Mercurial > hg > waaad
changeset 363:9d330bd07134
Progress on the radius_gw gateway
| author | Sebastien Decugis <sdecugis@nict.go.jp> |
|---|---|
| date | Thu, 21 May 2009 15:14:18 +0900 |
| parents | 93e6eaf04b95 |
| children | 48de36f08bec |
| files | extensions/radius_gw/CMakeLists.txt extensions/radius_gw/design.txt extensions/radius_gw/notes.txt extensions/radius_gw/radius-types extensions/radius_gw/radius-types-attrtypes extensions/radius_gw/radius-types-codes extensions/radius_gw/radius_gw.h extensions/radius_gw/radius_gw_internal.h extensions/radius_gw/rebuild_inc.sh extensions/radius_gw/register-parse.awk extensions/radius_gw/rg_utils.c extensions/radius_gw/rgw_clients.c extensions/radius_gw/rgw_extensions.c extensions/radius_gw/rgw_msg.c extensions/radius_gw/rgw_servers.c extensions/radius_gw/rgw_work.c extensions/radius_gw/rsc/radius-types extensions/radius_gw/rsc/radius-types-attrtypes extensions/radius_gw/rsc/radius-types-codes extensions/radius_gw/rsc/rebuild_inc.sh extensions/radius_gw/rsc/register-parse.awk |
| diffstat | 21 files changed, 1233 insertions(+), 953 deletions(-) [+] |
line wrap: on
line diff
--- a/extensions/radius_gw/CMakeLists.txt Thu May 21 10:25:20 2009 +0900 +++ b/extensions/radius_gw/CMakeLists.txt Thu May 21 15:14:18 2009 +0900 @@ -7,8 +7,9 @@ SET(RG_COMMON_SRC rg_utils.c ) +ADD_DEFINITIONS(-DRG_COMMON_VERBO=FULL) ADD_LIBRARY(rg_common STATIC ${RG_COMMON_SRC}) -# Note : we should remove the STATIC here to avoid duplicating the code; but it is not tested yet. +# Note : we could remove the STATIC here to avoid duplicating the code; but it is not tested yet. ########### Main radius_gw extension ############# # md5
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/extensions/radius_gw/design.txt Thu May 21 15:14:18 2009 +0900 @@ -0,0 +1,52 @@ +Several extensions will be built from this directory. + +radius_gw: base code for the gateway. +This extension alone does nothing but logging messages with unknown codes or attributes. + +Other extensions provide callbacks to handle messages / attributes. +These sub-extensions are loaded according to the configuration of the main extension. + +The complete list of RADIUS command codes can be found there: +http://www.iana.org/assignments/radius-types (RADIUS Packet Type Codes registry) + +*** Basic principles *** + +When a RADIUS message is received (should be a request): + - parse and validate the message + - format + - authenticator + - duplicate + - ... (?) + - creates a rad_t structure (radius_gw.h) containing the RADIUS message information: + - message data + - and metadata: + - attribute description + - already handled by an extension? (always initialized to 0) + - Pass the RADIUS parsed message, and locations for a diameter message and session to all registered extensions, + in the order specified in configuration. + - each extension may modify all its input (it must in particular set the "handled" flag to RADIUS attributes it + converted to Diameter) + - The extensions return error codes. The error may mean: + - stop processing and return an immediate error to the RADIUS client (critical error). + - (eventually for later) continue processing if a fallback extension is registered (not supported in initial version) + - (eventually for later) An immediate RADIUS answer must be sent, without going to Diameter network. This can be used for example for + fragmented RADIUS requests (not supported in initial version, may require change in the design...). + - When all extensions have been called, the Diameter message is checked for consistency. If it is a valid message, + it is sent on the Diameter Network, and the RADIUS message is saved in the session. + +When the Diameter answer is received, the radius_gw retrieves the corresponding RADIUS request from + the session, then a similar process happens (extensions are the same as for the request). + - It calls all registered extensions with: + - session pointer + - RADIUS request + - RADIUS answer (to add attributes) + - Diameter answer (with linked Diameter Request inside) + - When all extensions have been called, the RADIUS answer is generated, with appropriate authenticator and all, and + sent to the RADIUS client. + +*** About sessions *** + +The session is created the first time an Access-Request is received. +Then a State attribute in the form "Diameter/..." is used to store the information. +More details in http://tools.ietf.org/html/rfc4005#section-9 +
--- a/extensions/radius_gw/notes.txt Thu May 21 10:25:20 2009 +0900 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,53 +0,0 @@ -Several extensions will be built from this directory. - -radius_gw: base code for the gateway. -This extension alone does nothing but logging messages with unknown codes or attributes. - -Other extensions provide callbacks to handle messages / attributes. -These sub-extensions are loaded according to the configuration of the main extension. - -The complete list of RADIUS command codes can be found there: -http://www.iana.org/assignments/radius-types (RADIUS Packet Type Codes registry) - -*** Basic principles *** - -When a RADIUS message is received (should be a request): - - parse and validate the message - - format - - authenticator - - duplicate - - ... (?) - - creates a rad_t structure (radius_gw.h) containing the RADIUS message information: - - message data - - and metadata: - - attribute description - - already handled by an extension? (always initialized to 0) - - Pass the RADIUS parsed message, and locations for a diameter message and session to all registered extensions, - in the order specified in configuration. - - each extension may modify all its input (it must in particular set the "handled" flag to RADIUS attributes it - converted to Diameter) - - The extensions return error codes. The error may mean: - - stop processing and return an immediate error to the RADIUS client (critical error). - - (eventually for later) continue processing if a fallback extension is registered (not supported in initial version) - - (eventually for later) An immediate RADIUS answer must be sent, without going to Diameter network. This can be used for example for - fragmented RADIUS requests (not supported in initial version, may require change in the design...). - - When all extensions have been called, the Diameter message is checked for consistency. If it is a valid message, - it is sent on the Diameter Network, and the RADIUS message is saved in the session. If the Diameter message is - not valid, an error is returned to the RADIUS client and all data is discarded (after logging all useful information) - -When the Diameter answer is received, the radius_gw retrieves the corresponding RADIUS request from - the session, then a similar process happens (extensions are the same as for the request). - - It calls all registered extensions with: - - session pointer - - RADIUS request - - RADIUS answer (to add attributes) - - Diameter answer (with linked Diameter Request inside) - - When all extensions have been called, the RADIUS answer is generated, with appropriate authenticator and all, and - sent to the RADIUS client. - -*** About sessions *** - -The session is created the first time an Access-Request is received. -Then a State attribute in the form "Diameter/..." is used to store the information. -More details in http://tools.ietf.org/html/rfc4005#section-9 -
--- a/extensions/radius_gw/radius-types Thu May 21 10:25:20 2009 +0900 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,615 +0,0 @@ - -Radius Types - -(last updated 2009-04-24) - -Registries included below: -- Radius Attribute Types - - Radius Attribute Values -- Radius Packet Type Codes - - Radius Codes - -Note: -The RFC "Remote Authentication Dial In User Service (RADIUS)" -[RFC2058][RFC2865] defines a Packet Type Code and an Attribute -Type Code. The IANA registry of these codes and subordinate -assigned values is listed here according to [RFC3575]. - - -Registry Name: Radius Attribute Types -Reference: [RFC2865][RFC3575] -Range Registration Procedures Notes --------- -------------------------------- ---------- -1-191 IETF Consensus -192-240 Reserved for Privated Use -224-240 Implementation Specific -241-255 Reserved - -Registry: -Value Description Reference --------- --------------------------------------- --------- -1 User-Name -2 User-Password -3 CHAP-Password -4 NAS-IP-Address -5 NAS-Port -6 Service-Type -7 Framed-Protocol -8 Framed-IP-Address -9 Framed-IP-Netmask -10 Framed-Routing -11 Filter-Id -12 Framed-MTU -13 Framed-Compression -14 Login-IP-Host -15 Login-Service -16 Login-TCP-Port -17 Unassigned -18 Reply-Message -19 Callback-Number -20 Callback-Id -21 Unassigned -22 Framed-Route -23 Framed-IPX-Network -24 State -25 Class -26 Vendor-Specific -27 Session-Timeout -28 Idle-Timeout -29 Termination-Action -30 Called-Station-Id -31 Calling-Station-Id -32 NAS-Identifier -33 Proxy-State -34 Login-LAT-Service -35 Login-LAT-Node -36 Login-LAT-Group -37 Framed-AppleTalk-Link -38 Framed-AppleTalk-Network -39 Framed-AppleTalk-Zone -40 Acct-Status-Type [RFC2866] -41 Acct-Delay-Time [RFC2866] -42 Acct-Input-Octets [RFC2866] -43 Acct-Output-Octets [RFC2866] -44 Acct-Session-Id [RFC2866] -45 Acct-Authentic [RFC2866] -46 Acct-Session-Time [RFC2866] -47 Acct-Input-Packets [RFC2866] -48 Acct-Output-Packets [RFC2866] -49 Acct-Terminate-Cause [RFC2866] -50 Acct-Multi-Session-Id [RFC2866] -51 Acct-Link-Count [RFC2866] -52 Acct-Input-Gigawords [RFC2869] -53 