diff options
author | Sam Hartman <hartmans@debian.org> | 2014-08-24 13:23:12 -0400 |
---|---|---|
committer | Sam Hartman <hartmans@debian.org> | 2014-08-24 13:23:12 -0400 |
commit | 25541859118c92a6497b52bba46c6bc4e582fcb2 (patch) | |
tree | 6eb7faaa084ef9251b7c9805fc391b46e1aa8bf1 /include/radsec |
Import libradsec_0.0.5.orig.tar.gz
[dgit import orig libradsec_0.0.5.orig.tar.gz]
Diffstat (limited to 'include/radsec')
-rw-r--r-- | include/radsec/radius.h | 349 | ||||
-rw-r--r-- | include/radsec/radsec-impl.h | 156 | ||||
-rw-r--r-- | include/radsec/radsec.h | 607 | ||||
-rw-r--r-- | include/radsec/request-impl.h | 24 | ||||
-rw-r--r-- | include/radsec/request.h | 50 |
5 files changed, 1186 insertions, 0 deletions
diff --git a/include/radsec/radius.h b/include/radsec/radius.h new file mode 100644 index 0000000..6798598 --- /dev/null +++ b/include/radsec/radius.h @@ -0,0 +1,349 @@ +/* Automatically generated file. Do not edit */ + +#define VENDORPEC_JUNIPER 2636 +#define VENDORPEC_MICROSOFT 311 +#define VENDORPEC_UKERNA 25622 + + +/* IETF */ +#define PW_USER_NAME 1 +#define PW_USER_PASSWORD 2 +#define PW_CHAP_PASSWORD 3 +#define PW_NAS_IP_ADDRESS 4 +#define PW_NAS_PORT 5 +#define PW_SERVICE_TYPE 6 +#define PW_FRAMED_PROTOCOL 7 +#define PW_FRAMED_IP_ADDRESS 8 +#define PW_FRAMED_IP_NETMASK 9 +#define PW_FRAMED_ROUTING 10 +#define PW_FILTER_ID 11 +#define PW_FRAMED_MTU 12 +#define PW_FRAMED_COMPRESSION 13 +#define PW_LOGIN_IP_HOST 14 +#define PW_LOGIN_SERVICE 15 +#define PW_LOGIN_TCP_PORT 16 +#define PW_REPLY_MESSAGE 18 +#define PW_CALLBACK_NUMBER 19 +#define PW_CALLBACK_ID 20 +#define PW_FRAMED_ROUTE 22 +#define PW_FRAMED_IPX_NETWORK 23 +#define PW_STATE 24 +#define PW_CLASS 25 +#define PW_VENDOR_SPECIFIC 26 +#define PW_SESSION_TIMEOUT 27 +#define PW_IDLE_TIMEOUT 28 +#define PW_TERMINATION_ACTION 29 +#define PW_CALLED_STATION_ID 30 +#define PW_CALLING_STATION_ID 31 +#define PW_NAS_IDENTIFIER 32 +#define PW_PROXY_STATE 33 +#define PW_LOGIN_LAT_SERVICE 34 +#define PW_LOGIN_LAT_NODE 35 +#define PW_LOGIN_LAT_GROUP 36 +#define PW_FRAMED_APPLETALK_LINK 37 +#define PW_FRAMED_APPLETALK_NETWORK 38 +#define PW_FRAMED_APPLETALK_ZONE 39 +#define PW_ACCT_STATUS_TYPE 40 +#define PW_ACCT_DELAY_TIME 41 +#define PW_ACCT_INPUT_OCTETS 42 +#define PW_ACCT_OUTPUT_OCTETS 43 +#define PW_ACCT_SESSION_ID 44 +#define PW_ACCT_AUTHENTIC 45 +#define PW_ACCT_SESSION_TIME 46 +#define PW_ACCT_INPUT_PACKETS 47 +#define PW_ACCT_OUTPUT_PACKETS 48 +#define PW_ACCT_TERMINATE_CAUSE 49 +#define PW_ACCT_MULTI_SESSION_ID 50 +#define PW_ACCT_LINK_COUNT 51 +#define PW_ACCT_INPUT_GIGAWORDS 52 +#define PW_ACCT_OUTPUT_GIGAWORDS 53 +#define PW_EVENT_TIMESTAMP 55 +#define PW_EGRESS_VLANID 56 +#define PW_INGRESS_FILTERS 57 +#define PW_EGRESS_VLAN_NAME 58 +#define PW_USER_PRIORITY_TABLE 59 +#define PW_CHAP_CHALLENGE 60 +#define PW_NAS_PORT_TYPE 61 +#define PW_PORT_LIMIT 62 +#define PW_LOGIN_LAT_PORT 63 +#define PW_TUNNEL_TYPE 64 +#define PW_TUNNEL_MEDIUM_TYPE 65 +#define PW_TUNNEL_CLIENT_ENDPOINT 66 +#define PW_TUNNEL_SERVER_ENDPOINT 67 +#define PW_ACCT_TUNNEL_CONNECTION 68 +#define PW_TUNNEL_PASSWORD 69 +#define PW_ARAP_PASSWORD 70 +#define PW_ARAP_FEATURES 71 +#define PW_ARAP_ZONE_ACCESS 72 +#define PW_ARAP_SECURITY 73 +#define PW_ARAP_SECURITY_DATA 74 +#define PW_PASSWORD_RETRY 75 +#define PW_PROMPT 76 +#define PW_CONNECT_INFO 77 +#define PW_CONFIGURATION_TOKEN 78 +#define PW_EAP_MESSAGE 79 +#define PW_MESSAGE_AUTHENTICATOR 80 +#define PW_TUNNEL_PRIVATE_GROUP_ID 81 +#define PW_TUNNEL_ASSIGNMENT_ID 82 +#define PW_TUNNEL_PREFERENCE 83 +#define PW_ARAP_CHALLENGE_RESPONSE 84 +#define PW_ACCT_INTERIM_INTERVAL 85 +#define PW_ACCT_TUNNEL_PACKETS_LOST 86 +#define PW_NAS_PORT_ID 87 +#define PW_FRAMED_POOL 88 +#define PW_CHARGEABLE_USER_IDENTITY 89 +#define PW_TUNNEL_CLIENT_AUTH_ID 90 +#define PW_TUNNEL_SERVER_AUTH_ID 91 +#define PW_NAS_FILTER_RULE 92 +#define PW_NAS_IPV6_ADDRESS 95 +#define PW_FRAMED_INTERFACE_ID 96 +#define PW_FRAMED_IPV6_PREFIX 97 +#define PW_LOGIN_IPV6_HOST 98 +#define PW_FRAMED_IPV6_ROUTE 99 +#define PW_FRAMED_IPV6_POOL 100 +#define PW_ERROR_CAUSE 101 +#define PW_EAP_KEY_NAME 102 +#define PW_DIGEST_RESPONSE 103 +#define PW_DIGEST_REALM 104 +#define PW_DIGEST_NONCE 105 +#define PW_DIGEST_RESPONSE_AUTH 106 +#define PW_DIGEST_NEXTNONCE 107 +#define PW_DIGEST_METHOD 108 +#define PW_DIGEST_URI 109 +#define PW_DIGEST_QOP 110 +#define PW_DIGEST_ALGORITHM 111 +#define PW_DIGEST_ENTITY_BODY_HASH 112 +#define PW_DIGEST_CNONCE 113 +#define PW_DIGEST_NONCE_COUNT 114 +#define PW_DIGEST_USERNAME 115 +#define PW_DIGEST_OPAQUE 116 +#define PW_DIGEST_AUTH_PARAM 117 +#define PW_DIGEST_AKA_AUTS 118 +#define PW_DIGEST_DOMAIN 119 +#define PW_DIGEST_STALE 120 +#define PW_DIGEST_HA1 121 +#define PW_SIP_AOR 122 +#define PW_DELEGATED_IPV6_PREFIX 123 +#define PW_OPERATOR_NAME 126 +#define PW_LOCATION_INFORMATION 127 +#define PW_LOCATION_DATA 128 +#define PW_BASIC_LOCATION_POLICY_RULES 129 +#define PW_EXTENDED_LOCATION_POLICY_RULES 130 +#define PW_LOCATION_CAPABLE 131 +#define PW_REQUESTED_LOCATION_INFO 132 +#define PW_FRAMED_MANAGEMENT 133 +#define PW_MANAGEMENT_TRANSPORT_PROTECTION 134 +#define PW_MANAGEMENT_POLICY_ID 135 +#define PW_MANAGEMENT_PRIVILEGE_LEVEL 136 +#define PW_PKM_SS_CERT 137 +#define PW_PKM_CA_CERT 138 +#define PW_PKM_CONFIG_SETTINGS 139 +#define