radius.h

RADIUS协议的认证计费服务

#define	LOG_DAEMON		0
#define	LOG_AUTH		0
#endif

#define	MGMT_POLL_SECRET	"Hardlyasecret"

#ifndef MAX_AUTH_REQUESTS
#define	MAX_AUTH_REQUESTS	2000
#endif

#ifndef MAX_ACCT_REQUESTS
#define	MAX_ACCT_REQUESTS	4000
#endif

#define	MAX_REQUEST_TIME	30	/* Lifetime of a request (seconds) */
#define	MAX_ACCT_REQUEST_TIME	MAX_REQUEST_TIME * 6 /* For build_acct_req() */
#define	CLEANUP_DELAY		6	/* Hold onto old requests this long */
#define	CLEANUP_BUCKETS		100	/* Remember this many replies. */
#define	DEFAULT_INETD_TIMEOUT	15	/* Fifteen minutes by default */
#define	DEFAULT_TIMER_VALUE	3	/* Three seconds by default */
#define	ADDRESS_AGING		60*60	/* One hour by default */
#define	DFLT_TACACS_UDP_PORT	49	/* Default TACACS server port */
#define	DFLT_TACACS_TCP_PORT	49	/* Default TACACS+ server port */
#define	SESS_ID_LEN		8	/* Session identifier length */
#define	SECONDS_PER_DAY		86400
#define	DNS_SLEEP		100	/* Time which DNS sub-process sleeps. */
#define	MAX_ALIAS		3	/* Number of DNS aliases (CNAMES) */
#define	MAX_AUTH_ALIAS		5	/* Number of REALM aliases (authfile) */
#define	ARA_PASS_LEN		8	/* Maximum length of ARA DES password */
#define	CLIENT_LOOP		100	/* Prevent loops reading clients file */

#ifdef USR_CCA
#define	RF_REQ_RETRIES  5       /* Number of retries */
#define	RF_REQ_TIMER    2       /* Time in seconds between retries */
#define	RQUERY_TIMER    10      /* Ditto for Resource Query Request retries */
#define	RQUERY_RETRIES  2
#define	NAS_REB_RETRY   2       /* Retries to forward the NAS Reboot request */
#define	NAS_REB_TIMER   10 
#endif	/* USR_CCA */

typedef enum				/* error code */
{
	EC_OK,				/* no error */
	EC_INTERNAL,			/* internal error */
	EC_CONFIG,			/* configuration error */
	EC_NO_MEMORY,			/* out of memory */
	EC_CREATE_FILE,			/* error creating file */
	EC_NO_TOKEN,			/* no token available */
	EC_NO_PORTS,			/* no ports available for guests */
	EC_TOO_MANY_SESSIONS,		/* user has too many sessions */
	EC_ABS_FAILURE,			/* ABS failed (with message) */
	EC_NO_BALANCE,			/* error querying for balance */
	EC_BAD_BALANCE			/* balance too low */
} ERRORCODE;

typedef enum				/* accounting code */
{
	AC_TEXT		= -3,		/* LAS-Code in text */
	AC_INIT		= -2,		/* initial state */
	AC_ERROR	= -1,		/* no accounting code */
	AC_NORMAL,			/* disconnect normally*/
	AC_REJECT,			/* rejected by this server */
	AC_CANCEL,			/* access rejected by someone */
	AC_NOCONFIRM,			/* no confirmation */
	AC_OVERTIME,			/* session over maximum time allowed */
	AC_UNKNOWN,			/* session killed for unknown reason */
	AC_NOTOKEN,			/* rejected because no token */
	AC_NOTLOCAL,			/* session not local */
	AC_SUSPEND,			/* session suspended */
	AC_FAILED,			/* authentication failed */
	AC_AUTHORIZED,			/* session authorized (for stats) */
	AC_NASREBOOT,			/* released due to NAS reboot */
	AC_REMOTE,			/* remote session, failed to forward */
	AC_DUPLICATE,			/* may be duplicate accounting record */
	AC_COLLISION,			/* session collided with another */
	AC_STOP,			/* Accounting-Stop received */
	AC_NASRESTART,			/* Accounting restart message */
	AC_NUMBOFCODE			/* number of accounting code */
} ACCTCODE;

