summaryrefslogtreecommitdiff
path: root/lib/include/radsec
diff options
context:
space:
mode:
Diffstat (limited to 'lib/include/radsec')
-rw-r--r--lib/include/radsec/.gitignore1
-rw-r--r--lib/include/radsec/radsec-impl.h15
-rw-r--r--lib/include/radsec/radsec.h246
-rw-r--r--lib/include/radsec/request-impl.h5
-rw-r--r--lib/include/radsec/request.h5
5 files changed, 257 insertions, 15 deletions
diff --git a/lib/include/radsec/.gitignore b/lib/include/radsec/.gitignore
new file mode 100644
index 0000000..c20d18b
--- /dev/null
+++ b/lib/include/radsec/.gitignore
@@ -0,0 +1 @@
+radius.h
diff --git a/lib/include/radsec/radsec-impl.h b/lib/include/radsec/radsec-impl.h
index f8891ee..2df632a 100644
--- a/lib/include/radsec/radsec-impl.h
+++ b/lib/include/radsec/radsec-impl.h
@@ -3,7 +3,9 @@
/* See the file COPYING for licensing information. */
-#include <freeradius/libradius.h>
+#ifndef _RADSEC_RADSEC_IMPL_H_
+#define _RADSEC_RADSEC_IMPL_H_ 1
+
#include <event2/util.h>
#include <confuse.h>
#if defined(RS_ENABLE_TLS)
@@ -69,7 +71,6 @@ struct rs_context {
struct rs_config *config;
struct rs_alloc_scheme alloc_scheme;
struct rs_error *err;
- fr_randctx fr_randctx;
};
struct rs_connection {
@@ -108,11 +109,13 @@ enum rs_packet_flags {
rs_packet_sent_flag,
};
+struct radius_packet;
+
struct rs_packet {
struct rs_connection *conn;
unsigned int flags;
uint8_t hdr[RS_HEADER_LEN];
- RADIUS_PACKET *rpkt; /* FreeRADIUS object. */
+ struct radius_packet *rpkt; /* FreeRADIUS object. */
struct rs_packet *next; /* Used for UDP output queue. */
};
@@ -121,6 +124,10 @@ struct rs_error *rs_resolv (struct evutil_addrinfo **addr,
rs_conn_type_t type,
const char *hostname,
const char *service);
+
+/** Return the internal packet associated with packet \a pkt. */
+struct radius_packet *rs_packet_frpkt(struct rs_packet *pkt);
+
#if defined (__cplusplus)
}
#endif
@@ -137,6 +144,8 @@ struct rs_error *rs_resolv (struct evutil_addrinfo **addr,
#define min(a, b) ((a) < (b) ? (a) : (b))
#define max(a, b) ((a) > (b) ? (a) : (b))
+#endif /* _RADSEC_RADSEC_IMPL_H_ */
+
/* Local Variables: */
/* c-file-style: "stroustrup" */
/* End: */
diff --git a/lib/include/radsec/radsec.h b/lib/include/radsec/radsec.h
index 2744cd2..1aef6bb 100644
--- a/lib/include/radsec/radsec.h
+++ b/lib/include/radsec/radsec.h
@@ -3,14 +3,14 @@
/* See the file COPYING for licensing information. */
+#ifndef _RADSEC_RADSEC_H_
+#define _RADSEC_RADSEC_H_ 1
+
#include <unistd.h>
-#include <sys/time.h>
+#include <stdint.h>
-#ifdef SYSCONFDIR
-#define RS_FREERADIUS_DICT SYSCONFDIR "/raddb/dictionary"
-#else /* !SYSCONFDIR */
-#define RS_FREERADIUS_DICT "/usr/local/raddb/dictionary"
-#endif /* !SYSCONFDIR */
+#include <arpa/inet.h>
+#include <sys/time.h>
enum rs_error_code {
RSE_OK = 0,
