Aren/NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Import FreeBSD's libradius as of 2005/02/20, plus minor tweaks to build

Browse Source 
o nNetBSD and a Makefile for NetBSD.
This commit is contained in:
manu 2005-02-19 23:56:30 +00:00
parent 66e1a2c606
commit 8809553739
8 changed files with 2433 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
lib/libradius/Makefile Normal file
View File

@ -0,0 +1,22 @@
# $NetBSD: Makefile,v 1.1.1.1 2005/02/19 23:56:30 manu Exp $
USE_SHLIBDIR= yes
NOLINT= # To be fixed later
.include <bsd.own.mk>
LIB= libradius
CFLAGS+=-g
CPPFLAGS+= -I.
.if (${MKCRYPTO} != "no")
CPPFLAGS+= -DWITH_SSL
.endif
SRCS= radlib.c
MAN= libradius.3 radius.conf.5
CLEANFILES+= libradius.cat3 radius.conf.cat5 radlib.d
.include <bsd.lib.mk>

556
lib/libradius/libradius.3 Normal file
View File

@ -0,0 +1,556 @@
.\" Copyright 1998 Juniper Networks, Inc.
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in the
.\" documentation and/or other materials provided with the distribution.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\" $FreeBSD: /repoman/r/ncvs/src/lib/libradius/libradius.3,v 1.17 2004/04/27 15:00:29 ru Exp $
.\" $NetBSD: libradius.3,v 1.1.1.1 2005/02/19 23:56:31 manu Exp $
.\"
.Dd April 27, 2004
.Dt LIBRADIUS 3
.Os
.Sh NAME
.Nm libradius
.Nd RADIUS client library
.Sh SYNOPSIS
.In radlib.h
.Ft "struct rad_handle *"
.Fn rad_acct_open "void"
.Ft int
.Fn rad_add_server "struct rad_handle *h" "const char *host" "int port" "const char *secret" "int timeout" "int max_tries"
.Ft "struct rad_handle *"
.Fn rad_auth_open "void"
.Ft void
.Fn rad_close "struct rad_handle *h"
.Ft int
.Fn rad_config "struct rad_handle *h" "const char *file"
.Ft int
.Fn rad_continue_send_request "struct rad_handle *h" "int selected" "int *fd" "struct timeval *tv"
.Ft int
.Fn rad_create_request "struct rad_handle *h" "int code"
.Ft "struct in_addr"
.Fn rad_cvt_addr "const void *data"
.Ft u_int32_t
.Fn rad_cvt_int "const void *data"
.Ft char *
.Fn rad_cvt_string "const void *data" "size_t len"
.Ft int
.Fn rad_get_attr "struct rad_handle *h" "const void **data" "size_t *len"
.Ft int
.Fn rad_get_vendor_attr "u_int32_t *vendor" "const void **data" "size_t *len"
.Ft int
.Fn rad_init_send_request "struct rad_handle *h" "int *fd" "struct timeval *tv"
.Ft int
.Fn rad_put_addr "struct rad_handle *h" "int type" "struct in_addr addr"
.Ft int
.Fn rad_put_attr "struct rad_handle *h" "int type" "const void *data" "size_t len"
.Ft int
.Fn rad_put_int "struct rad_handle *h" "int type" "u_int32_t value"
.Ft int
.Fn rad_put_string "struct rad_handle *h" "int type" "const char *str"
.Ft int
.Fn rad_put_message_authentic "struct rad_handle *h"
.Ft int
.Fn rad_put_vendor_addr "struct rad_handle *h" "int vendor" "int type" "struct in_addr addr"
.Ft int
.Fn rad_put_vendor_attr "struct rad_handle *h" "int vendor" "int type" "const void *data" "size_t len"
.Ft int
.Fn rad_put_vendor_int "struct rad_handle *h" "int vendor" "int type" "u_int32_t value"
.Ft int
.Fn rad_put_vendor_string "struct rad_handle *h" "int vendor" "int type" "const char *str"
.Ft ssize_t
.Fn rad_request_authenticator "struct rad_handle *h" "char *buf" "size_t len"
.Ft int
.Fn rad_send_request "struct rad_handle *h"
.Ft "const char *"
.Fn rad_server_secret "struct rad_handle *h"
.Ft u_char *
.Fn rad_demangle "struct rad_handle *h" "const void *mangled" "size_t mlen"
.Ft u_char *
.Fn rad_demangle_mppe_key "struct rad_handle *h" "const void *mangled" "size_t mlen" "size_t *len"
.Ft "const char *"
.Fn rad_strerror "struct rad_handle *h"
.Sh DESCRIPTION
The
.Nm
library implements the client side of the Remote Authentication Dial
In User Service (RADIUS).
RADIUS, defined in RFCs 2865 and 2866,
allows clients to perform authentication and accounting by means of
network requests to remote servers.
.Ss Initialization
To use the library, an application must first call
.Fn rad_auth_open
or
.Fn rad_acct_open
to obtain a
.Vt "struct rad_handle *" ,
which provides the context for subsequent operations.
The former function is used for RADIUS authentication and the
latter is used for RADIUS accounting.
Calls to
.Fn rad_auth_open
and
.Fn rad_acct_open
always succeed unless insufficient virtual memory is available.
If
the necessary memory cannot be allocated, the functions return
.Dv NULL .
For compatibility with earlier versions of this library,
.Fn rad_open
is provided as a synonym for
.Fn rad_auth_open .
.Pp
Before issuing any RADIUS requests, the library must be made aware
of the servers it can contact.
The easiest way to configure the
library is to call
.Fn rad_config .
.Fn rad_config
causes the library to read a configuration file whose format is
described in
.Xr radius.conf 5 .
The pathname of the configuration file is passed as the
.Fa file
argument to
.Fn rad_config .
This argument may also be given as
.Dv NULL ,
in which case the standard configuration file
.Pa /etc/radius.conf
is used.
.Fn rad_config
returns 0 on success, or \-1 if an error occurs.
.Pp
The library can also be configured programmatically by calls to
