/* **++ ** FACILITY: RADIUS-VMS ** ** MODULE DESCRIPTION: ** ** This module contains a RADIUS constant definitions, data startucture definitions, ** functions prototypes. ** ** AUTHORS: ** ** Ruslan R. Laishev ** Copyright © 1998-2011, Ruslan R. Laishev ** ** ** CREATION DATE: ??-OCT-1998 ** ** MODIFICATION HISTORY: ** ** ??-OCT-1998 RRL Initial rewriting. ** 20-DEC-1999 RRL Add MAXHOMES ** 1-FEB-2000 RRL Add NAS flags in client entry structure. ** 11-FEB-2000 RRL Add external AAA callouts support. ** 18-MAR-2000 RRL Add realm Check-Item attribute (8002). ** 25-MAR-2000 RRL Add into DICT_ATTR vendor field. ** 17-MAY-2000 RRL Add PW_AUTHTYPE_EXTERN ** 27-AUG-2000 RRL Add PW_AUTHTYPE_DOMAIN,dom_entry ** 30-SEP-2000 RRL Add strlower(),strupper() declarations. ** 4-OCT-2000 RRL Add conn_info to CLIENT type, ** add new check-item Right-Id (8003). ** 10-NOV-2000 RRL Add a /BDC_HOST support. ** 27-NOV-2000 RRL Add "sess" member to the realm structure. ** 22-DEC-2000 RRL Add the VENDOR codes literals. ** 8-JAN-2001 RRL Add some comments. ** 12-JAN-2001 RRL Add a receive buffer size in the home structure. ** 7-FEB-2001 RRL Add a 3Com and MS vendor constants. ** 15-JAN-2002 RRL Added definitions and structure to support Ascend filters. ** 20-MAR-2002 RRL Added MAXPKTSZ. ** 9-AUG-2002 RRL Added sentc,recvc field into CLNT_ENTRY structure, ** bauth_sock,bacct_sock into REALM_ENTRY structure; ** 11-AUG-2002 RRL Replaced sentc,recvc by load. ** 22-AUG-2002 RRL Added IMSI field to realm definition. ** 1-SEP-2002 RRL Added MAXIMSI. ** 22-JUL-2003 RRL Fixed signed/unsigned inconsistence. ** 28-SEP-2003 RRL Added constants for the SIP DIGEST Authentication. ** 7-OCT-2003 RRL Changed default ports for RFC compliance: ** 1645 -> 1812 ** 1646 -> 1813 ** 23-OCT-2003 RRL Added accept/reject realm list into the client ** structure definition. ** 26-AUG-2004 RRL Retired conn_info field from clnt_entry structure. ** 8-SEP-2004 RRL Added GROUP field to the client structure. ** 12-APR-2005 RRL Added A12 stuff. ** 20-MAY-2005 RRL GROUP field ASCIC-32-> unsigned word ** 13-SEP-2005 RRL Removed all a12 stuff, now it is in RADDEF. ** 30-OCT-2006 RRL MAXIMSI: 128->1024 ** 22-DEC-2010 RRL Added TRACE macro. ** ** {@tbs@}... **-- */ #ifndef __RADIUS_H__ #define __RADIUS_H__ 1 /* ** ** INCLUDE FILES ** */ #include #include #include #define __NEW_STARLET 1 #include #include "raddef.h" #include "radius_msg.h" /* ** ** MACRO DEFINITIONS ** */ #define min(x,y) ((x > y)?y:x) #define max(x,y) ((x < y)?y:x) #define TRACE if ( debug_flag) _rad_trace(module,__LINE__, /* ** A RADIUS-VMS SIGNATURE USED TO "SIGN" FORWARDED PACKETS */ #define RADIUS_VMS_SIG 0x0DEC0BAD /* ** A VMS/DEC Threads SPECIFIC MACROS */ #define $PTHREAD_CREATE(a,b,c,d) pthread_create(a,&b,(void *)c,(void *) d) #define $PTHREAD_MUTEX_INIT(a) pthread_mutex_init(a,0) #define $PTHREAD_COND_INIT(a) pthread_cond_init(a,0) /* ** MAXIMAL SIZE OF A PACKET */ #define MAXPKTSZ 4096 /* ** ** A LIMITS CONSTANTS ** */ #define AUTH_VECTOR_LEN 16 /* A size of the digest, RFC defined size is 16 */ #define AUTH_PASS_LEN 16 /* A password chunk size, RFC defined size is 16*/ #define AUTH_MAXPASS_LEN 64 /* A maximum length of the password */ #define AUTH_STRING_LEN 253 /* A maximum length ofa attribute */ #define MAXTHREADS 128 /* A maximum threads for every home */ #define MAXIDS 256 /* A maximum number of VMS Right id used in the clients */ /* and realms definitions */ #define MAXHOMES 8 /* A maximum number of homes */ #define MAXIMSI 128 /* A maximum number of IMSI realms */ /* ** Some useful stuff to initialization a VMS native data */ #define INIT_SDESC(dsc, len, ptr) {(dsc).dsc$b_dtype = DSC$K_DTYPE_T;\ (dsc).dsc$b_class = DSC$K_CLASS_S; (dsc).dsc$w_length = (short) (len);\ (dsc).dsc$a_pointer = (ptr);} #define INIT_DDESC(dsc) {(dsc).dsc$b_dtype = DSC$K_DTYPE_T;\ (dsc).dsc$b_class = DSC$K_CLASS_D;(dsc).dsc$w_length = 0;\ (dsc).dsc$a_pointer = 0;} #define INIT_ILE3(i,l,c,b,r) {(i).ile3$w_length = (l);\ (i).ile3$w_code = (c); (i).ile3$ps_bufaddr = (b);\ (i).ile3$ps_retlen_addr = (r);} /* ** A packet header structure */ #ifdef __DECC #pragma member_alignment save #pragma nomember_alignment #endif typedef struct pw_auth_hdr { unsigned char code; /* A request/answer code, see RFC 2138/2139 */ unsigned char id; /* An identifier of a request */ unsigned short length; /* A total length of a request packet */ char vector[AUTH_VECTOR_LEN]; /* A MD5 digest */ char data[2]; /* Just pointer to variable part of a packet */ } AUTH_HDR; typedef struct radacc_hdr { __int64 datetime; /* A timestamp of the record */ unsigned client; /* A client IP address */ } RADACC_HDR; #define RAD_HDRSZ (1 + 1 + 2 + AUTH_VECTOR_LEN) #define RAD_GUARDSZ 32 #define RAD_MAXPKTSZ (4096 - RAD_GUARDSZ) #define RAD_MAXBODYSZ (RAD_MAXPKTSZ - RAD_HDRSZ) typedef struct three_node_key { char namelen; char *name; } TREE_NODE_KEY; typedef struct three_node { void *flink, *blink; short reserved; void *ptr; } TREE_NODE; /* ** Vendors code: ** ftp://ftp.isi.edu/in-notes/rfc1700.txt ** ftp://ftp.isi.edu/in-notes/iana/assignments/enterprise-numbers ** http://ftp.isi.edu/in-notes/iana/assignments/enterprise-numbers */ #define RAD_VENDOR_K_USR 429 #define RAD_VENDOR_K_LIVINGSTON 307 #define RAD_VENDOR_K_LUCENT 1751 #define RAD_VENDOR_K_CISCO 9 #define RAD_VENDOR_K_BAY 1584 #define RAD_VENDOR_K_MERIT 61 #define RAD_VENDOR_K_SHIVA 166 #define RAD_VENDOR_K_DEC 36 #define RAD_VENDOR_K_3COM 43 #define RAD_VENDOR_K_MS 311 #define RAD_VENDOR_K_3GPP2 5535 #define AUTH_HDR_LEN 20 #define CHAP_VALUE_LENGTH 16 #define PW_AUTH_UDP_PORT 1812 #define PW_ACCT_UDP_PORT 1813 #define PW_SMB_SSN_PORT 139 #define PW_TYPE_STRING 0 #define PW_TYPE_INTEGER 1 #define PW_TYPE_IPADDR 2 #define PW_TYPE_DATE 3 #define PW_TYPE_FILTER 4 #define PW_AUTHENTICATION_REQUEST 1 #define PW_AUTHENTICATION_ACK 2 #define PW_AUTHENTICATION_REJECT 3 #define PW_ACCOUNTING_REQUEST 4 #define PW_ACCOUNTING_RESPONSE 5 #define PW_PASSWORD_REQUEST 7 #define PW_PASSWORD_ACK 8 #define PW_PASSWORD_REJECT 9 #define PW_ACCESS_CHALLENGE 11 #define PW_USER_NAME 1 #define PW_PASSWORD 2 #define PW_CHAP_PASSWORD 3 #define PW_CHAP_CHALLENGE 60 #define PW_NAS_IP 4 #define PW_NAS_PORT_ID 5 #define PW_NAS_PORT_TYPE 61 #define PW_USER_SERVICE_TYPE 6 #define PW_FRAMED_PROTOCOL 7 #define PW_FRAMED_ADDRESS 8 #define PW_FRAMED_NETMASK 9 #define PW_FRAMED_ROUTING 10 #define PW_FRAMED_FILTER_ID 11 #define PW_FRAMED_MTU 12 #define PW_FRAMED_COMPRESSION 13 #define PW_LOGIN_HOST 14 #define PW_LOGIN_SERVICE 15 #define PW_LOGIN_TCP_PORT 