wpa_supplicant / hostapd  2.5
 All Data Structures Files Functions Variables Typedefs Enumerations Enumerator Macros Pages
radius.h
Go to the documentation of this file.
1 
5 #ifndef RADIUS_H
6 #define RADIUS_H
7 
8 /* RFC 2865 - RADIUS */
9 
10 #ifdef _MSC_VER
11 #pragma pack(push, 1)
12 #endif /* _MSC_VER */
13 
14 struct radius_hdr {
15  u8 code;
16  u8 identifier;
17  be16 length; /* including this header */
18  u8 authenticator[16];
19  /* followed by length-20 octets of attributes */
20 } STRUCT_PACKED;
21 
22 enum { RADIUS_CODE_ACCESS_REQUEST = 1,
23  RADIUS_CODE_ACCESS_ACCEPT = 2,
24  RADIUS_CODE_ACCESS_REJECT = 3,
25  RADIUS_CODE_ACCOUNTING_REQUEST = 4,
26  RADIUS_CODE_ACCOUNTING_RESPONSE = 5,
27  RADIUS_CODE_ACCESS_CHALLENGE = 11,
28  RADIUS_CODE_STATUS_SERVER = 12,
29  RADIUS_CODE_STATUS_CLIENT = 13,
30  RADIUS_CODE_DISCONNECT_REQUEST = 40,
31  RADIUS_CODE_DISCONNECT_ACK = 41,
32  RADIUS_CODE_DISCONNECT_NAK = 42,
33  RADIUS_CODE_COA_REQUEST = 43,
34  RADIUS_CODE_COA_ACK = 44,
35  RADIUS_CODE_COA_NAK = 45,
36  RADIUS_CODE_RESERVED = 255
37 };
38 
40  u8 type;
41  u8 length; /* including this header */
42  /* followed by length-2 octets of attribute value */
43 } STRUCT_PACKED;
44 
45 #define RADIUS_MAX_ATTR_LEN (255 - sizeof(struct radius_attr_hdr))
46 
47 enum { RADIUS_ATTR_USER_NAME = 1,
48  RADIUS_ATTR_USER_PASSWORD = 2,
49  RADIUS_ATTR_NAS_IP_ADDRESS = 4,
50  RADIUS_ATTR_NAS_PORT = 5,
51  RADIUS_ATTR_FRAMED_MTU = 12,
52  RADIUS_ATTR_REPLY_MESSAGE = 18,
53  RADIUS_ATTR_STATE = 24,
54  RADIUS_ATTR_CLASS = 25,
55  RADIUS_ATTR_VENDOR_SPECIFIC = 26,
56  RADIUS_ATTR_SESSION_TIMEOUT = 27,
57  RADIUS_ATTR_IDLE_TIMEOUT = 28,
58  RADIUS_ATTR_TERMINATION_ACTION = 29,
59  RADIUS_ATTR_CALLED_STATION_ID = 30,
60  RADIUS_ATTR_CALLING_STATION_ID = 31,
61  RADIUS_ATTR_NAS_IDENTIFIER = 32,
62  RADIUS_ATTR_PROXY_STATE = 33,
63  RADIUS_ATTR_ACCT_STATUS_TYPE = 40,
64  RADIUS_ATTR_ACCT_DELAY_TIME = 41,
65  RADIUS_ATTR_ACCT_INPUT_OCTETS = 42,
66  RADIUS_ATTR_ACCT_OUTPUT_OCTETS = 43,
67  RADIUS_ATTR_ACCT_SESSION_ID = 44,
68  RADIUS_ATTR_ACCT_AUTHENTIC = 45,
69  RADIUS_ATTR_ACCT_SESSION_TIME = 46,
70  RADIUS_ATTR_ACCT_INPUT_PACKETS = 47,
71  RADIUS_ATTR_ACCT_OUTPUT_PACKETS = 48,
72  RADIUS_ATTR_ACCT_TERMINATE_CAUSE = 49,
73  RADIUS_ATTR_ACCT_MULTI_SESSION_ID = 50,
74  RADIUS_ATTR_ACCT_LINK_COUNT = 51,
75  RADIUS_ATTR_ACCT_INPUT_GIGAWORDS = 52,
76  RADIUS_ATTR_ACCT_OUTPUT_GIGAWORDS = 53,
77  RADIUS_ATTR_EVENT_TIMESTAMP = 55,
78  RADIUS_ATTR_NAS_PORT_TYPE = 61,
79  RADIUS_ATTR_TUNNEL_TYPE = 64,
80  RADIUS_ATTR_TUNNEL_MEDIUM_TYPE = 65,
81  RADIUS_ATTR_TUNNEL_PASSWORD = 69,
82  RADIUS_ATTR_CONNECT_INFO = 77,
83  RADIUS_ATTR_EAP_MESSAGE = 79,
84  RADIUS_ATTR_MESSAGE_AUTHENTICATOR = 80,
85  RADIUS_ATTR_TUNNEL_PRIVATE_GROUP_ID = 81,
86  RADIUS_ATTR_ACCT_INTERIM_INTERVAL = 85,
87  RADIUS_ATTR_CHARGEABLE_USER_IDENTITY = 89,
88  RADIUS_ATTR_NAS_IPV6_ADDRESS = 95,
89  RADIUS_ATTR_ERROR_CAUSE = 101,
90  RADIUS_ATTR_EAP_KEY_NAME = 102,
91  RADIUS_ATTR_OPERATOR_NAME = 126,
92  RADIUS_ATTR_LOCATION_INFO = 127,
93  RADIUS_ATTR_LOCATION_DATA = 128,
