radius.h

RADIUS协议的认证计费服务

#ifndef RADIUS_H
#define	RADIUS_H

/*
 *	RADIUS   Remote Authentication Dial In User Service
 *
 *	Livingston Enterprises, Inc.
 *	6920 Koll Center Parkway
 *	Pleasanton, CA   94566
 *
 *	Copyright 1992 Livingston Enterprises, Inc.
 *
 *	Permission to use, copy, modify, and distribute this software for any
 *	purpose and without fee is hereby granted, provided that this
 *	copyright and permission notice appear on all copies and supporting
 *	documentation, the name of Livingston Enterprises, Inc. not be used
 *	in advertising or publicity pertaining to distribution of the
 *	program without specific prior permission, and notice be given
 *	in supporting documentation that copying and distribution is by
 *	permission of Livingston Enterprises, Inc.
 *
 *	Livingston Enterprises, Inc. makes no representations about
 *	the suitability of this software for any purpose.  It is
 *	provided "as is" without express or implied warranty.
 *
 *
 *      Copyright (c) 1996 Ascend Communications, Inc.
 *      All rights reserved.
 *
 *      Permission to copy, display, distribute and make derivative works
 *      from this material in whole or in part for any purpose is granted
 *      provided that the above copyright notice and this paragraph are
 *      duplicated in all copies.  THIS SOFTWARE IS PROVIDED "AS IS" AND
 *      WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES INCLUDING, WITHOUT
 *      LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
 *      FOR A PARTICULAR PURPOSE.
 *
 */

/*
 * Copyright [C] The Regents of the University of Michigan and Merit Network,
 * Inc. 1992, 1993, 1994, 1995, 1996, 1997, 1998 All Rights Reserved
 *
 * Permission to use, copy, and modify this software and its documentation 
 * for any purpose and without fee is hereby granted, provided: 
 *
 * 1) that the above copyright notice and this permission notice appear in all
 *    copies of the software and derivative works or modified versions thereof, 
 *
 * 2) that both the copyright notice and this permission and disclaimer notice 
 *    appear in all supporting documentation, and 
 *
 * 3) that all derivative works made from this material are returned to the
 *    Regents of the University of Michigan and Merit Network, Inc. with
 *    permission to copy, to display, to distribute, and to make derivative
 *    works from the provided material in whole or in part for any purpose.
 *
 * Users of this code are requested to notify Merit Network, Inc. of such use
 * by sending email to aaa-admin@merit.edu
 *
 * Please also use aaa-admin@merit.edu to inform Merit Network, Inc of any
 * derivative works.
 *
 * Distribution of this software or derivative works or the associated
 * documentation is not allowed without an additional license.
 *
 * Licenses for other uses are available on an individually negotiated
 * basis.  Contact aaa-license@merit.edu for more information.
 *
 * THIS SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER
 * EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION WARRANTIES OF
 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.  THE REGENTS OF THE
 * UNIVERSITY OF MICHIGAN AND MERIT NETWORK, INC. DO NOT WARRANT THAT THE
 * FUNCTIONS CONTAINED IN THE SOFTWARE WILL MEET LICENSEE'S REQUIREMENTS OR
 * THAT OPERATION WILL BE UNINTERRUPTED OR ERROR FREE.  The Regents of the
 * University of Michigan and Merit Network, Inc. shall not be liable for any
 * special, indirect, incidental or consequential damages with respect to any
 * claim by Licensee or any third party arising from use of the software.
 *
 * Merit AAA Server Support
 * Merit Network, Inc.
 * 4251 Plymouth Road, Suite C.
 * Ann Arbor, Michigan, USA 48105-2785
 *
 * attn:  John Vollbrecht
 * voice: 734-764-9430
 * fax:   734-647-3185
 * email: aaa-admin@merit.edu
 *
 *
 *	$Id: radius.h,v 1.1.1.1 2001/08/10 20:49:27 bonze Exp $
 *
 */

#include        <time.h>
#include	"conf.h"
#include	"usr.h"

#ifdef ASCEND
#include	"ascend.h"
#endif	/* ASCEND */

#ifndef TRUE
#define	TRUE			1
#define	FALSE			0
#endif

#define	COMMENT			'#'	/* comment char for config files */
#define	WHITESPACES		" \t\n\r" /* white space chars for strtok() */

#ifndef ADD_STRING_HASH_SIZE
#define	ADD_STRING_HASH_SIZE	4363	/* add_string() table size, a prime */
#endif