#define	STATUSTEXT			\
		"[Init]",		\
		"[Error]",		\
		"Normal",		\
		"Reject",		\
		"Cancel",		\
		"Noconfirm",		\
		"Overtime",		\
		"Unknown",		\
		"Notoken",		\
		"Notlocal",		\
		"Suspend",		\
		"Failed",		\
		"Authorized",		\
		"NASreboot",		\
		"Remote",		\
		"Duplicate",		\
		"Collision",		\
		"Stop",			\
		"NASrestart"

typedef union action_u
{
	struct aatv    *aatv;	/* points to the id field of an AATV */
	char           *proxy;	/* pointer to a Proxy-Action string */
} UACTION;

/*	Define event structure (for events generated by AATV recv functions */

typedef struct ev
{
	u_char          state;
	union action_u  a;
	int             isproxy;	/* set to one if action "a" is proxy */
	int             value;
	char            xstring[AUTH_ID_LEN];
} EV;

typedef struct mf_entry		/* Structure for malloc() and free() counters */
{
	UINT4             m;	/* Counter for malloc()/calloc() calls */
	UINT4             f;	/* Counter for free()/cfree() calls */
} MF_ENT;

extern MF_ENT	dns_name_mf;
extern MF_ENT	dns_addr_mf;
extern MF_ENT	dns_client_mf;
extern MF_ENT	vp_mf;

typedef struct packet_counts
{
	struct packet_counts *next;     /* Linked list of all known */
	char             *name;		/* A name for this counter */
	unsigned int      packets;	/* packets done with. */
	u_long            octets;	/* octets transmitted. */
	u_long            actions;	/* Other actions performed */
} PACKET_COUNTS;

/* Used to count non-engine AATV transmissions and receptions. */
extern PACKET_COUNTS stat_etc_xmit;
extern PACKET_COUNTS stat_etc_rcvd;

extern u_short list_copy_limit;	/* A limit for list_copy() */

/*	Define aatvfunc_type codes */ 

#define	AA_DIRECT	0	/* Function gives direct reply */
#define	AA_SOCKET	1	/* Deferred reply returned on socket */
#define	AA_FORK		2	/* Spawn a process to wait for reply */
#define	AA_FREPLY	3	/* Fork & get reply on server socket */

typedef struct aatv
{
	u_char       id[NAME_LENGTH + 1];
	char         authen_type; /* a -1 value indicates built-in AATV types */
	u_char       aatvfunc_type;
	void       (*init) PROTO((struct aatv *));
	int        (*timer) PROTO((void));
	int        (*act_func) PROTO((AUTH_REQ *, int, char *));
	AUTH_REQ * (*recv) PROTO((int, struct sockaddr_in *, UINT4, u_int, EV *));
	void       (*cleanup) PROTO((void));
	UINT4        sockfd;
	u_short      proc_max;		/* Configured maximum number of forks */
	u_short      proc_cnt;		/* Current number of forked processes */
	u_short      proc_cnt_hi;	/* High water mark for proc_cnt */
	u_short      proc_q_cur;	/* Current number queued in proc_q */
	u_short      proc_q_hi;		/* High water mark for proc_q_cur */
	time_t       proc_cnt_hi_t;	/* When did this occur? */
	time_t       proc_q_hi_t;	/* When did proc_cnt_hi occur? */
	time_t       proc_q_last;	/* Last time one was queued. */
	PROC_ENT    *proc_q;		/* proc_max caused queue of requests */
} AATV, *AATVPTR;

#define	DEF_AATV_DIRECT(id,act_func)	DEF_AATV_DIRECT_TYPE(id,-1,act_func)
  
