2 \brief Public interface for libradsec. */
4 /* See LICENSE for licensing information. */
6 #ifndef _RADSEC_RADSEC_H_
7 #define _RADSEC_RADSEC_H_ 1
12 #ifdef HAVE_SYS_TIME_H
15 #ifdef HAVE_ARPA_INET_H
16 #include <arpa/inet.h>
31 RSE_CONN_TYPE_MISMATCH = 5,
34 RSE_EVENT = 9, /* libevent error. */
39 RSE_SSLERR = 14, /* OpenSSL error. */
41 RSE_TIMEOUT_CONN = 16, /* Connection timeout. */
42 RSE_INVAL = 17, /* Invalid argument. */
43 RSE_TIMEOUT_IO = 18, /* I/O timeout. */
44 RSE_TIMEOUT = 19, /* High level timeout. */
47 RSE_PACKET_TOO_SMALL = 22,
48 RSE_PACKET_TOO_LARGE = 23,
49 RSE_ATTR_OVERFLOW = 24,
50 RSE_ATTR_TOO_SMALL = 25,
51 RSE_ATTR_TOO_LARGE = 26,
52 RSE_ATTR_UNKNOWN = 27,
53 RSE_ATTR_BAD_NAME = 28,
54 RSE_ATTR_VALUE_MALFORMED = 29,
55 RSE_ATTR_INVALID = 30,
56 RSE_TOO_MANY_ATTRS = 31,
57 RSE_ATTR_TYPE_UNKNOWN = 32,
58 RSE_MSG_AUTH_LEN = 33,
59 RSE_MSG_AUTH_WRONG = 34,
60 RSE_REQUEST_REQUIRED = 35,
61 RSE_INVALID_REQUEST_CODE = 36,
62 RSE_AUTH_VECTOR_WRONG = 37,
63 RSE_INVALID_RESPONSE_CODE = 38,
64 RSE_INVALID_RESPONSE_ID = 39,
65 RSE_INVALID_RESPONSE_SRC = 40,
66 RSE_NO_PACKET_DATA = 41,
67 RSE_VENDOR_UNKNOWN = 42,
74 RS_CONN_TYPE_NONE = 0,
80 typedef unsigned int rs_conn_type_t;
82 typedef enum rs_attr_type_t {
83 RS_TYPE_INVALID = 0, /**< Invalid data type */
84 RS_TYPE_STRING, /**< printable-text */
85 RS_TYPE_INTEGER, /**< a 32-bit unsigned integer */
86 RS_TYPE_IPADDR, /**< an IPv4 address */
87 RS_TYPE_DATE, /**< a 32-bit date, of seconds since January 1, 1970 */
88 RS_TYPE_OCTETS, /**< a sequence of binary octets */
89 RS_TYPE_IFID, /**< an Interface Id */
90 RS_TYPE_IPV6ADDR, /**< an IPv6 address */
91 RS_TYPE_IPV6PREFIX, /**< an IPv6 prefix */
92 RS_TYPE_BYTE, /**< an 8-bit integer */
93 RS_TYPE_SHORT, /**< a 16-bit integer */
96 #define PW_ACCESS_REQUEST 1
97 #define PW_ACCESS_ACCEPT 2
98 #define PW_ACCESS_REJECT 3
99 #define PW_ACCOUNTING_REQUEST 4
100 #define PW_ACCOUNTING_RESPONSE 5
101 #define PW_ACCOUNTING_STATUS 6
102 #define PW_PASSWORD_REQUEST 7
103 #define PW_PASSWORD_ACK 8
104 #define PW_PASSWORD_REJECT 9
105 #define PW_ACCOUNTING_MESSAGE 10
106 #define PW_ACCESS_CHALLENGE 11
107 #define PW_STATUS_SERVER 12
108 #define PW_STATUS_CLIENT 13
109 #define PW_DISCONNECT_REQUEST 40
110 #define PW_DISCONNECT_ACK 41
111 #define PW_DISCONNECT_NAK 42
112 #define PW_COA_REQUEST 43
113 #define PW_COA_ACK 44
114 #define PW_COA_NAK 45
116 #if defined (__cplusplus)
121 struct rs_context; /* radsec-impl.h */
122 struct rs_connection; /* radsec-impl.h */
123 struct rs_packet; /* radsec-impl.h */
124 struct rs_conn; /* radsec-impl.h */
125 struct rs_error; /* radsec-impl.h */
126 struct rs_peer; /* radsec-impl.h */
127 struct radius_packet; /* <radius/client.h> */
128 struct value_pair; /* <radius/client.h> */
129 struct event_base; /* <event2/event-internal.h> */
131 typedef void *(*rs_calloc_fp) (size_t nmemb, size_t size);
132 typedef void *(*rs_malloc_fp) (size_t size);
