Free the AVP list \a vps */
+void
+rs_avp_free(rs_avp **vps);
+
+/** Return the length of AVP \a vp in bytes */
+size_t
+rs_avp_length(rs_const_avp *vp);
+
+/** Return the type of \a vp */
+rs_attr_type_t
+rs_avp_typeof(rs_const_avp *vp);
+
+/** Retrieve the attribute and vendor ID of \a vp */
+void
+rs_avp_attrid(rs_const_avp *vp, unsigned int *attr, unsigned int *vendor);
+
+/** Add \a vp to the list pointed to by \a head */
+void
+rs_avp_append(rs_avp **head, rs_avp *vp);
+
+/** Find an AVP in \a vp that matches \a attr and \a vendor */
+rs_avp *
+rs_avp_find(rs_avp *vp, unsigned int attr, unsigned int vendor);
+
+/** Find an AVP in \a vp that matches \a attr and \a vendor */
+rs_const_avp *
+rs_avp_find_const(rs_const_avp *vp, unsigned int attr, unsigned int vendor);
+
+/** Alloc a new AVP for \a attr and \a vendor */
+rs_avp *
+rs_avp_alloc(unsigned int attr, unsigned int vendor);
+
+/** Duplicate existing AVP \a vp */
+rs_avp *
+rs_avp_dup(rs_const_avp *vp);
+
+/** Remove matching AVP from list \a vps */
+int
+rs_avp_delete(rs_avp **vps, unsigned int attr, unsigned int vendor);
+
+/** Return next AVP in list */
+rs_avp *
+rs_avp_next(rs_avp *vp);
+
+/** Return next AVP in list */
+rs_const_avp *
+rs_avp_next_const(rs_const_avp *avp);
+
+/** Return string value of \a vp */
+const char *
+rs_avp_string_value(rs_const_avp *vp);
+
+/** Set AVP \a vp to string \a str */
+int
+rs_avp_string_set(rs_avp *vp, const char *str);
+
+/** Return integer value of \a vp */
+uint32_t
+rs_avp_integer_value(rs_const_avp *vp);
+
+/** Set AVP \a vp to integer \a val */
+int
+rs_avp_integer_set(rs_avp *vp, uint32_t val);
+
+/** Return IPv4 value of \a vp */
+uint32_t
+rs_avp_ipaddr_value(rs_const_avp *vp);
+
+/** Set AVP \a vp to IPv4 address \a in */
+int
+rs_avp_ipaddr_set(rs_avp *vp, struct in_addr in);
+
+/** Return POSIX time value of \a vp */
+time_t
+rs_avp_date_value(rs_const_avp *vp);
+
+/** Set AVP \a vp to POSIX time \a date */
+int
+rs_avp_date_set(rs_avp *vp, time_t date);
+
+/** Return constant pointer to octets in \a vp */
+const unsigned char *
+rs_avp_octets_value_const_ptr(rs_const_avp *vp);
+
+/** Return pointer to octets in \a vp */
+unsigned char *
+rs_avp_octets_value_ptr(rs_avp *vp);
+
+/** Retrieve octet pointer \a p and length \a len from \a vp */
+int
+rs_avp_octets_value_byref(rs_avp *vp,
+ unsigned char **p,
+ size_t *len);
+
+/** Copy octets from \a vp into \a buf and \a len */
+int
+rs_avp_octets_value(rs_const_avp *vp,
+ unsigned char *buf,
+ size_t *len);
+
+/**
+ * Copy octets possibly fragmented across multiple VPs
+ * into \a buf and \a len
+ */
+int
+rs_avp_fragmented_value(rs_const_avp *vps,
+ unsigned char *buf,
+ size_t *len);
+
+/** Copy \a len octets in \a buf to AVP \a vp */
+int
+rs_avp_octets_set(rs_avp *vp,
+ const unsigned char *buf,
+ size_t len);
+
+/** Return IFID value of \a vp */
+int
+rs_avp_ifid_value(rs_const_avp *vp, uint8_t val[8]);
+
+int
+rs_avp_ifid_set(rs_avp *vp, const uint8_t val[8]);
+
+/** Return byte value of \a vp */
+uint8_t
+rs_avp_byte_value(rs_const_avp *vp);
+
+/** Set AVP \a vp to byte \a val */
+int