#define	DEF_AATV_DIRECT_TYPE(id,authen_type,act_func) 	\
	DEF_AATV_DIRECT_FULL(id,authen_type,NULL,NULL,act_func,NULL)

#define	DEF_AATV_DIRECT_CFG(id,init_func,act_func,term_func) \
	DEF_AATV_DIRECT_FULL(id,-1,init_func,NULL,act_func,term_func)

#define	DEF_AATV_DIRECT_FULL(id,authen_type,init_func,timer_func,act_func,cleanup_func) {	\
	id,			/* Name of AATV */			\
	authen_type,		/* What kind of authentication? */	\
	AA_DIRECT,		/* aatvfunc_type code */		\
	init_func,		/* How we startup. */			\
	timer_func,		/* Timer function. */			\
	act_func,		/* Action function. */			\
	NULL,			/* No recv() function. */		\
	cleanup_func,		/* How we cleanup. */			\
	0,			/* No socket to speak of. */		\
	0, 			/* Configured maximum (N/A) */		\
	0,			/* Number of forked processes (N/A) */	\
	0, 0, 0, 0, 0, 0,	/* proc_cnt_hi, proc_q_hi, etc. */	\
	NULL }			/* Queue of requests (N/A) */

#define	DEF_AATV_FORK(id,act_func,max) DEF_AATV_FORK_TYPE(id,-1,act_func,max)

#define	DEF_AATV_FORK_TYPE(id,authen_type,act_func,max)	\
	DEF_AATV_FORK_TYPE_FULL(id,authen_type,NULL,act_func,max)

#define	DEF_AATV_FORK_TYPE_FULL(id,authen_type,init_func,act_func,max) { \
	id,			/* Name of AATV */			\
	authen_type,		/* Non-builtin type. */			\
	AA_FORK,		/* A fork()ing AATV */			\
	init_func,		/* The init() function */		\
	NULL,			/* No timer() function */		\
	act_func,		/* Action function */			\
	NULL,			/* No recv() function. */		\
	NULL,			/* No cleanup() function. */		\
	0,			/* No socket. */			\
	max,			/* Configured maximum */		\
	0,			/* Number of forked processes */	\
	0, 0, 0, 0, 0, 0,	/* proc_cnt_hi, proc_q_hi, etc. */	\
	NULL }			/* Queue of requests */

#define	DEF_AATV_SOCKET(id,init_func,act_func,recv_func) \
	DEF_AATV_SOCKET_TYPE(id,-1,init_func,act_func,recv_func)

#define	DEF_AATV_SOCKET_TYPE(id,authen_type,init_func,act_func,recv_func) \
	DEF_AATV_SOCKET_FULL(id,authen_type,init_func,NULL,act_func,recv_func,NULL)

#define	DEF_AATV_SOCKET_FULL(id,authen_type,init_func,timer_func,act_func,recv_func,cleanup_func) {	\
	id,			/* Name of AATV */			\
	authen_type,		/* Authentication type */		\
	AA_SOCKET,		/* A socket based AATV */		\
	init_func,		/* How we setup. */			\
	timer_func,		/* How we time things. */		\
	act_func,		/* Action function */			\
	recv_func,		/* Where we receive something */	\
	cleanup_func,		/* Cleanup function */			\
	-1,			/* No socket. */			\
	0, 			/* Configigured maximum (N/A) */	\
	0,			/* Number of forked processes (N/A) */	\
	0, 0, 0, 0, 0, 0,	/* proc_cnt_hi, proc_q_hi, etc. */	\
	NULL }			/* Queue of requests (N/A) */

#define	DEF_AATV_FREPLY(id,act_func,max) \
	DEF_AATV_FREPLY_TYPE(id,-1,NULL,act_func,max)

#define	DEF_AATV_FREPLY_TYPE(id,authen_type,init_func,act_func,max) \
	DEF_AATV_FREPLY_FULL(id,authen_type,init_func,NULL,act_func,NULL,max)