.Fn rad_add_server .
The
.Fa host
parameter specifies the server host, either as a fully qualified
domain name or as a dotted-quad IP address in text form.
The
.Fa port
parameter specifies the UDP port to contact on the server.
If
.Fa port
is given as 0, the library looks up the
.Ql radius/udp
or
.Ql radacct/udp
service in the network
.Xr services 5
database, and uses the port found
there.
If no entry is found, the library uses the standard RADIUS
ports, 1812 for authentication and 1813 for accounting.
The shared secret for the server host is passed to the
.Fa secret
parameter.
It may be any
.Dv NUL Ns -terminated
string of bytes.
The RADIUS protocol
ignores all but the leading 128 bytes of the shared secret.
The timeout for receiving replies from the server is passed to the
.Fa timeout
parameter, in units of seconds.
The maximum number of repeated
requests to make before giving up is passed into the
.Fa max_tries
parameter.
.Fn rad_add_server
returns 0 on success, or \-1 if an error occurs.
.Pp
.Fn rad_add_server
may be called multiple times, and it may be used together with
.Fn rad_config .
At most 10 servers may be specified.
When multiple servers are given, they are tried in round-robin
fashion until a valid response is received, or until each server's
.Fa max_tries
limit has been reached.
.Ss Creating a RADIUS Request
A RADIUS request consists of a code specifying the kind of request,
and zero or more attributes which provide additional information.
To
begin constructing a new request, call
.Fn rad_create_request .
In addition to the usual
.Vt "struct rad_handle *" ,
this function takes a
.Fa code
parameter which specifies the type of the request.
Most often this
will be
.Dv RAD_ACCESS_REQUEST .
.Fn rad_create_request
returns 0 on success, or \-1 on if an error occurs.
.Pp
After the request has been created with
.Fn rad_create_request ,
attributes can be attached to it.
This is done through calls to
.Fn rad_put_addr ,
.Fn rad_put_int ,
and
.Fn rad_put_string .
Each accepts a
.Fa type
parameter identifying the attribute, and a value which may be
an Internet address, an integer, or a
.Dv NUL Ns -terminated
string,
respectively.
Alternatively,
.Fn rad_put_vendor_addr ,
.Fn rad_put_vendor_int
or
.Fn rad_put_vendor_string
may be used to specify vendor specific attributes.
Vendor specific
definitions may be found in
.In radlib_vs.h
.Pp
The library also provides a function
.Fn rad_put_attr
which can be used to supply a raw, uninterpreted attribute.
The
.Fa data
argument points to an array of bytes, and the
.Fa len
argument specifies its length.
.Pp
It is possible adding the Message-Authenticator to the request.
This is an HMAC-MD5 hash of the entire Access-Request packet (see RFC 3579).
This attribute must be present in any packet that includes an EAP-Message
attribute.
It can be added by using the
.Fn rad_put_message_authentic
function.
The
.Nm
library
calculates the HMAC-MD5 hash implicitly before sending the request.
If the Message-Authenticator was found inside the response packet,
then the packet is silently dropped, if the validation failed.
In order to get this feature, the library should be compiled with
OpenSSL support.
.Pp
The
.Fn rad_put_X
functions return 0 on success, or \-1 if an error occurs.
.Ss Sending the Request and Receiving the Response
After the RADIUS request has been constructed, it is sent either by means of
.Fn rad_send_request
or by a combination of calls to
.Fn rad_init_send_request
and
.Fn rad_continue_send_request .
.Pp
The
.Fn rad_send_request
function sends the request and waits for a valid reply,
retrying the defined servers in round-robin fashion as necessary.
If a valid response is received,
.Fn rad_send_request
returns the RADIUS code which specifies the type of the response.
This will typically be
.Dv RAD_ACCESS_ACCEPT ,
.Dv RAD_ACCESS_REJECT ,
or
.Dv RAD_ACCESS_CHALLENGE .
If no valid response is received,
.Fn rad_send_request
returns \-1.
.Pp
As an alternative, if you do not wish to block waiting for a response,
.Fn rad_init_send_request
and
.Fn rad_continue_send_request
may be used instead.
If a reply is received from the RADIUS server or a
timeout occurs, these functions return a value as described for
.Fn rad_send_request .
Otherwise, a value of zero is returned and the values pointed to by
.Fa fd
and
.Fa tv
are set to the descriptor and timeout that should be passed to
.Xr select 2 .
.Pp
.Fn rad_init_send_request
must be called first, followed by repeated calls to
.Fn rad_continue_send_request
as long as a return value of zero is given.
Between each call, the application should call
.Xr select 2 ,
passing
.Fa *fd
as a read descriptor and timing out after the interval specified by
.Fa tv .
When
.Xr select 2
returns,
.Fn rad_continue_send_request
should be called with
.Fa selected
set to a non-zero value if
.Xr select 2
indicated that the descriptor is readable.
.Pp
Like RADIUS requests, each response may contain zero or more
attributes.
After a response has been received successfully by
.Fn rad_send_request
or