16 #define PW_OLD_PASSWORD 17 #define PW_PORT_MESSAGE 18 #define PW_DIALBACK_NO 19 #define PW_DIALBACK_NAME 20 #define PW_FRAMED_ROUTE 22 #define PW_FRAMED_IPXNET 23 #define PW_STATE 24 #define PW_VENDOR_SPECIFIC 26 #define PW_SESSION_TIMEOUT 27 #define PW_TERMINATION 29 #define PW_CALLED_STATION_ID 30 #define PW_CALLING_STATION_ID 31 #define PW_NAS_ID 32 #define PW_PROXY_STATE 33 #define PW_ACCT_STATUS_TYPE 40 #define PW_ACCT_DELAY_TIME 41 #define PW_ACCT_INPUT_OCTETS 42 #define PW_ACCT_OUTPUT_OCTETS 43 #define PW_ACCT_SESSION_ID 44 #define PW_ACCT_AUTHENTIC 45 #define PW_ACCT_SESSION_TIME 46 #define PW_ACCT_TERMINATE_CAUSE 49 #define PW_CONNECT_INFO 77 #define PW_USR_CONNECT_SPEED 0x9023 #define PW_PORT_LIMIT 62 /* ** Non-Protocol Attributes */ /* #define PW_AUTHTYPE 1000 #define PW_SUFFIX 1001 #define PW_REALM 1002 #define PW_RIGHT_ID 1003 #define PW_CLIENT_IP 1004 #define PW_CLIENT_GROUP 1005 */ #define PW_DIGEST_RESPONSE 206 #define PW_DIGEST_ATTRIBUTES 207 #define PW_DIGEST_REALM 1063 #define PW_DIGEST_NONCE 1064 #define PW_DIGEST_METHOD 1065 #define PW_DIGEST_URI 1066 #define PW_DIGEST_QOP 1067 #define PW_DIGEST_ALGORITHM 1068 #define PW_DIGEST_BODY_DIGEST 1069 #define PW_DIGEST_CNONCE 1070 #define PW_DIGEST_NONCE_COUNT 1071 #define PW_DIGEST_USER_NAME 1072 /* ** AUTHENTICATION LEVEL */ #define PW_AUTH_NONE 0 #define PW_AUTH_RADIUS 1 #define PW_AUTH_LOCAL 2 /* ** STATUS TYPES */ #define PW_STATUS_START 1 #define PW_STATUS_STOP 2 #define PW_STATUS_UPDATE 3 /* ** INTERNAL AUTHENTICATION TYPES */ #define PW_AUTHTYPE_LOCAL 0 #define PW_AUTHTYPE_VMS 1 #define PW_AUTHTYPE_EXTERN 2 #define PW_AUTHTYPE_DOMAIN 3 #define PW_AUTHTYPE_REJECT 4 #define PW_AUTHTYPE_ACCEPT 5 #define PW_AUTHTYPE_DIGEST 6 #define PW_AUTHTYPE_A12 7 /* ** 3GPP2 ATTRIBUTE */ #define PW_3GPP2_IMSI 1 /* ** ** Server data structures ** */ typedef struct dict_attr { char namelen; char name[32]; int id; int vendor; int type; } DICT_ATTR; typedef struct dict_value { DICT_ATTR * attr; char namelen; char name[32]; int value; } DICT_VALUE; typedef struct value_pair { DICT_ATTR * attr; int lvalue; char strvalue[AUTH_STRING_LEN]; struct value_pair * next; } VALUE_PAIR; typedef struct auth_req { int ipaddr; unsigned char id; unsigned char code; char vector[16]; VALUE_PAIR *request; } AUTH_REQ; typedef struct _list { DSC$DESCRIPTOR data; /* A pointer to element data */ struct _list *next; /* A pointer to next list element*/ } _LIST; typedef struct clnt_entry { unsigned load; /* A load factor of the client */ char namelen, name [32]; int ipaddr; char secretlen, secret[16]; #define MAXCLIENTIDS 15 char reject_id_count, reject_id[MAXCLIENTIDS], accept_id_count, accept_id[MAXCLIENTIDS], NAS; /* Threat a client as NAS flag */ struct _list *accept_realm, *reject_realm; unsigned short group; /* Client group ID */ } CLNT_ENTRY; typedef struct id_entry { char namelen; char name [32]; int id; } ID_ENTRY; typedef struct realm_entry { char namelen, name [64]; #define MAXREALMIDS 15 char reject_id_count, reject_id[MAXREALMIDS], accept_id_count, accept_id[MAXREALMIDS]; struct sockaddr_in auth_sock, acct_sock, bauth_sock, bacct_sock; char account[8], imsi; } REALM_ENTRY; typedef struct home_entry { struct sockaddr_in auth_sock; short auth_chan; struct sockaddr_in