133 typedef void (*rs_free_fp) (void *ptr);
134 typedef void *(*rs_realloc_fp) (void *ptr, size_t size);
135 struct rs_alloc_scheme {
139 rs_realloc_fp realloc;
142 typedef void (*rs_conn_connected_cb) (void *user_data /* FIXME: peer? */ );
143 typedef void (*rs_conn_disconnected_cb) (void *user_data /* FIXME: reason? */ );
144 typedef void (*rs_conn_packet_received_cb) (struct rs_packet *packet,
146 typedef void (*rs_conn_packet_sent_cb) (void *user_data);
147 struct rs_conn_callbacks {
148 /** Callback invoked when the connection has been established. */
149 rs_conn_connected_cb connected_cb;
150 /** Callback invoked when the connection has been torn down. */
151 rs_conn_disconnected_cb disconnected_cb;
152 /** Callback invoked when a packet was received. */
153 rs_conn_packet_received_cb received_cb;
154 /** Callback invoked when a packet was successfully sent. */
155 rs_conn_packet_sent_cb sent_cb;
158 typedef struct value_pair rs_avp;
159 typedef const struct value_pair rs_const_avp;
161 /* Function prototypes. */
166 /** Create a context. Freed by calling \a rs_context_destroy. Note
167 that the context must not be freed before all other libradsec
168 objects have been freed.
170 \a ctx Address of pointer to a struct rs_context. This is the
171 output of this function.
173 \return RSE_OK (0) on success or RSE_NOMEM on out of memory. */
174 int rs_context_create(struct rs_context **ctx);
176 /** Free a context. Note that the context must not be freed before
177 all other libradsec objects have been freed. */
178 void rs_context_destroy(struct rs_context *ctx);
180 /** Set allocation scheme to use. \a scheme is the allocation scheme
181 to use, see \a rs_alloc_scheme. \return On success, RSE_OK (0) is
182 returned. On error, !0 is returned and a struct \a rs_error is
183 pushed on the error stack for the context. The error can be
184 accessed using \a rs_err_ctx_pop. */
185 int rs_context_set_alloc_scheme(struct rs_context *ctx,
186 struct rs_alloc_scheme *scheme);
188 /** Read configuration file. \a config_file is the path of the
189 configuration file to read. \return On success, RSE_OK (0) is
190 returned. On error, !0 is returned and a struct \a rs_error is
191 pushed on the error stack for the context. The error can be
192 accessed using \a rs_err_ctx_pop. */
193 int rs_context_read_config(struct rs_context *ctx, const char *config_file);
198 /** Create a connection. \a conn is the address of a pointer to an \a
199 rs_connection, the output. Free the connection using \a
200 rs_conn_destroy. Note that a connection must not be freed before
201 all packets associated with the connection have been freed. A
202 packet is associated with a connection when it's created (\a
203 rs_packet_create) or received (\a rs_conn_receive_packet).
205 If \a config is not NULL it should be the name of a configuration
206 found in the config file read in using \a rs_context_read_config.
