radius.h

RADIUS协议的认证计费服务

		&las_acct_aatv,&lascp_aatv, LOGAATVS
#else	/* MERIT_LAS */
#define	LASAATVS
#endif	/* MERIT_LAS */

#ifdef USR_CCA
extern AATVPTR  rad_rf_req_aatv;        /* Handles resource free requests */
extern AATVPTR  rad_rf_resp_aatv;       /* Handles resource free responses */
extern AATVPTR  rad_rq_resp_aatv;       /* Handles resource query responses
                                           in the initializer state */
extern AATVPTR  rad_fwd2nas_aatv;       /* Forwards Resoruce Query Requests to
                                           NAS */
extern AATVPTR  rad_nas_reb_aatv;       /* AATV that handles the NAS Reboot
                                           resource free request */
#define	USRAATVS ,&rad_rf_req_aatv,&rad_rf_resp_aatv,&rad_rq_resp_aatv, \
		&rad_fwd2nas_aatv,&rad_nas_reb_aatv
#else	/* USR_CCA */
#define	USRAATVS
#endif	/* USR_CCA */

extern AATVPTR  rad_database_aatv;    /* datbase authentication method entry */

#define	AATVS	&rad_realm_aatv,  &rad_2rad_aatv,      \
		&rad_tacs_aatv,   &rad_kchp_aatv,      &rad_akrb_aatv,      \
		&rad_mkrb_aatv,   &rad_authen_aatv,    &rad_passwd_aatv,    \
		&rad_arades_aatv, &rad_ip_pool_aatv,   &rad_slow_aatv, &rad_database_aatv \
		HGAATVS OASAATVS LASAATVS USRAATVS BSD_AATV

/*
 *	Event names (EN_*) in RADIUS   ###   see the NOTE in enum_event()
 */

#define	EN_NAK			"NAK"
#define	EN_ACK			"ACK"
#define	EN_ERROR		"ERROR"
#define	EN_WAIT			"WAIT"
#define	EN_FATAL		"FATAL"
#define	EN_DUP_REQ		"DUP"
#define	EN_TIMER		"TIMER"
#define	EN_TIMEOUT		"TIMEOUT"
#define	EN_ABORT		"ABORT"
#define	EN_NEW_AUTHEN		"AUTHEN"
#define	EN_NEW_ACCT		"ACCT"
#define	EN_NEW_PASSWD		"PASSWD"
#define	EN_IP_ALLOC		"IPALLOC"
#define	EN_IP_RELEASE		"IPRELEASE"
#define	EN_PW_EXPIRED		"PW_EXPIRED"
#define	EN_EVENT_REQUEST	"EVENT_REQUEST"
#define	EN_TERM_SESSION		"TERM_SESSION"
#define	EN_RETRY_LIMIT		"RETRY_LIMIT"
#define	EN_RE_ACCESS		"REACCESS"
#define	EN_ACC_CHAL		"ACC_CHAL"
#define	EN_MGT_POLL		"MGT_POLL"
#define	EN_AUTH_ONLY		"AUTH_ONLY"
#define	EN_ACCT_START		"ACCT_START"
#define	EN_ACCT_STOP		"ACCT_STOP"
#define	EN_ACCT_ALIVE		"ACCT_ALIVE"
#define	EN_ACCT_MODEM_START	"ACCT_MSTART"
#define	EN_ACCT_MODEM_STOP	"ACCT_MSTOP"
#define	EN_ACCT_CANCEL		"ACCT_CANCEL"
#define	EN_ACCT_ON		"ACCT_ON"
#define	EN_ACCT_OFF		"ACCT_OFF"
#define	EN_ACCT_DUP		"ACCT_DUP"
#define	EN_RC1			"RC1"
#define	EN_RC2			"RC2"
#define	EN_RC3			"RC3"
#define	EN_RC4			"RC4"
#define	EN_RC5			"RC5"
#define	EN_RC6			"RC6"
#define	EN_RC7			"RC7"
#define	EN_RC8			"RC8"
#define	EN_RC9			"RC9"
#define	EN_RC10			"RC10"
#define	EN_RC11			"RC11"
#define	EN_RC12			"RC12"
#define	EN_RC13			"RC13"
#define	EN_RC14			"RC14"
#define	EN_RC15			"RC15"
#define	EN_RC16			"RC16"
#define	EN_RC17			"RC17"
#define	EN_RC18			"RC18"
#define	EN_RC19			"RC19"
#define	EN_RC20			"RC20"
#define	EN_RC21			"RC21"