Acct-Output-Gigawords [RFC2869] -54 Unassigned -55 Event-Timestamp [RFC2869] -56 Egress-VLANID [RFC4675] -57 Ingress-Filters [RFC4675] -58 Egress-VLAN-Name [RFC4675] -59 User-Priority-Table [RFC4675] -60 CHAP-Challenge -61 NAS-Port-Type -62 Port-Limit -63 Login-LAT-Port -64 Tunnel-Type [RFC2868] -65 Tunnel-Medium-Type [RFC2868] -66 Tunnel-Client-Endpoint [RFC2868] -67 Tunnel-Server-Endpoint [RFC2868] -68 Acct-Tunnel-Connection [RFC2867] -69 Tunnel-Password [RFC2868] -70 ARAP-Password [RFC2869] -71 ARAP-Features [RFC2869] -72 ARAP-Zone-Access [RFC2869] -73 ARAP-Security [RFC2869] -74 ARAP-Security-Data [RFC2869] -75 Password-Retry [RFC2869] -76 Prompt [RFC2869] -77 Connect-Info [RFC2869] -78 Configuration-Token [RFC2869] -79 EAP-Message [RFC2869] -80 Message-Authenticator [RFC2869] -81 Tunnel-Private-Group-ID [RFC2868] -82 Tunnel-Assignment-ID [RFC2868] -83 Tunnel-Preference [RFC2868] -84 ARAP-Challenge-Response [RFC2869] -85 Acct-Interim-Interval [RFC2869] -86 Acct-Tunnel-Packets-Lost [RFC2867] -87 NAS-Port-Id [RFC2869] -88 Framed-Pool [RFC2869] -89 CUI [RFC4372] -90 Tunnel-Client-Auth-ID [RFC2868] -91 Tunnel-Server-Auth-ID [RFC2868] -92 NAS-Filter-Rule [RFC4849] -93 Unassigned -94 Originating-Line-Info [RFC4005] -95 NAS-IPv6-Address [RFC3162] -96 Framed-Interface-Id [RFC3162] -97 Framed-IPv6-Prefix [RFC3162] -98 Login-IPv6-Host [RFC3162] -99 Framed-IPv6-Route [RFC3162] -100 Framed-IPv6-Pool [RFC3162] -101 Error-Cause Attribute [RFC3576] -102 EAP-Key-Name [RFC4072] -103 Digest-Response [RFC5090] -104 Digest-Realm [RFC5090] -105 Digest-Nonce [RFC5090] -106 Digest-Response-Auth [RFC5090] -107 Digest-Nextnonce [RFC5090] -108 Digest-Method [RFC5090] -109 Digest-URI [RFC5090] -110 Digest-Qop [RFC5090] -111 Digest-Algorithm [RFC5090] -112 Digest-Entity-Body-Hash [RFC5090] -113 Digest-CNonce [RFC5090] -114 Digest-Nonce-Count [RFC5090] -115 Digest-Username [RFC5090] -116 Digest-Opaque [RFC5090] -117 Digest-Auth-Param [RFC5090] -118 Digest-AKA-Auts [RFC5090] -119 Digest-Domain [RFC5090] -120 Digest-Stale [RFC5090] -121 Digest-HA1 [RFC5090] -122 SIP-AOR [RFC5090] -123 Delegated-IPv6-Prefix [RFC4818] -124 MIP6-Feature-Vector [RFC5447] -125 MIP6-Home-Link-Prefix [RFC5447] -126-191 Unassigned -192-223 Experimental Use [RFC3575] -224-240 Implementation Specific [RFC3575] -241-255 Reserved [RFC3575] - - -Registry Name: Radius Attribute Values -Reference: [RFC2865][RFC3575] - -Sub-registry: Values for RADIUS Attribute 6, Service-Type -Reference: [RFC2865][RFC3575] -Registration Procedures: Not defined - -Registry: -Value Description Reference ------ ------------------------------- --------- -1 Login -2 Framed -3 Callback Login -4 Callback Framed -5 Outbound -6 Administrative -7 NAS Prompt -8 Authenticate Only -9 Callback NAS Prompt -10 Call Check -11 Callback Administrative -12 Voice [Chiba] -13 Fax [Chiba] -14 Modem Relay [Chiba] -15 IAPP-Register [IEEE 802.11f][Kerry] -16 IAPP-AP-Check [IEEE 802.11f][Kerry] -17 Authorize Only [RFC3576] - -Sub-registry: Values for RADIUS Attribute 7, Framed-Protocol -Reference: [RFC2865] -Registration Procedures: Not defined - -Registry: -Value Description Reference ------ -------------------------------------------------- --------- -1 PPP -2 SLIP -3 AppleTalk Remote Access Protocol (ARAP) -4 Gandalf proprietary SingleLink/MultiLink protocol -5 Xylogics proprietary IPX/SLIP -6 X.75 Synchronous -7 GPRS PDP Context [Moore] - - -Sub-registry: Values for RADIUS Attribute 10, Framed-Routing -Reference: [RFC2865] -Registration Procedures: Not defined - -Registry: -Value Description Reference ------ ------------------------------------- --------- -0 None -1 Send routing packets -2 Listen for routing packets -3 Send and Listen - -Sub-registry: Values for RADIUS Attribute 13, Framed-Compression -Reference: [RFC2865] -Registration Procedures: Not defined - -Registry: -Value Description Reference ------ ----------------------------------------- --------- -0 None -1 VJ TCP/IP header compression -2 IPX header compression -3 Stac-LZS compression - -Sub-registry: Values for RADIUS Attribute 15, Login-Service -Reference: [RFC2865] -Registration Procedures: Not defined - -Registry: -Value Description Reference ------ ------------------------------------------------------------- --------- -0 Telnet -1 Rlogin -2 TCP Clear -3 PortMaster (proprietary) -4 LAT -5 X25-PAD -6 X25-T3POS -7 Unassigned -8 TCP Clear Quiet (suppresses any NAS-generated connect string) - - -Sub-registry: Values for RADIUS Attribute 29, Termination-Action -Reference: [RFC2865] -Registration Procedures: Not defined - -Registry: -Value Description Reference ------ ------------------------------------- --------- -0 Default -1 RADIUS-Request - -Sub-registry: Values for RADIUS Attribute 40, Acct-Status-Type -Reference: [RFC2866] -Registration Procedures: Not defined - -Registry: -Value Description Reference ------ ------------------------------------- --------- -1 Start [RFC2866] -2 Stop [RFC2866] -3 Interim-Update [RFC2866] -4-6 Unassigned -7 Accounting-On [RFC2866] -8 Accounting-Off [RFC2866] -9 Tunnel-Start [RFC2867] -10 Tunnel-Stop [RFC2867] -11 Tunnel-Reject [RFC2867] -12 Tunnel-Link-Start [RFC2867] -13 Tunnel-Link-Stop [RFC2867] -14 Tunnel-Link-Reject [RFC2867] -15 Failed [RFC2866] - -Sub-registry: Values for RADIUS Attribute 45, Acct-Authentic -Reference: [RFC2866] -Registration Procedures: Not defined - -Registry: -Value Description Reference ------ ------------------------------------- --------- -1 RADIUS [RFC2866] -2 Local [RFC2866] -3 Remote [RFC2866] -4 Diameter [Calhoun] - -Sub-registry: Values for RADIUS Attribute 49, Acct-Terminate-Cause -Reference: [RFC2866] -Registration Procedures: Not defined - -Registry: -Value Description Reference ------ ----------------------------------------- --------- -1 User Request [RFC2866] -2 Lost Carrier [RFC2866] -3 Lost Service [RFC2866] -4 Idle Timeout [RFC2866] -5 Session Timeout [RFC2866] -6 Admin Reset [RFC2866] -7 Admin Reboot [RFC2866] -8 Port Error [RFC2866] -9 NAS Error [RFC2866] -10 NAS Request [RFC2866] -11 NAS Reboot [RFC2866] -12 Port Unneeded [RFC2866] -13 Port Preempted [RFC2866] -14 Port Suspended [RFC2866] -15 Service Unavailable [RFC2866] -16 Callback [RFC2866] -17 User Error [RFC2866] -18 Host Request [RFC2866] -19 Supplicant Restart [RFC3580] -20 Reauthentication Failure [RFC3580] -21 Port Reinitialized [RFC3580] -22 Port Administratively Disabled [RFC3580] - -Sub-registry: Values for RADIUS Attribute 61, NAS-Port-Type -Reference: [RFC2865] -Registration Procedures: Not defined - -Registry: -Value Description Reference Registration Date ------ ------------------------------------------------------------------ --------------------- ----------------- -0 Async [RFC2865] -1 Sync [RFC2865] -2 ISDN Sync [RFC2865] -3 ISDN Async V.120 [RFC2865] -4 ISDN Async V.110 [RFC2865] -5 Virtual [RFC2865] -6 PIAFS [RFC2865] -7 HDLC Clear Channel [RFC2865] -8 X.25 [RFC2865] -9 X.75 [RFC2865] -10 G.3 Fax [RFC2865] -11 SDSL - Symmetric DSL [RFC2865] -12 ADSL-CAP - Asymmetric DSL, Carrierless Amplitude Phase Modulation [RFC2865] -13 ADSL-DMT - Asymmetric DSL, Discrete Multi-Tone [RFC2865] -14 IDSL - ISDN Digital Subscriber Line [RFC2865] -15 Ethernet [RFC2865] -16 xDSL - Digital Subscriber Line of unknown type [RFC2865] -17 Cable [RFC2865] -18 Wireless - Other [RFC2865] -19 Wireless - IEEE 802.11 [RFC2865] -20 Token-Ring [RFC3580] -21 FDDI [RFC3580] -22 Wireless - CDMA2000 [McCann] -23 Wireless - UMTS [McCann] -24 Wireless - 1X-EV [McCann] -25 IAPP [IEEE 802.11F][Kerry] -26 FTTP - Fiber to the Premises [Nyce] -27 Wireless - IEEE 802.16 [IEEE 802.16] 12 December 2006 -28 Wireless - IEEE 802.20 [IEEE 802.20] 12 December 2006 -29 Wireless - IEEE 802.22 [IEEE 802.22] 12 December 2006 -30 PPPoA - PPP over ATM [RFC4603] -31 PPPoEoA - PPP over Ethernet over ATM [RFC4603] -32 PPPoEoE - PPP over Ethernet over Ethernet [RFC4603] -33 PPPoEoVLAN - PPP over Ethernet over VLAN [RFC4603] -34 PPPoEoQinQ - PPP over Ethernet over IEEE 802.1QinQ [RFC4603] -35 xPON - Passive Optical Network [Hublet][Yan] 19 June 2007 - -Sub-registry: Values for RADIUS Attribute 64, Tunnel-Type -Reference: [RFC2868] -Registration Procedures: IETF Consensus - -Registry: -Value Description Reference ------ ------------------------------------------------------------ --------- -1 Point-to-Point Tunneling Protocol (PPTP) [RFC2868] -2 Layer Two Forwarding (L2F) [RFC2868] -3 Layer Two Tunneling Protocol (L2TP) [RFC2868] -4 Ascend Tunnel Management Protocol (ATMP) [RFC2868] -5 Virtual Tunneling Protocol (VTP) [RFC2868] -6 IP Authentication Header in the Tunnel-mode (AH) [RFC2868] -7 IP-in-IP Encapsulation (IP-IP) [RFC2868] -8 Minimal IP-in-IP Encapsulation (MIN-IP-IP) [RFC2868] -9 IP Encapsulating Security Payload in the Tunnel-mode (ESP) [RFC2868] -10 Generic Route Encapsulation (GRE) [RFC2868] -11 Bay Dial Virtual Services (DVS) [RFC2868] -12 IP-in-IP Tunneling [RFC2868] -13 Virtual LANs (VLAN) [RFC3580] - -Sub-registry: Values for RADIUS Attribute 65, Tunnel-Medium-Type -Reference: [RFC2868] -Registration Procedures: IETF Consensus - -Registry: -Value Description Reference ------ ---------------------------------------------------------------- --------- -1 IPv4 (IP version 4) [RFC2868] -2 IPv6 (IP version 6) [RFC2868] -3 NSAP [RFC2868] -4 HDLC (8-bit multidrop) [RFC2868] -5 BBN 1822 [RFC2868] -6 802 (includes all 802 media plus Ethernet "canonical format") [RFC2868] -7 E.163 (POTS) [RFC2868] -8 E.164 (SMDS, Frame Relay, ATM) [RFC2868] -9 F.69 (Telex) [RFC2868] -10 X.121 (X.25, Frame Relay) [RFC2868] -11 IPX [RFC2868] -12 Appletalk [RFC2868] -13 Decnet IV [RFC2868] -14 Banyan Vines [RFC2868] -15 E.164 with NSAP format subaddress [RFC2868] - -Sub-registry: Values for RADIUS Attribute 72, ARAP-Zone-Access -Reference: [RFC2869] -Registration Procedures: Not defined - -Registry: -Value Description Reference ------ ------------------------------------------------- --------- -1 Only allow access to default zone [RFC2869] -2 Use zone filter inclusively [RFC2869] -3 Not used [RFC2869] -4 Use zone filter exclusively [RFC2869] - -Sub-registry: Values for RADIUS Attribute 76, Prompt -Reference: [RFC2869] -Registration Procedures: Not defined - -Registry: -Value Description Reference ------ ------------------------------- --------- -0 No Echo [RFC2869] -1 Echo [RFC2869] - -Sub-registry: Values for RADIUS Attribute 101, Error-Cause Attribute -Reference: [RFC5176] -Registration Procedures: Not defined - -Registry: -Value Description Reference ------ ------------------------------------------------------ --------- -201 Residual Session Context Removed -202 Invalid EAP Packet (Ignored) -401 Unsupported Attribute -402 Missing Attribute -403 NAS Identification Mismatch -404 Invalid Request -405 Unsupported Service -406 Unsupported Extension -407 Invalid Attribute Value [RFC5176] -501 Administratively Prohibited -502 Request Not Routable (Proxy) -503 Session Context Not Found -504 Session Context Not Removable -505 Other Proxy Processing Error -506 Resources Unavailable -507 Request Initiated -508 Multiple Session Selection Unsupported [RFC5176] - - -Registry Name: RADIUS Packet Type Codes -Reference: [RFC3575] -Registration Procedures: IESG Approval - -Registry: -Decimal Message Reference -------- --------------------------------------- --------- -1 Access-Request [RFC2865] -2 Access-Accept [RFC2865] -3 Access-Reject [RFC2865] -4 Accounting-Request [RFC2865] -5 Accounting-Response [RFC2865] -6 Accounting-Status [RFC3575] - (now Interim Accounting) -7 Password-Request [RFC3575] -8 Password-Ack [RFC3575] -9 Password-Reject [RFC3575] -10 Accounting-Message [RFC3575] -11 Access-Challenge [RFC2865] -12 Status-Server (experimental) [RFC2865] -13 Status-Client (experimental) [RFC2865] -21 Resource-Free-Request [RFC3575] -22 Resource-Free-Response [RFC3575] -23 Resource-Query-Request [RFC3575] -24 Resource-Query-Response [RFC3575] -25 Alternate-Resource-Reclaim-Request [RFC3575] -26 NAS-Reboot-Request [RFC3575] -27 NAS-Reboot-Response [RFC3575] -28 Reserved -29 Next-Passcode [RFC3575] -30 New-Pin [RFC3575] -31 Terminate-Session [RFC3575] -32 Password-Expired [RFC3575] -33 Event-Request [RFC3575] -34 Event-Response [RFC3575] -40 Disconnect-Request [RFC3575][RFC5176] -41 Disconnect-ACK [RFC3575][RFC5176] -42 Disconnect-NAK [RFC3575][RFC5176] -43 CoA-Request [RFC3575][RFC5176] -44 CoA-ACK [RFC3575][RFC5176] -45 CoA-NAK [RFC3575][RFC5176] -50 IP-Address-Allocate [RFC3575] -51 IP-Address-Release [RFC3575] -52-249 Unassigned -250-253 Experimental Use [RFC3575] -254 Reserved [RFC3575] -255 Reserved [RFC3575] - - -References --------------- -[IEEE 802.11F] - -[IEEE 802.16] - "IEEE Standard for Local and metropolitan area networks, - Part 16: Air Interface for Fixed and Mobile Broadband - Wireless Access Systems, Amendment2: Physical and Medium - Access Control Layers for Combined Fixed and Mobile - Operation in Licensed Bands", February 2006. - -[IEEE 802.20] - Mobile Broadband Wireless Access (MBWA), IEEE Standard, - Work in Progress. - -[IEEE 802.22] - Wireless Regional Area Networks (WRAN), IEEE Standard, - Work in Progress. - -[RFC2058] Rigney, C., A. Rubens, W. Simpson, and S. Willens, "Remote - Authentication Dial In User Service (RADIUS)", RFC 2058, - Livingston, Merit, Daydreamer, January 1997. - -[RFC2059] Rigney, C., "RADIUS Accounting", RFC 2059, Livingston, - November 1996. - -[RFC2865] Rigney, W., S. Willens, A. Rubens, and W. Simpson, - "Remote Authentication Dial In User Service (RADIUS)", - RFC 2865, June 2000. - -[RFC2866] Rigney, C., "RADIUS Accounting", RFC 2865, June 2000. - -[RFC2867] Zorn, G., B. Aboba, D. Mitton, "RADIUS Accounting - Modifications for Tunnel Protocol Support", RFC 2867, - June 2000. - -[RFC2868] Zorn, G., D. Leifer, A. Rubens, J. Shriver, M. Holdrege, - I. Goyret, "RADIUS Attributes for Tunnel Protocol Support", - RFC 2868, June 2000. - -[RFC2869] Rigney, C., W. Willats, P. Calhoun, "RADIUS Extensions", - RFC 2869, June 2000. - -[RFC3162] B. Aboba, G. Zorn, and D. Mitton, "RADIUS and IPv6", - RFC 3162, August 2001. - -[RFC3336] B. Thompson, T. Koren and B. Buffam, "PPP Over Asynchronous - Transfer Mode Adaptation Layer 2 (AAL2)", RFC 3336, - December 2002. - -[RFC3575] B. Aboba, "IANA Considerations for RADIUS (Remote Authentication - Dial In User Service)", RFC 3575, July 2003. - -[RFC3580] P. Congdon, B. Aboba, A. Smith, G. Zorn, and J. Roese, - "IEEE 802.1X RADIUS Usage Guidelines", RFC 3580, September 2003. - -[RFC4072] P. Eronen, Ed., T. Hiller, and G. Zorn, "Diameter Extensible - Authentication Protocol (EAP) Application", RFC 4072, August 2005. - -[RFC4372] F. Adrangi, A. Lior, J. Korhonen and J. Loughney, "Chargeable User - Identity", RFC 4372, January 2006. - -[RFC4603] G. Zorn, G. Weber and R. Foltak, "Additional Values for the NAS-Port-Type - Attribute", RFC 4603, July 2006. - -[RFC4590] B. Sterman, D. Sadolevsky, D. Schwartz, D. Williams and W. Beck, - "RADIUS Extension for Digest Authentication", RFC 4590, July 2006 - -[RFC4675] P. Congdon, M. Sanchez, B. Aboba, "RADIUS Attributes for - Virtual LAN and Priority Support", RFC 4675, September 2006. - -[RFC4818] J. Salowey, R. Droms, "RADIUS Delegated-IPv6-Prefix Attribute", - RFC 4818, April 2007. - -[RFC4849] P. Congdon, M. Sanchez, B. Aboba, "RADIUS Filter Rule Attribute", - RFC 4849, April 2007. - -[RFC5090] B. Sterman, D. Sadolevsky, D. Schwartz, D. Williams, W. Beck, - "RADIUS Extension for Digest Authentication", RFC 5090, - February 2008. - -[RFC5176] M. Chiba, G. Dommety, M. Eklund, D. Mitton, B. Aboba, "Dynamic - Authorization Extensions to Remote Authentication Dial In User - Service (RADIUS)", RFC 5176, January 2008. - -[RFC5447] J. Korhonen, Ed., J. Bournelle, H. Tschofenig, C. Perkins, K. - Chowdhury, "Diameter Mobile IPv6: Support for Network Access Server - to Diameter Server Interaction", RFC 5447, February 2009. - -People ------- -[Calhoun] Pat Calhoun, <pcalhoun&diameter.org>, May 2001. - -[Chiba] Murtaza Chiba, <mchiba&cisco.com>, June 2001. - -[Hublet] Christian Hublet, <Christian.Hublet&alcatel-lucent.be>, 21 June 2007. - -[Kerry] Stuart Kerry, stuart.kerry&philips.com>, January 2003. - -[McCann] Pete McCann, <mccap&lucent.com>, March 2002. - -[Moore] Jeff Moore, <jeff.moore&cisco.com>, February 2001. - -[Nyce] Tim Nyce, <tnyce&idts.org>, March 2004 - -[Trifunovic] Nenad Trifunovic, <Nenad.Trifunovic&mci.com>, October 1998. - -[Yan] Renxiang Yan, <Renxiang.Yan&alcatel-sbell.com.cn>, 19 June 2007. - -[]
--- a/extensions/radius_gw/radius-types-attrtypes Thu May 21 10:25:20 2009 +0900 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,129 +0,0 @@ -1 User-Name -2 User-Password -3 CHAP-Password -4 NAS-IP-Address -5 NAS-Port -6 Service-Type -7 Framed-Protocol -8 Framed-IP-Address -9 Framed-IP-Netmask -10 Framed-Routing -11 Filter-Id -12 Framed-MTU -13 Framed-Compression -14 Login-IP-Host -15 Login-Service -16 Login-TCP-Port -17 Unassigned -18 Reply-Message -19 Callback-Number -20 Callback-Id -21 Unassigned -22 Framed-Route -23 Framed-IPX-Network -24 State -25 Class -26 Vendor-Specific -27 Session-Timeout -28 Idle-Timeout -29 Termination-Action -30 Called-Station-Id -31 Calling-Station-Id -32 NAS-Identifier -33 Proxy-State -34 Login-LAT-Service -35 Login-LAT-Node -36 Login-LAT-Group -37 Framed-AppleTalk-Link -38 Framed-AppleTalk-Network -39 Framed-AppleTalk-Zone -40 Acct-Status-Type [RFC2866] -41 Acct-Delay-Time [RFC2866] -42 Acct-Input-Octets [RFC2866] -43 Acct-Output-Octets [RFC2866] -44 Acct-Session-Id [RFC2866] -45 Acct-Authentic [RFC2866] -46 Acct-Session-Time [RFC2866] -47 Acct-Input-Packets [RFC2866] -48 Acct-Output-Packets [RFC2866] -49 Acct-Terminate-Cause [RFC2866] -50 Acct-Multi-Session-Id [RFC2866] -51 Acct-Link-Count [RFC2866] -52 Acct-Input-Gigawords [RFC2869] -53 Acct-Output-Gigawords [RFC2869] -54 Unassigned -55 Event-Timestamp [RFC2869] -56 Egress-VLANID [RFC4675] -57 Ingress-Filters [RFC4675] -58 Egress-VLAN-Name [RFC4675] -59 User-Priority-Table [RFC4675] -60 CHAP-Challenge -61 NAS-Port-Type -62 Port-Limit -63 Login-LAT-Port -64 Tunnel-Type [RFC2868] -65 Tunnel-Medium-Type [RFC2868] -66 Tunnel-Client-Endpoint [RFC2868] -67 Tunnel-Server-Endpoint [RFC2868] -68 Acct-Tunnel-Connection [RFC2867] -69 Tunnel-Password [RFC2868] -70 ARAP-Password [RFC2869] -71 ARAP-Features [RFC2869] -72 ARAP-Zone-Access [RFC2869] -73 ARAP-Security [RFC2869] -74 ARAP-Security-Data [RFC2869] -75 Password-Retry [RFC2869] -76 Prompt [RFC2869] -77 Connect-Info [RFC2869] -78 Configuration-Token [RFC2869] -79 EAP-Message [RFC2869] -80 Message-Authenticator [RFC2869] -81 Tunnel-Private-Group-ID [RFC2868] -82 Tunnel-Assignment-ID [RFC2868] -83 Tunnel-Preference [RFC2868] -84 ARAP-Challenge-Response [RFC2869] -85 Acct-Interim-Interval [RFC2869] -86 Acct-Tunnel-Packets-Lost [RFC2867] -87 NAS-Port-Id [RFC2869] -88 Framed-Pool [RFC2869] -89 CUI [RFC4372] -90 Tunnel-Client-Auth-ID [RFC2868] -91 Tunnel-Server-Auth-ID [RFC2868] -92 NAS-Filter-Rule [RFC4849] -93 Unassigned -94 Originating-Line-Info [RFC4005] -95 NAS-IPv6-Address [RFC3162] -96 Framed-Interface-Id [RFC3162] -97 Framed-IPv6-Prefix [RFC3162] -98 Login-IPv6-Host [RFC3162] -99 Framed-IPv6-Route [RFC3162] -100 Framed-IPv6-Pool [RFC3162] -101 Error-Cause Attribute [RFC3576] -102 EAP-Key-Name [RFC4072] -103 Digest-Response [RFC5090] -104 Digest-Realm [RFC5090] -105 Digest-Nonce [RFC5090] -106 Digest-Response-Auth [RFC5090] -107 Digest-Nextnonce [RFC5090] -108 Digest-Method [RFC5090] -109 Digest-URI [RFC5090] -110 Digest-Qop [RFC5090] -111 Digest-Algorithm [RFC5090] -112 Digest-Entity-Body-Hash [RFC5090] -113 Digest-CNonce [RFC5090] -114 Digest-Nonce-Count [RFC5090] -115 Digest-Username [RFC5090] -116 Digest-Opaque [RFC5090] -117 Digest-Auth-Param [RFC5090] -118 Digest-AKA-Auts [RFC5090] -119 Digest-Domain [RFC5090] -120 Digest-Stale [RFC5090] -121 Digest-HA1 [RFC5090] -122 SIP-AOR [RFC5090] -123 Delegated-IPv6-Prefix [RFC4818] -124 MIP6-Feature-Vector [RFC5447] -125 MIP6-Home-Link-Prefix [RFC5447] -126-191 Unassigned -192-223 Experimental Use [RFC3575] -224-240 Implementation Specific [RFC3575] -241-255 Reserved [RFC3575]