PW_PKM_CRYPTOSUITE_LIST 140 +#define PW_PKM_SAID 141 +#define PW_PKM_SA_DESCRIPTOR 142 +#define PW_PKM_AUTH_KEY 143 +#define PW_GSS_ACCEPTOR_SERVICE_NAME 164 +#define PW_GSS_ACCEPTOR_HOST_NAME 165 +#define PW_GSS_ACCEPTOR_SERVICE_SPECIFICS 166 +#define PW_GSS_ACCEPTOR_REALM_NAME 167 + +/* Microsoft */ +#define PW_MS_CHAP_RESPONSE 1 +#define PW_MS_CHAP_ERROR 2 +#define PW_MS_MPPE_ENCRYPTION_POLICY 7 +#define PW_MS_MPPE_ENCRYPTION_TYPES 8 +#define PW_MS_CHAP_DOMAIN 10 +#define PW_MS_CHAP_CHALLENGE 11 +#define PW_MS_CHAP_MPPE_KEYS 12 +#define PW_MS_MPPE_SEND_KEY 16 +#define PW_MS_MPPE_RECV_KEY 17 +#define PW_MS_CHAP2_RESPONSE 25 +#define PW_MS_CHAP2_SUCCESS 26 + +/* Juniper */ +#define PW_JUNIPER_LOCAL_USER_NAME 1 +#define PW_JUNIPER_ALLOW_COMMANDS 2 +#define PW_JUNIPER_DENY_COMMANDS 3 +#define PW_JUNIPER_ALLOW_CONFIGURATION 4 +#define PW_JUNIPER_DENY_CONFIGURATION 5 +#define PW_JUNIPER_INTERACTIVE_COMMAND 8 +#define PW_JUNIPER_CONFIGURATION_CHANGE 9 +#define PW_JUNIPER_USER_PERMISSIONS 10 + +/* UKERNA */ +#define PW_GSS_ACCEPTOR_SERVICE_NAME_VS 128 +#define PW_GSS_ACCEPTOR_HOST_NAME_VS 129 +#define PW_GSS_ACCEPTOR_SERVICE_SPECIFIC_VS 130 +#define PW_GSS_ACCEPTOR_REALM_NAME_VS 131 +#define PW_SAML_AAA_ASSERTION 132 +#define PW_MS_WINDOWS_AUTH_DATA 133 +#define PW_MS_WINDOWS_GROUP_SID 134 + +/* Fixed offsets to dictionary definitions of attributes */ +#define RS_DA_USER_NAME (&nr_dict_attrs[1]) +#define RS_DA_USER_PASSWORD (&nr_dict_attrs[2]) +#define RS_DA_CHAP_PASSWORD (&nr_dict_attrs[3]) +#define RS_DA_NAS_IP_ADDRESS (&nr_dict_attrs[4]) +#define RS_DA_NAS_PORT (&nr_dict_attrs[5]) +#define RS_DA_SERVICE_TYPE (&nr_dict_attrs[6]) +#define RS_DA_FRAMED_PROTOCOL (&nr_dict_attrs[7]) +#define RS_DA_FRAMED_IP_ADDRESS (&nr_dict_attrs[8]) +#define RS_DA_FRAMED_IP_NETMASK (&nr_dict_attrs[9]) +#define RS_DA_FRAMED_ROUTING (&nr_dict_attrs[10]) +#define RS_DA_FILTER_ID (&nr_dict_attrs[11]) +#define RS_DA_FRAMED_MTU (&nr_dict_attrs[12]) +#define RS_DA_FRAMED_COMPRESSION (&nr_dict_attrs[13]) +#define RS_DA_LOGIN_IP_HOST (&nr_dict_attrs[14]) +#define RS_DA_LOGIN_SERVICE (&nr_dict_attrs[15]) +#define RS_DA_LOGIN_TCP_PORT (&nr_dict_attrs[16]) +#define RS_DA_REPLY_MESSAGE (&nr_dict_attrs[18]) +#define RS_DA_CALLBACK_NUMBER (&nr_dict_attrs[19]) +#define RS_DA_CALLBACK_ID (&nr_dict_attrs[20]) +#define RS_DA_FRAMED_ROUTE (&nr_dict_attrs[22]) +#define RS_DA_FRAMED_IPX_NETWORK (&nr_dict_attrs[23]) +#define RS_DA_STATE (&nr_dict_attrs[24]) +#define RS_DA_CLASS (&nr_dict_attrs[25]) +#define RS_DA_VENDOR_SPECIFIC (&nr_dict_attrs[26]) +#define RS_DA_SESSION_TIMEOUT (&nr_dict_attrs[27]) +#define RS_DA_IDLE_TIMEOUT (&nr_dict_attrs[28]) +#define RS_DA_TERMINATION_ACTION (&nr_dict_attrs[29]) +#define RS_DA_CALLED_STATION_ID (&nr_dict_attrs[30]) +#define RS_DA_CALLING_STATION_ID (&nr_dict_attrs[31]) +#define RS_DA_NAS_IDENTIFIER (&nr_dict_attrs[32]) +#define RS_DA_PROXY_STATE (&nr_dict_attrs[33]) +#define RS_DA_LOGIN_LAT_SERVICE (&nr_dict_attrs[34]) +#define RS_DA_LOGIN_LAT_NODE (&nr_dict_attrs[35]) +#define RS_DA_LOGIN_LAT_GROUP (&nr_dict_attrs[36]) +#define RS_DA_FRAMED_APPLETALK_LINK (&nr_dict_attrs[37]) +#define RS_DA_FRAMED_APPLETALK_NETWORK (&nr_dict_attrs[38]) +#define RS_DA_FRAMED_APPLETALK_ZONE (&nr_dict_attrs[39]) +#define RS_DA_ACCT_STATUS_TYPE (&nr_dict_attrs[40]) +#define RS_DA_ACCT_DELAY_TIME (&nr_dict_attrs[41]) +#define RS_DA_ACCT_INPUT_OCTETS (&nr_dict_attrs[42]) +#define RS_DA_ACCT_OUTPUT_OCTETS (&nr_dict_attrs[43]) +#define RS_DA_ACCT_SESSION_ID (&nr_dict_attrs[44]) +#define RS_DA_ACCT_AUTHENTIC (&nr_dict_attrs[45]) +#define RS_DA_ACCT_SESSION_TIME (&nr_dict_attrs[46]) +#define RS_DA_ACCT_INPUT_PACKETS (&nr_dict_attrs[47]) +#define RS_DA_ACCT_OUTPUT_PACKETS (&nr_dict_attrs[48]) +#define RS_DA_ACCT_TERMINATE_CAUSE (&nr_dict_attrs[49]) +#define RS_DA_ACCT_MULTI_SESSION_ID (&nr_dict_attrs[50]) +#define RS_DA_ACCT_LINK_COUNT (&nr_dict_attrs[51]) +#define RS_DA_ACCT_INPUT_GIGAWORDS (&nr_dict_attrs[52]) +#define RS_DA_ACCT_OUTPUT_GIGAWORDS (&nr_dict_attrs[53]) +#define RS_DA_EVENT_TIMESTAMP (&nr_dict_attrs[55]) +#define RS_DA_EGRESS_VLANID (&nr_dict_attrs[56]) +#define RS_DA_INGRESS_FILTERS (&nr_dict_attrs[57]) +#define RS_DA_EGRESS_VLAN_NAME (&nr_dict_attrs[58]) +#define RS_DA_USER_PRIORITY_TABLE (&nr_dict_attrs[59]) +#define RS_DA_CHAP_CHALLENGE (&nr_dict_attrs[60]) +#define RS_DA_NAS_PORT_TYPE (&nr_dict_attrs[61]) +#define RS_DA_PORT_LIMIT (&nr_dict_attrs[62]) +#define RS_DA_LOGIN_LAT_PORT (&nr_dict_attrs[63]) +#define RS_DA_TUNNEL_TYPE (&nr_dict_attrs[64]) +#define RS_DA_TUNNEL_MEDIUM_TYPE (&nr_dict_attrs[65]) +#define RS_DA_TUNNEL_CLIENT_ENDPOINT (&nr_dict_attrs[66]) +#define RS_DA_TUNNEL_SERVER_ENDPOINT (&nr_dict_attrs[67]) +#define RS_DA_ACCT_TUNNEL_CONNECTION (&nr_dict_attrs[68]) +#define RS_DA_TUNNEL_PASSWORD (&nr_dict_attrs[69]) +#define RS_DA_ARAP_PASSWORD (&nr_dict_attrs[70]) +#define RS_DA_ARAP_FEATURES (&nr_dict_attrs[71]) +#define RS_DA_ARAP_ZONE_ACCESS (&nr_dict_attrs[72]) +#define RS_DA_ARAP_SECURITY (&nr_dict_attrs[73]) +#define RS_DA_ARAP_SECURITY_DATA (&nr_dict_attrs[74]) +#define RS_DA_PASSWORD_RETRY (&nr_dict_attrs[75]) +#define RS_DA_PROMPT (&nr_dict_attrs[76]) +#define RS_DA_CONNECT_INFO (&nr_dict_attrs[77]) +#define RS_DA_CONFIGURATION_TOKEN (&nr_dict_attrs[78]) +#define RS_DA_EAP_MESSAGE (&nr_dict_attrs[79]) +#define