radius.h

RADIUS协议的认证计费服务

	VALUE_PAIR       *request;          /* Original client a/v pairs */
	VALUE_PAIR       *cur_request;      /* Represents current a/v pairs */
	VALUE_PAIR       *user_check;       /* List of users file check items */
	VALUE_PAIR       *user_deny;        /* List of users file deny items */
} AUTH_REQ;

typedef struct auth_req_q
{
	struct auth_req_q *next;	/* Next in list of queues. */
	char            *q_name;	/* Name of queue "auth", "acct", etc.*/
	int              max;		/* Maximum queue size observed. */
	int              cur;		/* Current queue size */
	int              cur_freed;	/* Current freed queue size */
	u_short          limit;		/* Queue size limit. */
	u_short          ident;		/* Sequence number on queue. */
	time_t           max_time;	/* When was the max queue size hit? */
	time_t           hold;		/* How long to hold on freed queue */
	AUTH_REQ        *q;		/* The head of the queue. */
	AUTH_REQ       **p_q_end;	/* Pointer to the 'next' of the end */
	AUTH_REQ        *freed;		/* Free'd authreq's being held */
	UINT4            q_ok;		/* How many were queue'd OK? */
	UINT4            q_fail;	/* How many couldn't be queued? */
	UINT4            q_dup;		/* How many were matched? */
	UINT4            q_freed;	/* How many were queued to be freed? */
	UINT4            dq_freed;	/* How many were dequeued from freed */
	UINT4            c_free_authreq; /* How many calls to free_authreq() */
	UINT4            c_free_authreq_final; /* ditto, free_authreq_final() */
} AUTH_REQ_Q;

typedef struct event_ent	/* This is the so-called waldo structure. */
{
	struct event_ent  *next;	/* Next one for same authreq */
	AUTH_REQ          *auth_head;	/* pointer back to authreq structure */
	struct event_ent  *client_next;	/* next one for same client */
	struct event_ent **client_prev;	/* previous pointer for same client */
	struct client_ent *client;	/* the client we're waiting for */
	struct aatv       *fsm_aatv;	/* record action from FSM table */
	struct aatv       *sub_aatv;	/* save AATV when request was issued */
	struct aatv       *direct_aatv;	/* saved from authreq */
	time_t             queued_t;	/* When was this one queued? */
	u_char            *packet;	/* copy of request packet sent */
	u_char            *freed_packet; /* free'd packet. */
	int                len;		/* length of packet */
	int                freed_len;	/* Length of (freed) packet. */
	pid_t              pid;		/* AA_FORK: pid, AA_SOCKET: == zero */
	struct sockaddr_in sin;		/* socket info for packet re-sending */
	int                evalue;	/* AATV act_func integer argument */
	u_char             state;	/* state where the request was issued */
	char               action[NAME_LENGTH+1]; /* "cmd" arg to radius_send */
	char               estring[AUTH_ID_LEN]; /* AATV act_func string arg */
} EVENT_ENT;

/* Structure for deferred fork or fork-reply */
typedef struct proc_ent
{
	struct proc_ent   *next;	/* pointer to next entry on authreq */
	struct auth_req   *authreq;	/* pointer to authreq */
	struct proc_ent   *aatv_next;	/* next one for same AATV */
	struct proc_ent  **aatv_prev;	/* previous pointer for same AATV */
	struct aatv       *sub_aatv;	/* the AATV we're waiting for */
	struct aatv       *fsm_aatv;	/* record action from FSM table */
	struct aatv       *direct_aatv;	/* saved from authreq */
	time_t             queued_t;	/* When was this one queued? */
	int                evalue;	/* AATV act_func integer argument */
	u_char             state;	/* state where the request was issued */
	char               estring[AUTH_ID_LEN]; /* AATV act_func string arg */
} PROC_ENT;

typedef struct user_ent
{
	struct user_ent *next;
	char            *name;
	VALUE_PAIR      *check;
	VALUE_PAIR      *deny;
	VALUE_PAIR      *reply;

#ifdef USR_CCA
	int              sessions; /* number of simultaneous login sessions
				      allowed */
	int              count;   /*  count of current active sessions */
	char            *pool_name; /* Name of pool from which
				       this user must be assigned addresse */
#endif /* USR_CCA */

} USER_ENTRY;

#ifdef MERIT_LAS
typedef struct lasrealm_ent *LAS_REALM;
#endif	/* MERIT_LAS */

typedef struct auth_ent
{
	struct auth_ent *next;
	char            *name;
	struct auth_ent *parent;
	char            *host;
	char            *filter;
	int              prot;
	int              type;

#ifdef MERIT_LAS
	LAS_REALM        las_realm;
#endif	/* MERIT_LAS */

#ifdef USR_CCA
	struct vpn_info   *vpn;
	struct ip_address *dns_info;
	struct ip_address *nbns_info;
#endif /* USR_CCA */

} AUTH_ENTRY;

