/* * radius.h * * Written by Michael Bretterklieber * Written by Brendan Bank */ #include "ppp.h" #include "auth.h" #include "ccp_mppc.h" #include #ifndef _RADIUS_H_ #define _RADIUS_H_ #define RADIUS_CHAP 1 #define RADIUS_PAP 2 #define RADIUS_MAX_SERVERS 10 #define RAD_NACK 0 #define RAD_ACK 1 #ifndef RAD_UPDATE #define RAD_UPDATE 3 #endif #ifndef RAD_ACCT_INPUT_GIGAWORDS #define RAD_ACCT_INPUT_GIGAWORDS 52 #endif #ifndef RAD_ACCT_OUTPUT_GIGAWORDS #define RAD_ACCT_OUTPUT_GIGAWORDS 53 #endif #ifndef RAD_ACCT_INTERIM_INTERVAL #define RAD_ACCT_INTERIM_INTERVAL 85 #endif /* for mppe-keys */ #define AUTH_LEN 16 #define SALT_LEN 2 #define MPPE_POLICY_NONE 0 #define MPPE_POLICY_ALLOWED 1 #define MPPE_POLICY_REQUIRED 2 #define MPPE_TYPE_0BIT 0 /* No encryption required */ #define MPPE_TYPE_40BIT 2 #define MPPE_TYPE_128BIT 4 #define MPPE_TYPE_56BIT 8 /* max. length of RAD_ACCT_SESSION_ID, RAD_ACCT_MULTI_SESSION_ID */ #define RAD_ACCT_MAX_SESSIONID 256 /* max. length of acl rule, */ #define ACL_LEN 256 #define RAD_VENDOR_MPD 12341 #define RAD_MPD_RULE 1 #define RAD_MPD_PIPE 2 #define RAD_MPD_QUEUE 3 /* for dropping users */ #define RAD_MPD_DROP_USER 154 /* Drop-User attribute */ #define RAD_MPD_DROP_USER_NO 0 /* Drop-User: "No" value */ #define RAD_MPD_DROP_USER_YES 1 /* Drop-User: "Yes" value */ /* * FUNCTIONS */ extern int RadiusPAPAuthenticate(const char *name, const char *password); extern int RadiusCHAPAuthenticate(const char *name, const char *password, int passlen, const char *challenge, int challenge_size, u_char chapid, int chap_type); extern int RadiusMSCHAPChangePassword(const char *mschapvalue, int mschapvaluelen, const char *challenge, int challenge_size, u_char chapid, int chap_type); extern int RadiusStart(short request_type); extern int RadiusPutAuth(const char *name, const char *password, int passlen, const char *challenge, int challenge_size, u_char chapid, int auth_type); extern int RadiusPutChangePassword(const char *mschapvalue, int mschapvaluelen, u_char chapid, int chap_type); extern int RadiusSendRequest(void); extern int RadiusGetParams(void); extern int RadiusAccount(short acct_type); extern void RadiusSetAuth(AuthData auth); extern int RadStat(int ac, char *av[], void *arg); extern void RadiusDestroy(void); extern void RadiusDown(void); extern void RadiusAcctUpdate(void *a); extern const struct cmdtab RadiusSetCmds[]; struct radiusserver_conf { char *hostname; char *sharedsecret; int auth_port; int acct_port; struct radiusserver_conf *next; }; typedef struct radiusserver_conf *RadServe_Conf; /* Configuration for a radius server */ struct radiusconf { int radius_timeout; int radius_retries; int acct_update; /* Accounting Update Interval */ int update_limit_in; /* Send Update only when counters grow more than "update_limit_xx" since last update */ int update_limit_out; struct in_addr radius_me; char file[PATH_MAX]; struct radiusserver_conf *server; }; typedef struct radiusconf *RadConf; struct radius_acl { /* List of ACLs received from RADIUS */ int number; /* ACL number given by RADIUS server */ char rule[ACL_LEN]; /* Text of ACL */ struct radius_acl *next; }; struct radius { struct rad_handle *radh; /* RadLib Handle */ short valid; /* Auth was successful */ short auth_type; /* PAP, CHAP, MS-CHAP */ char *reply_message; /* Text wich may displayed to the user */ char authname[AUTH_MAX_AUTHNAME]; char multi_session_id[RAD_ACCT_MAX_SESSIONID]; /* Multi-Session-Id needed for accounting */ unsigned vj:1; /* FRAMED Compression */ struct in_addr ip; /* FRAMED IP */ struct in_addr mask; /* FRAMED Netmask */ short n_routes; struct ifaceroute routes[IFACE_MAX_ROUTES]; struct radius_acl *acl_rule; struct radius_acl *acl_pipe; struct radius_acl *acl_queue; unsigned long class; /* Class */ unsigned long mtu; /* FRAMED MTU */ unsigned long session_timeout; /* Session-Timeout */ unsigned long idle_timeout; /* Idle-Timeout */ unsigned long protocol; /* FRAMED Protocol */ unsigned long service_type; /* Service Type */ unsigned long interim_interval; /* interval for accouting updates */ char *filterid; /* FRAMED Filter Id */ char *msdomain; /* Microsoft domain */ char *mschap_error; /* MSCHAP Error Message */ char *mschapv2resp; /* Response String for MSCHAPv2 */ struct { int policy; /* MPPE_POLICY_* */ int types; /* MPPE_TYPE_*BIT bitmask */ u_char recvkey[MPPE_KEY_LEN]; /* MS-CHAP v2 Keys */ size_t recvkeylen; u_char sendkey[MPPE_KEY_LEN]; size_t sendkeylen; u_char lm_key[8]; /* MS-CHAP v1 Keys 40 or 56 Bit */ u_char nt_hash[MPPE_KEY_LEN]; /* MS-CHAP v1 calculating 128 Bit Key */ u_char padding[8]; /* Padding to fit in 16 byte boundary */ } mppe; struct radiusconf conf; }; struct radius_linkinfo { int authentic; /* whether RADIUS authentication was used */ char session_id[RAD_ACCT_MAX_SESSIONID]; struct pppTimer radUpdate; /* Accounting Update Timer */ }; typedef struct radius_linkinfo *RadLinkInfo; struct rad_chapvalue { u_char ident; u_char response[CHAP_MAX_VAL]; }; struct rad_mschapvalue { u_char ident; u_char flags; u_char lm_response[24]; u_char nt_response[24]; }; struct rad_mschapv2value { u_char ident; u_char flags; u_char pchallenge[16]; u_char reserved[8]; u_char response[24]; }; struct rad_mschapv2value_cpw { u_char code; u_char ident; u_char encryptedHash[16]; u_char pchallenge[16]; u_char reserved[8]; u_char nt_response[24]; u_char flags[2]; }; struct rad_mschap_new_nt_pw { u_char ident; short chunk; u_char data[129]; }; #endif