eap.h

radius服务器

/*
 * eap.h    Header file containing the interfaces for all EAP types.
 *
 * Version:     $Id: eap.h,v 1.27 2004/03/08 21:51:30 aland Exp $
 *
 *   This program is free software; you can redistribute it and/or modify
 *   it under the terms of the GNU General Public License as published by
 *   the Free Software Foundation; either version 2 of the License, or
 *   (at your option) any later version.
 *
 *   This program is distributed in the hope that it will be useful,
 *   but WITHOUT ANY WARRANTY; without even the implied warranty of
 *   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *   GNU General Public License for more details.
 *
 *   You should have received a copy of the GNU General Public License
 *   along with this program; if not, write to the Free Software
 *   Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
 *
 * Copyright 2001  hereUare Communications, Inc. <raghud@hereuare.com>
 * Copyright 2003  Alan DeKok <aland@freeradius.org>
 */
#ifndef _EAP_H
#define _EAP_H

#include "autoconf.h"

#ifdef HAVE_SYS_TYPES_H
#include <sys/types.h>
#endif

#ifdef HAVE_NETINET_IN_H
#include <netinet/in.h>
#endif

#include <string.h>
#include <stdlib.h>

#include "radiusd.h"
#include "modules.h"

#include "rad_assert.h"

#include "eap_types.h"

/*
 * EAP_DS contains all the received/sending information
 * response = Received EAP packet
 * request = Sending EAP packet
 *
 * Note: We are authentication server,
 *  we get ONLY EAP-Responses and
 *  we send EAP-Request/EAP-success/EAP-failure
 */
typedef struct eap_ds {
	EAP_PACKET	*response;
	EAP_PACKET	*request;
	int		set_request_id;
} EAP_DS;

/*
 * Currently there are only 2 types
 * of operations defined,
 * apart from attach & detach for each EAP-Type.
 */
typedef enum operation_t {
	INITIATE = 0,
	AUTHORIZE,
	AUTHENTICATE
} operation_t;


/*
 * EAP_HANDLER is the interface for any EAP-Type.
 * Each handler contains information for one specific EAP-Type.
 * This way we don't need to change any interfaces in future.
 * It is also a list of EAP-request handlers waiting for EAP-response
 * eap_id = copy of the eap packet we sent to the
 *
 * next = pointer to next
 * state = state attribute from the reply we sent
 * state_len = length of data in the state attribute.
 * src_ipaddr = client which sent us the RADIUS request containing
 *              this EAP conversation.
 * eap_id = copy of EAP id we sent to the client.
 * timestamp  = timestamp when this handler was last used.
 * identity = Identity, as obtained, from EAP-Identity response.
 * request = RADIUS request data structure
 * prev_eapds = Previous EAP request, for which eap_ds contains the response.
 * eap_ds   = Current EAP response.
 * opaque   = EAP-Type holds some data that corresponds to the current
 *		EAP-request/response
 * free_opaque = To release memory held by opaque,
 * 		when this handler is timedout & needs to be deleted.
 * 		It is the responsibility of the specific EAP-TYPE
 * 		to avoid any memory leaks in opaque
 *		Hence this pointer should be provided by the EAP-Type
 *		if opaque is not NULL
 * status   = finished/onhold/..
 */
#define EAP_STATE_LEN (AUTH_VECTOR_LEN)
typedef struct _eap_handler {
	struct _eap_handler *next;

	uint8_t		state[EAP_STATE_LEN];
	uint32_t	src_ipaddr;
	unsigned int	eap_id;
	unsigned int	eap_type;

	time_t		timestamp;

	REQUEST		*request;

	char		*identity; /* User name from EAP-Identity */

	EAP_DS 		*prev_eapds;
	EAP_DS 		*eap_ds;

	void 		*opaque;
	void 		(*free_opaque)(void *opaque);

	int		status;

	int		stage;
} EAP_HANDLER;

/*
 * Interface to call EAP sub mdoules
 */
typedef struct eap_type_t {
	const 	char *name;
	int	(*attach)(CONF_SECTION *conf, void **type_data);
	int	(*initiate)(void *type_data, EAP_HANDLER *handler);
	int	(*authorize)(void *type_data, EAP_HANDLER *handler);
	int	(*authenticate)(void *type_data, EAP_HANDLER *handler);
	int	(*detach)(void *type_data);
} EAP_TYPE;

#define REQUEST_DATA_EAP_HANDLER	 (1)
#define REQUEST_DATA_EAP_TUNNEL_CALLBACK PW_EAP_MESSAGE
#define REQUEST_DATA_EAP_MSCHAP_TUNNEL_CALLBACK ((PW_EAP_MESSAGE << 16) | PW_EAP_MSCHAPV2)
#define RAD_REQUEST_OPTION_PROXY_EAP	(1 << 16)

/*
 *	This is for tunneled callbacks
 */
typedef int (*eap_tunnel_callback_t)(EAP_HANDLER *handler, void *tls_session);
typedef struct eap_tunnel_data_t {
  void			*tls_session;
  eap_tunnel_callback_t callback;
} eap_tunnel_data_t;

#endif /*_EAP_H*/