/* The following must match the beginning of the auth_ent structure */
typedef struct auth_aent
{
	struct auth_ent *next;
	char            *name;
	struct auth_ent *parent;
} AUTH_ALIAS_ENTRY;

typedef struct linklist_entry
{
	struct linklist_entry *next;	/* pointer to next entry in list */
} LINKLIST_ENT, *LINKLIST;

#define	numbof(X)	(sizeof(X)/sizeof(X[0]))

typedef struct name_list
{
	struct name_list  *next;
	char              *name;
	u_char             flag;
	u_short            num;
} NAME_LIST;

/*	Binary port entry structure used in Port-Entry attribute */

#define	PORT_ENTRY_VERSION	0	/* Increase if change structure here */

typedef struct bin_port_ent
{
	u_char             version;	/* Be sure to use PORT_ENTRY_VERSION */
	u_char             port_source;	/* Zero => was HGAS, one => otherwise */
	time_t             start_time;	/* Start time of session on this port */
	UINT4              port_nbr;	/* Port number of this session */
	UINT4              duration;	/* Session length (seconds) */
} BIN_PORT_ENT;

typedef struct vendor
{
	char              *name;	/* Vendor name */
	char              *attr_name;	/* <vendor-ATTRIBUTE> string */
	char              *value_name;	/* <vendor-VALUE> string */
	UINT4              id;		/* Vendor OID */
	struct dict_attr  *attrs;	/* List of vendor specific. attrs. */
	struct dict_value *values;	/* List of vendor specific. values. */
	struct vend_map   *map;		/* Pointer to kludge attr. mappings */
	struct vendor     *next;
} VENDOR;

typedef struct vendor_list
{
	struct vendor_list *next;	/* Next vendor for this client. */
	VENDOR             *vep;
} VENDOR_LIST;

#define	VC_RADIUS			0
#define	VC_MERIT			61

#if !defined(DEFAULT_VENDOR_ID)
#define	DEFAULT_VENDOR_ID	VC_MERIT
#endif	/* DEFAULT_VENDOR_ID */

/* Vend_map used to map between abused standard attrs. and vendor specific */
typedef struct vend_map
{
	UINT4              vid;		/* Vendor ID */
	u_char             s_attr[256]; /* From standard to vend. spec. */
	u_char             v_attr[256];	/* From Vend. spec. to standard */
} VENDOR_MAP;


#ifdef USR_CCA
typedef struct vpn_info
{
	UINT4              id;
	struct vpn_router *router;
	u_short            type;	/* Router type */
	char              *name;
} VPN_INFO;

typedef struct vpn_router
{
	char              *hostname;
	UINT2              tunnel_refresh; /* Used only with VPN-Gateway type */
	char               tunnel_present; /* Indicate tunnel_refresh valid */
	struct vpn_router *next;
} VPN_ROUTER;

typedef struct assigned_ip
{
	struct user_ent   *user_ent;   /* Points to user entry in users file */
	UINT4              ip_address; /* IP address assigned to user */
	UINT4              nas_ip;     /* IP address of user's NAS */
	UINT4              nas_port;   /* NAS Port of user's NAS */
	struct assigned_ip *next;
} ASSIGNED_IP;

typedef struct address_pool
{
	char              *name;
	UINT4              ip_address; /* base IP address in this pool */
	UINT4              netmask;    /* netmask to use with this pool */
	UINT4              network;    /* network part of address pool */
	int                range;      /* range of this pool */
	int                count;      /* number of pool addresses assigned */
	ASSIGNED_IP       *user_q;     /* list of users with pool addresses */
	struct address_pool *next;     /* pointer to the next pool */
} ADDR_POOL;

#endif /* USR_CCA */

/*
 * Use the following to specify default "realm" names to use for
 * authentication-type entries of RADIUS or TACACS that may be
 * configured in the "users" file.  May be configured globally
 * in the Makefile or changed in the authfile on a running server.
 */

#ifndef DEFAULT_RADIUS_SERVER
#define	DEFAULT_RADIUS_SERVER "127.0.0.1"
#endif

#ifndef DEFAULT_TACACS_SERVER
#define	DEFAULT_TACACS_SERVER ""
#endif

/******************************************************************
 *
 *      PW_PROTTYPE & PW_PROTTYPES - define authentication protocol allowed
 *                                   for particular realm entry in authfile.
 *
 *      The PW_PROTTYPE value is stored in the auth_ent.prot field.
 *      The PW_PROTTYPE value corresponds to the order of PW_PROTTYPES.
 *
 *****************************************************************/

#define	PW_PROTTYPE_DFLT	0	/* Use this entry for any protocol */
#define	PW_PROTTYPE_CHAP	1	/* Entry is for CHAP style authent. */
#define	PW_PROTTYPE_PW		2	/* Entry is for id/pw style authent. */
#define	PW_PROTTYPE_HASDOT	3	/* Entry is for user.name authent. */

#define	PW_PROTTYPES_DFLT	"DEFAULT"
#define	PW_PROTTYPES_CHAP	"CHAP"
#define	PW_PROTTYPES_PW		"PW"
#define	PW_PROTTYPES_HASDOT	"HASDOT"

typedef struct file_list
{
	struct file_list       *next;
	char                   *prefix;
	USER_ENTRY             *user_list;
	AUTH_ENTRY             *auth_list;