--- a/extensions/radius_gw/radius-types-codes Thu May 21 10:25:20 2009 +0900 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,39 +0,0 @@ -1 Access-Request [RFC2865] -2 Access-Accept [RFC2865] -3 Access-Reject [RFC2865] -4 Accounting-Request [RFC2865] -5 Accounting-Response [RFC2865] -6 Accounting-Status [RFC3575] -7 Password-Request [RFC3575] -8 Password-Ack [RFC3575] -9 Password-Reject [RFC3575] -10 Accounting-Message [RFC3575] -11 Access-Challenge [RFC2865] -12 Status-Server (experimental) [RFC2865] -13 Status-Client (experimental) [RFC2865] -21 Resource-Free-Request [RFC3575] -22 Resource-Free-Response [RFC3575] -23 Resource-Query-Request [RFC3575] -24 Resource-Query-Response [RFC3575] -25 Alternate-Resource-Reclaim-Request [RFC3575] -26 NAS-Reboot-Request [RFC3575] -27 NAS-Reboot-Response [RFC3575] -28 Reserved -29 Next-Passcode [RFC3575] -30 New-Pin [RFC3575] -31 Terminate-Session [RFC3575] -32 Password-Expired [RFC3575] -33 Event-Request [RFC3575] -34 Event-Response [RFC3575] -40 Disconnect-Request [RFC3575][RFC5176] -41 Disconnect-ACK [RFC3575][RFC5176] -42 Disconnect-NAK [RFC3575][RFC5176] -43 CoA-Request [RFC3575][RFC5176] -44 CoA-ACK [RFC3575][RFC5176] -45 CoA-NAK [RFC3575][RFC5176] -50 IP-Address-Allocate [RFC3575] -51 IP-Address-Release [RFC3575] -52-249 Unassigned -250-253 Experimental Use [RFC3575] -254 Reserved [RFC3575] -255 Reserved [RFC3575]
--- a/extensions/radius_gw/radius_gw.h Thu May 21 10:25:20 2009 +0900 +++ b/extensions/radius_gw/radius_gw.h Thu May 21 15:14:18 2009 +0900 @@ -36,12 +36,16 @@ its extensions that add support for specific RADIUS attributes and/or commands. The "notes.txt" file contains the basic mechanism for use of this API. */ -/* Note that waaad/waaad.h must be included before this file */ +/* Note that waaad/waaad.h must be included before this file! */ +#ifndef _WAAAD_API_H +# error "Do not include this file before waaad/waaad.h" +#endif + #ifndef _RADIUS_GW_H #define _RADIUS_GW_H -#include <stdint.h> /* uint8_t, etc... */ -#include <waaad/waaad.h> /* session_t, etc... */ +#include <stdint.h> +#include <pthread.h> #include "md5.h" @@ -72,7 +76,6 @@ unsigned handled : 1; /* Has this attribute already been converted to Diameter? */ } flags; - /* Data */ uint8_t type; uint8_t length; @@ -106,6 +109,8 @@ unsigned serv_type : 2; /* The server (auth or acct) it was received on */ unsigned auth_ok : 1; /* The message has a valid message-authenticator ? */ } flags; + uint16_t port; /* Port the message was received on, network byte order */ + struct _rad_t * req; /* Pointer to the request header (no attr), if msg is a reply */ /* Data */ uint8_t code; @@ -123,8 +128,21 @@ void * (*rga_conf_parse_cb) ( char * conf_file ); /* configuration parser. Returns NULL on error only. Called even if no configuration file is passed (with NULL parameter then) */ void (*rga_conf_free_cb) (void * conf); /* Free an object returned by previous cb */ - int (*rga_rad_req_cb) ( void * conf, sess_id_t ** session, rad_t ** rad_req, msg_t ** diam_fw ); /* handle an incoming RADIUS message */ - int (*rga_diam_ans_cb) ( void * conf, sess_id_t ** session, msg_t ** diam_ans, rad_t ** rad_fw ); /* handle the corresponding Diameter answer */ + /* handle an incoming RADIUS message */ + int (*rga_rad_req_cb) ( void * conf, sess_id_t ** session, rad_t ** rad_req, msg_t ** diam_fw ); + /* ret 0: continue; + ret 1: stop processing this message and destroy the session (or fallback if supported) + ret 2: stop processing this message and keep the session (or fallback if supported) + ret 3: reply the content of rad_req to the RADIUS client immediatly and destroy the session + ret 4: reply the content of rad_req to the RADIUS client immediatly and keep the session + ret <0: critical error (-ret), log and exit. + + for cases 3 and 4, the answer must be created with rg_msg_create_ans. + */ + + /* handle the corresponding Diameter answer */ + int (*rga_diam_ans_cb) ( void * conf, sess_id_t ** session, msg_t ** diam_ans, rad_t ** rad_fw ); + /* ret 0: continue; ret 1: ... (tbd) */ }; /* All extensions must provide the following entry point that is called when the extension is loaded. @@ -148,12 +166,16 @@ /* Radius message */ +rad_t * rg_msg_create_ans(rad_t * req); void rg_msg_free(rad_t * msg); char * rg_msg_code_str(uint8_t c); char * rg_msg_attrtype_str(uint8_t c); void rg_msg_dump(int level, rad_t * msg); +/* Others */ +int rg_thread_term(pthread_t * th); + /****************************************/ /* Debug and related stuff */ /****************************************/
--- a/extensions/radius_gw/radius_gw_internal.h Thu May 21 10:25:20 2009 +0900 +++ b/extensions/radius_gw/radius_gw_internal.h Thu May 21 15:14:18 2009 +0900 @@ -83,6 +83,7 @@ int rgw_clients_add( struct sockaddr * ip_port, unsigned char ** key, size_t keylen ); int rgw_clients_getkey(void * cli, unsigned char **key, size_t *key_len); int rgw_clients_search(struct sockaddr * ip_port, void ** ref); +int rgw_clients_checkdup(rad_t **msg, void *cli); void rgw_clients_dispose(void ** ref); void rgw_clients_dump(void); void rgw_clients_fini(void); @@ -91,6 +92,7 @@ /* Functions related to RADIUS messages buffers on the network */ int rgw_msg_parse(unsigned char *buf, size_t len, rad_t **msg); int rgw_msg_gen(rad_t *msg, unsigned char **buf, size_t *len); +int rgw_msg_send(rad_t * msg, void * cli); /* The sub-extensions that provide functions to support RADIUS messages and attributes (see also radius_gw.h) */ @@ -100,6 +102,7 @@ int rgw_extensions_add( char * extfile, char * conffile, int port, unsigned char ** codes_array, size_t codes_sz ); void rgw_extensions_dump(void); void rgw_extensions_start_cache(void); +int rgw_extensions_loop_req(rad_t **rad, sess_id_t **session, msg_t **diam_msg, void * cli); void rgw_extensions_fini(void); /* The function to parse the configuration file */ @@ -108,7 +111,7 @@ /* Worker module that handle incoming RADIUS messages */ int rgw_work_start(void); -int rgw_work_add(rad_t * msg, void * client, uint16_t port); +int rgw_work_add(rad_t * msg, void * client); void rgw_work_fini(void); @@ -116,34 +119,5 @@ extern int radius_gw_verbosity; -/* Terminate a thread */ -static __inline__ int _thread_term(pthread_t * th) -{ - int ret = 0; - void * th_ret = NULL; - - CHECK_PARAMS(th); - - /* Test if it was already terminated */ - if (*th == (pthread_t)NULL) - return 0; - - /* Cancel the thread if it is still running - ignore error if it was already terminated */ - (void) pthread_cancel(*th); - - /* Then join the thread */ - CHECK_POSIX_DO( ret = pthread_join(*th, &th_ret), /* continue */ ); - - if (th_ret != NULL) { - TRACE_DEBUG(FULL, "The thread returned the following value: %p (ignored)", th_ret); - } - - /* Clean the location */ - *th = (pthread_t)NULL; - - return ret; -} - - #endif /* _RADIUS_GW_INTERNAL_H */
--- a/extensions/radius_gw/rebuild_inc.sh Thu May 21 10:25:20 2009 +0900 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,33 +0,0 @@ -#/bin/bash - -# This script rebuilds the files rg_utils_*.inc. -# It should be called when the radius-types file is updated with: -# wget http://www.iana.org/assignments/radius-types - -if [ ! -f radius-types ]; -then echo "Missing file radius-types, please get a fresh copy first."; -exit 2; -fi - -if [ -f rg_utils_codes.inc ]; -then mv -f rg_utils_codes.inc rg_utils_codes.inc.bak; -fi - -if [ -f rg_utils_attrtype.inc ]; -then mv -f rg_utils_attrtype.inc rg_utils_attrtype.inc.bak; -fi - -echo "Rebuilding rg_utils_codes.inc..." - -# Not too sure how to rebuid radius-types-codes from radius-types, skipping... -echo "WARNING: radius-types-codes has not been rebuilt" - -awk -f register-parse.awk radius-types-codes > rg_utils_codes.inc - -echo "Rebuilding rg_utils_attrtype.inc..." -echo "WARNING: radius-types-attrtypes has not been rebuilt" - -awk -f register-parse.awk radius-types-attrtypes > rg_utils_attrtype.inc - -echo "Finished." -
--- a/extensions/radius_gw/register-parse.awk Thu May 21 10:25:20 2009 +0900 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,4 +0,0 @@ - { print "\t\t/*", $0, "*/" } # Add commented line of input - { if ($1 ~ /^[0-9][0-9]?[0-9]?$/) print "\tif ( c == " $1 ") return \"" $2, $3, $4, $5 "\";" } - { if ($1 ~ /^([0-9][0-9]?[0-9]?)-([0-9][0-9]?[0-9]?)$/) { split($1, a, "-"); - print "\tif ((c >= " a[1] ") && (c <= " a[2] ")) return \"" $2, $3, $4, $5 "\";" }}