RS_DA_MESSAGE_AUTHENTICATOR (&nr_dict_attrs[80]) +#define RS_DA_TUNNEL_PRIVATE_GROUP_ID (&nr_dict_attrs[81]) +#define RS_DA_TUNNEL_ASSIGNMENT_ID (&nr_dict_attrs[82]) +#define RS_DA_TUNNEL_PREFERENCE (&nr_dict_attrs[83]) +#define RS_DA_ARAP_CHALLENGE_RESPONSE (&nr_dict_attrs[84]) +#define RS_DA_ACCT_INTERIM_INTERVAL (&nr_dict_attrs[85]) +#define RS_DA_ACCT_TUNNEL_PACKETS_LOST (&nr_dict_attrs[86]) +#define RS_DA_NAS_PORT_ID (&nr_dict_attrs[87]) +#define RS_DA_FRAMED_POOL (&nr_dict_attrs[88]) +#define RS_DA_CHARGEABLE_USER_IDENTITY (&nr_dict_attrs[89]) +#define RS_DA_TUNNEL_CLIENT_AUTH_ID (&nr_dict_attrs[90]) +#define RS_DA_TUNNEL_SERVER_AUTH_ID (&nr_dict_attrs[91]) +#define RS_DA_NAS_FILTER_RULE (&nr_dict_attrs[92]) +#define RS_DA_NAS_IPV6_ADDRESS (&nr_dict_attrs[95]) +#define RS_DA_FRAMED_INTERFACE_ID (&nr_dict_attrs[96]) +#define RS_DA_FRAMED_IPV6_PREFIX (&nr_dict_attrs[97]) +#define RS_DA_LOGIN_IPV6_HOST (&nr_dict_attrs[98]) +#define RS_DA_FRAMED_IPV6_ROUTE (&nr_dict_attrs[99]) +#define RS_DA_FRAMED_IPV6_POOL (&nr_dict_attrs[100]) +#define RS_DA_ERROR_CAUSE (&nr_dict_attrs[101]) +#define RS_DA_EAP_KEY_NAME (&nr_dict_attrs[102]) +#define RS_DA_DIGEST_RESPONSE (&nr_dict_attrs[103]) +#define RS_DA_DIGEST_REALM (&nr_dict_attrs[104]) +#define RS_DA_DIGEST_NONCE (&nr_dict_attrs[105]) +#define RS_DA_DIGEST_RESPONSE_AUTH (&nr_dict_attrs[106]) +#define RS_DA_DIGEST_NEXTNONCE (&nr_dict_attrs[107]) +#define RS_DA_DIGEST_METHOD (&nr_dict_attrs[108]) +#define RS_DA_DIGEST_URI (&nr_dict_attrs[109]) +#define RS_DA_DIGEST_QOP (&nr_dict_attrs[110]) +#define RS_DA_DIGEST_ALGORITHM (&nr_dict_attrs[111]) +#define RS_DA_DIGEST_ENTITY_BODY_HASH (&nr_dict_attrs[112]) +#define RS_DA_DIGEST_CNONCE (&nr_dict_attrs[113]) +#define RS_DA_DIGEST_NONCE_COUNT (&nr_dict_attrs[114]) +#define RS_DA_DIGEST_USERNAME (&nr_dict_attrs[115]) +#define RS_DA_DIGEST_OPAQUE (&nr_dict_attrs[116]) +#define RS_DA_DIGEST_AUTH_PARAM (&nr_dict_attrs[117]) +#define RS_DA_DIGEST_AKA_AUTS (&nr_dict_attrs[118]) +#define RS_DA_DIGEST_DOMAIN (&nr_dict_attrs[119]) +#define RS_DA_DIGEST_STALE (&nr_dict_attrs[120]) +#define RS_DA_DIGEST_HA1 (&nr_dict_attrs[121]) +#define RS_DA_SIP_AOR (&nr_dict_attrs[122]) +#define RS_DA_DELEGATED_IPV6_PREFIX (&nr_dict_attrs[123]) +#define RS_DA_OPERATOR_NAME (&nr_dict_attrs[126]) +#define RS_DA_LOCATION_INFORMATION (&nr_dict_attrs[127]) +#define RS_DA_LOCATION_DATA (&nr_dict_attrs[128]) +#define RS_DA_BASIC_LOCATION_POLICY_RULES (&nr_dict_attrs[129]) +#define RS_DA_EXTENDED_LOCATION_POLICY_RULES (&nr_dict_attrs[130]) +#define RS_DA_LOCATION_CAPABLE (&nr_dict_attrs[131]) +#define RS_DA_REQUESTED_LOCATION_INFO (&nr_dict_attrs[132]) +#define RS_DA_FRAMED_MANAGEMENT (&nr_dict_attrs[133]) +#define RS_DA_MANAGEMENT_TRANSPORT_PROTECTION (&nr_dict_attrs[134]) +#define RS_DA_MANAGEMENT_POLICY_ID (&nr_dict_attrs[135]) +#define RS_DA_MANAGEMENT_PRIVILEGE_LEVEL (&nr_dict_attrs[136]) +#define RS_DA_PKM_SS_CERT (&nr_dict_attrs[137]) +#define RS_DA_PKM_CA_CERT (&nr_dict_attrs[138]) +#define RS_DA_PKM_CONFIG_SETTINGS (&nr_dict_attrs[139]) +#define RS_DA_PKM_CRYPTOSUITE_LIST (&nr_dict_attrs[140]) +#define RS_DA_PKM_SAID (&nr_dict_attrs[141]) +#define RS_DA_PKM_SA_DESCRIPTOR (&nr_dict_attrs[142]) +#define RS_DA_PKM_AUTH_KEY (&nr_dict_attrs[143]) +#define RS_DA_GSS_ACCEPTOR_SERVICE_NAME (&nr_dict_attrs[164]) +#define RS_DA_GSS_ACCEPTOR_HOST_NAME (&nr_dict_attrs[165]) +#define RS_DA_GSS_ACCEPTOR_SERVICE_SPECIFICS (&nr_dict_attrs[166]) +#define RS_DA_GSS_ACCEPTOR_REALM_NAME (&nr_dict_attrs[167]) +#define RS_DA_MS_CHAP_RESPONSE (&nr_dict_attrs[256]) +#define RS_DA_MS_CHAP_ERROR (&nr_dict_attrs[257]) +#define RS_DA_MS_MPPE_ENCRYPTION_POLICY (&nr_dict_attrs[258]) +#define RS_DA_MS_MPPE_ENCRYPTION_TYPES (&nr_dict_attrs[259]) +#define RS_DA_MS_CHAP_DOMAIN (&nr_dict_attrs[260]) +#define RS_DA_MS_CHAP_CHALLENGE (&nr_dict_attrs[261]) +#define RS_DA_MS_CHAP_MPPE_KEYS (&nr_dict_attrs[262]) +#define RS_DA_MS_MPPE_SEND_KEY (&nr_dict_attrs[263]) +#define RS_DA_MS_MPPE_RECV_KEY (&nr_dict_attrs[264]) +#define RS_DA_MS_CHAP2_RESPONSE (&nr_dict_attrs[265]) +#define RS_DA_MS_CHAP2_SUCCESS (&nr_dict_attrs[266]) +#define RS_DA_JUNIPER_LOCAL_USER_NAME (&nr_dict_attrs[267]) +#define RS_DA_JUNIPER_ALLOW_COMMANDS (&nr_dict_attrs[268]) +#define RS_DA_JUNIPER_DENY_COMMANDS (&nr_dict_attrs[269]) +#define RS_DA_JUNIPER_ALLOW_CONFIGURATION (&nr_dict_attrs[270]) +#define RS_DA_JUNIPER_DENY_CONFIGURATION (&nr_dict_attrs[271]) +#define RS_DA_JUNIPER_INTERACTIVE_COMMAND (&nr_dict_attrs[272]) +#define RS_DA_JUNIPER_CONFIGURATION_CHANGE (&nr_dict_attrs[273]) +#define RS_DA_JUNIPER_USER_PERMISSIONS (&nr_dict_attrs[274]) +#define RS_DA_GSS_ACCEPTOR_SERVICE_NAME_VS (&nr_dict_attrs[275]) +#define RS_DA_GSS_ACCEPTOR_HOST_NAME_VS (&nr_dict_attrs[276]) +#define RS_DA_GSS_ACCEPTOR_SERVICE_SPECIFIC_VS (&nr_dict_attrs[277]) +#define RS_DA_GSS_ACCEPTOR_REALM_NAME_VS (&nr_dict_attrs[278]) +#define RS_DA_SAML_AAA_ASSERTION (&nr_dict_attrs[279]) +#define RS_DA_MS_WINDOWS_AUTH_DATA (&nr_dict_attrs[280]) +#define RS_DA_MS_WINDOWS_GROUP_SID (&nr_dict_attrs[281]) +/* Automatically generated file. Do not edit */ diff --git a/include/radsec/radsec-impl.h b/include/radsec/radsec-impl.h new file mode 100644 index 0000000..0ecd631 --- /dev/null +++ b/include/radsec/radsec-impl.h @@ -0,0 +1,156 @@ +/** @file libradsec-impl.h + @brief Libraray internal header file for libradsec. */ + +/* Copyright 2010-2013 NORDUnet A/S. All rights reserved. + See LICENSE for licensing information. */ + +#ifndef _RADSEC_RADSEC_IMPL_H_ +#define _RADSEC_RADSEC_IMPL_H_ 1 + +#include <event2/util.h> +#include <confuse.h> +#if defined(RS_ENABLE_TLS) +#include <openssl/ssl.h> +#endif + +/* Constants. */ +#define RS_HEADER_LEN 4 + +/* Data types. */ +enum rs_cred_type { + RS_CRED_NONE = 0, + /* TLS pre-shared keys, RFC 4279. */ + RS_CRED_TLS_PSK, + /* RS_CRED_TLS_DH_PSK, */ + /* RS_CRED_TLS_RSA_PSK, */ +}; +typedef unsigned int rs_cred_type_t; + +enum rs_key_encoding { + RS_KEY_ENCODING_UTF8 = 1, + RS_KEY_ENCODING_ASCII_HEX = 2, +}; +typedef unsigned int rs_key_encoding_t; + +#if defined (__cplusplus) +extern "C" { +#endif + +struct rs_credentials { + enum rs_cred_type type; + char *identity; + char *secret; + enum rs_key_encoding secret_encoding; + unsigned int secret_len; +}; + +struct rs_error { + int code; + char buf[1024]; +}; + +/** Configuration object for a connection. */ +struct rs_peer { + struct rs_connection *conn; + struct rs_realm *realm; + char *hostname; + char *service; + char *secret; /* RADIUS secret. */ + struct evutil_addrinfo *addr_cache; + struct rs_peer *next; +}; + +/** Configuration object for a RADIUS realm. */ +struct rs_realm { + char *name; + enum rs_conn_type type; + int timeout; + int retries; + char *cacertfile; + char *cacertpath; + char *certfile; + char *certkeyfile; + int disable_hostname_check; + struct rs_credentials *transport_cred; + struct rs_peer *peers; + struct rs_realm *next; +}; + +/** Top configuration object. */ +struct rs_config { + struct rs_realm *realms; + cfg_t *cfg; +}; + +struct rs_context { + struct rs_config *config; + struct rs_alloc_scheme alloc_scheme; + struct rs_error *err; +}; + +struct rs_connection { + struct rs_context *ctx; + struct rs_realm *realm; /* Owned by ctx. */ + struct event_base *evb; /* Event base. */ + struct event *tev; /* Timeout event. */ + struct rs_conn_callbacks callbacks; + void *user_data; + struct rs_peer *peers; + struct rs_peer *active_peer; + struct rs_error *err; + struct timeval timeout; + char is_connecting; /* FIXME: replace with a single state member */ + char is_connected; /* FIXME: replace with a single state member */ + int fd; /* Socket. */ + int tryagain; /* For server failover. */ + int nextid; /* Next RADIUS packet identifier. */ + /* TCP transport specifics. */ + struct bufferevent *bev; /* Buffer event. */ + /* UDP transport specifics. */ + struct event *wev; /* Write event (for UDP). */ + struct event *rev; /* Read event (for UDP). */ + struct rs_packet *out_queue; /* Queue for outgoing UDP packets. */ +#if defined(RS_ENABLE_TLS) + /* TLS specifics. */ + SSL_CTX *tls_ctx; + SSL *tls_ssl; +#endif +}; + +enum rs_packet_flags { + RS_PACKET_HEADER_READ, + RS_PACKET_RECEIVED, + RS_PACKET_SENT, +}; + +struct radius_packet; + +struct rs_packet { + struct rs_connection *conn; + unsigned int flags; + uint8_t hdr[RS_HEADER_LEN]; + struct radius_packet *rpkt; /* FreeRADIUS object. */ + struct rs_packet *next; /* Used for UDP output queue. */ +}; + +#if defined (__cplusplus) +} +#endif + +/* Convenience macros. */ +#define rs_calloc(h, nmemb, size) \ + (h->alloc_scheme.calloc ? h->alloc_scheme.calloc : calloc)(nmemb, size) +#define rs_malloc(h, size) \ + (h->alloc_scheme.malloc ? h->alloc_scheme.malloc : malloc)(size) +#define rs_free(h, ptr) \ + (h->alloc_scheme.free ? h->alloc_scheme.free : free)(ptr) +#define rs_realloc(h, realloc, ptr, size) \ + (h->alloc_scheme.realloc ? h->alloc_scheme.realloc : realloc)(ptr, size) +#define min(a, b) ((a) < (b) ? (a) : (b)) +#define max(a, b) ((a) > (b) ? (a) : (b)) + +#endif /* _RADSEC_RADSEC_IMPL_H_ */ + +/* Local Variables: */ +/* c-file-style: "stroustrup" */ +/* End: */ diff --git a/include/radsec/radsec.h b/include/radsec/radsec.h new file mode 100644 index 0000000..1d718a0 --- /dev/null +++ b/include/radsec/radsec.h @@ -0,0 +1,607 @@ +/** \file radsec.h + \brief Public interface for libradsec. */ + +/* Copyright 2010-2013 NORDUnet A/S. All rights reserved. + See LICENSE for licensing information. */ + +#ifndef _RADSEC_RADSEC_H_ +#define _RADSEC_RADSEC_H_ 1 + +#ifdef HAVE_CONFIG_H +#include <config.h> +#endif +#ifdef HAVE_SYS_TIME_H +#include <sys/time.h> +#endif +#ifdef HAVE_ARPA_INET_H +#include <arpa/inet.h> +#endif +#ifdef HAVE_UNISTD_H +#include <unistd.h> +#endif +#ifdef HAVE_STDINT_H +#include <stdint.h> +#endif + +enum rs_error_code { + RSE_OK = 0, + RSE_NOMEM = 1, + RSE_NOSYS = 2, + RSE_INVALID_CTX = 3, + RSE_INVALID_CONN = 4, + RSE_CONN_TYPE_MISMATCH = 5, + RSE_BADADDR = 7, + RSE_NOPEER = 8, + RSE_EVENT = 9, /* libevent error. */ + RSE_SOCKERR = 10, + RSE_CONFIG = 11, + RSE_BADAUTH = 12, + RSE_INTERNAL = 13, + RSE_SSLERR = 14, /* OpenSSL error. */ + RSE_INVALID_PKT = 15, + RSE_TIMEOUT_CONN = 16, /* Connection timeout. */ + RSE_INVAL = 17, /* Invalid argument. */ + RSE_TIMEOUT_IO = 18, /* I/O timeout. */ + RSE_TIMEOUT = 19, /* High level timeout. */ + RSE_DISCO = 20, + RSE_INUSE = 21, + RSE_PACKET_TOO_SMALL = 22, + RSE_PACKET_TOO_LARGE = 23, + RSE_ATTR_OVERFLOW = 24, + RSE_ATTR_TOO_SMALL = 25, + RSE_ATTR_TOO_LARGE = 26, + RSE_ATTR_UNKNOWN = 27, + RSE_ATTR_BAD_NAME = 