diameter_nasreq_parser.hxx

Diameter协议栈

#define CHAP_ALGORITHM_MD5 5

  AAA_ScholarAttribute<diameter_octetstring_t> ChapIdent;
  // Optional AVPs
  AAA_ScholarAttribute<diameter_octetstring_t> ChapResponse;
  AAA_VectorAttribute<avp_t> Avp;
};

/// Definition for AA-Request message contents internal structure.
class AA_RequestData
{
 public:
  /// Constructor.
  AA_RequestData() {}

  /// Return a pointer to the instance.
  AA_RequestData* Self() { return this; }

  /// Clear the contents of the instance.
  void Clear()
  {
    SessionId.Clear();
    AuthApplicationId.Clear();
    OriginHost.Clear();
    OriginRealm.Clear();
    DestinationRealm.Clear();
    AuthRequestType.Clear();
    DestinationHost.Clear();
    NasIdentifier.Clear();
    NasIpAddress.Clear();
    NasIpv6Address.Clear();
    NasPort.Clear();
    NasPortId.Clear();
    NasPortType.Clear();
    OriginStateId.Clear();
    PortLimit.Clear();
    UserName.Clear();
    UserPassword.Clear();
    ServiceType.Clear();
    State.Clear();
    AuthorizationLifetime.Clear();
    AuthGracePeriod.Clear();
    AuthSessionState.Clear();
    CallbackNumber.Clear();
    CalledStationId.Clear();
    CallingStationId.Clear();
    OriginatingLineInfo.Clear();
    ConnectInfo.Clear();
    ChapAuth.Clear();
    ChapChallenge.Clear();
    FramedCompression.Clear();
    FramedInterfaceId.Clear();
    FramedIpAddress.Clear();
    FramedIpv6Prefix.Clear();
    FramedIpNetmask.Clear();
    FramedMtu.Clear();
    FramedProtocol.Clear();
    ArapPassword.Clear();
    ArapChallengeResponse.Clear();
    ArapSecurity.Clear();
    ArapSecurityData.Clear();
    LoginIpHost.Clear();
    LoginIpv6Host.Clear();
    LoginLatGroup.Clear();
    LoginLatNode.Clear();
    LoginLatPort.Clear();
    LoginLatService.Clear();
    Tunneling.Clear();
    ProxyInfo.Clear();
    RouteRecord.Clear();
    Avp.Clear();
  }

  /// AA-Request AVPs
  AAA_ScholarAttribute<diameter_utf8string_t> SessionId;
  AAA_ScholarAttribute<diameter_unsigned32_t> AuthApplicationId;
  AAA_ScholarAttribute<diameter_identity_t>  OriginHost;
  AAA_ScholarAttribute<diameter_identity_t>  OriginRealm;
  AAA_ScholarAttribute<diameter_identity_t>  DestinationRealm;
  /* In RFC3588:

   "8.7.  Auth-Request-Type AVP
                                                                                
   The Auth-Request-Type AVP (AVP Code 274) is of type Enumerated and is
   included in application-specific auth requests to inform the peers
   whether a user is to be authenticated only, authorized only or both.
   Note any value other than both MAY cause RADIUS interoperability
   issues.  The following values are defined:
                                                                                
   AUTHENTICATE_ONLY          1
      The request being sent is for authentication only, and MUST
      contain the relevant application specific authentication AVPs that
      are needed by the Diameter server to authenticate the user.

   AUTHORIZE_ONLY             2
      The request being sent is for authorization only, and MUST contain
      the application specific authorization AVPs that are necessary to
      identify the service being requested/offered.

   AUTHORIZE_AUTHENTICATE     3
      The request contains a request for both authentication and
      authorization.  The request MUST include both the relevant
      application specific authentication information, and authorization
      information necessary to identify the service being
      requested/offered."

  */
  AAA_ScholarAttribute<diameter_enumerated_t> AuthRequestType;
  AAA_ScholarAttribute<diameter_identity_t>  DestinationHost;
  AAA_ScholarAttribute<diameter_utf8string_t> NasIdentifier;
  AAA_ScholarAttribute<diameter_octetstring_t> NasIpAddress;
  AAA_ScholarAttribute<diameter_octetstring_t> NasIpv6Address;
  AAA_ScholarAttribute<diameter_unsigned32_t> NasPort;
  AAA_ScholarAttribute<diameter_utf8string_t> NasPortId;
  AAA_ScholarAttribute<diameter_enumerated_t> NasPortType;
  AAA_ScholarAttribute<diameter_unsigned32_t> OriginStateId;
  /* In draft-ietf-aaa-diameter-nasreq-14.txt:

   "6.5.  Port-Limit AVP
                                                                                
   The Port-Limit AVP (AVP Code 62) is of type Unsigned32 and sets the
   maximum number of ports to be provided to the user by the NAS.  It
   MAY be used in an authentication and/or authorization request as a
   hint to the server that multilink PPP [PPPMP] service is desired, but
   the server is not required to honor the hint in the corresponding
   response."

  */
  AAA_ScholarAttribute<diameter_unsigned32_t> PortLimit;
  AAA_ScholarAttribute<diameter_utf8string_t> UserName;
  AAA_ScholarAttribute<diameter_utf8string_t> UserPassword;
  /* In RFC2865:

   "5.6.  Service-Type
                                                                                
   Description
                                                                                
      This Attribute indicates the type of service the user has
      requested, or the type of service to be provided.  It MAY be used
      in both Access-Request and Access-Accept packets.  A NAS is not
      required to implement all of these service types, and MUST treat
      unknown or unsupported Service-Types as though an Access-Reject
      had been received instead."