.Fn rad_continue_send_request ,
its attributes can be extracted one by one using
.Fn rad_get_attr .
Each time
.Fn rad_get_attr
is called, it gets the next attribute from the current response, and
stores a pointer to the data and the length of the data via the
reference parameters
.Fa data
and
.Fa len ,
respectively.
Note that the data resides in the response itself,
and must not be modified.
A successful call to
.Fn rad_get_attr
returns the RADIUS attribute type.
If no more attributes remain in the current response,
.Fn rad_get_attr
returns 0.
If an error such as a malformed attribute is detected, \-1 is
returned.
.Pp
If
.Fn rad_get_attr
returns
.Dv RAD_VENDOR_SPECIFIC ,
.Fn rad_get_vendor_attr
may be called to determine the vendor.
The vendor specific RADIUS attribute type is returned.
The reference parameters
.Fa data
and
.Fa len
(as returned from
.Fn rad_get_attr )
are passed to
.Fn rad_get_vendor_attr ,
and are adjusted to point to the vendor specific attribute data.
.Pp
The common types of attributes can be decoded using
.Fn rad_cvt_addr ,
.Fn rad_cvt_int ,
and
.Fn rad_cvt_string .
These functions accept a pointer to the attribute data, which should
have been obtained using
.Fn rad_get_attr
and optionally
.Fn rad_get_vendor_attr .
In the case of
.Fn rad_cvt_string ,
the length
.Fa len
must also be given.
These functions interpret the attribute as an
Internet address, an integer, or a string, respectively, and return
its value.
.Fn rad_cvt_string
returns its value as a
.Dv NUL Ns -terminated
string in dynamically
allocated memory.
The application should free the string using
.Xr free 3
when it is no longer needed.
.Pp
If insufficient virtual memory is available,
.Fn rad_cvt_string
returns
.Dv NULL .
.Fn rad_cvt_addr
and
.Fn rad_cvt_int
cannot fail.
.Pp
The
.Fn rad_request_authenticator
function may be used to obtain the Request-Authenticator attribute value
associated with the current RADIUS server according to the supplied
rad_handle.
The target buffer
.Fa buf
of length
.Fa len
must be supplied and should be at least 16 bytes.
The return value is the number of bytes written to
.Fa buf
or \-1 to indicate that
.Fa len
was not large enough.
.Pp
The
.Fn rad_server_secret
returns the secret shared with the current RADIUS server according to the
supplied rad_handle.
.Pp
The
.Fn rad_demangle
function demangles attributes containing passwords and MS-CHAPv1 MPPE-Keys.
The return value is
.Dv NULL
on failure, or the plaintext attribute.
This value should be freed using
.Xr free 3
when it is no longer needed.
.Pp
The
.Fn rad_demangle_mppe_key
function demangles the send- and recv-keys when using MPPE (see RFC 2548).
The return value is
.Dv NULL
on failure, or the plaintext attribute.
This value should be freed using
.Xr free 3
when it is no longer needed.
.Ss Obtaining Error Messages
Those functions which accept a
.Vt "struct rad_handle *"
argument record an error message if they fail.
The error message
can be retrieved by calling
.Fn rad_strerror .
The message text is overwritten on each new error for the given
.Vt "struct rad_handle *" .
Thus the message must be copied if it is to be preserved through
subsequent library calls using the same handle.
.Ss Cleanup
To free the resources used by the RADIUS library, call
.Fn rad_close .
.Sh RETURN VALUES
The following functions return a non-negative value on success.
If
they detect an error, they return \-1 and record an error message
which can be retrieved using
.Fn rad_strerror .
.Pp
.Bl -item -offset indent -compact
.It
.Fn rad_add_server
.It
.Fn rad_config
.It
.Fn rad_create_request
.It
.Fn rad_get_attr
.It
.Fn rad_put_addr
.It
.Fn rad_put_attr
.It
.Fn rad_put_int
.It
.Fn rad_put_string
.It
.Fn rad_put_message_authentic
.It
.Fn rad_init_send_request
.It
.Fn rad_continue_send_request
.It
.Fn rad_send_request
.El
.Pp
The following functions return a
.No non- Ns Dv NULL
pointer on success.
If they are unable to allocate sufficient
virtual memory, they return
.Dv NULL ,
without recording an error message.
.Pp
.Bl -item -offset indent -compact
.It
.Fn rad_acct_open
.It
.Fn rad_auth_open
.It
.Fn rad_cvt_string
.El
.Pp
The following functions return a
.No non- Ns Dv NULL
pointer on success.
If they fail, they return
.Dv NULL ,
with recording an error message.
.Pp
.Bl -item -offset indent -compact
.It
.Fn rad_demangle
.It
.Fn rad_demangle_mppe_key
.El
.Sh FILES
.Bl -tag -width indent
.It Pa /etc/radius.conf
.El
.Sh SEE ALSO
.Xr radius.conf 5
.Rs
.%A "C. Rigney, et al"
.%T "Remote Authentication Dial In User Service (RADIUS)"
.%O "RFC 2865"
.Re
.Rs
.%A "C. Rigney"
.%T "RADIUS Accounting"
.%O "RFC 2866"
.Re
.Rs
.%A G. Zorn
.%T "Microsoft Vendor-specific RADIUS attributes"
.%O RFC 2548
.Re
.Rs
.%A C. Rigney, et al
.%T "RADIUS extensions"
.%O RFC 2869
.Re
.Sh AUTHORS
.An -nosplit
This software was originally written by
.An John Polstra ,
and donated to the
.Fx
project by Juniper Networks, Inc.
.An Oleg Semyonov
subsequently added the ability to perform RADIUS
accounting.
Later additions and changes by
.An Michael Bretterklieber .