28, + RSE_ATTR_VALUE_MALFORMED = 29, + RSE_ATTR_INVALID = 30, + RSE_TOO_MANY_ATTRS = 31, + RSE_ATTR_TYPE_UNKNOWN = 32, + RSE_MSG_AUTH_LEN = 33, + RSE_MSG_AUTH_WRONG = 34, + RSE_REQUEST_REQUIRED = 35, + RSE_INVALID_REQUEST_CODE = 36, + RSE_AUTH_VECTOR_WRONG = 37, + RSE_INVALID_RESPONSE_CODE = 38, + RSE_INVALID_RESPONSE_ID = 39, + RSE_INVALID_RESPONSE_SRC = 40, + RSE_NO_PACKET_DATA = 41, + RSE_VENDOR_UNKNOWN = 42, + RSE_CRED = 43, + RSE_CERT = 44, + RSE_MAX = RSE_CERT +}; + +enum rs_conn_type { + RS_CONN_TYPE_NONE = 0, + RS_CONN_TYPE_UDP, + RS_CONN_TYPE_TCP, + RS_CONN_TYPE_TLS, + RS_CONN_TYPE_DTLS, +}; +typedef unsigned int rs_conn_type_t; + +typedef enum rs_attr_type_t { + RS_TYPE_INVALID = 0, /**< Invalid data type */ + RS_TYPE_STRING, /**< printable-text */ + RS_TYPE_INTEGER, /**< a 32-bit unsigned integer */ + RS_TYPE_IPADDR, /**< an IPv4 address */ + RS_TYPE_DATE, /**< a 32-bit date, of seconds since January 1, 1970 */ + RS_TYPE_OCTETS, /**< a sequence of binary octets */ + RS_TYPE_IFID, /**< an Interface Id */ + RS_TYPE_IPV6ADDR, /**< an IPv6 address */ + RS_TYPE_IPV6PREFIX, /**< an IPv6 prefix */ + RS_TYPE_BYTE, /**< an 8-bit integer */ + RS_TYPE_SHORT, /**< a 16-bit integer */ +} rs_attr_type_t; + +#define PW_ACCESS_REQUEST 1 +#define PW_ACCESS_ACCEPT 2 +#define PW_ACCESS_REJECT 3 +#define PW_ACCOUNTING_REQUEST 4 +#define PW_ACCOUNTING_RESPONSE 5 +#define PW_ACCOUNTING_STATUS 6 +#define PW_PASSWORD_REQUEST 7 +#define PW_PASSWORD_ACK 8 +#define PW_PASSWORD_REJECT 9 +#define PW_ACCOUNTING_MESSAGE 10 +#define PW_ACCESS_CHALLENGE 11 +#define PW_STATUS_SERVER 12 +#define PW_STATUS_CLIENT 13 +#define PW_DISCONNECT_REQUEST 40 +#define PW_DISCONNECT_ACK 41 +#define PW_DISCONNECT_NAK 42 +#define PW_COA_REQUEST 43 +#define PW_COA_ACK 44 +#define PW_COA_NAK 45 + +#if defined (__cplusplus) +extern "C" { +#endif + +/* Data types. */ +struct rs_context; /* radsec-impl.h */ +struct rs_connection; /* radsec-impl.h */ +struct rs_packet; /* radsec-impl.h */ +struct rs_conn; /* radsec-impl.h */ +struct rs_error; /* radsec-impl.h */ +struct rs_peer; /* radsec-impl.h */ +struct radius_packet; /* <radius/client.h> */ +struct value_pair; /* <radius/client.h> */ +struct event_base; /* <event2/event-internal.h> */ + +typedef void *(*rs_calloc_fp) (size_t nmemb, size_t size); +typedef void *(*rs_malloc_fp) (size_t size); +typedef void (*rs_free_fp) (void *ptr); +typedef void *(*rs_realloc_fp) (void *ptr, size_t size); +struct rs_alloc_scheme { + rs_calloc_fp calloc; + rs_malloc_fp malloc; + rs_free_fp free; + rs_realloc_fp realloc; +}; + +typedef void (*rs_conn_connected_cb) (void *user_data /* FIXME: peer? */ ); +typedef void (*rs_conn_disconnected_cb) (void *user_data /* FIXME: reason? */ ); +typedef void (*rs_conn_packet_received_cb) (struct rs_packet *packet, + void *user_data); +typedef void (*rs_conn_packet_sent_cb) (void *user_data); +struct rs_conn_callbacks { + /** Callback invoked when the connection has been established. */ + rs_conn_connected_cb connected_cb; + /** Callback invoked when the connection has been torn down. */ + rs_conn_disconnected_cb disconnected_cb; + /** Callback invoked when a packet was received. */ + rs_conn_packet_received_cb received_cb; + /** Callback invoked when a packet was successfully sent. */ + rs_conn_packet_sent_cb sent_cb; +}; + +typedef struct value_pair rs_avp; +typedef const struct value_pair rs_const_avp; + +/* Function prototypes. */ + +/*************/ +/* Context. */ +/*************/ +/** Create a context. Freed by calling \a rs_context_destroy. Note + that the context must not be freed before all other libradsec + objects have been freed. + + If support for POSIX threads was detected at configure and build + time \a rs_context_create will use mutexes to protect multiple + threads from stomping on each other in OpenSSL. + + \a ctx Address of pointer to a struct rs_context. This is the + output of this function. + + \return RSE_OK (0) on success, RSE_SSLERR on TLS library + initialisation error and RSE_NOMEM on out of memory. */ +int rs_context_create(struct rs_context **ctx); + +/** Free a context. Note that the context must not be freed before + all other libradsec objects have been freed. */ +void rs_context_destroy(struct rs_context *ctx); + +/** Set allocation scheme to use. \a scheme is the allocation scheme + to use, see \a rs_alloc_scheme. \return On success, RSE_OK (0) is + returned. On error, !0 is returned and a struct \a rs_error is + pushed on the error stack for the context. The error can be + accessed using \a rs_err_ctx_pop. */ +int rs_context_set_alloc_scheme(struct rs_context *ctx, + struct rs_alloc_scheme *scheme); + +/** Read configuration file. \a config_file is the path of the + configuration file to read. \return On success, RSE_OK (0) is + returned. On error, !0 is returned and a struct \a rs_error is + pushed on the error stack for the context. The error can be + accessed using \a rs_err_ctx_pop. */ +int rs_context_read_config(struct rs_context *ctx, const char *config_file); + +/****************/ +/* Connection. */ +/****************/ +/** Create a connection. \a conn is the address of a pointer to an \a + rs_connection, the output. Free the connection using \a + rs_conn_destroy. Note that a connection must not be freed before + all packets associated with the