radius.h

RADIUS协议的认证计费服务

#define	PW_USER_REALM			223	/* string */

/*	Configuration Only Attributes (for check-items) */

#define	CI_COMMENT			1024	/* string */
#define	CI_XVALUE			1025	/* integer */
#define	CI_XSTRING			1026	/* string */
#define	CI_AUTHENTICATION_TYPE		1027	/* integer */
#define	CI_PROHIBIT			1028	/* integer */
#define	CI_USER_CATEGORY		1029	/* string */
#define	CI_GROUP_NAME			1030	/* string */
#define	CI_ENCRYPTED_PASSWORD		1031	/* string */
#define	CI_EXPIRATION			1032	/* date */
#define	CI_USER_PASSWORD		1033	/* string */
#define	CI_SIMULTANEOUS_USE		1034	/* integer */
#define	CI_SERVER_NAME			1035	/* string */
#define	CI_ADDRESS_POOL_NAME		1036	/* string */
#define	CI_SERVICE_CLASS		1037	/* string */
#define	CI_DENY_MESSAGE			1038	/* string */

/*	Integer Translations */

/*	SERVICE TYPES	*/

#define	PW_LOGIN			1
#define	PW_FRAMED			2
#define	PW_CALLBACK_LOGIN		3
#define	PW_CALLBACK_FRAMED		4
#define	PW_OUTBOUND_USER		5
#define	PW_ADMINISTRATIVE_USER		6
#define	PW_SHELL_USER			7
#define	PW_AUTHENTICATE_ONLY		8
#define	PW_CALLBACK_ADMIN_USER		9

/*	FRAMED PROTOCOLS	*/

#define	PW_PPP				1
#define	PW_SLIP				2
#define	PW_ARA				3
#define	PW_GANDALF			4
#define	PW_XYLOGICS			5

/*	FRAMED ROUTING VALUES	*/

#define	PW_NONE				0
#define	PW_BROADCAST			1
#define	PW_LISTEN			2
#define	PW_BROADCAST_LISTEN		3

/*	FRAMED COMPRESSION TYPES	*/

#define	PW_VAN_JACOBSON_TCP_IP		1
#define	PW_IPX_HEADER_COMPRESSION	2

/*	LOGIN SERVICES	*/

#define	PW_TELNET			0
#define	PW_RLOGIN			1
#define	PW_TCP_CLEAR			2
#define	PW_PORTMASTER			3
#define	PW_LAT				4
#define	PW_X25_PAD			5
#define	PW_X25_T3POS			6

/*	TERMINATION ACTIONS	*/

#define	PW_DEFAULT			0
#define	PW_RADIUS_REQUEST		1

#ifdef USR_CCA
#define	PW_MANAGE_RESOURCES             2
#endif /* USR_CCA */

/*	AUTHENTICATION TYPES */

#define	AA_NONE		0	/* This is not a valid user name entry */
#define	AA_UNIX		1	/* Use local UNIX password file */
#define	AA_AKRB		2	/* AFS Kerberos type authentication */
#define	AA_MKRB		3	/* MIT Kerberos type authentication */
#define	AA_RAD		4	/* Pass to remote RADIUS server */
#define	AA_KCHAP	5	/* Kerberos CHAP authentication */
#define	AA_TACACS	6	/* Encrypted TACACS authentication */
#define	AA_REALM	7	/* Find given realm in authfile */
#define	AA_LOCAL	8	/* ??? XXX ??? */
#define	AA_FILE		9	/* User name and password list in a file */
#define	AA_TACPLUS	10	/* TACACS+ authentication */
#define	AA_ARADES	11	/* Ascend ARA DES authentication */
#define	AA_ACE		12	/* Ascend ARA DES authentication */
#define	AA_DEFENDER	13	/* Ascend smart card authentication */
#define	AA_SKEY		14	/* SKEY authentication */
#define	AA_ODBC		15	/* Database authentication */
#define	AA_ORACLE	16	/* Oracle authentication */
#define	AA_ALLOW	17	/* Allow all users of a realm. */
#define	AA_DENY		18	/* Deny all users of a realm. */
#define	AA_BLACKHOLE	19	/* Blackhole all requests for this realm. */
#define	AA_SLOW		20	/* Use param as realm to authenticate slowly. */
#define	AA_LDAP		21	/* LDAP authentication */
#define	AA_LOCAL_VPN	22	/* Locally defined VPN */
#define	AA_BSD		23	/* BSD Authentication */
#define	AA_DATABASE	24	/* database authentication type */
#define	PW_AUTH_MAX	25	/* Highest authentication type */