#ifdef USR_CCA
	struct address_pool    *pool_list;
#endif	/* USR_CCA */
} FILE_LIST;

typedef struct ip_address
{
	struct ip_address *next;
	struct in_addr     ipaddr;
} IP_ADDRESS;

typedef struct dns_name
{
	struct dns_name   *next;
	u_char             type;	/* 0 = official name, 1 = alias */
	char               name[1];
} DNS_NAME;

typedef struct client_ent
{
	struct client_ent *next;
	IP_ADDRESS        *addrs;
	char              *secret;
	char              *file_pfx;
	char              *hostname;
	DNS_NAME          *names;
	VENDOR_LIST       *veps;	/* Pointer to VENDOR_LIST NAS/server */
	struct event_ent  *event_q;	/* Events waiting for this client */
	time_t             expire_time;
	UINT2              auth_port;   /* UDP port to send auth to (if != 0) */
	UINT2              acct_port;   /* UDP port to send acct to (if != 0) */
	enum
	{
		IP_DNS,
		IP_NUMERIC,
		IP_OURADDR
	}                  type;
	UINT4              client_type; /* CE_DAS, CE_NAS, CE_PROXY, CE_FRGW */
	u_char             reply_holdtime; /* Default hold time of replies */
	u_char             version;	/* RADIUS Version client supports */
	u_char             flags;	/* Flag bits for this client */

#ifdef USR_CCA
	u_char             state;	/* Has this client responded to ... */
					 /* ... the resource query request? */
#endif	/* USR_CCA */

} CLIENT_ENTRY;

/* The following define the possible host types in the clients entry */

#define	CE_DAS			0x000001 /* USR */
#define	CE_NAS			0x000002 /* Network Access Server */
#define	CE_PROXY		0x000004 /* Client is RADIUS server */
#define	CE_FRGW			0x000008 /* USR */
#define	CE_NEIGHBOR		0x000010 /* USR */
#define	CE_RAD_RFC		0x000020 /* Conforms with RADIUS RFC */
#define	CE_ACCT_RFC		0x000040 /* Conforms with Accounting RFC */
#define	CE_DEBUG		0x000080 /* Dump packets in and out, if debug */
#define	CE_APPEND		0x000100 /* Add only new attributes from reply */
#define	CE_OLDCHAP		0x000200 /* This machine does pre-RFC CHAP */
#define	CE_DUMMY		0x000400 /* This is a dummy entry. */
#define	CE_NOENCAPS		0x000800 /* Don't encapsulate vendor response. */
#define	CE_HGAS1		0x001000 /* HGAS flag #1 */
#define	CE_HGAS2		0x002000 /* HGAS flag #2 */
#define	CE_HGAS3		0x004000 /* HGAS flag #3 */
#define	CE_HGAS4		0x008000 /* HGAS flag #4 */
#define	CE_LAS1			0x010000 /* LAS flag #1 */
#define	CE_LAS2			0x020000 /* LAS flag #2 */
#define	CE_LAS3			0x040000 /* LAS flag #3 */
#define	CE_LAS4			0x080000 /* LAS flag #4 */
#define	CE_CHECK_ALL		0x100000 /* Check all attributes */
#define	CE_NO_CHECK	        0x200000 /* Don't check all attributes */

/* client_entry flags definition: */

#define	CLIENT_NO_TS	1	/* Don't issue V2 Timestamps to this guy */

#define	dprintf(lev, args) { if (debug_flag >= lev) logit args; }
#define	ddumpx(lev, args)  { if (debug_flag > lev) dumpit args; }

/* 	Define return codes from "SendServer" utility */

#define	BADRESP_RC	-2
#define	ERROR_RC	-1
#define	OK_RC		0
#define	TIMEOUT_RC	1

typedef struct send_data /* Used to pass information to sendserver() function */
{
	int		version;	/* RADIUS version number to send */
	u_short         code;		/* RADIUS packet code */
	u_short         seq_nbr;	/* Packet sequence number */
	char           *user_name;
	char           *password;	/* Cleartext user password */
	int             ustype;		/* Service-Type attribute */
	u_char          fptype;		/* Framed-Protocol attribute */
	char           *server;		/* Name/addrress of RADIUS server */
	int             svc_port;	/* RADIUS protocol destination port */
	int             timeout;	/* Session timeout in seconds */
	UINT4           client_id;	/* IP address of client */
	int             port_num;	/* Port number on client */
	char           *user_file;	/* Users style file of a/v pairs */
	char           *group;
	int             arades;		/* 0 ==> no ARA DES, 1 ==> ARA DES */
	int             challenge;	/* 1 ==> append state information */
	VALUE_PAIR     *send_pairs;     /* More a/v pairs to send */
	VALUE_PAIR     *receive_pairs;  /* Where to place received a/v pairs */
	int             result;		/* Return value */
} SEND_DATA;

/*	Handle older syslog versions, too! */

#ifndef	LOG_CONS