@@ -19,7 +19,7 @@ enum rs_error_code {
RSE_INVALID_CTX = 3,
RSE_INVALID_CONN = 4,
RSE_CONN_TYPE_MISMATCH = 5,
- RSE_FR = 6, /* FreeRADIUS error. */
+ RSE_FR = 6,
RSE_BADADDR = 7,
RSE_NOPEER = 8,
RSE_EVENT = 9, /* libevent error. */
@@ -32,8 +32,31 @@ enum rs_error_code {
RSE_TIMEOUT_CONN = 16, /* Connection timeout. */
RSE_INVAL = 17, /* Invalid argument. */
RSE_TIMEOUT_IO = 18, /* I/O timeout. */
- RSE_TIMEOUT = 19, /* High level timeout. */
+ RSE_TIMEOUT= 19, /* High level timeout. */
RSE_DISCO = 20,
+ RSE_INUSE = 21,
+ RSE_PACKET_TOO_SMALL = 22,
+ RSE_PACKET_TOO_LARGE = 23,
+ RSE_ATTR_OVERFLOW = 24,
+ RSE_ATTR_TOO_SMALL = 25,
+ RSE_ATTR_TOO_LARGE = 26,
+ RSE_ATTR_UNKNOWN = 27,
+ RSE_ATTR_BAD_NAME = 28,
+ RSE_ATTR_VALUE_MALFORMED = 29,
+ RSE_ATTR_INVALID = 30,
+ RSE_TOO_MANY_ATTRS = 31,
+ RSE_ATTR_TYPE_UNKNOWN = 32,
+ RSE_MSG_AUTH_LEN = 33,
+ RSE_MSG_AUTH_WRONG = 34,
+ RSE_REQUEST_REQUIRED = 35,
+ RSE_INVALID_REQUEST_CODE = 36,
+ RSE_AUTH_VECTOR_WRONG = 37,
+ RSE_INVALID_RESPONSE_CODE = 38,
+ RSE_INVALID_RESPONSE_ID = 39,
+ RSE_INVALID_RESPONSE_SRC = 40,
+ RSE_NO_PACKET_DATA = 41,
+ RSE_VENDOR_UNKNOWN = 42,
+ RSE_MAX = RSE_VENDOR_UNKNOWN
};
enum rs_conn_type {
@@ -45,6 +68,39 @@ enum rs_conn_type {
};
typedef unsigned int rs_conn_type_t;
+typedef enum rs_attr_type_t {
+ RS_TYPE_INVALID = 0, /**< Invalid data type */
+ RS_TYPE_STRING, /**< printable-text */
+ RS_TYPE_INTEGER, /**< a 32-bit unsigned integer */
+ RS_TYPE_IPADDR, /**< an IPv4 address */
+ RS_TYPE_DATE, /**< a 32-bit date, of seconds since January 1, 1970 */
+ RS_TYPE_OCTETS, /**< a sequence of binary octets */
+ RS_TYPE_IFID, /**< an Interface Id */
+ RS_TYPE_IPV6ADDR, /**< an IPv6 address */
+ RS_TYPE_IPV6PREFIX, /**< an IPv6 prefix */
+ RS_TYPE_BYTE, /**< an 8-bit integer */
+ RS_TYPE_SHORT, /**< a 16-bit integer */
+} rs_attr_type_t;
+
+#define PW_ACCESS_REQUEST 1
+#define PW_ACCESS_ACCEPT 2
+#define PW_ACCESS_REJECT 3
+#define PW_ACCOUNTING_REQUEST 4
+#define PW_ACCOUNTING_RESPONSE 5
+#define PW_ACCOUNTING_STATUS 6
+#define PW_PASSWORD_REQUEST 7
+#define PW_PASSWORD_ACK 8
+#define PW_PASSWORD_REJECT 9
+#define PW_ACCOUNTING_MESSAGE 10
+#define PW_ACCESS_CHALLENGE 11
+#define PW_STATUS_SERVER 12
+#define PW_STATUS_CLIENT 13
+#define PW_DISCONNECT_REQUEST 40
+#define PW_DISCONNECT_ACK 41
+#define PW_DISCONNECT_NAK 42
+#define PW_COA_REQUEST 43
+#define PW_COA_ACK 44
+#define PW_COA_NAK 45
#if defined (__cplusplus)
extern "C" {
@@ -57,7 +113,8 @@ struct rs_packet; /* radsec-impl.h */
struct rs_conn; /* radsec-impl.h */
struct rs_error; /* radsec-impl.h */
struct rs_peer; /* radsec-impl.h */
-struct radius_packet; /* <freeradius/libradius.h> */
+struct radius_packet; /* <radius/client.h> */
+struct value_pair; /* <radius/client.h> */
struct event_base; /* <event2/event-internal.h> */
