669b5324e1
Instead of using the RADIUS client retransmission design with the old RADIUS message contents for each retry, trigger a completely new interim accounting update instance more quickly (using the same schedule as RADIUS message retransmissions) to improve accounting updates in cases where RADIUS message delivery fails. This allows the server to get up to date information from the time the "retry" message was sent instead of the old information from the time the first failed attempt was sent. Signed-off-by: Jouni Malinen <j@w1.fi>
262 lines
6.4 KiB
C
262 lines
6.4 KiB
C
/*
|
|
* RADIUS client
|
|
* Copyright (c) 2002-2009, Jouni Malinen <j@w1.fi>
|
|
*
|
|
* This software may be distributed under the terms of the BSD license.
|
|
* See README for more details.
|
|
*/
|
|
|
|
#ifndef RADIUS_CLIENT_H
|
|
#define RADIUS_CLIENT_H
|
|
|
|
#include "ip_addr.h"
|
|
|
|
struct radius_msg;
|
|
|
|
/**
|
|
* struct hostapd_radius_server - RADIUS server information for RADIUS client
|
|
*
|
|
* This structure contains information about a RADIUS server. The values are
|
|
* mainly for MIB information. The MIB variable prefix (radiusAuth or
|
|
* radiusAcc) depends on whether this is an authentication or accounting
|
|
* server.
|
|
*
|
|
* radiusAuthClientPendingRequests (or radiusAccClientPendingRequests) is the
|
|
* number struct radius_client_data::msgs for matching msg_type.
|
|
*/
|
|
struct hostapd_radius_server {
|
|
/**
|
|
* addr - radiusAuthServerAddress or radiusAccServerAddress
|
|
*/
|
|
struct hostapd_ip_addr addr;
|
|
|
|
/**
|
|
* port - radiusAuthClientServerPortNumber or radiusAccClientServerPortNumber
|
|
*/
|
|
int port;
|
|
|
|
/**
|
|
* shared_secret - Shared secret for authenticating RADIUS messages
|
|
*/
|
|
u8 *shared_secret;
|
|
|
|
/**
|
|
* shared_secret_len - Length of shared_secret in octets
|
|
*/
|
|
size_t shared_secret_len;
|
|
|
|
/* Dynamic (not from configuration file) MIB data */
|
|
|
|
/**
|
|
* index - radiusAuthServerIndex or radiusAccServerIndex
|
|
*/
|
|
int index;
|
|
|
|
/**
|
|
* round_trip_time - radiusAuthClientRoundTripTime or radiusAccClientRoundTripTime
|
|
* Round-trip time in hundredths of a second.
|
|
*/
|
|
int round_trip_time;
|
|
|
|
/**
|
|
* requests - radiusAuthClientAccessRequests or radiusAccClientRequests
|
|
*/
|
|
u32 requests;
|
|
|
|
/**
|
|
* retransmissions - radiusAuthClientAccessRetransmissions or radiusAccClientRetransmissions
|
|
*/
|
|
u32 retransmissions;
|
|
|
|
/**
|
|
* access_accepts - radiusAuthClientAccessAccepts
|
|
*/
|
|
u32 access_accepts;
|
|
|
|
/**
|
|
* access_rejects - radiusAuthClientAccessRejects
|
|
*/
|
|
u32 access_rejects;
|
|
|
|
/**
|
|
* access_challenges - radiusAuthClientAccessChallenges
|
|
*/
|
|
u32 access_challenges;
|
|
|
|
/**
|
|
* responses - radiusAccClientResponses
|
|
*/
|
|
u32 responses;
|
|
|
|
/**
|
|
* malformed_responses - radiusAuthClientMalformedAccessResponses or radiusAccClientMalformedResponses
|
|
*/
|
|
u32 malformed_responses;
|
|
|
|
/**
|
|
* bad_authenticators - radiusAuthClientBadAuthenticators or radiusAccClientBadAuthenticators
|
|
*/
|
|
u32 bad_authenticators;
|
|
|
|
/**
|
|
* timeouts - radiusAuthClientTimeouts or radiusAccClientTimeouts
|
|
*/
|
|
u32 timeouts;
|
|
|
|
/**
|
|
* unknown_types - radiusAuthClientUnknownTypes or radiusAccClientUnknownTypes
|
|
*/
|
|
u32 unknown_types;
|
|
|
|
/**
|
|
* packets_dropped - radiusAuthClientPacketsDropped or radiusAccClientPacketsDropped
|
|
*/
|
|
u32 packets_dropped;
|
|
};
|
|
|
|
/**
|
|
* struct hostapd_radius_servers - RADIUS servers for RADIUS client
|
|
*/
|
|
struct hostapd_radius_servers {
|
|
/**
|
|
* auth_servers - RADIUS Authentication servers in priority order
|
|
*/
|
|
struct hostapd_radius_server *auth_servers;
|
|
|
|
/**
|
|
* num_auth_servers - Number of auth_servers entries
|
|
*/
|
|
int num_auth_servers;
|
|
|
|
/**
|
|
* auth_server - The current Authentication server
|
|
*/
|
|
struct hostapd_radius_server *auth_server;
|
|
|
|
/**
|
|
* acct_servers - RADIUS Accounting servers in priority order
|
|
*/
|
|
struct hostapd_radius_server *acct_servers;
|
|
|
|
/**
|
|
* num_acct_servers - Number of acct_servers entries
|
|
*/
|
|
int num_acct_servers;
|
|
|
|
/**
|
|
* acct_server - The current Accounting server
|
|
*/
|
|
struct hostapd_radius_server *acct_server;
|
|
|
|
/**
|
|
* retry_primary_interval - Retry interval for trying primary server
|
|
*
|
|
* This specifies a retry interval in sexconds for trying to return to
|
|
* the primary RADIUS server. RADIUS client code will automatically try
|
|
* to use the next server when the current server is not replying to
|
|
* requests. If this interval is set (non-zero), the primary server
|
|
* will be retried after the specified number of seconds has passed
|
|
* even if the current used secondary server is still working.