--- a/extensions/radius_gw/rg_utils.c Thu May 21 10:25:20 2009 +0900 +++ b/extensions/radius_gw/rg_utils.c Thu May 21 15:14:18 2009 +0900 @@ -33,11 +33,23 @@ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * *********************************************************************************************************/ -/* Some useful functions */ +/* Some useful functions for both radius_gw and its sub extensions + * These functions are compiled as a static library rg_common. + */ + +#define IN_EXTENSION +#define DEFINE_DEBUG_MACRO rg_common +#include <waaad/waaad.h> #include "radius_gw.h" #include <stdlib.h> +#include <string.h> + +#ifndef RG_COMMON_VERBO +#define RG_COMMON_VERBO 1 +#endif /* RG_COMMON_VERBO */ +static int rg_common_verbosity = RG_COMMON_VERBO; void rg_list_init(struct rg_list * plist) { @@ -90,6 +102,26 @@ } +rad_t * rg_msg_create_ans(rad_t * req) +{ + rad_t * ans = NULL; + rad_t * reqcpy = NULL; + + CHECK_MALLOC_DO( reqcpy = malloc(sizeof(rad_t)), return NULL ); + CHECK_MALLOC_DO( ans = malloc(sizeof(rad_t)), { free(reqcpy); return NULL; } ); + + memcpy(reqcpy, req, sizeof(rad_t)); + rg_list_init(&reqcpy->attributes); + + memset(ans, 0, sizeof(rad_t)); + rg_list_init(&ans->attributes); + + ans->req = reqcpy; + + return ans; +} + + void rg_msg_free(rad_t * msg) { while ( ! rg_list_is_empty( &msg->attributes ) ) { @@ -97,19 +129,25 @@ rg_list_unlink(item); free(item); } - free(msg); + free(msg->req); + free(msg); } char * rg_msg_code_str(uint8_t c) { /* Include generated source file, see rebuild_inc.sh script */ #include "rg_utils_codes.inc" + + /* fallback */ return "[unknown]"; } + char * rg_msg_attrtype_str(uint8_t c) { /* Include generated source file, see rebuild_inc.sh script */ #include "rg_utils_attrtype.inc" + + /* fallback */ return "[unknown]"; } @@ -131,3 +169,35 @@ } log_debug("-----------------------------\n"); } + + +/* Terminate a thread */ +int rg_thread_term(pthread_t * th) +{ + int ret = 0; + void * th_ret = NULL; + + CHECK_PARAMS(th); + + /* Test if it was already terminated */ + if (*th == (pthread_t)NULL) + return 0; + + /* Cancel the thread if it is still running - ignore error if it was already terminated */ + (void) pthread_cancel(*th); + + /* Then join the thread */ + CHECK_POSIX_DO( ret = pthread_join(*th, &th_ret), /* continue */ ); + + if (th_ret != NULL) { + TRACE_DEBUG(FULL, "The thread returned the following value: %p (ignored)", th_ret); + } + + /* Clean the location */ + *th = (pthread_t)NULL; + + return ret; +} + + +
--- a/extensions/radius_gw/rgw_clients.c Thu May 21 10:25:20 2009 +0900 +++ b/extensions/radius_gw/rgw_clients.c Thu May 21 15:14:18 2009 +0900 @@ -58,6 +58,12 @@ size_t len; } key; int refcount; + + /* Previous msg received, for duplicate checks. [0] for auth, [1] for acct. */ + struct { + uint16_t port; + uint8_t id; + } last[2]; }; /* Function to alloc a new cli_info */ @@ -251,6 +257,34 @@ return ret; } +int rgw_clients_checkdup(rad_t **msg, void *cli) +{ + struct cli_info * cli_info = (struct cli_info *) cli; + int idx; + + TRACE_ENTRY("%p %p", msg, cli); + + CHECK_PARAMS( msg && cli ); + + if ((*msg)->flags.serv_type == RGW_EXT_PORT_AUTH) + idx = 0; + else + idx = 1; + + if ((cli_info->last[idx].id == (*msg)->identifier) && (cli_info->last[idx].port == (*msg)->port)) { + /* Duplicate! */ + TRACE_DEBUG(INFO, "Received duplicated RADIUS message (id: %02hhx, port: %hu), discarding.", (*msg)->identifier, (*msg)->port); + rg_msg_free(*msg); + *msg = NULL; + } else { + /* Save new information */ + cli_info->last[idx].id = (*msg)->identifier; + cli_info->last[idx].port = (*msg)->port; + } + + return 0; +} + void rgw_clients_dispose(void ** ref) { TRACE_ENTRY("%p", ref);
--- a/extensions/radius_gw/rgw_extensions.c Thu May 21 10:25:20 2009 +0900 +++ b/extensions/radius_gw/rgw_extensions.c Thu May 21 15:14:18 2009 +0900 @@ -346,19 +346,60 @@ void rgw_extensions_start_cache(void) { cache_started++; +} + +int rgw_extensions_loop_req(rad_t **rad, sess_id_t **session, msg_t **diam_msg, void * cli) +{ + int ret = 0; + struct rg_list * head = NULL, *li; - /* tmp: for debug purpose - { - struct rg_list *mylist = NULL; - CHECK_FCT_DO( get_accelerator(&mylist, 4, RGW_EXT_PORT_AUTH), ); - CHECK_FCT_DO( get_accelerator(&mylist, 4, RGW_EXT_PORT_ACCT), ); - CHECK_FCT_DO( get_accelerator(&mylist, 8, RGW_EXT_PORT_AUTH), ); - CHECK_FCT_DO( get_accelerator(&mylist, 8, RGW_EXT_PORT_ACCT), ); - CHECK_FCT_DO( get_accelerator(&mylist, 0x0b, RGW_EXT_PORT_AUTH), ); - CHECK_FCT_DO( get_accelerator(&mylist, 0x0b, RGW_EXT_PORT_ACCT), ); - rgw_extensions_dump(); + TRACE_ENTRY("%p %p %p", rad, session, diam_msg); + CHECK_PARAMS( rad && session && diam_msg ); + + /* First, get the list of extensions for this message */ + CHECK_FCT( get_accelerator(&head, (*rad)->code, (*rad)->flags.serv_type) ); + + for (li = head->next; li != head; li = li->next) { + struct ext_descr * ext = ((struct ext_accel_item *) li)->ext; + + TRACE_DEBUG(ANNOYING, "Calling next extension: %s", ext->extname); + ret = (*ext->api.rga_rad_req_cb)(ext->conf, session, rad, diam_msg); + if (ret) + break; + } + + /* If not error encountered, we're done here */ + if (ret == 0) + return ret; + + /* Destroy the Diameter temp message, if any */ + if (*diam_msg) { + CHECK_FCT_DO( msg_free(*diam_msg, 1), ); + *diam_msg = NULL; } - */ + + /* Destroy the session unless instructed to keep it */ + if (*session && (ret != 2) && (ret != 4)) { + CHECK_FCT_DO( sess_unlink(*session), ); + *session = NULL; + } + + /* Send the radius message back if required */ + if ((ret == 3) || (ret == 4)) { + CHECK_FCT( rgw_msg_send(*rad, cli) ); + } + + if (ret < 0) { + /* Critical error, log and exit */ + log_error("An error occurred while handling a RADIUS message, turn on DEBUG for details: %s\n", strerror(-ret)); + return -ret; + } + + /* Now, discard the message and return */ + rg_msg_free(*rad); + *rad = NULL; + return 0; + } void rgw_extensions_fini(void)
--- a/extensions/radius_gw/rgw_msg.c Thu May 21 10:25:20 2009 +0900 +++ b/extensions/radius_gw/rgw_msg.c Thu May 21 15:14:18 2009 +0900 @@ -191,4 +191,9 @@ return 0; } - +int rgw_msg_send(rad_t * msg, void * cli) +{ + TRACE_ENTRY("%p %p", msg, cli); + + return ENOTSUP; +}
--- a/extensions/radius_gw/rgw_servers.c Thu May 21 10:25:20 2009 +0900 +++ b/extensions/radius_gw/rgw_servers.c Thu May 21 15:14:18 2009 +0900 @@ -71,7 +71,7 @@ } static struct servers_data { - int port; /* auth or acct */ + int type; /* auth or acct */ int sock; /* the socket number */ pthread_t th; /* the running server thread, or NULL */ char name[10]; @@ -148,7 +148,8 @@ continue; } ); - msg->flags.serv_type = me->port; + msg->flags.serv_type = me->type; + msg->port = port; if (TRACE_BOOL(FULL)) rg_msg_dump(FULL, msg); @@ -163,7 +164,7 @@ /* queue the message for a worker thread */ - CHECK_FCT_DO( rgw_work_add(msg, nas_info, port), break ); + CHECK_FCT_DO( rgw_work_add(msg, nas_info), break ); /* Then wait for next incoming message */ } @@ -194,25 +195,25 @@ return 0; } -#define UDPSERV( type, portval, family ) { \ - if ( (! rgw_servers. type ## _serv.disabled) \ - && ( ! rgw_servers.auth_serv.ip ## family ## _disabled ) ) { \ - struct sockaddr_in ## family sin ## family; \ - CHECK_SYS( SERVERS[idx].sock = socket(AF_INET ## family, SOCK_DGRAM, 0) ); \ - memset(& sin ## family, 0, sizeof(struct sockaddr_in ## family)); \ - sin ## family . sin ## family ## _family = AF_INET ## family; \ - sin ## family . sin ## family ## _port = rgw_servers. type ## _serv . port; \ - memcpy( &sin ## family.sin ## family ## _addr, \ - &rgw_servers. type ## _serv . ip ## family ## _endpoint, \ - sizeof(struct in ## family ## _addr) ); \ +#define UDPSERV( _type_, _portval_, _family_ ) { \ + if ( (! rgw_servers. _type_ ## _serv.disabled) \ + && ( ! rgw_servers. _type_ ## _serv.ip ## _family_ ## _disabled ) ) { \ + struct sockaddr_in ## _family_ sin ## _family_ ; \ + CHECK_SYS( SERVERS[idx].sock = socket(AF_INET ## _family_, SOCK_DGRAM, 0) ); \ + memset(& sin ## _family_, 0, sizeof(struct sockaddr_in ## _family_)); \ + sin ## _family_ . sin ## _family_ ## _family = AF_INET ## _family_; \ + sin ## _family_ . sin ## _family_ ## _port = rgw_servers. _type_ ## _serv . port; \ + memcpy( &sin ## _family_ .sin ## _family_ ## _addr, \ + &rgw_servers. _type_ ## _serv . ip ## _family_ ## _endpoint, \ + sizeof(struct in ## _family_ ## _addr) ); \ TRACE_DEBUG(ANNOYING, "Setting socket options..."); \ - CHECK_FCT( _udp_setsockopt(AF_INET ## family, SERVERS[idx].sock) ); \ - TRACE_DEBUG(ANNOYING, "Binding " #type " ip" #family " server..."); \ + CHECK_FCT( _udp_setsockopt(AF_INET ## _family_, SERVERS[idx].sock) ); \ + TRACE_DEBUG(ANNOYING, "Binding " #_type_ " ip" #_family_ " server..."); \ CHECK_SYS( bind( SERVERS[idx].sock, \ - (struct sockaddr *)&sin ## family, \ - sizeof(struct sockaddr_in ## family) ) ); \ - SERVERS[idx].port = portval; \ - snprintf(&SERVERS[idx].name[0], sizeof(SERVERS[idx].name), # type "/ip" #family); \ + (struct sockaddr *)&sin ## _family_, \ + sizeof(struct sockaddr_in ## _family_) ) ); \ + SERVERS[idx].type = _portval_; \ + snprintf(&SERVERS[idx].name[0], sizeof(SERVERS[idx].name), # _type_ "/ip" #_family_); \ CHECK_POSIX( pthread_create(&SERVERS[idx].th, NULL, server_thread, &SERVERS[idx]) ); \ idx++; \ } \ @@ -242,7 +243,7 @@ if (SERVERS[idx].sock == 0) break; - CHECK_FCT_DO( _thread_term(&SERVERS[idx].th), /* continue */ ); + CHECK_FCT_DO( rg_thread_term(&SERVERS[idx].th), /* continue */ ); close(SERVERS[idx].sock); SERVERS[idx].sock = 0; }