186
lib/libradius/radius.conf.5 Normal file
View File

@ -0,0 +1,186 @@
.\" Copyright 1998 Juniper Networks, Inc.
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in the
.\" documentation and/or other materials provided with the distribution.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\" $FreeBSD: /repoman/r/ncvs/src/lib/libradius/radius.conf.5,v 1.8 2004/07/02 23:52:18 ru Exp $
.\" $NetBSD: radius.conf.5,v 1.1.1.1 2005/02/19 23:56:32 manu Exp $
.\"
.Dd October 30, 1999
.Dt RADIUS.CONF 5
.Os
.Sh NAME
.Nm radius.conf
.Nd RADIUS client configuration file
.Sh SYNOPSIS
.Pa /etc/radius.conf
.Sh DESCRIPTION
.Nm
contains the information necessary to configure the RADIUS client
library.
It is parsed by
.Xr rad_config 3 .
The file contains one or more lines of text, each describing a
single RADIUS server which will be used by the library.
Leading
white space is ignored, as are empty lines and lines containing
only comments.
.Pp
A RADIUS server is described by three to five fields on a line:
.Pp
.Bl -item -offset indent -compact
.It
Service type
.It
Server host
.It
Shared secret
.It
Timeout
.It
Retries
.El
.Pp
The fields are separated by white space.
The
.Ql #
character at the beginning of a field begins a comment, which extends
to the end of the line.
A field may be enclosed in double quotes,
in which case it may contain white space and/or begin with the
.Ql #
character.
Within a quoted string, the double quote character can
be represented by
.Ql \e\&" ,
and the backslash can be represented by
.Ql \e\e .
No other escape sequences are supported.
.Pp
.Pp
The first field gives the service type, either
.Ql auth
for RADIUS authentication or
.Ql acct
for RADIUS accounting.
If a single server provides both services, two
lines are required in the file.
Earlier versions of this file did
not include a service type.
For backward compatibility, if the first
field is not
.Ql auth
or
.Ql acct
the library behaves as if
.Ql auth
were specified, and interprets the fields in the line as if they
were fields two through five.
.Pp
The second field specifies
the server host, either as a fully qualified domain name or as a
dotted-quad IP address.
The host may optionally be followed by a
.Ql \&:
and a numeric port number, without intervening white space.
If the
port specification is omitted, it defaults to the
.Ql radius
or
.Ql radacct
service in the
.Pa /etc/services
file for service types
.Ql auth
and
.Ql acct ,
respectively.
If no such entry is present, the standard ports 1812 and 1813 are
used.
.Pp
The third field contains the shared secret, which should be known
only to the client and server hosts.
It is an arbitrary string of
characters, though it must be enclosed in double quotes if it
contains white space.
The shared secret may be
any length, but the RADIUS protocol uses only the first 128
characters.
N.B., some popular RADIUS servers have bugs which
prevent them from working properly with secrets longer than 16
characters.
.Pp
The fourth field contains a decimal integer specifying the timeout in
seconds for receiving a valid reply from the server.
If this field
is omitted, it defaults to 3 seconds.
.Pp
The fifth field contains a decimal integer specifying the maximum
number of attempts that will be made to authenticate with the server
before giving up.
If omitted, it defaults to 3 attempts.
Note,
this is the total number of attempts and not the number of retries.
.Pp
Up to 10 RADIUS servers may be specified for each service type.
The servers are tried in
round-robin fashion, until a valid response is received or the
maximum number of tries has been reached for all servers.
.Pp
The standard location for this file is
.Pa /etc/radius.conf .
But an alternate pathname may be specified in the call to
.Xr rad_config 3 .
Since the file contains sensitive information in the form of the
shared secrets, it should not be readable except by root.
.Sh FILES
.Pa /etc/radius.conf
.Sh EXAMPLES
.Bd -literal
# A simple entry using all the defaults:
acct radius1.domain.com OurLittleSecret
# A server still using the obsolete RADIUS port, with increased
# timeout and maximum tries:
auth auth.domain.com:1645 "I can't see you" 5 4
# A server specified by its IP address:
auth 192.168.27.81 $X*#..38947ax-+=
.Ed
.Sh SEE ALSO
.Xr libradius 3
.Rs
.%A C. Rigney, et al
.%T "Remote Authentication Dial In User Service (RADIUS)"
.%O RFC 2138
.Re
.Rs
.%A C. Rigney
.%T RADIUS Accounting
.%O RFC 2139
.Re
.Sh AUTHORS
This documentation was written by
.An John Polstra ,
and donated to the
.Fx
project by Juniper Networks, Inc.