   Value

      The Value field is four octets.
                                                                                
       1      Login
       2      Framed
       3      Callback Login
       4      Callback Framed
       5      Outbound
       6      Administrative
       7      NAS Prompt
       8      Authenticate Only
       9      Callback NAS Prompt
      10      Call Check
      11      Callback Administrative

  */
  AAA_ScholarAttribute<diameter_enumerated_t> ServiceType;
  /* In Section 5.24 of RFC 2865:

   "5.24.  State
                                                                                
   Description
                                                                                
      This Attribute is available to be sent by the server to the client
      in an Access-Challenge and MUST be sent unmodified from the client
      to the server in the new Access-Request reply to that challenge,
      if any.
                                                                                
      This Attribute is available to be sent by the server to the client
      in an Access-Accept that also includes a Termination-Action
      Attribute with the value of RADIUS-Request.  If the NAS performs
      the Termination-Action by sending a new Access-Request upon
      termination of the current session, it MUST include the State
      attribute unchanged in that Access-Request.
                                                                                
      In either usage, the client MUST NOT interpret the attribute
      locally.  A packet must have only zero or one State Attribute.
      Usage of the State Attribute is implementation dependent."

  */
  AAA_ScholarAttribute<diameter_octetstring_t> State;
  AAA_ScholarAttribute<diameter_unsigned32_t> AuthorizationLifetime;
  AAA_ScholarAttribute<diameter_unsigned32_t> AuthGracePeriod;
  /* In Section 8 of RFC3588:

  "An access device that does not expect to send a re-authorization or
  a session termination request to the server MAY include the Auth-
  Session-State AVP with the value set to NO_STATE_MAINTAINED as a
  hint to the server.  If the server accepts the hint, it agrees that
  since no session termination message will be received once service
  to the user is terminated, it cannot maintain state for the session.
  If the answer message from the server contains a different value in
  the Auth-Session-State AVP (or the default value if the AVP is
  absent), the access device MUST follow the server's directives.
  Note that the value NO_STATE_MAINTAINED MUST NOT be set in
  subsequent re- authorization requests and answers."

  In Section 8.1 of RFC3588:

  "There are four different authorization session state machines
  supported in the Diameter base protocol.  The first two describe a
  session in which the server is maintaining session state, indicated
  by the value of the Auth-Session-State AVP (or its absence).  One
  describes the session from a client perspective, the other from a
  server perspective.  The second two state machines are used when the
  server does not maintain session state.  Here again, one describes
  the session from a client perspective, the other from a server
  perspective."

  In Section 8.11 of RFC3588:

  "8.11.  Auth-Session-State AVP
                                                                                
  The Auth-Session-State AVP (AVP Code 277) is of type Enumerated and
  specifies whether state is maintained for a particular session.  The
  client MAY include this AVP in requests as a hint to the server, but
  the value in the server's answer message is binding.  The following
  values are supported:
                                                                                
  STATE_MAINTAINED              0
      This value is used to specify that session state is being
      maintained, and the access device MUST issue a session termination
      message when service to the user is terminated.  This is the
      default value.
                                                                                
  NO_STATE_MAINTAINED           1
      This value is used to specify that no session termination messages
      will be sent by the access device upon expiration of the
      Authorization-Lifetime."

    */
  AAA_ScholarAttribute<diameter_enumerated_t> AuthSessionState;
  /* In draft-ietf-aaa-diameter-nasreq-14.txt:

   "6.2.  Callback-Number AVP
                                                                                
   The Callback-Number AVP (AVP Code 19) is of type UTF8String, and
   contains a dialing string to be used for callback.  It MAY be used in
   an authentication and/or authorization request as a hint to the
   server that a Callback service is desired, but the server is not
   required to honor the hint in the corresponding response.
                                                                                
   The codification of the range of allowed usage of this field is
   outside the scope of this specification."
                                                                                
  */
  AAA_ScholarAttribute<diameter_utf8string_t> CallbackNumber;
  AAA_ScholarAttribute<diameter_utf8string_t> CalledStationId;
  AAA_ScholarAttribute<diameter_utf8string_t> CallingStationId;
  AAA_ScholarAttribute<diameter_octetstring_t> OriginatingLineInfo;
  AAA_ScholarAttribute<diameter_utf8string_t> ConnectInfo;
  AAA_GroupedScholarAttribute<chap_auth_t> ChapAuth;
  AAA_ScholarAttribute<diameter_octetstring_t> ChapChallenge;
  AAA_VectorAttribute<diameter_enumerated_t> FramedCompression;
  AAA_ScholarAttribute<diameter_unsigned64_t> FramedInterfaceId;
  AAA_ScholarAttribute<diameter_octetstring_t> FramedIpAddress;
  AAA_VectorAttribute<diameter_octetstring_t> FramedIpv6Prefix;
  AAA_ScholarAttribute<diameter_octetstring_t> FramedIpNetmask;
  /* In draft-ietf-aaa-diameter-nasreq-14.txt:

   "6.9.3.  Framed-MTU AVP
                                                                                
   The Framed-MTU AVP (AVP Code 12) is of type Unsigned32 and contains
   the Maximum Transmission Unit to be configured for the user, when it
   is not negotiated by some other means (such as PPP). This AVP SHOULD
   only be present in authorization responses. The MTU value MUST be in
   the range of 64 and 65535."

  */
  AAA_ScholarAttribute<diameter_unsigned32_t> FramedMtu;