--- a/extensions/radius_gw/rgw_work.c Thu May 21 10:25:20 2009 +0900 +++ b/extensions/radius_gw/rgw_work.c Thu May 21 15:14:18 2009 +0900 @@ -49,9 +49,16 @@ struct rg_list chain; rad_t * msg; void * cli; - uint16_t port; }; +struct pending_answer { + rad_t * rad; + void * cli; + sess_id_t * sess; +}; + +static sess_reg_t * sess_hdl = NULL; + static pthread_t workers[NB_WORKERS]; static void cleanup_release_mtx(void * mtx) @@ -132,7 +139,18 @@ } return 0; -} +} + + +static void work_receive_diam_answer(void * paback, msg_t **ans) +{ + struct pending_answer * pa = (struct pending_answer *)paback; + + TRACE_ENTRY("%p %p", pa, ans); + + TRACE_DEBUG(INFO, "Handling Diameter answer: Not implemented yet..."); + +} static void * work_th(void * arg) { @@ -140,15 +158,19 @@ TRACE_ENTRY("%p", arg); - snprintf(thname, sizeof(thname), "worker %2d", (int)arg); + snprintf(thname, sizeof(thname), "worker #%d", (int)arg); THREAD_NAME(thname); while (1) { /* The thread will be cancelled */ rad_t * msg; void * cli; - uint16_t port; struct work_item * wi; + struct rg_list * li; + sess_id_t * session; + msg_t * diam_msg; + int pb; + struct pending_answer * pa; /* Pick the next message */ CHECK_POSIX_DO( pthread_mutex_lock(&work_mtx), return NULL ); @@ -169,7 +191,6 @@ rg_list_unlink(&wi->chain); msg = wi->msg; cli = wi->cli; - port = wi->port; free(wi); /* Release the mutex */ @@ -189,9 +210,115 @@ continue; } ); + /* Check duplicate */ + CHECK_FCT_DO( rgw_clients_checkdup(&msg, cli), + { + /* An error occurred, discard message */ + rg_msg_free(msg); + rgw_clients_dispose(&cli); + continue; + } ); + if (msg == NULL) { + rgw_clients_dispose(&cli); + continue; /* the message was a duplicate */ + } + /* Pass the message to the list of registered extensions */ + session = NULL; + diam_msg = NULL; + CHECK_FCT_DO( rgw_extensions_loop_req(&msg, &session, &diam_msg, cli), + { + /* An error occurred, discard message */ + rg_msg_free(msg); + rgw_clients_dispose(&cli); + continue; + } ); + if (msg == NULL) { + rgw_clients_dispose(&cli); + continue; /* the message was a duplicate */ + } + + /* Check if the full content of the RADIUS message was handled */ + pb = 0; + for (li = msg->attributes.next; li != &msg->attributes; li = li->next) { + struct rad_attr * attr = (struct rad_attr *)li; + if (! attr->flags.handled) { + pb++; + log_error("No extension available to handle attribute %hhd (%s) in command %hhd (%s)!\n", + attr->type, rg_msg_attrtype_str(attr->type), + msg->code, rg_msg_code_str(msg->code)); + } + } + + /* Check the created Diameter message */ + if ((diam_msg == NULL) || ( msg_parse_rules(diam_msg, NULL) ) ) { + log_error("No or invalid Diameter generated from RADIUS command %hhd (%s).\n" + " Turn on advanced log for detail.\n", + msg->code, rg_msg_code_str(msg->code)); + /* We might also dump the conflicting rule here if useful */ + pb++; + } + + /* Check the session is correct */ + if (session == NULL) { + log_error("No session has been created to store RADIUS state (command %hhd (%s)).\n" + " Please check your configuration and documentation.\n", + msg->code, rg_msg_code_str(msg->code)); + pb++; + } + + if (pb) { + /* Something went wrong during the conversion */ + if (session) { + CHECK_FCT_DO( sess_unlink(session), ); + session = NULL; + } + + if (diam_msg) { + CHECK_FCT_DO( msg_free(diam_msg, 1), ); + diam_msg = NULL; + } + + rg_msg_free(msg); + rgw_clients_dispose(&cli); + + TRACE_DEBUG(INFO, "A problem occurred while translating a RADIUS message, data discarded.\n"); + continue; + } + + /* Send the radius message and register for answer */ + CHECK_MALLOC_DO( pa = malloc(sizeof(struct pending_answer)), break ); + memset(pa, 0, sizeof(*pa)); + pa->rad = msg; + pa->cli = cli; + pa->sess= session; + + CHECK_FCT_DO( msg_send( &diam_msg, work_receive_diam_answer, pa), + { + /* If an error occurs, log and destroy the data */ + log_error("An error occurred while sending Diameter message, please turn Debug on for detail.\n"); + if (session) { + CHECK_FCT_DO( sess_unlink(session), ); + session = NULL; + } + + if (diam_msg) { + CHECK_FCT_DO( msg_free(diam_msg, 1), ); + diam_msg = NULL; + } + + rg_msg_free(msg); + rgw_clients_dispose(&cli); + + free(pa); + + continue; + } ); + + /* Done! */ } + TRACE_DEBUG(INFO, "Error: thread terminated!"); return NULL; } @@ -201,6 +328,8 @@ int i; TRACE_ENTRY(); + CHECK_FCT( sess_regext(&sess_hdl) ); + memset(workers, 0, sizeof(workers)); rg_list_init(&work_data); @@ -212,7 +341,7 @@ return 0; } -int rgw_work_add(rad_t * msg, void * client, uint16_t port) +int rgw_work_add(rad_t * msg, void * client) { struct work_item * new; @@ -222,7 +351,6 @@ new->msg = msg; new->cli = client; - new->port = port; CHECK_POSIX( pthread_mutex_lock(&work_mtx) ); rg_list_insert_before(&work_data, &new->chain); @@ -234,9 +362,14 @@ void rgw_work_fini(void) { + int i; TRACE_ENTRY(); - /* kill all threads */ + for (i = 0; i < NB_WORKERS; i++) { + rg_thread_term(&workers[i]); + } + CHECK_FCT_DO( sess_deregext(sess_hdl), ); + return; }
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/extensions/radius_gw/rsc/radius-types Thu May 21 15:14:18 2009 +0900 @@ -0,0 +1,615 @@ + +Radius Types + +(last updated 2009-04-24) + +Registries included below: +- Radius Attribute Types + - Radius Attribute Values +- Radius Packet Type Codes + - Radius Codes + +Note: +The RFC "Remote Authentication Dial In User Service (RADIUS)" +[RFC2058][RFC2865] defines a Packet Type Code and an Attribute +Type Code. The IANA registry of these codes and subordinate +assigned values is listed here according to [RFC3575]. + + +Registry Name: Radius Attribute Types +Reference: [RFC2865][RFC3575] +Range Registration Procedures Notes +-------- -------------------------------- ---------- +1-191 IETF Consensus +192-240 Reserved for Privated Use +224-240 Implementation Specific +241-255 Reserved + +Registry: +Value Description Reference +-------- --------------------------------------- --------- +1 User-Name +2 User-Password +3 CHAP-Password +4 NAS-IP-Address +5 NAS-Port +6 Service-Type +7 Framed-Protocol +8 Framed-IP-Address +9 Framed-IP-Netmask +10 Framed-Routing +11 Filter-Id +12 Framed-MTU +13 Framed-Compression +14 Login-IP-Host +15 Login-Service +16 Login-TCP-Port +17 Unassigned +18 Reply-Message +19 Callback-Number +20 Callback-Id +21 Unassigned +22 Framed-Route +23 Framed-IPX-Network +24 State +25 Class +26 Vendor-Specific +27 Session-Timeout +28 Idle-Timeout +29 Termination-Action +30 Called-Station-Id +31 Calling-Station-Id +32 NAS-Identifier +33 Proxy-State +34 Login-LAT-Service +35 Login-LAT-Node +36 Login-LAT-Group +37 Framed-AppleTalk-Link +38 Framed-AppleTalk-Network +39 Framed-AppleTalk-Zone +40 Acct-Status-Type [RFC2866] +41 Acct-Delay-Time [RFC2866] +42 Acct-Input-Octets [RFC2866] +43 Acct-Output-Octets [RFC2866] +44 Acct-Session-Id [RFC2866] +45 Acct-Authentic [RFC2866] +46 Acct-Session-Time [RFC2866] +47 Acct-Input-Packets [RFC2866] +48 Acct-Output-Packets [RFC2866] +49 Acct-Terminate-Cause [RFC2866] +50 Acct-Multi-Session-Id [RFC2866] +51 Acct-Link-Count [RFC2866] +52 Acct-Input-Gigawords [RFC2869] +53 Acct-Output-Gigawords [RFC2869] +54 Unassigned +55 Event-Timestamp [RFC2869] +56 Egress-VLANID [RFC4675] +57 Ingress-Filters [RFC4675] +58 Egress-VLAN-Name [RFC4675] +59 User-Priority-Table [RFC4675] +60 CHAP-Challenge +61 NAS-Port-Type +62 Port-Limit +63 Login-LAT-Port +64 Tunnel-Type [RFC2868] +65 Tunnel-Medium-Type [RFC2868] +66 Tunnel-Client-Endpoint [RFC2868] +67 Tunnel-Server-Endpoint [RFC2868] +68 Acct-Tunnel-Connection [RFC2867] +69 Tunnel-Password [RFC2868] +70 ARAP-Password [RFC2869] +71 ARAP-Features [RFC2869] +72 ARAP-Zone-Access [RFC2869] +73 ARAP-Security [RFC2869] +74 ARAP-Security-Data [RFC2869] +75 Password-Retry [RFC2869] +76 Prompt [RFC2869] +77 Connect-Info [RFC2869] +78 Configuration-Token [RFC2869] +79 EAP-Message [RFC2869] +80 Message-Authenticator [RFC2869] +81 Tunnel-Private-Group-ID [RFC2868] +82 Tunnel-Assignment-ID [RFC2868] +83 Tunnel-Preference [RFC2868] +84 ARAP-Challenge-Response [RFC2869] +85 Acct-Interim-Interval [RFC2869] +86 Acct-Tunnel-Packets-Lost [RFC2867] +87 NAS-Port-Id [RFC2869] +88 Framed-Pool [RFC2869] +89 CUI [RFC4372] +90 Tunnel-Client-Auth-ID [RFC2868] +91 Tunnel-Server-Auth-ID [RFC2868] +92 NAS-Filter-Rule [RFC4849] +93 Unassigned +94 Originating-Line-Info [RFC4005] +95 NAS-IPv6-Address [RFC3162] +96 Framed-Interface-Id [RFC3162] +97 Framed-IPv6-Prefix [RFC3162] +98 Login-IPv6-Host [RFC3162] +99 Framed-IPv6-Route [RFC3162] +100 Framed-IPv6-Pool [RFC3162] +101 Error-Cause Attribute [RFC3576] +102 EAP-Key-Name [RFC4072] +103 Digest-Response [RFC5090] +104 Digest-Realm [RFC5090] +105 Digest-Nonce [RFC5090] +106 Digest-Response-Auth [RFC5090] +107 Digest-Nextnonce [RFC5090] +108 Digest-Method [RFC5090] +109 Digest-URI [RFC5090] +110 Digest-Qop [RFC5090] +111 Digest-Algorithm [RFC5090] +112 Digest-Entity-Body-Hash [RFC5090] +113 Digest-CNonce [RFC5090] +114 Digest-Nonce-Count [RFC5090] +115 Digest-Username [RFC5090] +116 Digest-Opaque [RFC5090] +117 Digest-Auth-Param [RFC5090] +118 Digest-AKA-Auts [RFC5090] +119 Digest-Domain [RFC5090] +120 Digest-Stale [RFC5090] +121 Digest-HA1 [RFC5090] +122 SIP-AOR [RFC5090] +123 Delegated-IPv6-Prefix [RFC4818] +124 MIP6-Feature-Vector [RFC5447] +125 MIP6-Home-Link-Prefix [RFC5447] +126-191 Unassigned +192-223 Experimental Use [RFC3575] +224-240 Implementation Specific [RFC3575] +241-255 Reserved [RFC3575] + + +Registry Name: Radius