1251
lib/libradius/radlib.c Normal file
View File

File diff suppressed because it is too large Load Diff

222
lib/libradius/radlib.h Normal file
View File

@ -0,0 +1,222 @@
/* $NetBSD: radlib.h,v 1.1.1.1 2005/02/19 23:56:35 manu Exp $ */
/*-
* Copyright 1998 Juniper Networks, Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $FreeBSD: /repoman/r/ncvs/src/lib/libradius/radlib.h,v 1.7 2004/04/27 15:00:29 ru Exp $
*/
#ifndef _RADLIB_H_
#define _RADLIB_H_
#include <sys/types.h>
#include <netinet/in.h>
/* Limits */
#define RAD_MAX_ATTR_LEN 253
/* Message types */
#define RAD_ACCESS_REQUEST 1
#define RAD_ACCESS_ACCEPT 2
#define RAD_ACCESS_REJECT 3
#define RAD_ACCOUNTING_REQUEST 4
#define RAD_ACCOUNTING_RESPONSE 5
#define RAD_ACCESS_CHALLENGE 11
/* Attribute types and values */
#define RAD_USER_NAME 1 /* String */
#define RAD_USER_PASSWORD 2 /* String */
#define RAD_CHAP_PASSWORD 3 /* String */
#define RAD_NAS_IP_ADDRESS 4 /* IP address */
#define RAD_NAS_PORT 5 /* Integer */
#define RAD_SERVICE_TYPE 6 /* Integer */
#define RAD_LOGIN 1
#define RAD_FRAMED 2
#define RAD_CALLBACK_LOGIN 3
#define RAD_CALLBACK_FRAMED 4
#define RAD_OUTBOUND 5
#define RAD_ADMINISTRATIVE 6
#define RAD_NAS_PROMPT 7
#define RAD_AUTHENTICATE_ONLY 8
#define RAD_CALLBACK_NAS_PROMPT 9
#define RAD_FRAMED_PROTOCOL 7 /* Integer */
#define RAD_PPP 1
#define RAD_SLIP 2
#define RAD_ARAP 3 /* Appletalk */
#define RAD_GANDALF 4
#define RAD_XYLOGICS 5
#define RAD_FRAMED_IP_ADDRESS 8 /* IP address */
#define RAD_FRAMED_IP_NETMASK 9 /* IP address */
#define RAD_FRAMED_ROUTING 10 /* Integer */
#define RAD_FILTER_ID 11 /* String */
#define RAD_FRAMED_MTU 12 /* Integer */
#define RAD_FRAMED_COMPRESSION 13 /* Integer */
#define RAD_COMP_NONE 0
#define RAD_COMP_VJ 1
#define RAD_COMP_IPXHDR 2
#define RAD_LOGIN_IP_HOST 14 /* IP address */
#define RAD_LOGIN_SERVICE 15 /* Integer */
#define RAD_LOGIN_TCP_PORT 16 /* Integer */
/* unassiged 17 */
#define RAD_REPLY_MESSAGE 18 /* String */
#define RAD_CALLBACK_NUMBER 19 /* String */
#define RAD_CALLBACK_ID 20 /* String */
/* unassiged 21 */
#define RAD_FRAMED_ROUTE 22 /* String */
#define RAD_FRAMED_IPX_NETWORK 23 /* IP address */
#define RAD_STATE 24 /* String */
#define RAD_CLASS 25 /* Integer */
#define RAD_VENDOR_SPECIFIC 26 /* Integer */
#define RAD_SESSION_TIMEOUT 27 /* Integer */
#define RAD_IDLE_TIMEOUT 28 /* Integer */
#define RAD_TERMINATION_ACTION 29 /* Integer */
#define RAD_CALLED_STATION_ID 30 /* String */
#define RAD_CALLING_STATION_ID 31 /* String */
#define RAD_NAS_IDENTIFIER 32 /* Integer */
#define RAD_PROXY_STATE 33 /* Integer */
#define RAD_LOGIN_LAT_SERVICE 34 /* Integer */
#define RAD_LOGIN_LAT_NODE 35 /* Integer */
#define RAD_LOGIN_LAT_GROUP 36 /* Integer */
#define RAD_FRAMED_APPLETALK_LINK 37 /* Integer */
#define RAD_FRAMED_APPLETALK_NETWORK 38 /* Integer */
#define RAD_FRAMED_APPLETALK_ZONE 39 /* Integer */
/* reserved for accounting 40-59 */
#define RAD_ACCT_INPUT_GIGAWORDS 52
#define RAD_ACCT_OUTPUT_GIGAWORDS 53
#define RAD_CHAP_CHALLENGE 60 /* String */
#define RAD_NAS_PORT_TYPE 61 /* Integer */
#define RAD_ASYNC 0
#define RAD_SYNC 1
#define RAD_ISDN_SYNC 2
#define RAD_ISDN_ASYNC_V120 3
#define RAD_ISDN_ASYNC_V110 4
#define RAD_VIRTUAL 5
#define RAD_PIAFS 6
#define RAD_HDLC_CLEAR_CHANNEL 7
#define RAD_X_25 8
#define RAD_X_75 9
#define RAD_G_3_FAX 10
#define RAD_SDSL 11
#define RAD_ADSL_CAP 12
#define RAD_ADSL_DMT 13
#define RAD_IDSL 14