#ifdef USR_CCA
#define	EN_RF_REQ               "RF_REQ"
#define	EN_RF_RESP              "RF_RESP"
#define	EN_RQ_REQ               "RQ_REQ"
#define	EN_RQ_RESP              "RQ_RESP"
#define	EN_NAS_REB_REQ          "NAS_REB_REQ"
#define	EN_NAS_REB_RESP         "NAS_REB_RESP"
#define	EN_DONE                 "DONE"
#endif /* USR_CCA */

/*
 *	Event numbers in RADIUS   ###   see the NOTE in enum_event()
 */
typedef enum
{
	EV_NAK			= -1,
	EV_ACK			= 0,
	EV_ERROR		= 1,
	EV_WAIT			= 2,
	EV_FATAL		= 3,
	EV_DUP_REQ		= 4,
	EV_TIMER		= 5,
	EV_TIMEOUT		= 6,
	EV_ABORT		= 7,

	/* arbitrary return codes from AATV action functions */

	EV_RC1			= 8,
	EV_RC2			= 9,
	EV_RC3			= 10,
	EV_RC4			= 11,
	EV_RC5			= 12,
	EV_RC6			= 13,
	EV_RC7			= 14,
	EV_RC8			= 15,
	EV_RC9			= 16,
	EV_RC10			= 17,
	EV_RC11			= 18,
	EV_RC12			= 19,
	EV_RC13			= 20,
	EV_RC14			= 21,
	EV_RC15			= 22,
	EV_RC16			= 23,
	EV_RC17			= 24,
	EV_RC18			= 25,
	EV_RC19			= 26,
	EV_RC20			= 27,
        EV_RC21                 = 28,

#ifdef USR_CCA
        EV_RF_REQ               = 29,
        EV_RQ_REQ               = 30,
        EV_RQ_RESP              = 31,
        EV_DONE                 = 32,
        EV_NAS_REB_REQ          = 33,
        EV_NAS_REB_RESP         = 34,
        EV_RF_RESP              = 35,
#endif /* USR_CCA */

	EV_PW_EXPIRED		= 29,
	EV_RETRY_LIMIT		= 30,
	EV_PLACE_HOLDER		= 0
} EVENT;

/* Request type events */

#define	EV_NEW_AUTHEN		EV_RC1
#define	EV_NEW_ACCT		EV_RC2
#define	EV_NEW_PASSWD		EV_RC3
#define	EV_RE_ACCESS		EV_RC4
#define	EV_ACC_CHAL		EV_RC5
#define	EV_MGT_POLL		EV_RC6
#define	EV_AUTH_ONLY		EV_RC7
#define	EV_ACCT_START		EV_RC8
#define	EV_ACCT_STOP		EV_RC9
#define	EV_ACCT_ALIVE		EV_RC10
#define	EV_ACCT_MODEM_START	EV_RC11
#define	EV_ACCT_MODEM_STOP	EV_RC12
#define	EV_ACCT_CANCEL		EV_RC13
#define	EV_ACCT_ON		EV_RC14
#define	EV_ACCT_OFF		EV_RC15
#define	EV_ACCT_DUP		EV_RC16

typedef enum		/* Typedef for second add_string() argument */
{
	ASIS		= 0x0000,	/* No conversion on string */
	ASLC		= 0x0001,	/* Store as lower case sting */
	FINDONLY	= 0x0002,	/* Find string only */
	ASSTATIC	= 0x0004	/* String is built-in */
} AS_CONVERT;

typedef enum		/* Typedef for gen_valpair() final argument */
{
	GVP_DROP	= 0x0000,	/* Just drop the attribute. */
	GVP_ENCAP	= 0x0001,	/* Encapsulate the attribute. */
	GVP_SILENT	= 0x0002	/* Silently drop and do not report. */
} GVP_FLAGS;

/*
 *	The finite state machine (FSM) table is laid out as follows:
 *
 *	state0:
 *		event01         aatv01          nextstate01
 *		event02         aatv02          nextstate02
 *		...
 *	state1:
 *		event11         aatv11          nextstate11
 *		...
 */

#define	NUMSTATES	64	/* initial maximum number of states */

#define	ST_INIT		0	/* initial state */

#define	ST_RESERVED	240	/* beginning of reserved state range */
#define	ST_SEEN		241	/* flag for state seen before being defined */
#define	ST_DEFINED	242	/* flag for state definition */