#ifndef LIST_COPY_LIMIT
#define	LIST_COPY_LIMIT		512	/* Limit the number of items to copy. */
#endif

#ifndef AVPAIR_LIST_LENGTH_MAX
#define	AVPAIR_LIST_LENGTH_MAX	(list_copy_limit*40)	/* big enough... */
#endif

#define	AUTH_VECTOR_LEN		16
#define	AUTH_PASS_LEN		255	/* Long passwords now */
#define	AUTH_ID_LEN		64
#define	AUTH_STRING1_LEN	253	/* maximum of 253 (in V1) */
#define	AUTH_STRING2_LEN	2000    /* Up to 64k in V2 */

#define	RAD_RECV_BUFFER_SIZE	16536
#define	RAD_SEND_BUFFER_SIZE	16536

#define	FILTER_LEN		16
#define	NAME_LENGTH		32
#define	MAX_FSMID_LEN		20	/* Maximum length of %FSMID string */
#define	MAX_DICTID_LEN		20	/* Maximum length of %DICTID string */
#define	MAX_VENDID_LEN		20	/* Maximum length of %VENDORSID str. */

#define	RADIUS_V1		"V1"
#define	RADIUS_V2		"V2"
#define	VER1			1
#define	VER2			2
#define	HIVER			VER2	/* Current highest version */

typedef struct pw_auth1_hdr
{
	u_char          code;
	u_char          id;
	u_short         length;
	u_char          vector[AUTH_VECTOR_LEN];
	u_char          data[2];
} AUTH_HDR1;

#define	AUTH_HDR1_LEN		20

typedef struct pw_auth_hdr
{
	u_char          code;			/* PW_EXTENDED_FORMAT */
	u_char          flag_ver;		/* Flags and version */
	UINT2           length;			/* Including header */
	UINT2           id;			/* Message Identifier */
	UINT2           command;		/* Message type */
	u_char          vector[AUTH_VECTOR_LEN];/* Random value */
	u_char          mic[AUTH_VECTOR_LEN];	/* Message Integrity Code */
	u_char          data[2];		/* The attribute-value pairs */
} AUTH_HDR;

#define	AUTH_HDR_LEN		40

/* flag_ver definitions: */
#define	AUTH_HDR_VERSION_BITS	0x07	/* The version bits - Rest are flags */
#define	AUTH_HDR_TIMESTAMP	0x08	/* Timestamp present in vector */

/* V2 Timestamp definitions: */
#define	RECV_TIME_WINDOW 5 * 60	/* Accept messages within +/- of this window */

/* Version 2 transmitted attribute-value pair structure */
typedef struct pw_attr_hdr
{
	u_char		type[2];        /* The attribute */
	u_char		length[2];	/* Length of entire pair */
	u_char		flags;		/* Flag octet (Must and Vendor-Sp) */
	u_char		vendor_id[4];	/* Optional vendor id, if Vendor-Sp. */
} ATTR_HDR;

#define	ATTR_HDR_LEN	5	/* Non-Vendor-Specific attr. header length */

#define	MAX_SECRET_LENGTH		16
#define	CHAP_VALUE_LENGTH		16

#define	PW_AUTH_UDP_PORT		1645
#define	PW_ACCT_UDP_PORT		1646

/* For rlmadmin... */
#if !defined(RCS_BACKUP)
#  define RCS_BACKUP 0
#endif

#if !defined(RCS_CTRL)
#  define	RCS_CTRL	"/usr/local/bin/rcs"
#endif
#if !defined(RCS_CO)
#  define	RCS_CO		"/usr/local/bin/co"
#endif
#if !defined(RCS_CI)
#  define	RCS_CI		"/usr/local/bin/ci"
#endif

#define	PW_TYPE_STRING			0
#define	PW_TYPE_INTEGER			1
#define	PW_TYPE_IPADDR			2
#define	PW_TYPE_DATE			3

#ifdef BINARY_FILTERS
#define	PW_TYPE_FILTER_BINARY           4
#endif	/* BINARY_FILTERS */

#ifndef NO_EXTENDED_TYPES
#define	PW_TYPE_OCTETS			5
#define	PW_TYPE_VENDOR			6
#define	PW_TYPE_OCTET			7
#define	PW_TYPE_SHORT			8
#define	PW_TYPE_TAG_INT			9
#define	PW_TYPE_TAG_STR			10
#endif	/* EXTENDED_TYPES */