#define	DEF_AATV_FREPLY_FULL(id,authen_type,init_func,timer_func,act_func,cleanup_func,max) {	\
	id,			/* Name of AATV */			\
	authen_type,		/* Authentication type */		\
	AA_FREPLY,		/* Fork Reply based AATV */		\
	init_func,		/* How we setup. */			\
	timer_func,		/* How we time things. */		\
	act_func,		/* Action function */			\
	NULL,			/* FREPLY has no receive function */	\
	cleanup_func,		/* Cleanup function */			\
	-1,			/* No socket */				\
	max,			/* Configured maximum */		\
	0,			/* Number of forked processes */	\
	0, 0, 0, 0, 0, 0,	/* proc_cnt_hi, proc_q_hi, etc. */	\
	NULL }			/* Queue of requests */ 

extern AATV    *authtype_tv[];

extern AATVPTR	rad_log_aatv;		/* For logging (selector) */
extern AATVPTR	rad_log_accounting_aatv; /* For logging Livingston style acct */
extern AATVPTR	rad_log_all_aatv;	/* For logging (debugging) */
extern AATVPTR	rad_log_brief_aatv;	/* For logging (logging) */
extern AATVPTR	rad_log_by_huntgroup_aatv; /* Select log by PW_HUNTGROUP_NAME */
extern AATVPTR	rad_log_by_nas_aatv;	/* Select log by PW_NAS_IDENTIFIER */
extern AATVPTR	rad_log_by_realm_aatv;	/* Select log by PW_USER_REALM */
extern AATVPTR	rad_log_by_attribute_aatv; /* Select log by arb. attr. AATV */
extern AATVPTR	rad_log_old_aatv;	/* For logging (logging) */
extern AATVPTR	rad_log_tacacs_aatv;	/* For logging (logging) */
extern AATVPTR	rad_log_v1_0_aatv;	/* For logging (logging) */
extern AATVPTR	rad_log_v1_1_aatv;	/* For logging (logging) */
extern AATVPTR	rad_log_v2_0_aatv;	/* For logging (logging) */
extern AATVPTR	rad_log_v2_1_aatv;	/* For logging (logging) */
extern char    *logconfig;

/*	Specify all authentication/authorization transfer vectors here. */

extern AATVPTR	rad_authen_aatv;	/* Authentication begins here */
extern AATVPTR	rad_realm_aatv;		/* Needed for authtype = realm */
extern AATVPTR	rad_2rad_aatv;		/* Authtype = Radius */
extern AATVPTR	rad_tacs_aatv;		/* Authtype = TACACS */
extern AATVPTR	rad_slow_aatv;		/* Authtype = SLOW */
extern AATVPTR	rad_kchp_aatv;		/* Authtype = KCHAP */
extern AATVPTR	rad_akrb_aatv;		/* Authtype = akerb */
extern AATVPTR	rad_mkrb_aatv;		/* Authtype = mkerb */
extern AATVPTR	rad_arades_aatv;	/* Authtype = Ascend ARA DES */
extern AATVPTR	rad_passwd_aatv;	/* Used for changing passwords */
extern AATVPTR	rad_ip_pool_aatv;	/* IP Address Allocate/Release AATV */

#ifdef BSD_AUTHENTICATION
extern AATVPTR	rad_bsd_aatv;		/* Authtype = BSD Authentication */
#define	BSD_AATV	,&rad_bsd_aatv
#else	/* BSD_AUTHENTICATION */
#define	BSD_AATV
#endif	/* BSD_AUTHENTICATION */

#ifdef MERIT_HUNTGROUP
#include	"huntgroup.h"
#else	/* MERIT_HUNTGROUP */
#define	HGAATVS
#endif	/* MERIT_HUNTGROUP */