/*	PROHIBIT PROTOCOL	*/

#define	PW_DUMB		0	/* 1 and 2 are defined in FRAMED PROTOCOLS */
#define	PW_AUTH_ONLY	3
#define	PW_ALL		255

/*	ACCOUNTING STATUS TYPES	*/

#define	PW_STATUS_START		1
#define	PW_STATUS_STOP		2
#define	PW_STATUS_ALIVE		3
#define	PW_STATUS_MODEM_START	4
#define	PW_STATUS_MODEM_STOP	5
#define	PW_STATUS_CANCEL	6
#define	PW_STATUS_ON		7
#define	PW_STATUS_OFF		8

/*	ACCOUNTING TERMINATION CAUSES	*/

#define	PW_USER_REQUEST		1
#define	PW_LOST_CARRIER		2
#define	PW_LOST_SERVICE		3
#define	PW_ACCT_IDLE_TIMEOUT	4
#define	PW_ACCT_SESSION_TIMEOUT	5
#define	PW_ADMIN_RESET		6
#define	PW_ADMIN_REBOOT		7
#define	PW_PORT_ERROR		8
#define	PW_NAS_ERROR		9
#define	PW_NAS_REQUEST		10
#define	PW_NAS_REBOOT		11
#define	PW_PORT_UNNEEDED	12
#define	PW_PORT_PREEMPTED	13
#define	PW_PORT_SUSPENDED	14
#define	PW_SERVICE_UNAVAILABLE	15
#define	PW_CALLBACK		16
#define	PW_USER_ERROR		17
#define	PW_HOST_REQUEST		18

/*	NAS PORT TYPES	*/

#define	PW_ASYNC		0
#define	PW_SYNC			1
#define	PW_ISDN_SYNC		2
#define	PW_ISDN_ASYNC_V120	3
#define	PW_ISDN_ASYNC_V110	4
#define	PW_VIRTUAL		5
#define	PW_PIAFS		6
#define	PW_HDLC_CLEAR_CHANNEL	7
#define	PW_X_25			8
#define	PW_X_75			9

/*	PROMPT VALUES	*/

#define	PW_NO_ECHO		0
#define	PW_ECHO			1

/*	ARAP ZONE ACCESS VALUES	*/

#define	PW_DEFAULT_ZONE		1
#define	PW_INCLUSIVE_FILTER	2
#define	PW_EXCLUSIVE_FILTER	4

/* Default Database File Names */

#ifndef RADIUS_DIR
#define	RADIUS_DIR		"../config"
#endif

#ifndef RADACCT_DIR
#define	RADACCT_DIR		"../radacct"
#endif

/*
 *	Note:	To change where these files go, do not change the#defines
 *		below, instead change the RADIUS_DIR#define above.
 */

#define	RADIUS_DICTIONARY	"dictionary"
#define	RADIUS_CLIENTS		"clients"
#define	RADIUS_USERS		"users"
#define	RADIUS_HOLD		"holdusers"
#define	RADIUS_LOG		"logfile"
#define	RADIUS_AUTH		"authfile"
#define	RADIUS_PID		"radiusd.pid"
#define	RADIUS_FSM		"radius.fsm"
#define	RADIUS_DEBUG		"radius.debug"
#define	RADIUS_VENDORS          "vendors"