#define RAD_ETHERNET 15
#define RAD_XDSL 16
#define RAD_CABLE 17
#define RAD_WIRELESS_OTHER 18
#define RAD_WIRELESS_IEEE_802_11 19
#define RAD_PORT_LIMIT 62 /* Integer */
#define RAD_LOGIN_LAT_PORT 63 /* Integer */
#define RAD_CONNECT_INFO 77 /* String */
#define RAD_EAP_MESSAGE 79 /* Octets */
#define RAD_MESSAGE_AUTHENTIC 80 /* Octets */
#define RAD_ACCT_INTERIM_INTERVAL 85 /* Integer */
#define RAD_NAS_IPV6_ADDRESS 95 /* IPv6 address */
#define RAD_FRAMED_INTERFACE_ID 96 /* 8 octets */
#define RAD_FRAMED_IPV6_PREFIX 97 /* Octets */
#define RAD_LOGIN_IPV6_HOST 98 /* IPv6 address */
#define RAD_FRAMED_IPV6_ROUTE 99 /* String */
#define RAD_FRAMED_IPV6_POOL 100 /* String */
/* Accounting attribute types and values */
#define RAD_ACCT_STATUS_TYPE 40 /* Integer */
#define RAD_START 1
#define RAD_STOP 2
#define RAD_UPDATE 3
#define RAD_ACCOUNTING_ON 7
#define RAD_ACCOUNTING_OFF 8
#define RAD_ACCT_DELAY_TIME 41 /* Integer */
#define RAD_ACCT_INPUT_OCTETS 42 /* Integer */
#define RAD_ACCT_OUTPUT_OCTETS 43 /* Integer */
#define RAD_ACCT_SESSION_ID 44 /* String */
#define RAD_ACCT_AUTHENTIC 45 /* Integer */
#define RAD_AUTH_RADIUS 1
#define RAD_AUTH_LOCAL 2
#define RAD_AUTH_REMOTE 3
#define RAD_ACCT_SESSION_TIME 46 /* Integer */
#define RAD_ACCT_INPUT_PACKETS 47 /* Integer */
#define RAD_ACCT_OUTPUT_PACKETS 48 /* Integer */
#define RAD_ACCT_TERMINATE_CAUSE 49 /* Integer */
#define RAD_TERM_USER_REQUEST 1
#define RAD_TERM_LOST_CARRIER 2
#define RAD_TERM_LOST_SERVICE 3
#define RAD_TERM_IDLE_TIMEOUT 4
#define RAD_TERM_SESSION_TIMEOUT 5
#define RAD_TERM_ADMIN_RESET 6
#define RAD_TERM_ADMIN_REBOOT 7
#define RAD_TERM_PORT_ERROR 8
#define RAD_TERM_NAS_ERROR 9
#define RAD_TERM_NAS_REQUEST 10
#define RAD_TERM_NAS_REBOOT 11
#define RAD_TERM_PORT_UNNEEDED 12
#define RAD_TERM_PORT_PREEMPTED 13
#define RAD_TERM_PORT_SUSPENDED 14
#define RAD_TERM_SERVICE_UNAVAILABLE 15
#define RAD_TERM_CALLBACK 16
#define RAD_TERM_USER_ERROR 17
#define RAD_TERM_HOST_REQUEST 18
#define RAD_ACCT_MULTI_SESSION_ID 50 /* String */
#define RAD_ACCT_LINK_COUNT 51 /* Integer */
struct rad_handle;
struct timeval;
__BEGIN_DECLS
struct rad_handle *rad_acct_open(void);
int rad_add_server(struct rad_handle *,
const char *, int, const char *, int, int);
struct rad_handle *rad_auth_open(void);
void rad_close(struct rad_handle *);
int rad_config(struct rad_handle *, const char *);
int rad_continue_send_request(struct rad_handle *, int,
int *, struct timeval *);
int rad_create_request(struct rad_handle *, int);
struct in_addr rad_cvt_addr(const void *);
u_int32_t rad_cvt_int(const void *);
char *rad_cvt_string(const void *, size_t);
int rad_get_attr(struct rad_handle *, const void **,
size_t *);
int rad_init_send_request(struct rad_handle *, int *,
struct timeval *);
struct rad_handle *rad_open(void); /* Deprecated, == rad_auth_open */
int rad_put_addr(struct rad_handle *, int, struct in_addr);
int rad_put_attr(struct rad_handle *, int,
const void *, size_t);
int rad_put_int(struct rad_handle *, int, u_int32_t);
int rad_put_string(struct rad_handle *, int,
const char *);
int rad_put_message_authentic(struct rad_handle *);
ssize_t rad_request_authenticator(struct rad_handle *, char *,
size_t);
int rad_send_request(struct rad_handle *);
const char *rad_server_secret(struct rad_handle *);
const char *rad_strerror(struct rad_handle *);
u_char *rad_demangle(struct rad_handle *, const void *,
size_t);
__END_DECLS
#endif /* _RADLIB_H_ */