#ifdef MERIT_ORGANIZATION
#include	"oas.h"
extern AATVPTR	rad_oas_aatv;		/* Org Authorization begins here */
extern AATVPTR	rad_oasrem_aatv;	/* Org Authorization remote stuff */
extern AATVPTR	rad_oasloc_aatv;	/* Org Authorization local stuff */
extern AATVPTR	oas_acct_aatv;		/* Org Accounting begins here */
#define	OASAATVS ,&rad_oas_aatv,&rad_oasrem_aatv,&rad_oasloc_aatv,&oas_acct_aatv
#else	/* MERIT_ORGANIZATION */
#define	OASAATVS
#endif	/* MERIT_ORGANIZATION */

#ifdef MERIT_LAS
#include	"las.h"
#define	EN_LAS			"AUTHENTICATE"
#define	EN_LAS_ACCT		"LAS_ACCT"
extern AATVPTR	rad_las_aatv;		/* Local authorization server (LAS) */
extern AATVPTR	postlas_aatv;		/* Post LAS processing */
extern AATVPTR	las_auth_subaatv;	/* Generic LAS authorization */
extern AATVPTR	las_acct_subaatv;	/* Generic LAS accounting */
extern AATVPTR	las_acct_aatv;		/* LAS accounting */
extern AATVPTR	lascp_aatv;		/* LAS synchronizing */
extern AATVPTR	rad_file_aatv;		/* Authtype = File */
extern AATVPTR	rad_tac_plus_aatv;	/* Authtype = TACPLUS */
extern AATVPTR	rad_cache_chk_aatv;	/* Authentication by cached token */
extern AATVPTR	rad_cache_tok_aatv;	/* Authentication by cached token */
extern AATVPTR	rad_sc_aatv;		/* Sample FREPLY AATV */

#ifdef CHK_COUNTS
extern AATVPTR	rad_count_aatv;		/* Check those counters */
#define	RAD_COUNT_AATV	&rad_count_aatv,
#else	/* CHK_COUNTS */
#define	RAD_COUNT_AATV
#endif	/* CHK_COUNTS */

#ifdef CHECKTOKEN
extern AATVPTR  rad_tokencnt_aatv;
#define	TOKENCNTAATV	&rad_tokencnt_aatv,
#else	/* CHECKTOKEN */
#define	TOKENCNTAATV
#endif	/* CHECKTOKEN */

#ifdef RADLDAP
extern AATVPTR	rad_ldap_aatv;
#define	LDAPAATV	&rad_ldap_aatv,
#else	/* RADLDAP */
#define	LDAPAATV
#endif	/* RADLDAP */

#define	LOGAATVS	&rad_log_aatv			\
			,&rad_log_accounting_aatv	\
			,&rad_log_all_aatv		\
			,&rad_log_brief_aatv		\
			,&rad_log_by_attribute_aatv	\
			,&rad_log_by_huntgroup_aatv	\
			,&rad_log_by_nas_aatv		\
			,&rad_log_by_realm_aatv		\
			,&rad_log_old_aatv		\
			,&rad_log_tacacs_aatv		\
			,&rad_log_v1_0_aatv		\
			,&rad_log_v1_1_aatv		\
			,&rad_log_v2_0_aatv		\
			,&rad_log_v2_1_aatv		\

#ifdef UOFM_LAS
#include	"umlas.h"
extern AATVPTR  las_um_aatv;		/* U of M LAS */
#define	UMLAS_AATV	&las_um_aatv,
#else	/* UOFM_LAS */
#define	UMLAS_AATV
#endif	/* UOFM_LAS */

#define	LASAATVS  ,&las_auth_subaatv,&las_acct_subaatv,UMLAS_AATV     \
		&postlas_aatv,&rad_file_aatv,&rad_tac_plus_aatv,      \
		&rad_sc_aatv,&rad_cache_chk_aatv,&rad_cache_tok_aatv, \
		TOKENCNTAATV LDAPAATV RAD_COUNT_AATV &rad_las_aatv,   \