typedef void *(*rs_calloc_fp) (size_t nmemb, size_t size);
@@ -87,6 +144,8 @@ struct rs_conn_callbacks {
rs_conn_packet_sent_cb sent_cb;
};
+typedef struct value_pair rs_avp;
+typedef const struct value_pair rs_const_avp;
/* Function prototypes. */
@@ -251,9 +310,6 @@ void rs_packet_destroy(struct rs_packet *pkt);
rs_err_conn_pop. */
int rs_packet_send(struct rs_packet *pkt, void *user_data);
-/** Return the FreeRADIUS packet associated with packet \a pkt. */
-struct radius_packet *rs_packet_frpkt(struct rs_packet *pkt);
-
/** Create a RADIUS authentication request packet associated with
connection \a conn. Optionally, User-Name and User-Password
attributes are added to the packet using the data in \a user_name
@@ -263,6 +319,28 @@ int rs_packet_create_authn_request(struct rs_connection *conn,
const char *user_name,
const char *user_pw);
+/*** Append \a tail to packet \a pkt. */
+int
+rs_packet_append_avp(struct rs_packet *pkt,
+ unsigned int attribute, unsigned int vendor,
+ const void *data, size_t data_len);
+
+/*** Get pointer to \a pkt attribute value pairs. */
+void
+rs_packet_avps(struct rs_packet *pkt, rs_avp ***vps);
+
+/*** Get RADIUS packet type of \a pkt. */
+unsigned int
+rs_packet_code(struct rs_packet *pkt);
+
+/*** Get RADIUS AVP from \a pkt. */
+rs_const_avp *
+rs_packet_find_avp(struct rs_packet *pkt, unsigned int attr, unsigned int vendor);
+
+/*** Set packet identifier in \a pkt; returns old identifier */
+int
+rs_packet_set_id (struct rs_packet *pkt, int id);
+
/************/
/* Config. */
/************/
@@ -309,10 +387,154 @@ void rs_err_free(struct rs_error *err);
char *rs_err_msg(struct rs_error *err);
int rs_err_code(struct rs_error *err, int dofree_flag);
+/************/
+/* AVPs. */
+/************/
+#define rs_avp_is_string(vp) (rs_avp_typeof(vp) == RS_TYPE_STRING)
+#define rs_avp_is_integer(vp) (rs_avp_typeof(vp) == RS_TYPE_INTEGER)
+#define rs_avp_is_ipaddr(vp) (rs_avp_typeof(vp) == RS_TYPE_IPADDR)
+#define rs_avp_is_date(vp) (rs_avp_typeof(vp) == RS_TYPE_DATE)
+#define rs_avp_is_octets(vp) (rs_avp_typeof(vp) == RS_TYPE_OCTETS)
+#define rs_avp_is_ifid(vp) (rs_avp_typeof(vp) == RS_TYPE_IFID)
+#define rs_avp_is_ipv6addr(vp) (rs_avp_typeof(vp) == RS_TYPE_IPV6ADDR)
+#define rs_avp_is_ipv6prefix(vp) (rs_avp_typeof(vp) == RS_TYPE_IPV6PREFIX)
+#define rs_avp_is_byte(vp) (rs_avp_typeof(vp) == RS_TYPE_BYTE)
+#define rs_avp_is_short(vp) (rs_avp_typeof(vp) == RS_TYPE_SHORT)
+#define rs_avp_is_tlv(vp) (rs_avp_typeof(vp) == RS_TYPE_TLV)
+
+/** The maximum length of a RADIUS attribute.
+ *
+ * The RFCs require that a RADIUS attribute transport no more than
+ * 253 octets of data. We add an extra byte for a trailing NUL, so
+ * that the VALUE_PAIR::vp_strvalue field can be handled as a C
+ * string.