105
lib/libradius/radlib_private.h Normal file
View File

@ -0,0 +1,105 @@
/* $NetBSD: radlib_private.h,v 1.1.1.1 2005/02/19 23:56:32 manu Exp $ */
/*-
* Copyright 1998 Juniper Networks, Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $FreeBSD: /repoman/r/ncvs/src/lib/libradius/radlib_private.h,v 1.6 2004/04/27 15:00:29 ru Exp $
*/
#ifndef RADLIB_PRIVATE_H
#define RADLIB_PRIVATE_H
#include <sys/types.h>
#include <netinet/in.h>
#include "radlib.h"
#include "radlib_vs.h"
/* Handle types */
#define RADIUS_AUTH 0 /* RADIUS authentication, default */
#define RADIUS_ACCT 1 /* RADIUS accounting */
/* Defaults */
#define MAXTRIES 3
#define PATH_RADIUS_CONF "/etc/radius.conf"
#define RADIUS_PORT 1812
#define RADACCT_PORT 1813
#define TIMEOUT 3 /* In seconds */
/* Limits */
#define ERRSIZE 128 /* Maximum error message length */
#define MAXCONFLINE 1024 /* Maximum config file line length */
#define MAXSERVERS 10 /* Maximum number of servers to try */
#define MSGSIZE 4096 /* Maximum RADIUS message */
#define PASSSIZE 128 /* Maximum significant password chars */
/* Positions of fields in RADIUS messages */
#define POS_CODE 0 /* Message code */
#define POS_IDENT 1 /* Identifier */
#define POS_LENGTH 2 /* Message length */
#define POS_AUTH 4 /* Authenticator */
#define LEN_AUTH 16 /* Length of authenticator */
#define POS_ATTRS 20 /* Start of attributes */
struct rad_server {
struct sockaddr_in addr; /* Address of server */
char *secret; /* Shared secret */
int timeout; /* Timeout in seconds */
int max_tries; /* Number of tries before giving up */
int num_tries; /* Number of tries so far */
};
struct rad_handle {
int fd; /* Socket file descriptor */
struct rad_server servers[MAXSERVERS]; /* Servers to contact */
int num_servers; /* Number of valid server entries */
int ident; /* Current identifier value */
char errmsg[ERRSIZE]; /* Most recent error message */
unsigned char request[MSGSIZE]; /* Request to send */
char request_created; /* rad_create_request() called? */
int req_len; /* Length of request */
char pass[PASSSIZE]; /* Cleartext password */
size_t pass_len; /* Length of cleartext password */
int pass_pos; /* Position of scrambled password */
char chap_pass; /* Have we got a CHAP_PASSWORD ? */
int authentic_pos; /* Position of message authenticator */
char eap_msg; /* Are we an EAP Proxy? */
unsigned char response[MSGSIZE]; /* Response received */
size_t resp_len; /* Length of response */
int resp_pos; /* Current position scanning attrs */
int total_tries; /* How many requests we'll send */
int try; /* How many requests we've sent */
int srv; /* Server number we did last */
int type; /* Handle type */
};
struct vendor_attribute {
u_int32_t vendor_value;
u_char attrib_type;
u_char attrib_len;
u_char attrib_data[1];
};
#endif