207 \return On success, RSE_OK (0) is returned. On error, !0 is
208 returned and a struct \a rs_error is pushed on the error stack for
209 the context. The error can be accessed using \a
211 int rs_conn_create(struct rs_context *ctx,
212 struct rs_connection **conn,
215 /** Not implemented. */
216 int rs_conn_add_listener(struct rs_connection *conn,
218 const char *hostname,
220 /** Disconnect connection \a conn. \return RSE_OK (0) on success, !0
221 * on error. On error, errno is set appropriately. */
222 int rs_conn_disconnect (struct rs_connection *conn);
224 /** Disconnect and free memory allocated for connection \a conn. Note
225 that a connection must not be freed before all packets associated
226 with the connection have been freed. A packet is associated with
227 a connection when it's created (\a rs_packet_create) or received
228 (\a rs_conn_receive_packet). \return RSE_OK (0) on success, !0 *
229 on error. On error, errno is set appropriately. */
230 int rs_conn_destroy(struct rs_connection *conn);
232 /** Set connection type for \a conn. */
233 void rs_conn_set_type(struct rs_connection *conn, rs_conn_type_t type);
235 /** Not implemented. */
236 int rs_conn_set_eventbase(struct rs_connection *conn, struct event_base *eb);
238 /** Register callbacks \a cb for connection \a conn. */
239 void rs_conn_set_callbacks(struct rs_connection *conn,
240 struct rs_conn_callbacks *cb);
242 /** Remove callbacks for connection \a conn. */
243 void rs_conn_del_callbacks(struct rs_connection *conn);
245 /** Return callbacks registered for connection \a conn. \return
246 Installed callbacks are returned. */
247 struct rs_conn_callbacks *rs_conn_get_callbacks(struct rs_connection *conn);
249 /** Not implemented. */
250 int rs_conn_select_peer(struct rs_connection *conn, const char *name);
252 /** Not implemented. */
253 int rs_conn_get_current_peer(struct rs_connection *conn,
257 /** Special function used in blocking mode, i.e. with no callbacks
258 registered. For any other use of libradsec, a \a received_cb
259 callback should be registered using \a rs_conn_set_callbacks.
261 If \a req_msg is not NULL, a successfully received RADIUS message
262 is verified against it. If \a pkt_out is not NULL it will upon
263 return contain a pointer to an \a rs_packet containing the new
266 \return On error or if the connect (TCP only) or read times out,
267 \a pkt_out will not be changed and one or more errors are pushed
268 on \a conn (available through \a rs_err_conn_pop). */
269 int rs_conn_receive_packet(struct rs_connection *conn,
270 struct rs_packet *request,
271 struct rs_packet **pkt_out);
273 /** Get the file descriptor associated with connection \a conn.
274 * \return File descriptor. */
275 int rs_conn_fd(struct rs_connection *conn);
277 /** Set the timeout value for connection \a conn. */
278 void rs_conn_set_timeout(struct rs_connection *conn, struct timeval *tv);
280 /* Peer -- client and server. */
281 int rs_peer_create(struct rs_connection *conn, struct rs_peer **peer_out);
282 int rs_peer_set_address(struct rs_peer *peer,
283 const char *hostname,
284 const char *service);
285 int rs_peer_set_secret(struct rs_peer *peer, const char *secret);
286 void rs_peer_set_timeout(struct rs_peer *peer, int timeout);
287 void rs_peer_set_retries(struct rs_peer *peer, int retries);
292 /** Create a packet associated with connection \a conn. */
293 int rs_packet_create(struct rs_connection *conn, struct rs_packet **pkt_out);
295 /** Free all memory allocated for packet \a pkt. */
296 void rs_packet_destroy(struct rs_packet *pkt);
298 /** Send packet \a pkt on the connection associated with \a pkt.
299 \a user_data is passed to the \a rs_conn_packet_received_cb callback
300 registered with the connection. If no callback is registered with
301 the connection, the event loop is run by \a rs_packet_send and it
302 blocks until the full packet has been sent. Note that sending can
303 fail in several ways, f.ex. if the transmission protocol in use
304 is connection oriented (\a RS_CONN_TYPE_TCP and \a RS_CONN_TYPE_TLS)
305 and the connection can not be established. Also note that no
306 retransmission is done, something that is required for connectionless
307 transport protocols (\a RS_CONN_TYPE_UDP and \a RS_CONN_TYPE_DTLS).