connection have been freed. A + packet is associated with a connection when it's created (\a + rs_packet_create) or received (\a rs_conn_receive_packet). + + If \a config is not NULL it should be the name of a configuration + found in the config file read in using \a rs_context_read_config. + \return On success, RSE_OK (0) is returned. On error, !0 is + returned and a struct \a rs_error is pushed on the error stack for + the context. The error can be accessed using \a + rs_err_ctx_pop. */ +int rs_conn_create(struct rs_context *ctx, + struct rs_connection **conn, + const char *config); + +/** Not implemented. */ +int rs_conn_add_listener(struct rs_connection *conn, + rs_conn_type_t type, + const char *hostname, + int port); +/** Disconnect connection \a conn. \return RSE_OK (0) on success, !0 + * on error. On error, errno is set appropriately. */ +int rs_conn_disconnect (struct rs_connection *conn); + +/** Disconnect and free memory allocated for connection \a conn. Note + that a connection must not be freed before all packets associated + with the connection have been freed. A packet is associated with + a connection when it's created (\a rs_packet_create) or received + (\a rs_conn_receive_packet). \return RSE_OK (0) on success, !0 * + on error. On error, errno is set appropriately. */ +int rs_conn_destroy(struct rs_connection *conn); + +/** Set connection type for \a conn. */ +void rs_conn_set_type(struct rs_connection *conn, rs_conn_type_t type); + +/** Not implemented. */ +int rs_conn_set_eventbase(struct rs_connection *conn, struct event_base *eb); + +/** Register callbacks \a cb for connection \a conn. */ +void rs_conn_set_callbacks(struct rs_connection *conn, + struct rs_conn_callbacks *cb); + +/** Remove callbacks for connection \a conn. */ +void rs_conn_del_callbacks(struct rs_connection *conn); + +/** Return callbacks registered for connection \a conn. \return + Installed callbacks are returned. */ +struct rs_conn_callbacks *rs_conn_get_callbacks(struct rs_connection *conn); + +/** Not implemented. */ +int rs_conn_select_peer(struct rs_connection *conn, const char *name); + +/** Not implemented. */ +int rs_conn_get_current_peer(struct rs_connection *conn, + const char *name, + size_t buflen); + +/** Special function used in blocking mode, i.e. with no callbacks + registered. For any other use of libradsec, a \a received_cb + callback should be registered using \a rs_conn_set_callbacks. + + If \a req_msg is not NULL, a successfully received RADIUS message + is verified against it. If \a pkt_out is not NULL it will upon + return contain a pointer to an \a rs_packet containing the new + message. + + \return On error or if the connect (TCP only) or read times out, + \a pkt_out will not be changed and one or more errors are pushed + on \a conn (available through \a rs_err_conn_pop). */ +int rs_conn_receive_packet(struct rs_connection *conn, + struct rs_packet *request, + struct rs_packet **pkt_out); + +/** Get the file descriptor associated with connection \a conn. + * \return File descriptor. */ +int rs_conn_fd(struct rs_connection *conn); + +/** Set the timeout value for connection \a conn. */ +void rs_conn_set_timeout(struct rs_connection *conn, struct timeval *tv); + +/* Peer -- client and server. */ +int rs_peer_create(struct rs_connection *conn, struct rs_peer **peer_out); +int rs_peer_set_address(struct rs_peer *peer, + const char *hostname, + const char *service); +int rs_peer_set_secret(struct rs_peer *peer, const char *secret); +void rs_peer_set_timeout(struct rs_peer *peer, int timeout); +void rs_peer_set_retries(struct rs_peer *peer, int retries); + +/************/ +/* Packet. */ +/************/ +/** Create a packet associated with connection \a conn. */ +int rs_packet_create(struct rs_connection *conn, struct rs_packet **pkt_out); + +/** Free all memory allocated for packet \a pkt. */ +void rs_packet_destroy(struct rs_packet *pkt); + +/** Send packet \a pkt on the connection associated with \a pkt. + \a user_data is passed to the \a rs_conn_packet_received_cb callback + registered with the connection. If no callback is registered with + the connection, the event loop is run by \a rs_packet_send and it + blocks until the full packet has been sent. Note that sending can + fail in several ways, f.ex. if the transmission protocol in use + is connection oriented (\a RS_CONN_TYPE_TCP and \a RS_CONN_TYPE_TLS) + and the connection can not be established. Also note that no + retransmission is done, something that is required for connectionless + transport protocols (\a RS_CONN_TYPE_UDP and \a RS_CONN_TYPE_DTLS). + The "request" API with \a rs_request_send can help with this. + + \return On success, RSE_OK (0) is returned. On error, !0 is + returned and a struct \a rs_error is pushed on the error stack for + the connection. The error can be accessed using \a rs_err_conn_pop. */ +int rs_packet_send(struct rs_packet *pkt, void *user_data); + +/** Create a RADIUS authentication request packet associated with + connection \a conn. Optionally, User-Name and User-Password + attributes are added to the packet using the data in \a user_name + and \a user_pw. */ +int rs_packet_create_authn_request(struct rs_connection *conn, + struct rs_packet **pkt, + const char *user_name, + const char *user_pw); + +/** Add