#define	ST_RECV		251	/* to indicate state which receives requests */
#define	ST_HOLD		252	/* to indicate dead requests */
#define	ST_SAME		253	/* for default action table */
#define	ST_ANY		254	/* for default action table */
#define	ST_END		255	/* end of FSM table */

typedef struct statelist        /* list of all state names */
{
	int        maxst;	/* capacity of this list */
	int        nst;		/* number of states already there */
	NAME_LIST *states;	/* list of states found in the config file */
} STATELIST;

typedef struct fsm_entry	/* The Finite State Machine an array of these */
{
	struct fsm_entry *next;		/* list of entries for this state */
	EV                event;	/* (state.action.event) 3-tuple */
	AATV             *action;	/* what AATV (action) to invoke */
	int               xvalue;	/* miscellaneous integer from FSM */
	char             *xstring;	/* miscellaneous string from FSM */
	u_char            next_state;	/* the next state to visit */
	char             *fsm_name;	/* name of the FSM (default, etc.) */
	char             *state_name;	/* name of the state */
} FSM_ENT;

typedef void		(*DESTRUCTOR) PROTO((void *));
#define	NODESTRUCTOR	((DESTRUCTOR) 0)

#define	AR_NO_LOG	0x01		/* sws: Suppress the logging flag */
#define	AR_DEBUG	0x02		/* sws: Debug this authreq */
#define	AR_FROM_PROXY	0x04		/* sws: authreq did not come from NAS */
#define	AR_HGNOCHECK	0x08		/* sws: huntgroup code sanity check */
#define	AR_QUEUED	0x10		/* sws: authreq has been queued */
#define	AR_FREED	0x20		/* sws: authreq has been freed & held */
#define	AR_HOLD		0x40		/* sws: hold authreq a bit longer */

#define	SAR_NO_LOG(authreq) (authreq->sws |= AR_NO_LOG)	      /* set flag */
#define	CAR_NO_LOG(authreq) (authreq->sws &= ~AR_NO_LOG)      /* clear flag */
#define	TAR_NO_LOG(authreq) ((authreq->sws & AR_NO_LOG) != 0) /* test flag */

#define	SAR_HGNOCHECK(authreq)	(authreq->sws |= AR_HGNOCHECK)  /* set flag */
#define	CAR_HGNOCHECK(authreq)	(authreq->sws &= ~AR_HGNOCHECK) /* clear flag */
#define	TAR_HGNOCHECK(authreq)	(authreq->sws & AR_HGNOCHECK)   /* test flag */

#define	SAR_FROM_PROXY(authreq)	(authreq->sws |= AR_FROM_PROXY)   /* set flag */
#define	CAR_FROM_PROXY(authreq)	(authreq->sws &= ~AR_FROM_PROXY)  /* clr flag */
#define	TAR_FROM_PROXY(authreq)	((authreq->sws & AR_FROM_PROXY) != 0) /* test */

#define	SAR_QUEUED(authreq)	(authreq->sws |= AR_QUEUED)	/* set flag */
#define	CAR_QUEUED(authreq)	(authreq->sws &= ~AR_QUEUED)	/* clr flag */
#define	TAR_QUEUED(authreq)	((authreq->sws & AR_QUEUED) != 0) /* test */

#define	SAR_FREED(authreq)	(authreq->sws |= AR_FREED)	/* set flag */
#define	CAR_FREED(authreq)	(authreq->sws &= ~AR_FREED)	/* clr flag */
#define	TAR_FREED(authreq)	((authreq->sws & AR_FREED) != 0) /* test */

#define	SAR_HOLD(authreq)	(authreq->sws |= AR_HOLD)	/* set flag */
#define	CAR_HOLD(authreq)	(authreq->sws &= ~AR_HOLD)	/* clr flag */
#define	TAR_HOLD(authreq)	((authreq->sws & AR_HOLD) != 0)	/* test */

#define	AVPAIR_VTOA_QUOTE 0x0001 /* Quote strings with "'" */
#define	AVPAIR_VTOA_NULL  0x0002 /* Print "" instead of NULL for missing item */
#define	AVPAIR_VTOA_DQUOTE 0x0004 /* Quote strings with '"' */
#define	AVPAIR_VTOA_DATE  0x0008 /* Show only date part of time/dates. */
#define	AVPAIR_VTOA_TIME  0x0010 /* Show only time part of time/dates. */
#define	AVPAIR_VTOA_LCLTIME 0x0020 /* Use localtime() instead of gmtime() */
#define	AVPAIR_VTOA_MASK  0x00ff /* Reserve fourteen more bits. */