86
lib/libradius/radlib_vs.h Normal file
View File

@ -0,0 +1,86 @@
/* $NetBSD: radlib_vs.h,v 1.1.1.1 2005/02/19 23:56:32 manu Exp $ */
/*-
* Copyright (c) 2002 Brian Somers <brian@Awfulhak.org>
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $FreeBSD: /repoman/r/ncvs/src/lib/libradius/radlib_vs.h,v 1.3 2004/04/27 15:00:29 ru Exp $
*/
#ifndef _RADLIB_VS_H_
#define _RADLIB_VS_H_
#include <sys/types.h>
#include <netinet/in.h>
#define RAD_VENDOR_MICROSOFT 311 /* rfc2548 */
#define RAD_MICROSOFT_MS_CHAP_RESPONSE 1
#define RAD_MICROSOFT_MS_CHAP_ERROR 2
#define RAD_MICROSOFT_MS_CHAP_PW_1 3
#define RAD_MICROSOFT_MS_CHAP_PW_2 4
#define RAD_MICROSOFT_MS_CHAP_LM_ENC_PW 5
#define RAD_MICROSOFT_MS_CHAP_NT_ENC_PW 6
#define RAD_MICROSOFT_MS_MPPE_ENCRYPTION_POLICY 7
#define RAD_MICROSOFT_MS_MPPE_ENCRYPTION_TYPES 8
#define RAD_MICROSOFT_MS_RAS_VENDOR 9
#define RAD_MICROSOFT_MS_CHAP_DOMAIN 10
#define RAD_MICROSOFT_MS_CHAP_CHALLENGE 11
#define RAD_MICROSOFT_MS_CHAP_MPPE_KEYS 12
#define RAD_MICROSOFT_MS_BAP_USAGE 13
#define RAD_MICROSOFT_MS_LINK_UTILIZATION_THRESHOLD 14
#define RAD_MICROSOFT_MS_LINK_DROP_TIME_LIMIT 15
#define RAD_MICROSOFT_MS_MPPE_SEND_KEY 16
#define RAD_MICROSOFT_MS_MPPE_RECV_KEY 17
#define RAD_MICROSOFT_MS_RAS_VERSION 18
#define RAD_MICROSOFT_MS_OLD_ARAP_PASSWORD 19
#define RAD_MICROSOFT_MS_NEW_ARAP_PASSWORD 20
#define RAD_MICROSOFT_MS_ARAP_PASSWORD_CHANGE_REASON 21
#define RAD_MICROSOFT_MS_FILTER 22
#define RAD_MICROSOFT_MS_ACCT_AUTH_TYPE 23
#define RAD_MICROSOFT_MS_ACCT_EAP_TYPE 24
#define RAD_MICROSOFT_MS_CHAP2_RESPONSE 25
#define RAD_MICROSOFT_MS_CHAP2_SUCCESS 26
#define RAD_MICROSOFT_MS_CHAP2_PW 27
#define RAD_MICROSOFT_MS_PRIMARY_DNS_SERVER 28
#define RAD_MICROSOFT_MS_SECONDARY_DNS_SERVER 29
#define RAD_MICROSOFT_MS_PRIMARY_NBNS_SERVER 30
#define RAD_MICROSOFT_MS_SECONDARY_NBNS_SERVER 31
#define RAD_MICROSOFT_MS_ARAP_CHALLENGE 33
#define SALT_LEN 2
struct rad_handle;
__BEGIN_DECLS
int rad_get_vendor_attr(u_int32_t *, const void **, size_t *);
int rad_put_vendor_addr(struct rad_handle *, int, int, struct in_addr);
int rad_put_vendor_attr(struct rad_handle *, int, int, const void *,
size_t);
int rad_put_vendor_int(struct rad_handle *, int, int, u_int32_t);
int rad_put_vendor_string(struct rad_handle *, int, int, const char *);
u_char *rad_demangle_mppe_key(struct rad_handle *, const void *, size_t,
size_t *);
__END_DECLS
#endif /* _RADLIB_VS_H_ */

5
lib/libradius/shlib_version Normal file
View File

@ -0,0 +1,5 @@
# $NetBSD: shlib_version,v 1.1.1.1 2005/02/19 23:56:36 manu Exp $
# Remember to update distrib/sets/lists/base/shl.* when changing
#
major=0
minor=0