+rs_avp_byte_set(rs_avp *vp, uint8_t val);
+
+/** Return short value of \a vp */
+uint16_t
+rs_avp_short_value(rs_const_avp *vp);
+
+/** Set AVP \a vp to short integer \a val */
+int
+rs_avp_short_set(rs_avp *vp, uint16_t val);
+
+/** Display possibly \a canonical attribute name into \a buffer */
+int
+rs_attr_display_name (unsigned int attr,
+ unsigned int vendor,
+ char *buffer,
+ size_t bufsize,
+ int canonical);
+
+/** Display AVP \a vp into \a buffer */
+size_t
+rs_avp_display_value(rs_const_avp *vp,
+ char *buffer,
+ size_t buflen);
+
+int
+rs_attr_parse_name (const char *name,
+ unsigned int *attr,
+ unsigned int *vendor);
+
+/** Lookup attribute \a name */
+int
+rs_attr_find(const char *name,
+ unsigned int *attr,
+ unsigned int *vendor);
+
+/** Return dictionary name for AVP \a vp */
+const char *
+rs_avp_name(rs_const_avp *vp);
+
#if defined (__cplusplus)
}
#endif
+#endif /* _RADSEC_RADSEC_H_ */
+
/* Local Variables: */
/* c-file-style: "stroustrup" */
/* End: */
diff --git a/lib/include/radsec/request-impl.h b/lib/include/radsec/request-impl.h
index 8bcac60..bb61dd6 100644
--- a/lib/include/radsec/request-impl.h
+++ b/lib/include/radsec/request-impl.h
@@ -1,4 +1,7 @@
-/* See the file COPYING for licensing information. */
+/* See LICENSE for licensing information. */
+
+#ifndef _RADSEC_REQUEST_IMPL_H_
+#define _RADSEC_REQUEST_IMPL_H_ 1
#if defined (__cplusplus)
extern "C" {
@@ -16,3 +19,5 @@ struct rs_request
#if defined (__cplusplus)
}
#endif
+
+#endif /* _RADSEC_REQUEST_IMPL_H_ */
diff --git a/lib/include/radsec/request.h b/lib/include/radsec/request.h
index e914164..f0151f8 100644
--- a/lib/include/radsec/request.h
+++ b/lib/include/radsec/request.h
@@ -1,7 +1,10 @@
/** \file request.h
\brief Public interface for libradsec request's. */
-/* See the file COPYING for licensing information. */
+/* See LICENSE for licensing information. */
+
+#ifndef _RADSEC_REQUEST_H_
+#define _RADSEC_REQUEST_H_ 1
struct rs_request;
@@ -17,13 +20,16 @@ int rs_request_create(struct rs_connection *conn, struct rs_request **req_out);
void rs_request_add_reqpkt(struct rs_request *req, struct rs_packet *req_msg);
/** Create a request associated with connection \a conn containing a
- newly created RADIUS authentication message, possibly with \a
- user_name and \a user_pw attributes. \a user_name and _user_pw
- are optional and can be NULL. */
+ newly created RADIUS authentication message, possibly with
+ \a user_name and \a user_pw attributes. \a user_name and \a user_pw
+ are optional and can be NULL. If \a user_name and \a user_pw are provided,
+ \a secret must also be provided. \a secret is used for "hiding" the
+ password. */
int rs_request_create_authn(struct rs_connection *conn,
struct rs_request **req_out,
const char *user_name,
- const char *user_pw);
+ const char *user_pw,
+ const char *secret);
/** Send request \a req and wait for a matching response. The
response is put in \a resp_msg (if not NULL). NOTE: At present,
@@ -42,3 +48,5 @@ struct rs_packet *rs_request_get_reqmsg(const struct rs_request *req);
#if defined (__cplusplus)
}
#endif
+
+#endif /* _RADSEC_REQUEST_H_ */