94  RADIUS_ATTR_BASIC_LOCATION_POLICY_RULES = 129,
95  RADIUS_ATTR_EXTENDED_LOCATION_POLICY_RULES = 130,
96  RADIUS_ATTR_LOCATION_CAPABLE = 131,
97  RADIUS_ATTR_REQUESTED_LOCATION_INFO = 132,
98  RADIUS_ATTR_MOBILITY_DOMAIN_ID = 177,
99  RADIUS_ATTR_WLAN_HESSID = 181,
100  RADIUS_ATTR_WLAN_PAIRWISE_CIPHER = 186,
101  RADIUS_ATTR_WLAN_GROUP_CIPHER = 187,
102  RADIUS_ATTR_WLAN_AKM_SUITE = 188,
103  RADIUS_ATTR_WLAN_GROUP_MGMT_CIPHER = 189,
104 };
105 
106 
107 /* Termination-Action */
108 #define RADIUS_TERMINATION_ACTION_DEFAULT 0
109 #define RADIUS_TERMINATION_ACTION_RADIUS_REQUEST 1
110 
111 /* NAS-Port-Type */
112 #define RADIUS_NAS_PORT_TYPE_IEEE_802_11 19
113 
114 /* Acct-Status-Type */
115 #define RADIUS_ACCT_STATUS_TYPE_START 1
116 #define RADIUS_ACCT_STATUS_TYPE_STOP 2
117 #define RADIUS_ACCT_STATUS_TYPE_INTERIM_UPDATE 3
118 #define RADIUS_ACCT_STATUS_TYPE_ACCOUNTING_ON 7
119 #define RADIUS_ACCT_STATUS_TYPE_ACCOUNTING_OFF 8
120 
121 /* Acct-Authentic */
122 #define RADIUS_ACCT_AUTHENTIC_RADIUS 1
123 #define RADIUS_ACCT_AUTHENTIC_LOCAL 2
124 #define RADIUS_ACCT_AUTHENTIC_REMOTE 3
125 
126 /* Acct-Terminate-Cause */
127 #define RADIUS_ACCT_TERMINATE_CAUSE_USER_REQUEST 1
128 #define RADIUS_ACCT_TERMINATE_CAUSE_LOST_CARRIER 2
129 #define RADIUS_ACCT_TERMINATE_CAUSE_LOST_SERVICE 3
130 #define RADIUS_ACCT_TERMINATE_CAUSE_IDLE_TIMEOUT 4
131 #define RADIUS_ACCT_TERMINATE_CAUSE_SESSION_TIMEOUT 5
132 #define RADIUS_ACCT_TERMINATE_CAUSE_ADMIN_RESET 6
133 #define RADIUS_ACCT_TERMINATE_CAUSE_ADMIN_REBOOT 7
134 #define RADIUS_ACCT_TERMINATE_CAUSE_PORT_ERROR 8
135 #define RADIUS_ACCT_TERMINATE_CAUSE_NAS_ERROR 9
136 #define RADIUS_ACCT_TERMINATE_CAUSE_NAS_REQUEST 10
137 #define RADIUS_ACCT_TERMINATE_CAUSE_NAS_REBOOT 11
138 #define RADIUS_ACCT_TERMINATE_CAUSE_PORT_UNNEEDED 12
139 #define RADIUS_ACCT_TERMINATE_CAUSE_PORT_PREEMPTED 13
140 #define RADIUS_ACCT_TERMINATE_CAUSE_PORT_SUSPENDED 14
141 #define RADIUS_ACCT_TERMINATE_CAUSE_SERVICE_UNAVAILABLE 15
142 #define RADIUS_ACCT_TERMINATE_CAUSE_CALLBACK 16
143 #define RADIUS_ACCT_TERMINATE_CAUSE_USER_ERROR 17
144 #define RADIUS_ACCT_TERMINATE_CAUSE_HOST_REQUEST 18
145 
146 #define RADIUS_TUNNEL_TAGS 32
147 
148 /* Tunnel-Type */
149 #define RADIUS_TUNNEL_TYPE_PPTP 1
150 #define RADIUS_TUNNEL_TYPE_L2TP 3
151 #define RADIUS_TUNNEL_TYPE_IPIP 7
152 #define RADIUS_TUNNEL_TYPE_GRE 10
153 #define RADIUS_TUNNEL_TYPE_VLAN 13
154 
155 /* Tunnel-Medium-Type */
156 #define RADIUS_TUNNEL_MEDIUM_TYPE_IPV4 1
157 #define RADIUS_TUNNEL_MEDIUM_TYPE_IPV6 2
158 #define RADIUS_TUNNEL_MEDIUM_TYPE_802 6
159 
160 
162  u8 vendor_type;
163  u8 vendor_length;
164 } STRUCT_PACKED;
165 
166 #define RADIUS_VENDOR_ID_CISCO 9
167 #define RADIUS_CISCO_AV_PAIR 1
168 
169 /* RFC 2548 - Microsoft Vendor-specific RADIUS Attributes */
170 #define RADIUS_VENDOR_ID_MICROSOFT 311
171 
172 enum { RADIUS_VENDOR_ATTR_MS_MPPE_SEND_KEY = 16,
173  RADIUS_VENDOR_ATTR_MS_MPPE_RECV_KEY = 17
174 };
175 
176 
177 /* Hotspot 2.0 - WFA Vendor-specific RADIUS Attributes */
178 #define RADIUS_VENDOR_ID_WFA 40808
179 
