*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
*
* Copyright 2001 hereUare Communications, Inc. <raghud@hereuare.com>
+ * Copyright 2003 Alan DeKok <aland@freeradius.org>
+ * Copyright 2006 The FreeRADIUS server project
*/
#ifndef _EAP_H
#define _EAP_H
-#include "autoconf.h"
+#include <freeradius-devel/ident.h>
+RCSIDH(eap_h, "$Id$")
-#if HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
+#include <freeradius-devel/radiusd.h>
+#include <freeradius-devel/modules.h>
+#include <freeradius-devel/rad_assert.h>
-#if HAVE_NETINET_IN_H
-#include <netinet/in.h>
-#endif
-
-#include <string.h>
-#include <stdlib.h>
-
-#include "radiusd.h"
-#include "modules.h"
-
-#include "rad_assert.h"
-
-#define PW_EAP_REQUEST 1
-#define PW_EAP_RESPONSE 2
-#define PW_EAP_SUCCESS 3
-#define PW_EAP_FAILURE 4
-#define PW_EAP_MAX_CODES 4
-
-#define PW_EAP_IDENTITY 1
-#define PW_EAP_NOTIFICATION 2
-#define PW_EAP_NAK 3
-#define PW_EAP_MD5 4
-#define PW_EAP_OTP 5
-#define PW_EAP_GTC 6
-#define PW_EAP_TLS 13
-#define PW_EAP_LEAP 17
-#define PW_EAP_TTLS 21
-#define PW_EAP_PEAP 25
-#define PW_EAP_MAX_TYPES 25
-
-#define EAP_HEADER_LEN 4
-
-/*
- * EAP-Type specific data.
- */
-typedef struct eaptype_t {
- unsigned char type;
- unsigned int length;
- unsigned char *data;
-} eaptype_t;
-
-/*
- * Structure to hold EAP data.
- *
- * length = code + id + length + type + type.data
- * = 1 + 1 + 2 + 1 + X
- */
-typedef struct eap_packet {
- unsigned char code;
- unsigned char id;
- unsigned int length;
- eaptype_t type;
-
- unsigned char *packet;
-} EAP_PACKET;
+#include "eap_types.h"
/*
* EAP_DS contains all the received/sending information
* response = Received EAP packet
* request = Sending EAP packet
*
- * Note: We are authentication server,
- * we get ONLY EAP-Responses and
+ * Note: We are authentication server,
+ * we get ONLY EAP-Responses and
* we send EAP-Request/EAP-success/EAP-failure
*/
typedef struct eap_ds {
/*
* Currently there are only 2 types
- * of operations defined,
+ * of operations defined,
* apart from attach & detach for each EAP-Type.
*/
typedef enum operation_t {
* Each handler contains information for one specific EAP-Type.
* This way we don't need to change any interfaces in future.
* It is also a list of EAP-request handlers waiting for EAP-response
- * eap_id = copy of the eap packet we sent to the
+ * eap_id = copy of the eap packet we sent to the
*
* next = pointer to next
* state = state attribute from the reply we sent
* eap_id = copy of EAP id we sent to the client.
* timestamp = timestamp when this handler was last used.
* identity = Identity, as obtained, from EAP-Identity response.
- * username = as obtained in Radius request, It might differ from identity.
* request = RADIUS request data structure
* prev_eapds = Previous EAP request, for which eap_ds contains the response.
* eap_ds = Current EAP response.
* opaque = EAP-Type holds some data that corresponds to the current
* EAP-request/response
- * free_opaque = To release memory held by opaque,
+ * free_opaque = To release memory held by opaque,
* when this handler is timedout & needs to be deleted.
- * It is the responsibility of the specific EAP-TYPE
+ * It is the responsibility of the specific EAP-TYPE
* to avoid any memory leaks in opaque
* Hence this pointer should be provided by the EAP-Type
* if opaque is not NULL
*/
#define EAP_STATE_LEN (AUTH_VECTOR_LEN)
typedef struct _eap_handler {
- struct _eap_handler *next;
-
+ struct _eap_handler *prev, *next;
uint8_t state[EAP_STATE_LEN];
- uint32_t src_ipaddr;
- int eap_id;
+ lrad_ipaddr_t src_ipaddr;
+ unsigned int eap_id;
+ unsigned int eap_type;
time_t timestamp;
- VALUE_PAIR *username; /* SHOULD get rid of this! */
REQUEST *request;
- char *identity; /* user identity? Huh? */
+ char *identity; /* User name from EAP-Identity */
EAP_DS *prev_eapds;
EAP_DS *eap_ds;
int stage;
} EAP_HANDLER;
-/*
+/*
* Interface to call EAP sub mdoules
*/
typedef struct eap_type_t {
int (*detach)(void *type_data);
} EAP_TYPE;
+#define REQUEST_DATA_EAP_HANDLER (1)
+#define REQUEST_DATA_EAP_TUNNEL_CALLBACK PW_EAP_MESSAGE
+#define REQUEST_DATA_EAP_MSCHAP_TUNNEL_CALLBACK ((PW_EAP_MESSAGE << 16) | PW_EAP_MSCHAPV2)
+#define RAD_REQUEST_OPTION_PROXY_EAP (1 << 16)
+
+/*
+ * This is for tunneled callbacks
+ */
+typedef int (*eap_tunnel_callback_t)(EAP_HANDLER *handler, void *tls_session);
+typedef struct eap_tunnel_data_t {
+ void *tls_session;
+ eap_tunnel_callback_t callback;
+} eap_tunnel_data_t;
+
#endif /*_EAP_H*/