/* standard RADIUS codes */

#define	PW_ACCESS_REQUEST		1
#define	PW_ACCESS_ACCEPT		2
#define	PW_ACCESS_REJECT		3
#define	PW_ACCOUNTING_REQUEST		4
#define	PW_ACCOUNTING_RESPONSE		5
#define	PW_ACCOUNTING_STATUS		6
#define	PW_PASSWORD_REQUEST		7
#define	PW_PASSWORD_ACK			8
#define	PW_PASSWORD_REJECT		9
#define	PW_ACCOUNTING_MESSAGE		10
#define	PW_ACCESS_CHALLENGE		11
#define	PW_STATUS_SERVER		12
#define	PW_STATUS_CLIENT		13

#define	PW_FORWARDING			216
#define	PW_EXTENDED_FORMAT		254	/* This is the new stuff */
#define	PW_COMMAND_UNRECOGNIZED		256	/* V2 command not recognized */

#ifdef USR_CCA
#define	PW_RESOURCE_FREE_REQ		21
#define	PW_RESOURCE_FREE_RESP		22
#define	PW_RESOURCE_QUERY_REQ		23
#define	PW_RESOURCE_QUERY_RESP		24
#define	PW_ALT_RESOURCE_RECLAIM_REQ	25	/* USR NAS accepts 25 AND 265 */
#define	PW_NAS_REB_REQ			26
#define	PW_NAS_REB_RESP			27

/* V2 values for above ...
#define	PW_RESOURCE_FREE_REQ		261
#define	PW_RESOURCE_FREE_RESP		262
#define	PW_RESOURCE_QUERY_REQ		263
#define	PW_RESOURCE_QUERY_RESP		264
#define	PW_NAS_REB_REQ			267
#define	PW_NAS_REB_RESP			268
*/

#define	PW_RESOURCE_RECLAIM_REQ		265	/* see above (code number 25) */
#define	PW_RESOURCE_RECLAIM_RESP	266

#define	PW_CHANGE_FILTER_REQ		304
#define	PW_CHANGE_FILTER_ACK		305
#define	PW_CHANGE_FILTER_NAK		306
#endif	/* USR_CCA */

/* Merit reserved packet codes 400 to 499 */
#define	PW_ACCESS_ERROR			402
#define	PW_ACCOUNTING_ERROR		405