|
|
*/
|
|
int retry_primary_interval;
|
|
|
|
/**
|
|
* msg_dumps - Whether RADIUS message details are shown in stdout
|
|
*/
|
|
int msg_dumps;
|
|
|
|
/**
|
|
* client_addr - Client (local) address to use if force_client_addr
|
|
*/
|
|
struct hostapd_ip_addr client_addr;
|
|
|
|
/**
|
|
* force_client_addr - Whether to force client (local) address
|
|
*/
|
|
int force_client_addr;
|
|
};
|
|
|
|
|
|
/**
|
|
* RadiusType - RADIUS server type for RADIUS client
|
|
*/
|
|
typedef enum {
|
|
/**
|
|
* RADIUS authentication
|
|
*/
|
|
RADIUS_AUTH,
|
|
|
|
/**
|
|
* RADIUS_ACCT - RADIUS accounting
|
|
*/
|
|
RADIUS_ACCT,
|
|
|
|
/**
|
|
* RADIUS_ACCT_INTERIM - RADIUS interim accounting message
|
|
*
|
|
* Used only with radius_client_send(). This behaves just like
|
|
* RADIUS_ACCT, but removes any pending interim RADIUS Accounting
|
|
* messages for the same STA before sending the new interim update.
|
|
*/
|
|
RADIUS_ACCT_INTERIM
|
|
} RadiusType;
|
|
|
|
/**
|
|
* RadiusRxResult - RADIUS client RX handler result
|
|
*/
|
|
typedef enum {
|
|
/**
|
|
* RADIUS_RX_PROCESSED - Message processed
|
|
*
|
|
* This stops handler calls and frees the message.
|
|
*/
|
|
RADIUS_RX_PROCESSED,
|
|
|
|
/**
|
|
* RADIUS_RX_QUEUED - Message has been queued
|
|
*
|
|
* This stops handler calls, but does not free the message; the handler
|
|
* that returned this is responsible for eventually freeing the
|
|
* message.
|
|
*/
|
|
RADIUS_RX_QUEUED,
|
|
|
|
/**
|
|
* RADIUS_RX_UNKNOWN - Message is not for this handler
|
|
*/
|
|
RADIUS_RX_UNKNOWN,
|
|
|
|
/**
|
|
* RADIUS_RX_INVALID_AUTHENTICATOR - Message has invalid Authenticator
|
|
*/
|
|
RADIUS_RX_INVALID_AUTHENTICATOR
|
|
} RadiusRxResult;
|
|
|
|
struct radius_client_data;
|
|
|
|
int radius_client_register(struct radius_client_data *radius,
|
|
RadiusType msg_type,
|
|
RadiusRxResult (*handler)
|
|
(struct radius_msg *msg, struct radius_msg *req,
|
|
const u8 *shared_secret, size_t shared_secret_len,
|
|
void *data),
|
|
void *data);
|
|
void radius_client_set_interim_error_cb(struct radius_client_data *radius,
|
|
void (*cb)(const u8 *addr, void *ctx),
|
|
void *ctx);
|
|
int radius_client_send(struct radius_client_data *radius,
|
|
struct radius_msg *msg,
|
|
RadiusType msg_type, const u8 *addr);
|
|
u8 radius_client_get_id(struct radius_client_data *radius);
|
|
void radius_client_flush(struct radius_client_data *radius, int only_auth);
|
|
struct radius_client_data *
|
|
radius_client_init(void *ctx, struct hostapd_radius_servers *conf);
|
|
void radius_client_deinit(struct radius_client_data *radius);
|
|
void radius_client_flush_auth(struct radius_client_data *radius,
|
|
const u8 *addr);
|
|
int radius_client_get_mib(struct radius_client_data *radius, char *buf,
|
|
size_t buflen);
|
|
void radius_client_reconfig(struct radius_client_data *radius,
|
|
struct hostapd_radius_servers *conf);
|
|
|
|
#endif /* RADIUS_CLIENT_H */
|