#define	LOG_VP_QUOTE	0x0001	/* Quote strings (same as AVPAIR_VTOA_QUOTE) */
#define	LOG_VP_NULL	0x0002  /* Use "" (incompatible with LOG_VP_NA) */
#define	LOG_VP_DQUOTE	0x0004	/* Quote strings with '"' */
#define	LOG_VP_DATE	0x0008	/* Show only date part of time/dates. */
#define	LOG_VP_TIME	0x0010	/* Show only time part of time/dates. */
#define	LOG_VP_LCLTIME	0x0020	/* Use localtime() instead of gmtime() */
#define	LOG_VP_TAB	0x0100	/* Put tab after printing. */
#define	LOG_VP_NA	0x0200  /* fprintf ("NA") if no attr exists in list. */
#define	LOG_VP_LAST	0x0400	/* Log last value pair found. */
#define	LOG_VP_ALL	0x0800	/* Log all attributes found. */
#define	LOG_VP_ANYWAY	0x1000	/* Log even if this vp is logged already. */
#define	LOG_ATTR_ANYWAY	0x2000	/* Log even if this attribute is logged. */
#define	LOG_VP_MASK	0xFFFF	/* Switches available. */

#define	RS_NONE		0x0000	/* normal default behavior of reply_sprintf() */
#define	RS_LOG		0x0001	/* log message side effect in reply_sprintf() */
#define	RS_NO_CRLF	0x0002	/* omit CR/LF side effect in reply_sprintf() */
#define	RS_IF_ACK	0x0004	/* use Reply-If-Ack-Message attribute */

#define	LF_ACCT_RESERVED0	0x01	/* Not used. */
#define	LF_ACCT_RESERVED1	0x02	/* Not used. */
#define	LF_ACCT_RESERVED2	0x04	/* Not used. */
#define	LF_ACCT_NO_MULTIPLE	0x08	/* Don't log same attribute twice. */
#define	LF_ACCT_DICT_NOVALUE	0x10	/* Don't show dictionary values. */
#define	LF_ACCT_DICT_NONAME	0x20	/* Don't show dictionary name. */
#define	LF_NOT_EQUAL		0x40	/* Indicates "!=" instead of "=" */

#define	CHK_ACCEPT	0x00	/* Process as an accept-only list. */
#define	CHK_DENY	0x01	/* Process as a denial list. */
#define	CHK_ONCE	0x02	/* Check only the first check item in list. */
#define	CHK_MESSAGE	0x04	/* Produce a message somehow. */

#ifdef BINARY_FILTERS

/*
 * Two types of filters are supported, GENERIC and IP.  The identifiers are:
 */
#define	RAD_FILTER_GENERIC	0
#define	RAD_FILTER_IP		1

/*
 * Generic filters mask and match up to RAD_MAX_FILTER_LEN bytes starting at
 * some offset.  The length is:
 */
#define	RAD_MAX_FILTER_LEN	6
#define	NO_TOKEN		-1

typedef struct
{
	CONST char     *name;
	int             value;
} keywordstruct;

typedef enum
{
	FILTER_IP_TYPE,
	FILTER_GENERIC_TYPE,
	FILTER_IN,
	FILTER_OUT,
	FILTER_FORWARD,
	FILTER_DROP,
	FILTER_GENERIC_OFFSET,
	FILTER_GENERIC_MASK,
	FILTER_GENERIC_VALUE,
	FILTER_GENERIC_COMPNEQ,
	FILTER_GENERIC_COMPEQ,
	FILTER_MORE,
	FILTER_IP_DST,
	FILTER_IP_SRC,
	FILTER_IP_PROTO,
	FILTER_IP_DST_PORT,
	FILTER_IP_SRC_PORT,
	FILTER_EST
} filtertokens;

/*
 * Enumerated values for the IP filter port comparisons.
 */
typedef enum
{
	RAD_NO_COMPARE,
	RAD_COMPARE_LESS,
	RAD_COMPARE_EQUAL,
	RAD_COMPARE_GREATER,
	RAD_COMPARE_NOT_EQUAL
} radfiltercomp;

extern keywordstruct filtercompare[];

/*
 * The binary format of an IP filter.  ALL fields are stored in network byte
 * order.
 * 
 * srcip:	The source IP address.
 * 
 * dstip:	The destination IP address.
 * 
 * srcmask:	The number of leading one bits in the source address mask.
 *		Specifies the bits of interest.
 * 
 * dstmask:	The number of leading one bits in the destination address
 *		mask. Specifies the bits of interest.
 * 
 * proto:	The IP protocol number
 * 
 * establised:	A boolean value.  TRUE when we car