/* standard RADIUS attribute-value pairs */

#define	PW_USER_NAME			1	/* string */
#define	PW_USER_PASSWORD		2	/* string */
#define	PW_CHAP_PASSWORD		3	/* string */
#define	PW_NAS_IP_ADDRESS		4	/* ipaddr */
#define	PW_NAS_PORT			5	/* integer */
#define	PW_SERVICE_TYPE			6	/* integer */
#define	PW_FRAMED_PROTOCOL		7	/* integer */
#define	PW_FRAMED_IP_ADDRESS		8	/* ipaddr */
#define	PW_FRAMED_IP_NETMASK		9	/* ipaddr */
#define	PW_FRAMED_ROUTING		10	/* integer */
#define	PW_FILTER_ID		        11	/* string */
#define	PW_FRAMED_MTU			12	/* integer */
#define	PW_FRAMED_COMPRESSION		13	/* integer */
#define	PW_LOGIN_IP_HOST		14	/* ipaddr */
#define	PW_LOGIN_SERVICE		15	/* integer */
#define	PW_LOGIN_PORT			16	/* integer */
#define	PW_OLD_PASSWORD			17	/* string */ /* deprecated */
#define	PW_REPLY_MESSAGE		18	/* string */
#define	PW_LOGIN_CALLBACK_NUMBER	19	/* string */
#define	PW_FRAMED_CALLBACK_ID		20	/* string */
#define	PW_EXPIRATION			21	/* date */ /* deprecated */
#define	PW_FRAMED_ROUTE			22	/* string */
#define	PW_FRAMED_IPX_NETWORK		23	/* integer */
#define	PW_STATE			24	/* string */
#define	PW_CLASS			25	/* string */
#define	PW_VENDOR_SPECIFIC		26	/* vendor */
#define	PW_SESSION_TIMEOUT		27	/* integer */
#define	PW_IDLE_TIMEOUT			28	/* integer */
#define	PW_TERMINATION_ACTION		29	/* integer */
#define	PW_CALLED_STATION_ID		30	/* string */
#define	PW_CALLING_STATION_ID		31	/* string */
#define	PW_NAS_IDENTIFIER		32	/* string */
#define	PW_PROXY_STATE			33	/* string */
#define	PW_LOGIN_LAT_SERVICE		34	/* string */
#define	PW_LOGIN_LAT_NODE		35	/* string */
#define	PW_LOGIN_LAT_GROUP		36	/* string */
#define	PW_FRAMED_APPLETALK_LINK	37	/* integer */
#define	PW_FRAMED_APPLETALK_NETWORK	38	/* integer */
#define	PW_FRAMED_APPLETALK_ZONE	39	/* string */
#define	PW_CHAP_CHALLENGE		60	/* string */
#define	PW_NAS_PORT_TYPE		61	/* integer */
#define	PW_PORT_LIMIT			62	/* integer */
#define	PW_LOGIN_LAT_PORT		63	/* string */
#define	PW_TUNNEL_TYPE			64	/* string */
#define	PW_TUNNEL_MEDIUM_TYPE		65	/* string */
#define	PW_TUNNEL_CLIENT_ENDPOINT	66	/* string */
#define	PW_TUNNEL_SERVER_ENDPOINT	67	/* string */
#define	PW_ACCT_TUNNEL_CONNECTION	68	/* string */
#define	PW_TUNNEL_PASSWORD		69	/* string */
#define	PW_ARAP_PASSWORD		70	/* string */
#define	PW_ARAP_FEATURES		71	/* string */
#define	PW_ARAP_ZONE_ACCESS		72	/* integer */
#define	PW_ARAP_SECURITY		73	/* integer */
#define	PW_ARAP_SECURITY_DATA		74	/* string */
#define	PW_PASSWORD_RETRY		75	/* integer */
#define	PW_PROMPT			76	/* integer */
#define	PW_CONNECT_INFO			77	/* string */
#define	PW_CONFIGURATION_TOKEN		78	/* string */
#define	PW_EAP_MESSAGE			79	/* string */
#define	PW_SIGNATURE			80	/* string */
#define	PW_TUNNEL_PRIVATE_GROUP_ID	81	/* octets */
#define	PW_TUNNEL_ASSIGNMENT_ID		82	/* octets */
#define	PW_TUNNEL_PREFERENCE		83	/* octets */
#define	PW_ARAP_CHALLENGE_RESPONSE	84	/* string */
#define	PW_ACCT_INTERIM_INTERVAL	85	/* string */

/*	Accounting */

#define	PW_ACCT_STATUS_TYPE		40	/* integer */
#define	PW_ACCT_DELAY_TIME		41	/* integer */
#define	PW_ACCT_INPUT_OCTETS		42	/* integer */
#define	PW_ACCT_OUTPUT_OCTETS		43	/* integer */
#define	PW_ACCT_SESSION_ID		44	/* string */
#define	PW_ACCT_AUTHENTIC		45	/* integer */
#define	PW_ACCT_SESSION_TIME		46	/* integer */
#define	PW_ACCT_INPUT_PACKETS		47	/* integer */
#define	PW_ACCT_OUTPUT_PACKETS		48	/* integer */
#define	PW_ACCT_TERMINATE_CAUSE		49	/* integer */
#define	PW_ACCT_MULTI_SESSION_ID	50	/* string */
#define	PW_ACCT_LINK_COUNT		51	/* integer */
#define	PW_ACCT_INPUT_GIGAWORDS		52	/* integer */
#define	PW_ACCT_OUTPUT_GIGAWORDS	53	/* integer */
/* #define PW_ACCT_LINK_COUNT		54 */	/* unused */
#define	PW_ACCT_EVENT_TIME		55	/* date */

/*	Merit Experimental Extensions */

#define	PW_REPLY_IF_ACK_MESSAGE		144	/* string */
#define	PW_LAS_START_TIME		145	/* integer */
#define	PW_LAS_CODE			146	/* integer */
#define	PW_LAS_DURATION			147	/* integer */
#define	PW_LOCAL_DURATION		148	/* integer */
#define	PW_HUNTGROUP_SERVICE		149	/* string */
#define	PW_PORT_ENTRY			150	/* octets */
#define	PW_PROXY_ACTION			211	/* string */
#define	PW_TOKEN			213	/* string */
#define	PW_OWNERSHIP			219	/* integer */
#define	PW_SUBGROUP			220	/* string */
#define	PW_HUNTGROUP_NAME		221	/* string */
#define	PW_USER_ID			222	/* string */