308 The "request" API with \a rs_request_send can help with this.
310 \return On success, RSE_OK (0) is returned. On error, !0 is
311 returned and a struct \a rs_error is pushed on the error stack for
312 the connection. The error can be accessed using \a rs_err_conn_pop. */
313 int rs_packet_send(struct rs_packet *pkt, void *user_data);
315 /** Create a RADIUS authentication request packet associated with
316 connection \a conn. Optionally, User-Name and User-Password
317 attributes are added to the packet using the data in \a user_name
319 int rs_packet_create_authn_request(struct rs_connection *conn,
320 struct rs_packet **pkt,
321 const char *user_name,
322 const char *user_pw);
324 /** Add a new attribute-value pair to \a pkt. */
325 int rs_packet_add_avp(struct rs_packet *pkt,
326 unsigned int attr, unsigned int vendor,
327 const void *data, size_t data_len);
329 /** Append a new attribute to packet \a pkt. Note that this function
330 encodes the attribute and therefore might require the secret
331 shared with the thought recipient to be set in pkt->rpkt. Note
332 also that this function marks \a pkt as already encoded and can
333 not be used on packets with non-encoded value-pairs already
336 rs_packet_append_avp(struct rs_packet *pkt,
337 unsigned int attribute, unsigned int vendor,
338 const void *data, size_t data_len);
340 /*** Get pointer to \a pkt attribute value pairs. */
342 rs_packet_avps(struct rs_packet *pkt, rs_avp ***vps);
344 /*** Get RADIUS packet type of \a pkt. */
346 rs_packet_code(struct rs_packet *pkt);
348 /*** Get RADIUS AVP from \a pkt. */
350 rs_packet_find_avp(struct rs_packet *pkt, unsigned int attr, unsigned int vendor);
352 /*** Set packet identifier in \a pkt; returns old identifier */
354 rs_packet_set_id (struct rs_packet *pkt, int id);
359 /** Find the realm named \a name in the configuration file previoiusly
360 read in using \a rs_context_read_config. */
361 struct rs_realm *rs_conf_find_realm(struct rs_context *ctx, const char *name);
366 /** Create a struct \a rs_error and push it on a FIFO associated with
367 context \a ctx. Note: The depth of the error stack is one (1) at
368 the moment. This will change in a future release. */
369 int rs_err_ctx_push(struct rs_context *ctx, int code, const char *fmt, ...);
370 int rs_err_ctx_push_fl(struct rs_context *ctx,
376 /** Pop the first error from the error FIFO associated with context \a
377 ctx or NULL if there are no errors in the FIFO. */
378 struct rs_error *rs_err_ctx_pop(struct rs_context *ctx);
380 /** Create a struct \a rs_error and push it on a FIFO associated with
381 connection \a conn. Note: The depth of the error stack is one (1)
382 at the moment. This will change in a future release. */
383 int rs_err_conn_push(struct rs_connection *conn,
387 int rs_err_conn_push_fl(struct rs_connection *conn,
393 /** Pop the first error from the error FIFO associated with connection
394 \a conn or NULL if there are no errors in the FIFO. */
395 struct rs_error *rs_err_conn_pop(struct rs_connection *conn);
397 int rs_err_conn_peek_code (struct rs_connection *conn);
398 void rs_err_free(struct rs_error *err);
399 char *rs_err_msg(struct rs_error *err);
400 int rs_err_code(struct rs_error *err, int dofree_flag);
405 #define rs_avp_is_string(vp) (rs_avp_typeof(vp) == RS_TYPE_STRING)
406 #define rs_avp_is_integer(vp) (rs_avp_typeof(vp) == RS_TYPE_INTEGER)
407 #define rs_avp_is_ipaddr(vp) (rs_avp_typeof(vp) == RS_TYPE_IPADDR)
408 #define rs_avp_is_date(vp) (rs_avp_typeof(vp) == RS_TYPE_DATE)
409 #define rs_avp_is_octets(vp) (rs_avp_typeof(vp) == RS_TYPE_OCTETS)
410 #define rs_avp_is_ifid(vp) (rs_avp_typeof(vp) == RS_TYPE_IFID)
411 #define rs_avp_is_ipv6addr(vp) (rs_avp_typeof(vp) == RS_TYPE_IPV6ADDR)
412 #define rs_avp_is_ipv6prefix(vp) (rs_avp_typeof(vp) == RS_TYPE_IPV6PREFIX)
413 #define rs_avp_is_byte(vp) (rs_avp_typeof(vp) == RS_TYPE_BYTE)
414 #define rs_avp_is_short(vp) (rs_avp_typeof(vp) == RS_TYPE_SHORT)
415 #define rs_avp_is_tlv(vp) (rs_avp_typeof(vp) == RS_TYPE_TLV)
417 /** The maximum length of a RADIUS attribute.