+ */
+#define RS_MAX_STRING_LEN 254
+
+void
+rs_avp_free(rs_avp **vps);
+
+size_t
+rs_avp_length(rs_const_avp *vp);
+
+rs_attr_type_t
+rs_avp_typeof(rs_const_avp *vp);
+
+void
+rs_avp_attrid(rs_const_avp *vp, unsigned int *attr, unsigned int *vendor);
+
+
+void
+rs_avp_append(rs_avp **head, rs_avp *tail);
+
+rs_avp *
+rs_avp_find(rs_avp *vp, unsigned int attr, unsigned int vendor);
+
+rs_const_avp *
+rs_avp_find_const(rs_const_avp *vp, unsigned int attr, unsigned int vendor);
+
+rs_avp *
+rs_avp_alloc(unsigned int attr, unsigned int vendor);
+
+rs_avp *
+rs_avp_dup(rs_const_avp *vp);
+
+int
+rs_avp_delete(rs_avp **first, unsigned int attr, unsigned int vendor);
+
+rs_avp *
+rs_avp_next(rs_avp *avp);
+
+rs_const_avp *
+rs_avp_next_const(rs_const_avp *avp);
+
+const char *
+rs_avp_string_value(rs_const_avp *vp);
+
+int
+rs_avp_string_set(rs_avp *vp, const char *str);
+
+uint32_t
+rs_avp_integer_value(rs_const_avp *vp);
+
+int
+rs_avp_integer_set(rs_avp *vp, uint32_t val);
+
+uint32_t
+rs_avp_ipaddr_value(rs_const_avp *vp);
+
+int
+rs_avp_ipaddr_set(rs_avp *vp, struct in_addr in);
+
+time_t
+rs_avp_date_value(rs_const_avp *vp);
+
+int
+rs_avp_date_set(rs_avp *vp, time_t date);
+
+const unsigned char *
+rs_avp_octets_value_const_ptr(rs_const_avp *vp);
+
+unsigned char *
+rs_avp_octets_value_ptr(rs_avp *vp);
+
+int
+rs_avp_octets_value_byref(rs_avp *vp,
+ unsigned char **p,
+ size_t *len);
+
+int
+rs_avp_octets_value(rs_const_avp *vp,
+ unsigned char *buf,
+ size_t *len);
+
+int
+rs_avp_fragmented_value(rs_const_avp *vps,
+ unsigned char *buf,
+ size_t *len);
+
+int
+rs_avp_octets_set(rs_avp *vp,
+ const unsigned char *buf,
+ size_t len);
+
+int
+rs_avp_ifid_value(rs_const_avp *vp, uint8_t val[8]);
+
+int
+rs_avp_ifid_set(rs_avp *vp, const uint8_t val[8]);
+
+uint8_t
+rs_avp_byte_value(rs_const_avp *vp);
+
+int
+rs_avp_byte_set(rs_avp *vp, uint8_t val);
+
+uint16_t
+rs_avp_short_value(rs_const_avp *vp);
+
+int
+rs_avp_short_set(rs_avp *vp, uint16_t val);
+
+size_t
+rs_avp_display_value(rs_const_avp *vp,
+ char *buffer,
+ size_t buflen);
+
+int
+rs_attr_find(const char *name,
+ unsigned int *attr,
+ unsigned int *vendor);
+
+const char *
+rs_avp_name(rs_const_avp *vp);
+
#if defined (__cplusplus)
}
#endif
+#endif /* _RADSEC_RADSEC_H_ */
+
/* Local Variables: */
/* c-file-style: "stroustrup" */
/* End: */
diff --git a/lib/include/radsec/request-impl.h b/lib/include/radsec/request-impl.h
index 8bcac60..d2c14dd 100644
--- a/lib/include/radsec/request-impl.h
+++ b/lib/include/radsec/request-impl.h
@@ -1,5 +1,8 @@
/* See the file COPYING for licensing information. */
+#ifndef _RADSEC_REQUEST_IMPL_H_
+#define _RADSEC_REQUEST_IMPL_H_ 1
+
#if defined (__cplusplus)
extern "C" {
#endif
@@ -16,3 +19,5 @@ struct rs_request
#if defined (__cplusplus)
}
#endif
+
+#endif /* _RADSEC_REQUEST_IMPL_H_ */
diff --git a/lib/include/radsec/request.h b/lib/include/radsec/request.h
index e914164..f124373 100644
--- a/lib/include/radsec/request.h
+++ b/lib/include/radsec/request.h
@@ -3,6 +3,9 @@
/* See the file COPYING for licensing information. */
+#ifndef _RADSEC_REQUEST_H_
+#define _RADSEC_REQUEST_H_ 1
+
struct rs_request;
#if defined (__cplusplus)
@@ -42,3 +45,5 @@ struct rs_packet *rs_request_get_reqmsg(const struct rs_request *req);
#if defined (__cplusplus)
}
#endif
+
+#endif /* _RADSEC_REQUEST_H_ */