acct_sock; short acct_chan; int recvbfsz; } HOME_ENTRY; typedef struct dom_entry { char namelen; char name [16]; char nbnamelen; char nbname [16]; struct sockaddr_in dc_sock; char bnbnamelen; char bnbname [16]; struct sockaddr_in bdc_sock; } DOM_ENTRY; typedef struct proxy_state { int sig; int host_ip; int clnt_ip; int clnt_port; short chan; int checksum; char vector[AUTH_VECTOR_LEN]; } PROXY_STATE; /* **++ ** ** Follows special section to implement the Ascend filter capabilities ** **-- */ /* ** Two types of filters are supported, GENERIC and IP. The identifiers * are: */ #define RAD_FILTER_GENERIC 0 #define RAD_FILTER_IP 1 /* ** Generic filters mask and match up to RAD_MAX_FILTER_LEN bytes ** starting at some offset. The length is: */ #define RAD_MAX_FILTER_LEN 6 /* ** RadFilterComparison: ** ** An enumerated values for the IP filter port comparisons. */ typedef enum { CMP_NONE, CMP_LT, CMP_EQ, CMP_GT, CMP_NE } RadFilterComparison; /* ** ** The binary format of an IP filter. ALL fields are stored in ** network byte order. ** */ typedef struct radip { unsigned srcip, /* The source IP address. */ dstip; /* The destination IP address. */ unsigned char srcmask, /* The number of leading one bits in the source address mask. Specifies the bits of interest */ dstmask, /* The number of leading one bits in the destination */ /* address mask. Specifies the bits of interest.*/ proto, /* The IP protocol number */ established; /* A boolean value. TRUE when we care about the*/ /* established state of a TCP connection. FALSE when*/ /* we dont care. */ unsigned short srcport, /* TCP or UDP source port number. */ dstport; /* TCP or UDP destination port number. */ unsigned char srcPortComp, /* One of the values of the RadFilterComparison enumeration */ /* specifying how to compare the dstport value. */ dstPortComp, /* One of the values of the RadFilterComparison enumeration */ /* specifying how to compare the dstport value. */ fill[4]; /* used to be fill[2] */ } RadIpFilter; /* ** ** A binary filter element. Contains either a RadIpFilter or a ** RadGenericFilter. All fields are stored in network byte order. ** */ typedef struct filter { unsigned char type, /* Either RAD_FILTER_GENERIC or RAD_FILTER_IP. */ forward, /* TRUE if we should forward packets that match this */ /* filter, FALSE if we should drop packets that match*/ /* this filter. */ indirection, /* TRUE if this is an input filter, FALSE if this is */ /* an output filter. */ fill; union { /* A union of: */ RadIpFilter ip; /* ip: An ip filter entry */ } u; } RadFilter; #define DEBUG if(debug_flag)printf /* ** ** ROUTINES PROTOTYPES DECLARATION SECTION ** */ int netio_close (short); int netio_reset (short); int netio_open (short *,struct sockaddr_in *,int); int netio_connect (short *,struct sockaddr_in *); int netio_read (short,char *,short,short *,struct sockaddr_in *, short); int netio_write (short,char *,short,struct sockaddr_in *); void md5_calc (char *,char *,int); void md5_calc1 (char *,char *,short,char *,short); int radproxy_ans2client (AUTH_REQ *,char *,short *,CLNT_ENTRY *, struct sockaddr_in *,short *, VALUE_PAIR *,VALUE_PAIR *); int radproxy_req2server (AUTH_REQ *,char *,short *,CLNT_ENTRY *, REALM_ENTRY *,struct sockaddr_in *,short, VALUE_PAIR *,VALUE_PAIR *); int rad_conf (void); CLNT_ENTRY *client_find (int); REALM_ENTRY *realm_find (char *,short,int); DOM_ENTRY *domain_find (char *,short); int dict_init (void); DICT_ATTR *dict_attrget (int,int,char *,int); DICT_VALUE *dict_valget (int,int,int,char *,int); int user_open (TH_AUTH *ctx); int user_close (TH_AUTH *ctx); int user_find (struct RAB *,char *,short,VALUE_PAIR **,VALUE_PAIR **,int, int *); char * ipaddr2name (int,char *); int name2ipaddr (char *); char * ipaddr2str (char *,int); char * strlower (char *); char * strupper (char *); int rad_init_vm (short); int rad_get_vm_req (AUTH_REQ **); int rad_get_vm_pair (VALUE_PAIR **); int rad_free_vm_req (AUTH_REQ *); int rad_free_vm_pair(VALUE_PAIR *); VALUE_PAIR *get_attribute(VALUE_PAIR *,int,int); void put_attribute(VALUE_PAIR **,int,void *,int); int rad_log (int ,...); void rad_trace (unsigned char *, unsigned, unsigned char *, ...); void rad_put_output (DSC$DESCRIPTOR *,...); void rad_attr_out (VALUE_PAIR *); AUTH_REQ * radrecv(int,unsigned short, char *,int); int radacct_start (short,int,short); void radacct_stop (short,int,short); int radacct_open (void); void radacct_close (void); int radacct_get_stat(struct RAB *,char *,short,char *,int,int *,char *,short); int radauth_start (short,int,short); void radauth_stop (short,int,short); void radauth_setflag (unsigned); int list2pkt (VALUE_PAIR *,char *,VALUE_PAIR *,CLIENT *, unsigned char *); int vms_login (char *,short,char *,short,char *,short,char *,short,int,int *); int vms_logindate (char *,short); int vms_right (char *,short,int); int vms_asctoid (char *,short,int *); void vms_accounting (struct RAB *,char *,int,char *,char *,short,char *,int,char *, int,int,int *,int *,int,int,char *); int tree_node_get_vm(TREE_NODE_KEY *,TREE_NODE **,void *); int (*rad_ext_auth_init) (); int (*rad_ext_auth_auth) (); int (*rad_ext_auth_cleanup) (); int (*rad_ext_acct_init) (); int (*rad_ext_acct_acct) (); int (*rad_ext_acct_cleanup) (); int rad_cp_init (int (*func) (), pthread_cond_t *, int *); int rad_cp_notify (int, int); int rad_cp_shut (void); int filterA2BIN (VALUE_PAIR *,char *); int domain_login (DOM_ENTRY *, char*, short, char *, short); char * get_logname (char *,char *,short); void hex2bin (unsigned char *,unsigned char *,unsigned short); void bin2hex (unsigned char *,unsigned char *,unsigned short); int _match_int (unsigned, ...); struct _list *look4realm(struct _list *,char *,short); void radacct_put_detail (struct RAB *,VALUE_PAIR *,CLNT_ENTRY *); #ifndef _RAD_CONF_ volatile extern int debug_flag, /* A debug mode output flag */ exit_flag, /* Request to exit flag */ session_tmo_flag, /* Performs a computing of a session time */ dns_lookup, /* Performs a reverse DNS lookuping */ opcomlvl, /* A severity level to send to OPCOM */ host_ip, /* A main own IP address */ maxhomes, /* A number of confugerd and initalized homes */ pwd_expired, /* A SYSUAF's /PWD_EXPIRED flag checking */ restricted; /* A SYSUAF's /RESTRICED flag checking */ extern ID_ENTRY ids []; extern REALM_ENTRY *default_realm; extern HOME_ENTRY homes[]; extern void *extauthcontext,*extacctcontext; extern pthread_attr_t tattr; extern char NBNAME[]; extern int NBNAMELEN; #endif #ifdef __DECC #pragma member_alignment restore #endif #endif /* __RADIUS_H__ */