#ifndef RAD_READ_MODE
#define	RAD_READ_MODE		0644		/* f/chmod() access */
#endif

#ifndef RAD_LOG_MODE
#define	RAD_LOG_MODE		0640		/* f/chmod() access */
#endif

#ifndef RADIUS_LOG_FMT

#ifdef Y2K
#define	RADIUS_LOG_FMT		"logfile.%Y%m%d" /* logfile.yyyymmdd */
#else	/* Y2K */
#define	RADIUS_LOG_FMT		"logfile.%y%m%d" /* logfile.yymmdd */
#endif	/* Y2K */

#endif	/* RADIUS_LOG_FMT */

#ifndef RAD_DEBUG_MODE
#define	RAD_DEBUG_MODE		0600		/* f/chmod() access */
#endif

#ifndef RAD_LOG_DEFAULT_AATV
#define	RAD_LOG_DEFAULT_AATV	rad_log_v2_0_aatv
#endif

#ifndef RAD_LOG_DEFAULT_FMT
#define	RAD_LOG_DEFAULT_FMT	"session.%Y-%m-%d.las"
#endif

#ifndef	RAD_GZCAT
#define	RAD_GZCAT		"/usr/local/bin/gzcat"
#endif

#ifndef	RAD_ZCAT
#define	RAD_ZCAT		"/usr/ucb/zcat"
#endif

#ifndef	RAD_GZIP
#define	RAD_GZIP		"/usr/local/bin/gzip"
#endif

/* define GZIP_ARGS to pass non-file arguments to RAD_GZIP program */
/*#define	GZIP_ARGS	" -9 " */

#ifndef RAD_COMPRESS
#define	RAD_COMPRESS		"/usr/ucb/compress"
#endif

/* define COMPRESS_ARGS to pass non-file arguments to RAD_COMPRESS program */
/*#define	COMPRESS_ARGS		" -9 " */

#ifndef RADIUS_LOCALSERVER
#define	RADIUS_LOCALSERVER	"localserver"
#endif

#ifndef DEFAULT_REALM
#define	DEFAULT_REALM		"DEFAULT"
#endif

#ifndef NULL_REALM
#define	NULL_REALM		"NULL"
#endif

/* Server data structures */

typedef struct dict_attr
{
	char             *name;		/* attribute name */
	int               value;	/* attribute index number */
	int               type;		/* string, int, etc. */
	UINT4             vendor_id;	/* vendor OID or 0 */
	int               flags;	/* Attribute flags */
	struct vendor    *vendor_ptr;	/* pointer to VENDOR structure */
	struct dict_attr *next;		/* Global list */
	struct dict_attr *vnext;	/* Vendor list */
} DICT_ATTR;

#define	NULLDA	((DICT_ATTR *) NULL)

/* Definition of DICT_ATTR flags */
#define	ATTR_ACK_NONE	0x000100	/* None in ACK */
#define	ATTR_ACK_ONE	0x000200	/* Only one in ACK */
#define	ATTR_NAK_NONE	0x000400	/* None in NAK */
#define	ATTR_NAK_ONE	0x000800	/* Only one in NAK */
#define	ATTR_CONFIG	0x001000	/* Only a Configuration attribute */
#define	ATTR_NOLOG	0x002000	/* Attribute never gets logged */
#define	ATTR_ENCAPS	0x004000	/* MUST encapsulate this attribute. */
#define	ATTR_RO_FLAGS	0x00FF00	/* Don't modify these flags */
#define	ATTR_LOGGED	0x010000	/* Has this attribute been logged? */

/* Flags sent in packet */
#define	ATTR_MUST	0x000001	/* Receiver MUST know this attribute */
#define	ATTR_VEND_SP	0x000080	/* Vendor Specific indicator */

typedef struct dict_value
{
	char              *name;	/* Value name */
	UINT4              dv_value;
	char              *attrname;	/* corresponding attribute */
	int		   attrnum;	/* Attribute number */
	struct vendor     *vendor_ptr;	/* pointer to VENDOR structure */
	struct dict_value *next;	/* Global list */
	struct dict_value *vnext;	/* Vendor list */
} DICT_VALUE;