180 enum {
181  RADIUS_VENDOR_ATTR_WFA_HS20_SUBSCR_REMEDIATION = 1,
182  RADIUS_VENDOR_ATTR_WFA_HS20_AP_VERSION = 2,
183  RADIUS_VENDOR_ATTR_WFA_HS20_STA_VERSION = 3,
184  RADIUS_VENDOR_ATTR_WFA_HS20_DEAUTH_REQ = 4,
185  RADIUS_VENDOR_ATTR_WFA_HS20_SESSION_INFO_URL = 5,
186 };
187 
188 #ifdef _MSC_VER
189 #pragma pack(pop)
190 #endif /* _MSC_VER */
191 
193  u8 *send;
194  size_t send_len;
195  u8 *recv;
196  size_t recv_len;
197 };
198 
199 
200 struct radius_msg;
201 
202 /* Default size to be allocated for new RADIUS messages */
203 #define RADIUS_DEFAULT_MSG_SIZE 1024
204 
205 /* Default size to be allocated for attribute array */
206 #define RADIUS_DEFAULT_ATTR_COUNT 16
207 
208 
209 /* MAC address ASCII format for IEEE 802.1X use
210  * (draft-congdon-radius-8021x-20.txt) */
211 #define RADIUS_802_1X_ADDR_FORMAT "%02X-%02X-%02X-%02X-%02X-%02X"
212 /* MAC address ASCII format for non-802.1X use */
213 #define RADIUS_ADDR_FORMAT "%02x%02x%02x%02x%02x%02x"
214 
215 struct radius_hdr * radius_msg_get_hdr(struct radius_msg *msg);
216 struct wpabuf * radius_msg_get_buf(struct radius_msg *msg);
217 struct radius_msg * radius_msg_new(u8 code, u8 identifier);
218 void radius_msg_free(struct radius_msg *msg);
219 void radius_msg_dump(struct radius_msg *msg);
220 int radius_msg_finish(struct radius_msg *msg, const u8 *secret,
221  size_t secret_len);
222 int radius_msg_finish_srv(struct radius_msg *msg, const u8 *secret,
223  size_t secret_len, const u8 *req_authenticator);
224 int radius_msg_finish_das_resp(struct radius_msg *msg, const u8 *secret,
225  size_t secret_len,
226  const struct radius_hdr *req_hdr);
227 void radius_msg_finish_acct(struct radius_msg *msg, const u8 *secret,
228  size_t secret_len);
229 void radius_msg_finish_acct_resp(struct radius_msg *msg, const u8 *secret,
230  size_t secret_len,
231  const u8 *req_authenticator);
232 int radius_msg_verify_acct_req(struct radius_msg *msg, const u8 *secret,
233  size_t secret_len);
234 int radius_msg_verify_das_req(struct radius_msg *msg, const u8 *secret,
235  size_t secret_len);
236 struct radius_attr_hdr * radius_msg_add_attr(struct radius_msg *msg, u8 type,
237  const u8 *data, size_t data_len);
238 struct radius_msg * radius_msg_parse(const u8 *data, size_t len);
239 int radius_msg_add_eap(struct radius_msg *msg, const u8 *data,
240  size_t data_len);
241 struct wpabuf * radius_msg_get_eap(struct radius_msg *msg);
242 int radius_msg_verify(struct radius_msg *msg, const u8 *secret,
243  size_t secret_len, struct radius_msg *sent_msg,
244  int auth);
245 int radius_msg_verify_msg_auth(struct radius_msg *msg, const u8 *secret,
246  size_t secret_len, const u8 *req_auth);
247 int radius_msg_copy_attr(struct radius_msg *dst, struct radius_msg *src,
248  u8 type);
249 void radius_msg_make_authenticator(struct radius_msg *msg,
250  const u8 *data, size_t len);
251 struct radius_ms_mppe_keys *
252 radius_msg_get_ms_keys(struct radius_msg *msg, struct radius_msg *sent_msg,
253  const u8 *secret, size_t secret_len);
254 struct radius_ms_mppe_keys *
