3 * Copyright (c) 2002-2009, Jouni Malinen <j@w1.fi>
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
9 #ifndef RADIUS_CLIENT_H
10 #define RADIUS_CLIENT_H
17 * struct hostapd_radius_server - RADIUS server information for RADIUS client
19 * This structure contains information about a RADIUS server. The values are
20 * mainly for MIB information. The MIB variable prefix (radiusAuth or
21 * radiusAcc) depends on whether this is an authentication or accounting
24 * radiusAuthClientPendingRequests (or radiusAccClientPendingRequests) is the
25 * number struct radius_client_data::msgs for matching msg_type.
27 struct hostapd_radius_server {
29 * addr - radiusAuthServerAddress or radiusAccServerAddress
31 struct hostapd_ip_addr addr;
34 * port - radiusAuthClientServerPortNumber or radiusAccClientServerPortNumber
39 * shared_secret - Shared secret for authenticating RADIUS messages
44 * shared_secret_len - Length of shared_secret in octets
46 size_t shared_secret_len;
48 /* Dynamic (not from configuration file) MIB data */
51 * index - radiusAuthServerIndex or radiusAccServerIndex
56 * round_trip_time - radiusAuthClientRoundTripTime or radiusAccClientRoundTripTime
57 * Round-trip time in hundredths of a second.
62 * requests - radiusAuthClientAccessRequests or radiusAccClientRequests
67 * retransmissions - radiusAuthClientAccessRetransmissions or radiusAccClientRetransmissions
72 * access_accepts - radiusAuthClientAccessAccepts
77 * access_rejects - radiusAuthClientAccessRejects
82 * access_challenges - radiusAuthClientAccessChallenges
84 u32 access_challenges;
87 * responses - radiusAccClientResponses
92 * malformed_responses - radiusAuthClientMalformedAccessResponses or radiusAccClientMalformedResponses
94 u32 malformed_responses;
97 * bad_authenticators - radiusAuthClientBadAuthenticators or radiusAccClientBadAuthenticators
99 u32 bad_authenticators;
102 * timeouts - radiusAuthClientTimeouts or radiusAccClientTimeouts
107 * unknown_types - radiusAuthClientUnknownTypes or radiusAccClientUnknownTypes
112 * packets_dropped - radiusAuthClientPacketsDropped or radiusAccClientPacketsDropped
118 * struct hostapd_radius_servers - RADIUS servers for RADIUS client
120 struct hostapd_radius_servers {
122 * auth_servers - RADIUS Authentication servers in priority order
124 struct hostapd_radius_server *auth_servers;
127 * num_auth_servers - Number of auth_servers entries
129 int num_auth_servers;
132 * auth_server - The current Authentication server
134 struct hostapd_radius_server *auth_server;
137 * acct_servers - RADIUS Accounting servers in priority order
139 struct hostapd_radius_server *acct_servers;
142 * num_acct_servers - Number of acct_servers entries
144 int num_acct_servers;
147 * acct_server - The current Accounting server
149 struct hostapd_radius_server *acct_server;
152 * retry_primary_interval - Retry interval for trying primary server
154 * This specifies a retry interval in sexconds for trying to return to
155 * the primary RADIUS server. RADIUS client code will automatically try
156 * to use the next server when the current server is not replying to
157 * requests. If this interval is set (non-zero), the primary server
158 * will be retried after the specified number of seconds has passed
159 * even if the current used secondary server is still working.
161 int retry_primary_interval;
164 * msg_dumps - Whether RADIUS message details are shown in stdout
169 * client_addr - Client (local) address to use if force_client_addr
171 struct hostapd_ip_addr client_addr;
174 * force_client_addr - Whether to force client (local) address
176 int force_client_addr;
181 * RadiusType - RADIUS server type for RADIUS client
185 * RADIUS authentication
190 * RADIUS_ACCT - RADIUS accounting
195 * RADIUS_ACCT_INTERIM - RADIUS interim accounting message
197 * Used only with radius_client_send(). This behaves just like
198 * RADIUS_ACCT, but removes any pending interim RADIUS Accounting
199 * messages for the same STA before sending the new interim update.
205 * RadiusRxResult - RADIUS client RX handler result
209 * RADIUS_RX_PROCESSED - Message processed
211 * This stops handler calls and frees the message.
216 * RADIUS_RX_QUEUED - Message has been queued
218 * This stops handler calls, but does not free the message; the handler
219 * that returned this is responsible for eventually freeing the
225 * RADIUS_RX_UNKNOWN - Message is not for this handler
230 * RADIUS_RX_INVALID_AUTHENTICATOR - Message has invalid Authenticator
232 RADIUS_RX_INVALID_AUTHENTICATOR
235 struct radius_client_data;
237 int radius_client_register(struct radius_client_data *radius,
239 RadiusRxResult (*handler)
240 (struct radius_msg *msg, struct radius_msg *req,
241 const u8 *shared_secret, size_t shared_secret_len,
244 int radius_client_send(struct radius_client_data *radius,
245 struct radius_msg *msg,
246 RadiusType msg_type, const u8 *addr);
247 u8 radius_client_get_id(struct radius_client_data *radius);
248 void radius_client_flush(struct radius_client_data *radius, int only_auth);
249 struct radius_client_data *
250 radius_client_init(void *ctx, struct hostapd_radius_servers *conf);
251 void radius_client_deinit(struct radius_client_data *radius);
252 void radius_client_flush_auth(struct radius_client_data *radius,
254 int radius_client_get_mib(struct radius_client_data *radius, char *buf,
256 void radius_client_reconfig(struct radius_client_data *radius,
257 struct hostapd_radius_servers *conf);
259 #endif /* RADIUS_CLIENT_H */