#define	NULLDV	((DICT_VALUE *) NULL)

typedef struct dict_attr_list
{
	struct dict_attr_list *next;
	DICT_ATTR             *ap;
} DICT_ATTR_LIST;

typedef struct value_pair
{
	int                attribute;	/* Attribute num. of this value_pair */
	DICT_ATTR         *ap;		/* Pointer to dictionary attrib entry */
	UINT4              lvalue;	/* For type==string, the string's len */
	char              *strvalue;	/* Pointer to string */
	int                strsize;	/* Length of string storage block */
	int                flags;	/* Flags to control logging, etc. */
	u_char             tag;		/* For tagged attributes, the tag. */
	struct value_pair *next;
} VALUE_PAIR;

#define	NULL_VP	((VALUE_PAIR *) NULL)

/* Definition of VALUE_PAIR flags */
#define	VPF_LOGGED	0x01		/* Has this value pair been logged? */
#define	VPF_ENCAPS	0x02		/* Was it encapsulated when received? */

typedef struct vp_string
{
	int		usecnt;		/* Number of VALUE_PAIRS using this */
	char		string[2];	/* The string data */
} VP_STRING;

#define	VPSTR_HDR_LEN sizeof (int) 	/* Size of VP_STRING header */
#define	VPSTR_MIN 8	 /* Smallest block we allocate for value_pair string */

typedef struct auth_req
{
	UINT4             ipaddr;           /* IP address of requestor */

#ifdef USR_CCA
	UINT4             nas_ip;           /* Used only with Resource Query */
					     /* ... Requests and Responses.  */
	char              type;             /* Parent, Child, or Proxy Query */
	int               qry_count;
#endif /* USR_CCA */

	u_short           udp_port;         /* UDP reply socket of requestor */
	u_short           code;             /* Type of RADIUS packet */
	u_short           rcv_len;          /* Length of received packet. */
	u_short           rep_id;           /* Original request seq. number */
	u_short           fwd_id;           /* Locally generated seq. number */
	u_char            repvec[AUTH_VECTOR_LEN]; /* Original vector (reply) */
	u_char            fwdvec[AUTH_VECTOR_LEN]; /* Forwarding vector (V1) */
	char             *realm_filter;
	struct client_ent *client;          /* Pointer to Client Entry */
	int               repstatus;        /* Determines final request value */
	int               fsmstatus;        /* Result of previous AATV action */
	int               cur_count;        /* Original number request pairs */
	time_t            onqueue;          /* Epoch when request was queued */
	time_t            starthg;          /* Epoch when request starts HGAS */
	time_t            startlas;         /* Epoch when request entered LAS */
	time_t            free_end;         /* When to remove from freed queue */
	u_char            vers_in;          /* Version number received */
	u_char            vers_out;         /* Version number sent */
	u_char            flags;            /* Received flags bits */
	u_char            ttlslice;         /* Holds time-to-live init value */
	u_char            ttl;              /* Global queue time-to-live secs */
	u_char            timer;            /* General utility timer */
	u_char            retry_cnt;        /* Counter for duplicate requests */
	u_char            retry_limit;      /* Zero ==> allow infinite number */
	u_char            seqch_cnt;        /* Count sequence number changes */
	u_char            seqch_limit;      /* Zero ==> allow infinite number */
	u_char            state;            /* State of current request */
	u_char            sws;              /* Switches, flags, etc. */
	u_char            debug_flag;       /* Special debugging */
	struct aatv      *fsm_aatv;         /* Pointer to current FSM action */
	struct aatv      *direct_aatv;      /* Pointer to actual action */
	struct event_ent *event_q;          /* Pointer to active event queue */
	struct event_ent *freed_events;     /* Free'd events being held */
	struct proc_ent  *proc_q;           /* Pointer to fork process queue */
	struct auth_req  *next;             /* Global request queue link */
	struct auth_req  *p_prev;           /* Pointer to what points to this */