255 radius_msg_get_cisco_keys(struct radius_msg *msg, struct radius_msg *sent_msg,
256  const u8 *secret, size_t secret_len);
257 int radius_msg_add_mppe_keys(struct radius_msg *msg,
258  const u8 *req_authenticator,
259  const u8 *secret, size_t secret_len,
260  const u8 *send_key, size_t send_key_len,
261  const u8 *recv_key, size_t recv_key_len);
262 int radius_msg_add_wfa(struct radius_msg *msg, u8 subtype, const u8 *data,
263  size_t len);
264 int radius_user_password_hide(struct radius_msg *msg,
265  const u8 *data, size_t data_len,
266  const u8 *secret, size_t secret_len,
267  u8 *buf, size_t buf_len);
268 struct radius_attr_hdr *
269 radius_msg_add_attr_user_password(struct radius_msg *msg,
270  const u8 *data, size_t data_len,
271  const u8 *secret, size_t secret_len);
272 int radius_msg_get_attr(struct radius_msg *msg, u8 type, u8 *buf, size_t len);
273 int radius_msg_get_vlanid(struct radius_msg *msg);
274 char * radius_msg_get_tunnel_password(struct radius_msg *msg, int *keylen,
275  const u8 *secret, size_t secret_len,
276  struct radius_msg *sent_msg, size_t n);
277 
278 static inline int radius_msg_add_attr_int32(struct radius_msg *msg, u8 type,
279  u32 value)
280 {
281  u32 val = htonl(value);
282  return radius_msg_add_attr(msg, type, (u8 *) &val, 4) != NULL;
283 }
284 
285 static inline int radius_msg_get_attr_int32(struct radius_msg *msg, u8 type,
286  u32 *value)
287 {
288  u32 val;
289  int res;
290  res = radius_msg_get_attr(msg, type, (u8 *) &val, 4);
291  if (res != 4)
292  return -1;
293 
294  *value = ntohl(val);
295  return 0;
296 }
297 int radius_msg_get_attr_ptr(struct radius_msg *msg, u8 type, u8 **buf,
298  size_t *len, const u8 *start);
299 int radius_msg_count_attr(struct radius_msg *msg, u8 type, int min_len);
300 
301 
303  u8 *data;
304  size_t len;
305 };
306 
308  struct radius_attr_data *attr;
309  size_t count;
310 };
311 
312 void radius_free_class(struct radius_class_data *c);
313 int radius_copy_class(struct radius_class_data *dst,
314  const struct radius_class_data *src);
315 
316 u8 radius_msg_find_unlisted_attr(struct radius_msg *msg, u8 *attrs);
317 
318 #endif /* RADIUS_H */
Definition: radius.h:192
RADIUS message structure for new and parsed messages.
Definition: radius.c:18
Definition: radius.h:161
void radius_msg_free(struct radius_msg *msg)
Free a RADIUS message.
Definition: radius.c:129
Definition: wpabuf.h:16
struct radius_msg * radius_msg_parse(const u8 *data, size_t len)
Parse a RADIUS message.
Definition: radius.c:664
Definition: radius.h:39
Definition: radius.h:302
char * radius_msg_get_tunnel_password(struct radius_msg *msg, int *keylen, const u8 *secret, size_t secret_len, struct radius_msg *sent_msg, size_t n)
Parse RADIUS attribute Tunnel-Password.
Definition: radius.c:1507
int radius_msg_get_vlanid(struct radius_msg *msg)
Parse RADIUS attributes for VLAN tunnel information.
Definition: radius.c:1432
Definition: radius.h:307
struct radius_msg * radius_msg_new(u8 code, u8 identifier)
Create a new RADIUS message.
Definition: radius.c:104
Definition: radius.h:14