419 * The RFCs require that a RADIUS attribute transport no more than
420 * 253 octets of data. We add an extra byte for a trailing NUL, so
421 * that the VALUE_PAIR::vp_strvalue field can be handled as a C
424 #define RS_MAX_STRING_LEN 254
426 /** Free the AVP list \a vps */
428 rs_avp_free(rs_avp **vps);
430 /** Return the length of AVP \a vp in bytes */
432 rs_avp_length(rs_const_avp *vp);
434 /** Return the type of \a vp */
436 rs_avp_typeof(rs_const_avp *vp);
438 /** Retrieve the attribute and vendor ID of \a vp */
440 rs_avp_attrid(rs_const_avp *vp, unsigned int *attr, unsigned int *vendor);
442 /** Add \a vp to the list pointed to by \a head */
444 rs_avp_append(rs_avp **head, rs_avp *vp);
446 /** Find an AVP in \a vp that matches \a attr and \a vendor */
448 rs_avp_find(rs_avp *vp, unsigned int attr, unsigned int vendor);
450 /** Find an AVP in \a vp that matches \a attr and \a vendor */
452 rs_avp_find_const(rs_const_avp *vp, unsigned int attr, unsigned int vendor);
454 /** Alloc a new AVP for \a attr and \a vendor */
456 rs_avp_alloc(unsigned int attr, unsigned int vendor);
458 /** Duplicate existing AVP \a vp */
460 rs_avp_dup(rs_const_avp *vp);
462 /** Remove matching AVP from list \a vps */
464 rs_avp_delete(rs_avp **vps, unsigned int attr, unsigned int vendor);
466 /** Return next AVP in list */
468 rs_avp_next(rs_avp *vp);
470 /** Return next AVP in list */
472 rs_avp_next_const(rs_const_avp *avp);
474 /** Return string value of \a vp */
476 rs_avp_string_value(rs_const_avp *vp);
478 /** Set AVP \a vp to string \a str */
480 rs_avp_string_set(rs_avp *vp, const char *str);
482 /** Return integer value of \a vp */
484 rs_avp_integer_value(rs_const_avp *vp);
486 /** Set AVP \a vp to integer \a val */
488 rs_avp_integer_set(rs_avp *vp, uint32_t val);
490 /** Return IPv4 value of \a vp */
492 rs_avp_ipaddr_value(rs_const_avp *vp);
494 /** Set AVP \a vp to IPv4 address \a in */
496 rs_avp_ipaddr_set(rs_avp *vp, struct in_addr in);
498 /** Return POSIX time value of \a vp */
500 rs_avp_date_value(rs_const_avp *vp);
502 /** Set AVP \a vp to POSIX time \a date */
504 rs_avp_date_set(rs_avp *vp, time_t date);
506 /** Return constant pointer to octets in \a vp */
507 const unsigned char *
508 rs_avp_octets_value_const_ptr(rs_const_avp *vp);
510 /** Return pointer to octets in \a vp */
512 rs_avp_octets_value_ptr(rs_avp *vp);
514 /** Retrieve octet pointer \a p and length \a len from \a vp */
516 rs_avp_octets_value_byref(rs_avp *vp,
520 /** Copy octets from \a vp into \a buf and \a len */
522 rs_avp_octets_value(rs_const_avp *vp,
527 * Copy octets possibly fragmented across multiple VPs
528 * into \a buf and \a len
531 rs_avp_fragmented_value(rs_const_avp *vps,
535 /** Copy \a len octets in \a buf to AVP \a vp */
537 rs_avp_octets_set(rs_avp *vp,
538 const unsigned char *buf,
541 /** Return IFID value of \a vp */
543 rs_avp_ifid_value(rs_const_avp *vp, uint8_t val[8]);
546 rs_avp_ifid_set(rs_avp *vp, const uint8_t val[8]);
548 /** Return byte value of \a vp */
550 rs_avp_byte_value(rs_const_avp *vp);
552 /** Set AVP \a vp to byte \a val */
554 rs_avp_byte_set(rs_avp *vp, uint8_t val);
556 /** Return short value of \a vp */
558 rs_avp_short_value(rs_const_avp *vp);
560 /** Set AVP \a vp to short integer \a val */
562 rs_avp_short_set(rs_avp *vp, uint16_t val);
564 /** Display possibly \a canonical attribute name into \a buffer */
566 rs_attr_display_name (unsigned int attr,
572 /** Display AVP \a vp into \a buffer */
574 rs_avp_display_value(rs_const_avp *vp,
579 rs_attr_parse_name (const char *name,
581 unsigned int *vendor);
583 /** Lookup attribute \a name */
585 rs_attr_find(const char *name,
587 unsigned int *vendor);
589 /** Return dictionary name for AVP \a vp */
591 rs_avp_name(rs_const_avp *vp);
593 #if defined (__cplusplus)
597 #endif /* _RADSEC_RADSEC_H_ */
599 /* Local Variables: */
600 /* c-file-style: "stroustrup" */
projects / radsecproxy.git / blob