a new attribute-value pair to \a pkt. */ +int rs_packet_add_avp(struct rs_packet *pkt, + unsigned int attr, unsigned int vendor, + const void *data, size_t data_len); + +/** Append a new attribute to packet \a pkt. Note that this function + encodes the attribute and therefore might require the secret + shared with the thought recipient to be set in pkt->rpkt. Note + also that this function marks \a pkt as already encoded and can + not be used on packets with non-encoded value-pairs already + added. */ +int +rs_packet_append_avp(struct rs_packet *pkt, + unsigned int attribute, unsigned int vendor, + const void *data, size_t data_len); + +/*** Get pointer to \a pkt attribute value pairs. */ +void +rs_packet_avps(struct rs_packet *pkt, rs_avp ***vps); + +/*** Get RADIUS packet type of \a pkt. */ +unsigned int +rs_packet_code(struct rs_packet *pkt); + +/*** Get RADIUS AVP from \a pkt. */ +rs_const_avp * +rs_packet_find_avp(struct rs_packet *pkt, unsigned int attr, unsigned int vendor); + +/*** Set packet identifier in \a pkt; returns old identifier */ +int +rs_packet_set_id (struct rs_packet *pkt, int id); + +/************/ +/* Config. */ +/************/ +/** Find the realm named \a name in the configuration file previoiusly + read in using \a rs_context_read_config. */ +struct rs_realm *rs_conf_find_realm(struct rs_context *ctx, const char *name); + +/***********/ +/* Error. */ +/***********/ +/** Create a struct \a rs_error and push it on a FIFO associated with + context \a ctx. Note: The depth of the error stack is one (1) at + the moment. This will change in a future release. */ +int rs_err_ctx_push(struct rs_context *ctx, int code, const char *fmt, ...); +int rs_err_ctx_push_fl(struct rs_context *ctx, + int code, + const char *file, + int line, + const char *fmt, + ...); +/** Pop the first error from the error FIFO associated with context \a + ctx or NULL if there are no errors in the FIFO. */ +struct rs_error *rs_err_ctx_pop(struct rs_context *ctx); + +/** Create a struct \a rs_error and push it on a FIFO associated with + connection \a conn. Note: The depth of the error stack is one (1) + at the moment. This will change in a future release. */ +int rs_err_conn_push(struct rs_connection *conn, + int code, + const char *fmt, + ...); +int rs_err_conn_push_fl(struct rs_connection *conn, + int code, + const char *file, + int line, + const char *fmt, + ...); +/** Pop the first error from the error FIFO associated with connection + \a conn or NULL if there are no errors in the FIFO. */ +struct rs_error *rs_err_conn_pop(struct rs_connection *conn); + +int rs_err_conn_peek_code (struct rs_connection *conn); +void rs_err_free(struct rs_error *err); +char *rs_err_msg(struct rs_error *err); +int rs_err_code(struct rs_error *err, int dofree_flag); + +/************/ +/* AVPs. */ +/************/ +#define rs_avp_is_string(vp) (rs_avp_typeof(vp) == RS_TYPE_STRING) +#define rs_avp_is_integer(vp) (rs_avp_typeof(vp) == RS_TYPE_INTEGER) +#define rs_avp_is_ipaddr(vp) (rs_avp_typeof(vp) == RS_TYPE_IPADDR) +#define rs_avp_is_date(vp) (rs_avp_typeof(vp) == RS_TYPE_DATE) +#define rs_avp_is_octets(vp) (rs_avp_typeof(vp) == RS_TYPE_OCTETS) +#define rs_avp_is_ifid(vp) (rs_avp_typeof(vp) == RS_TYPE_IFID) +#define rs_avp_is_ipv6addr(vp) (rs_avp_typeof(vp) == RS_TYPE_IPV6ADDR) +#define rs_avp_is_ipv6prefix(vp) (rs_avp_typeof(vp) == RS_TYPE_IPV6PREFIX) +#define rs_avp_is_byte(vp) (rs_avp_typeof(vp) == RS_TYPE_BYTE) +#define rs_avp_is_short(vp) (rs_avp_typeof(vp) == RS_TYPE_SHORT) +#define rs_avp_is_tlv(vp) (rs_avp_typeof(vp) == RS_TYPE_TLV) + +/** The maximum length of a RADIUS attribute. + * + * The RFCs require that a RADIUS attribute transport no more than + * 253 octets of data. We add an extra byte for a trailing NUL, so + * that the VALUE_PAIR::vp_strvalue field can be handled as a C + * string. + */ +#define RS_MAX_STRING_LEN 254 + +/** Free the AVP list \a vps */ +void +rs_avp_free(rs_avp **vps); + +/** Return the length of AVP \a vp in bytes */ +size_t +rs_avp_length(rs_const_avp *vp); + +/** Return the type of \a vp */ +rs_attr_type_t +rs_avp_typeof(rs_const_avp *vp); + +/** Retrieve the attribute and vendor ID of \a vp */ +void +rs_avp_attrid(rs_const_avp *vp, unsigned int *attr, unsigned int *vendor); + +/** Add \a vp to the list pointed to by \a head */ +void +rs_avp_append(rs_avp **head, rs_avp *vp); + +/** Find an AVP in \a vp that matches \a attr and \a vendor */ +rs_avp * +rs_avp_find(rs_avp *vp, unsigned int attr, unsigned int vendor); + +/** Find an AVP in \a vp that matches \a attr and \a vendor */ +rs_const_avp * +rs_avp_find_const(rs_const_avp *vp, unsigned int attr, unsigned int vendor); + +/** Alloc a new AVP for \a attr and \a vendor */ +rs_avp * +rs_avp_alloc(unsigned int attr, unsigned int vendor); + +/** Duplicate existing AVP \a vp */ +rs_avp * +rs_avp_dup(rs_const_avp *vp); + +/** Remove matching AVP from list \a vps */ +int +rs_avp_delete(rs_avp **vps, unsigned int attr, unsigned int vendor); + +/** Return next AVP in list */ +rs_avp * +rs_avp_next(rs_avp *vp); + +/** Return next AVP in list */ +rs_const_avp * +rs_avp_next_const(rs_const_avp *avp); + +/** Return string value of \a vp */ +const char * +rs_avp_string_value(rs_const_avp *vp); + +/** Set AVP \a vp to string \a str */ +int +rs_avp_string_set(rs_avp *vp, const char *str); + +/** Return integer value of \a vp */ +uint32_t +rs_avp_integer_value(rs_const_avp *vp); + +/** Set AVP \a vp to integer \a val */ +int +rs_avp_integer_set(rs_avp *vp, uint32_t val); + +/** Return IPv4 value of \a vp */ +uint32_t +rs_avp_ipaddr_value(rs_const_avp *vp); + +/** Set AVP \a vp to IPv4 address \a in */ +int +rs_avp_ipaddr_set(rs_avp *vp, struct in_addr in); + +/** Return POSIX time value of \a vp */ +time_t +rs_avp_date_value(rs_const_avp *vp); + +/** Set AVP \a vp to POSIX time \a date */ +int +rs_avp_date_set(rs_avp *vp, time_t date); + +/** Return constant pointer to octets in \a vp */ +const unsigned char * +rs_avp_octets_value_const_ptr(rs_const_avp *vp); + +/** Return pointer to octets in \a vp */ +unsigned char * +rs_avp_octets_value_ptr(rs_avp *vp); + +/** Retrieve octet pointer \a p and length \a len from \a vp */ +int +rs_avp_octets_value_byref(rs_avp *vp, + unsigned char **p, + size_t *len); + +/** Copy octets from \a vp into \a buf and \a len */ +int +rs_avp_octets_value(rs_const_avp *vp, + unsigned char *buf, + size_t *len); + +/** + * Copy octets possibly fragmented across multiple VPs + * into \a buf and \a len + */ +int +rs_avp_fragmented_value(rs_const_avp *vps, + unsigned char *buf, + size_t *len); + +/** Copy \a len octets in \a buf to AVP \a vp */ +int +rs_avp_octets_set(rs_avp *vp, + const unsigned char *buf, + size_t len); + +/** Return IFID value of \a vp */ +int +rs_avp_ifid_value(rs_const_avp *vp, uint8_t val[8]); + +int +rs_avp_ifid_set(rs_avp *vp, const uint8_t val[8]); + +/** Return byte value of \a vp */ +uint8_t +rs_avp_byte_value(rs_const_avp *vp); + +/** Set AVP \a vp to byte \a val */ +int +rs_avp_byte_set(rs_avp *vp, uint8_t val); + +/** Return short value of \a vp */ +uint16_t +rs_avp_short_value(rs_const_avp *vp); + +/** Set AVP \a vp to short integer \a val */ +int +rs_avp_short_set(rs_avp *vp, uint16_t val); + +/** Display possibly \a canonical attribute name into \a buffer */ +int +rs_attr_display_name (unsigned int attr, + unsigned int vendor, + char *buffer, + size_t bufsize, + int canonical); + +/** Display AVP \a vp into \a buffer */ +size_t +rs_avp_display_value(rs_const_avp *vp, + char *buffer, + size_t buflen); + +int +rs_attr_parse_name (const char *name, + unsigned int *attr, + unsigned int *vendor); + +/** Lookup attribute \a name */ +int +rs_attr_find(const char *name, + unsigned int *attr, + unsigned int *vendor); + +/** Return dictionary name for AVP \a vp */ +const char * +rs_avp_name(rs_const_avp *vp); + +#if defined (__cplusplus) +} +#endif + +#endif /* _RADSEC_RADSEC_H_ */ + +/* Local Variables: */ +/* c-file-style: "stroustrup" */ +/* End: */ diff --git a/include/radsec/request-impl.h b/include/radsec/request-impl.h new file mode 100644 index 0000000..97335e5 --- /dev/null +++ b/include/radsec/request-impl.h @@ -0,0 +1,24 @@ +/* Copyright 2010-2011 NORDUnet A/S. All rights reserved. + See LICENSE for licensing information. */ + +#ifndef _RADSEC_REQUEST_IMPL_H_ +#define _RADSEC_REQUEST_IMPL_H_ 1 + +#if defined (__cplusplus) +extern "C" { +#endif + +struct rs_request +{ + struct rs_connection *conn; + struct event *timer; + struct rs_packet *req_msg; + struct rs_conn_callbacks saved_cb; + void *saved_user_data; +}; + +#if defined (__cplusplus) +} +#endif + +#endif /* _RADSEC_REQUEST_IMPL_H_ */ diff --git a/include/radsec/request.h b/include/radsec/request.h new file mode 100644 index 0000000..d4c72b3 --- /dev/null +++ b/include/radsec/request.h @@ -0,0 +1,50 @@ +/** \file request.h + \brief Public interface for libradsec request's. */ + +/* Copyright 2010-2013 NORDUnet A/S. All rights reserved. + See LICENSE for licensing information. */ + +#ifndef _RADSEC_REQUEST_H_ +#define _RADSEC_REQUEST_H_ 1 + +struct rs_request; + +#if defined (__cplusplus) +extern "C" { +#endif + +/** Create a request associated with connection \a conn. */ +int rs_request_create(struct rs_connection *conn, struct rs_request **req_out); + +/** Add RADIUS request message \a req_msg to request \a req. + FIXME: Rename to rs_request_add_reqmsg? */ +void rs_request_add_reqpkt(struct rs_request *req, struct rs_packet *req_msg); + +/** Create a request associated with connection \a conn containing a + newly created RADIUS authentication message, possibly with \a + user_name and \a user_pw attributes. \a user_name and _user_pw + are optional and can be NULL. */ +int rs_request_create_authn(struct rs_connection *conn, + struct rs_request **req_out, + const char *user_name, + const char *user_pw); + +/** Send request \a req and wait for a matching response. The + response is put in \a resp_msg (if not NULL). NOTE: At present, + no more than one outstanding request to a given realm is + supported. This will change in a future version. */ +int rs_request_send(struct rs_request *req, struct rs_packet **resp_msg); + +/** Free all memory allocated by request \a req including any request + packet associated with the request. Note that a request must be + freed before its associated connection can be freed. */ +void rs_request_destroy(struct rs_request *req); + +/** Return request message in request \a req. */ +struct rs_packet *rs_request_get_reqmsg(const struct rs_request *req); + +#if defined (__cplusplus) +} +#endif + +#endif /* _RADSEC_REQUEST_H_ */ |