Attribute Values +Reference: [RFC2865][RFC3575] + +Sub-registry: Values for RADIUS Attribute 6, Service-Type +Reference: [RFC2865][RFC3575] +Registration Procedures: Not defined + +Registry: +Value Description Reference +----- ------------------------------- --------- +1 Login +2 Framed +3 Callback Login +4 Callback Framed +5 Outbound +6 Administrative +7 NAS Prompt +8 Authenticate Only +9 Callback NAS Prompt +10 Call Check +11 Callback Administrative +12 Voice [Chiba] +13 Fax [Chiba] +14 Modem Relay [Chiba] +15 IAPP-Register [IEEE 802.11f][Kerry] +16 IAPP-AP-Check [IEEE 802.11f][Kerry] +17 Authorize Only [RFC3576] + +Sub-registry: Values for RADIUS Attribute 7, Framed-Protocol +Reference: [RFC2865] +Registration Procedures: Not defined + +Registry: +Value Description Reference +----- -------------------------------------------------- --------- +1 PPP +2 SLIP +3 AppleTalk Remote Access Protocol (ARAP) +4 Gandalf proprietary SingleLink/MultiLink protocol +5 Xylogics proprietary IPX/SLIP +6 X.75 Synchronous +7 GPRS PDP Context [Moore] + + +Sub-registry: Values for RADIUS Attribute 10, Framed-Routing +Reference: [RFC2865] +Registration Procedures: Not defined + +Registry: +Value Description Reference +----- ------------------------------------- --------- +0 None +1 Send routing packets +2 Listen for routing packets +3 Send and Listen + +Sub-registry: Values for RADIUS Attribute 13, Framed-Compression +Reference: [RFC2865] +Registration Procedures: Not defined + +Registry: +Value Description Reference +----- ----------------------------------------- --------- +0 None +1 VJ TCP/IP header compression +2 IPX header compression +3 Stac-LZS compression + +Sub-registry: Values for RADIUS Attribute 15, Login-Service +Reference: [RFC2865] +Registration Procedures: Not defined + +Registry: +Value Description Reference +----- ------------------------------------------------------------- --------- +0 Telnet +1 Rlogin +2 TCP Clear +3 PortMaster (proprietary) +4 LAT +5 X25-PAD +6 X25-T3POS +7 Unassigned +8 TCP Clear Quiet (suppresses any NAS-generated connect string) + + +Sub-registry: Values for RADIUS Attribute 29, Termination-Action +Reference: [RFC2865] +Registration Procedures: Not defined + +Registry: +Value Description Reference +----- ------------------------------------- --------- +0 Default +1 RADIUS-Request + +Sub-registry: Values for RADIUS Attribute 40, Acct-Status-Type +Reference: [RFC2866] +Registration Procedures: Not defined + +Registry: +Value Description Reference +----- ------------------------------------- --------- +1 Start [RFC2866] +2 Stop [RFC2866] +3 Interim-Update [RFC2866] +4-6 Unassigned +7 Accounting-On [RFC2866] +8 Accounting-Off [RFC2866] +9 Tunnel-Start [RFC2867] +10 Tunnel-Stop [RFC2867] +11 Tunnel-Reject [RFC2867] +12 Tunnel-Link-Start [RFC2867] +13 Tunnel-Link-Stop [RFC2867] +14 Tunnel-Link-Reject [RFC2867] +15 Failed [RFC2866] + +Sub-registry: Values for RADIUS Attribute 45, Acct-Authentic +Reference: [RFC2866] +Registration Procedures: Not defined + +Registry: +Value Description Reference +----- ------------------------------------- --------- +1 RADIUS [RFC2866] +2 Local [RFC2866] +3 Remote [RFC2866] +4 Diameter [Calhoun] + +Sub-registry: Values for RADIUS Attribute 49, Acct-Terminate-Cause +Reference: [RFC2866] +Registration Procedures: Not defined + +Registry: +Value Description Reference +----- ----------------------------------------- --------- +1 User Request [RFC2866] +2 Lost Carrier [RFC2866] +3 Lost Service [RFC2866] +4 Idle Timeout [RFC2866] +5 Session Timeout [RFC2866] +6 Admin Reset [RFC2866] +7 Admin Reboot [RFC2866] +8 Port Error [RFC2866] +9 NAS Error [RFC2866] +10 NAS Request [RFC2866] +11 NAS Reboot [RFC2866] +12 Port Unneeded [RFC2866] +13 Port Preempted [RFC2866] +14 Port Suspended [RFC2866] +15 Service Unavailable [RFC2866] +16 Callback [RFC2866] +17 User Error [RFC2866] +18 Host Request [RFC2866] +19 Supplicant Restart [RFC3580] +20 Reauthentication Failure [RFC3580] +21 Port Reinitialized [RFC3580] +22 Port Administratively Disabled [RFC3580] + +Sub-registry: Values for RADIUS Attribute 61, NAS-Port-Type +Reference: [RFC2865] +Registration Procedures: Not defined + +Registry: +Value Description Reference Registration Date +----- ------------------------------------------------------------------ --------------------- ----------------- +0 Async [RFC2865] +1 Sync [RFC2865] +2 ISDN Sync [RFC2865] +3 ISDN Async V.120 [RFC2865] +4 ISDN Async V.110 [RFC2865] +5 Virtual [RFC2865] +6 PIAFS [RFC2865] +7 HDLC Clear Channel [RFC2865] +8 X.25 [RFC2865] +9 X.75 [RFC2865] +10 G.3 Fax [RFC2865] +11 SDSL - Symmetric DSL [RFC2865] +12 ADSL-CAP - Asymmetric DSL, Carrierless Amplitude Phase Modulation [RFC2865] +13 ADSL-DMT - Asymmetric DSL, Discrete Multi-Tone [RFC2865] +14 IDSL - ISDN Digital Subscriber Line [RFC2865] +15 Ethernet [RFC2865] +16 xDSL - Digital Subscriber Line of unknown type [RFC2865] +17 Cable [RFC2865] +18 Wireless - Other [RFC2865] +19 Wireless - IEEE 802.11 [RFC2865] +20 Token-Ring [RFC3580] +21 FDDI [RFC3580] +22 Wireless - CDMA2000 [McCann] +23 Wireless - UMTS [McCann] +24 Wireless - 1X-EV [McCann] +25 IAPP [IEEE 802.11F][Kerry] +26 FTTP - Fiber to the Premises [Nyce] +27 Wireless - IEEE 802.16 [IEEE 802.16] 12 December 2006 +28 Wireless - IEEE 802.20 [IEEE 802.20] 12 December 2006 +29 Wireless - IEEE 802.22 [IEEE 802.22] 12 December 2006 +30 PPPoA - PPP over ATM [RFC4603] +31 PPPoEoA - PPP over Ethernet over ATM [RFC4603] +32 PPPoEoE - PPP over Ethernet over Ethernet [RFC4603] +33 PPPoEoVLAN - PPP over Ethernet over VLAN [RFC4603] +34 PPPoEoQinQ - PPP over Ethernet over IEEE 802.1QinQ [RFC4603] +35 xPON - Passive Optical Network [Hublet][Yan] 19 June 2007 + +Sub-registry: Values for RADIUS Attribute 64, Tunnel-Type +Reference: [RFC2868] +Registration Procedures: IETF Consensus + +Registry: +Value Description Reference +----- ------------------------------------------------------------ --------- +1 Point-to-Point Tunneling Protocol (PPTP) [RFC2868] +2 Layer Two Forwarding (L2F) [RFC2868] +3 Layer Two Tunneling Protocol (L2TP) [RFC2868] +4 Ascend Tunnel Management Protocol (ATMP) [RFC2868] +5 Virtual Tunneling Protocol (VTP) [RFC2868] +6 IP Authentication Header in the Tunnel-mode (AH) [RFC2868] +7 IP-in-IP Encapsulation (IP-IP) [RFC2868] +8 Minimal IP-in-IP Encapsulation (MIN-IP-IP) [RFC2868] +9 IP Encapsulating Security Payload in the Tunnel-mode (ESP) [RFC2868] +10 Generic Route Encapsulation (GRE) [RFC2868] +11 Bay Dial Virtual Services (DVS) [RFC2868] +12 IP-in-IP Tunneling [RFC2868] +13 Virtual LANs (VLAN) [RFC3580] + +Sub-registry: Values for RADIUS Attribute 65, Tunnel-Medium-Type +Reference: [RFC2868] +Registration Procedures: IETF Consensus + +Registry: +Value Description Reference +----- ---------------------------------------------------------------- --------- +1 IPv4 (IP version 4) [RFC2868] +2 IPv6 (IP version 6) [RFC2868] +3 NSAP [RFC2868] +4 HDLC (8-bit multidrop) [RFC2868] +5 BBN 1822 [RFC2868] +6 802 (includes all 802 media plus Ethernet "canonical format") [RFC2868] +7 E.163 (POTS) [RFC2868] +8 E.164 (SMDS, Frame Relay, ATM) [RFC2868] +9 F.69 (Telex) [RFC2868] +10 X.121 (X.25, Frame Relay) [RFC2868] +11 IPX [RFC2868] +12 Appletalk [RFC2868] +13 Decnet IV [RFC2868] +14 Banyan Vines [RFC2868] +15 E.164 with NSAP format subaddress [RFC2868] + +Sub-registry: Values for RADIUS Attribute 72, ARAP-Zone-Access +Reference: [RFC2869] +Registration Procedures: Not defined + +Registry: +Value Description Reference +----- ------------------------------------------------- --------- +1 Only allow access to default zone [RFC2869] +2 Use zone filter inclusively [RFC2869] +3 Not used [RFC2869] +4 Use zone filter exclusively [RFC2869] + +Sub-registry: Values for RADIUS Attribute 76, Prompt +Reference: [RFC2869] +Registration Procedures: Not defined + +Registry: +Value Description Reference +----- ------------------------------- --------- +0 No Echo [RFC2869] +1 Echo [RFC2869] + +Sub-registry: Values for RADIUS Attribute 101, Error-Cause Attribute +Reference: [RFC5176] +Registration Procedures: Not defined + +Registry: +Value Description Reference +----- ------------------------------------------------------ --------- +201 Residual Session Context Removed +202 Invalid EAP Packet (Ignored) +401 Unsupported Attribute +402 Missing Attribute +403 NAS Identification Mismatch +404 Invalid Request +405 Unsupported Service +406 Unsupported Extension +407 Invalid Attribute Value [RFC5176] +501 Administratively Prohibited +502 Request Not Routable (Proxy) +503 Session Context Not Found +504 Session Context Not Removable +505 Other Proxy Processing Error +506 Resources Unavailable +507 Request Initiated +508 Multiple Session Selection Unsupported [RFC5176] + + +Registry Name: RADIUS Packet Type Codes +Reference: [RFC3575] +Registration Procedures: IESG Approval + +Registry: +Decimal Message Reference +------- --------------------------------------- --------- +1 Access-Request [RFC2865] +2 Access-Accept [RFC2865] +3 Access-Reject [RFC2865] +4 Accounting-Request [RFC2865] +5 Accounting-Response [RFC2865] +6 Accounting-Status [RFC3575] + (now Interim Accounting) +7 Password-Request [RFC3575] +8 Password-Ack [RFC3575] +9 Password-Reject [RFC3575] +10 Accounting-Message [RFC3575] +11 Access-Challenge [RFC2865] +12 Status-Server (experimental) [RFC2865] +13 Status-Client (experimental) [RFC2865] +21 Resource-Free-Request [RFC3575] +22 Resource-Free-Response [RFC3575] +23 Resource-Query-Request [RFC3575] +24 Resource-Query-Response [RFC3575] +25 Alternate-Resource-Reclaim-Request [RFC3575] +26 NAS-Reboot-Request [RFC3575] +27 NAS-Reboot-Response [RFC3575] +28 Reserved +29 Next-Passcode [RFC3575] +30 New-Pin [RFC3575] +31 Terminate-Session [RFC3575] +32 Password-Expired [RFC3575] +33 Event-Request [RFC3575] +34 Event-Response [RFC3575] +40 Disconnect-Request [RFC3575][RFC5176] +41 Disconnect-ACK [RFC3575][RFC5176] +42 Disconnect-NAK [RFC3575][RFC5176] +43 CoA-Request [RFC3575][RFC5176] +44 CoA-ACK [RFC3575][RFC5176] +45 CoA-NAK [RFC3575][RFC5176] +50 IP-Address-Allocate [RFC3575] +51 IP-Address-Release [RFC3575] +52-249 Unassigned +250-253 Experimental Use [RFC3575] +254 Reserved [RFC3575] +255 Reserved [RFC3575] + + +References +-------------- +[IEEE 802.11F] + +[IEEE 802.16] + "IEEE Standard for Local and metropolitan area networks, + Part 16: Air Interface for Fixed and Mobile Broadband + Wireless Access Systems, Amendment2: Physical and Medium + Access Control Layers for Combined Fixed and Mobile + Operation in Licensed Bands", February 2006. + +[IEEE 802.20] + Mobile Broadband Wireless Access (MBWA), IEEE Standard, + Work in Progress. + +[IEEE 802.22] + Wireless Regional Area Networks (WRAN), IEEE Standard, + Work in Progress. + +[RFC2058] Rigney, C., A. Rubens, W. Simpson, and S. Willens, "Remote + Authentication Dial In User Service (RADIUS)", RFC 2058, + Livingston, Merit, Daydreamer, January 1997. + +[RFC2059] Rigney, C., "RADIUS Accounting", RFC 2059, Livingston, + November 1996. + +[RFC2865] Rigney, W., S. Willens, A. Rubens, and W. Simpson, + "Remote Authentication Dial In User Service (RADIUS)", + RFC 2865, June 2000. + +[RFC2866] Rigney, C., "RADIUS Accounting", RFC 2865, June 2000. + +[RFC2867] Zorn, G., B. Aboba, D. Mitton, "RADIUS Accounting + Modifications for Tunnel Protocol Support", RFC 2867, + June 2000. + +[RFC2868] Zorn, G., D. Leifer, A. Rubens, J. Shriver, M. Holdrege, + I. Goyret, "RADIUS Attributes for Tunnel Protocol Support", + RFC 2868, June 2000. + +[RFC2869] Rigney, C., W. Willats, P. Calhoun, "RADIUS Extensions", + RFC 2869, June 2000. + +[RFC3162] B. Aboba, G. Zorn, and D. Mitton, "RADIUS and IPv6", + RFC 3162, August 2001. + +[RFC3336] B. Thompson, T. Koren and B. Buffam, "PPP Over Asynchronous + Transfer Mode Adaptation Layer 2 (AAL2)", RFC 3336, + December 2002. + +[RFC3575] B. Aboba, "IANA Considerations for RADIUS (Remote Authentication + Dial In User Service)", RFC 3575, July 2003. + +[RFC3580] P. Congdon, B. Aboba, A. Smith, G. Zorn, and J. Roese, + "IEEE 802.1X RADIUS Usage Guidelines", RFC 3580, September 2003. + +[RFC4072] P. Eronen, Ed., T. Hiller, and G. Zorn, "Diameter Extensible + Authentication Protocol (EAP) Application", RFC 4072, August 2005. + +[RFC4372] F. Adrangi, A. Lior, J. Korhonen and J. Loughney, "Chargeable User + Identity", RFC 4372, January 2006. + +[RFC4603] G. Zorn, G. Weber and R. Foltak, "Additional Values for the NAS-Port-Type + Attribute", RFC 4603, July 2006. + +[RFC4590] B. Sterman, D. Sadolevsky, D. Schwartz, D. Williams and W. Beck, + "RADIUS Extension for Digest Authentication", RFC 4590, July 2006 + +[RFC4675] P. Congdon, M. Sanchez, B. Aboba, "RADIUS Attributes for + Virtual LAN and Priority Support", RFC 4675, September 2006. + +[RFC4818] J. Salowey, R. Droms, "RADIUS Delegated-IPv6-Prefix Attribute", + RFC 4818, April 2007. + +[RFC4849] P. Congdon, M. Sanchez, B. Aboba, "RADIUS Filter Rule Attribute", + RFC 4849, April 2007. + +[RFC5090] B. Sterman, D. Sadolevsky, D. Schwartz, D. Williams, W. Beck, + "RADIUS Extension for Digest Authentication", RFC 5090, + February 2008. + +[RFC5176] M. Chiba, G. Dommety, M. Eklund, D. Mitton, B. Aboba, "Dynamic + Authorization Extensions to Remote Authentication Dial In User + Service (RADIUS)", RFC 5176, January 2008. + +[RFC5447] J. Korhonen, Ed., J. Bournelle, H. Tschofenig, C. Perkins, K. + Chowdhury, "Diameter Mobile IPv6: Support for Network Access Server + to Diameter Server Interaction", RFC 5447, February 2009. + +People +------ +[Calhoun] Pat Calhoun, <pcalhoun&diameter.org>, May 2001. + +[Chiba] Murtaza Chiba, <mchiba&cisco.com>, June 2001. + +[Hublet] Christian Hublet, <Christian.Hublet&alcatel-lucent.be>, 21 June 2007. + +[Kerry] Stuart Kerry, stuart.kerry&philips.com>, January 2003. + +[McCann] Pete McCann, <mccap&lucent.com>, March 2002. + +[Moore] Jeff Moore, <jeff.moore&cisco.com>, February 2001. + +[Nyce] Tim Nyce, <tnyce&idts.org>, March 2004 + +[Trifunovic] Nenad Trifunovic, <Nenad.Trifunovic&mci.com>, October 1998. + +[Yan] Renxiang Yan, <Renxiang.Yan&alcatel-sbell.com.cn>, 19 June 2007. + +[]
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/extensions/radius_gw/rsc/radius-types-attrtypes Thu May 21 15:14:18 2009 +0900 @@ -0,0 +1,129 @@ +1 User-Name +2 User-Password +3 CHAP-Password +4 NAS-IP-Address +5 NAS-Port +6 Service-Type +7 Framed-Protocol +8 Framed-IP-Address +9 Framed-IP-Netmask +10 Framed-Routing +11 Filter-Id +12 Framed-MTU +13 Framed-Compression +14 Login-IP-Host +15 Login-Service +16 Login-TCP-Port +17 Unassigned +18 Reply-Message +19 Callback-Number +20 Callback-Id +21 Unassigned +22 Framed-Route +23 Framed-IPX-Network +24 State +25 Class +26 Vendor-Specific +27 Session-Timeout +28 Idle-Timeout +29 Termination-Action +30 Called-Station-Id +31 Calling-Station-Id +32 NAS-Identifier +33 Proxy-State +34 Login-LAT-Service +35 Login-LAT-Node +36 Login-LAT-Group +37 Framed-AppleTalk-Link +38 Framed-AppleTalk-Network +39 Framed-AppleTalk-Zone +40 Acct-Status-Type [RFC2866] +41 Acct-Delay-Time [RFC2866] +42 Acct-Input-Octets [RFC2866] +43 Acct-Output-Octets [RFC2866] +44 Acct-Session-Id [RFC2866] +45 Acct-Authentic [RFC2866] +46 Acct-Session-Time [RFC2866] +47 Acct-Input-Packets [RFC2866] +48 Acct-Output-Packets [RFC2866] +49 Acct-Terminate-Cause [RFC2866] +50 Acct-Multi-Session-Id [RFC2866] +51 Acct-Link-Count [RFC2866] +52 Acct-Input-Gigawords [RFC2869] +53 Acct-Output-Gigawords [RFC2869] +54 Unassigned +55 Event-Timestamp [RFC2869] +56 Egress-VLANID [RFC4675] +57 Ingress-Filters [RFC4675] +58 Egress-VLAN-Name [RFC4675] +59 User-Priority-Table [RFC4675] +60 CHAP-Challenge +61 NAS-Port-Type +62 Port-Limit +63 Login-LAT-Port +64 Tunnel-Type [RFC2868] +65 Tunnel-Medium-Type [RFC2868] +66 Tunnel-Client-Endpoint [RFC2868] +67 Tunnel-Server-Endpoint [RFC2868] +68 Acct-Tunnel-Connection [RFC2867] +69 Tunnel-Password [RFC2868] +70 ARAP-Password [RFC2869] +71 ARAP-Features [RFC2869] +72 ARAP-Zone-Access [RFC2869] +73 ARAP-Security [RFC2869] +74 ARAP-Security-Data [RFC2869] +75 Password-Retry [RFC2869] +76 Prompt [RFC2869] +77 Connect-Info [RFC2869] +78 Configuration-Token [RFC2869] +79 EAP-Message [RFC2869] +80 Message-Authenticator [RFC2869] +81 Tunnel-Private-Group-ID [RFC2868] +82 Tunnel-Assignment-ID [RFC2868] +83 Tunnel-Preference [RFC2868] +84 ARAP-Challenge-Response [RFC2869] +85 Acct-Interim-Interval [RFC2869] +86 Acct-Tunnel-Packets-Lost [RFC2867] +87 NAS-Port-Id [RFC2869] +88 Framed-Pool [RFC2869] +89 CUI [RFC4372] +90 Tunnel-Client-Auth-ID [RFC2868] +91 Tunnel-Server-Auth-ID [RFC2868] +92 NAS-Filter-Rule [RFC4849] +93 Unassigned +94 Originating-Line-Info [RFC4005] +95 NAS-IPv6-Address [RFC3162] +96 Framed-Interface-Id [RFC3162] +97 Framed-IPv6-Prefix [RFC3162] +98 Login-IPv6-Host [RFC3162] +99 Framed-IPv6-Route [RFC3162] +100 Framed-IPv6-Pool [RFC3162] +101 Error-Cause Attribute [RFC3576] +102 EAP-Key-Name [RFC4072] +103 Digest-Response [RFC5090] +104 Digest-Realm [RFC5090] +105 Digest-Nonce [RFC5090] +106 Digest-Response-Auth [RFC5090] +107 Digest-Nextnonce [RFC5090] +108 Digest-Method [RFC5090] +109 Digest-URI [RFC5090] +110 Digest-Qop [RFC5090] +111 Digest-Algorithm [RFC5090] +112 Digest-Entity-Body-Hash [RFC5090] +113 Digest-CNonce [RFC5090] +114 Digest-Nonce-Count [RFC5090] +115 Digest-Username [RFC5090] +116 Digest-Opaque [RFC5090] +117 Digest-Auth-Param [RFC5090] +118 Digest-AKA-Auts [RFC5090] +119 Digest-Domain [RFC5090] +120 Digest-Stale [RFC5090] +121 Digest-HA1 [RFC5090] +122 SIP-AOR [RFC5090] +123 Delegated-IPv6-Prefix [RFC4818] +124 MIP6-Feature-Vector [RFC5447] +125 MIP6-Home-Link-Prefix [RFC5447] +126-191 Unassigned +192-223 Experimental Use [RFC3575] +224-240 Implementation Specific [RFC3575] +241-255 Reserved [RFC3575]
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/extensions/radius_gw/rsc/radius-types-codes Thu May 21 15:14:18 2009 +0900 @@ -0,0 +1,39 @@ +1 Access-Request [RFC2865] +2 Access-Accept [RFC2865] +3 Access-Reject [RFC2865] +4 Accounting-Request [RFC2865] +5 Accounting-Response [RFC2865] +6 Accounting-Status [RFC3575] +7 Password-Request [RFC3575] +8 Password-Ack [RFC3575] +9 Password-Reject [RFC3575] +10 Accounting-Message [RFC3575] +11 Access-Challenge [RFC2865] +12 Status-Server (experimental) [RFC2865] +13 Status-Client (experimental) [RFC2865] +21 Resource-Free-Request [RFC3575] +22 Resource-Free-Response [RFC3575] +23 Resource-Query-Request [RFC3575] +24 Resource-Query-Response [RFC3575] +25 Alternate-Resource-Reclaim-Request [RFC3575] +26 NAS-Reboot-Request [RFC3575] +27 NAS-Reboot-Response [RFC3575] +28 Reserved +29 Next-Passcode [RFC3575] +30 New-Pin [RFC3575] +31 Terminate-Session [RFC3575] +32 Password-Expired [RFC3575] +33 Event-Request [RFC3575] +34 Event-Response [RFC3575] +40 Disconnect-Request [RFC3575][RFC5176] +41 Disconnect-ACK [RFC3575][RFC5176] +42 Disconnect-NAK [RFC3575][RFC5176] +43 CoA-Request [RFC3575][RFC5176] +44 CoA-ACK [RFC3575][RFC5176] +45 CoA-NAK [RFC3575][RFC5176] +50 IP-Address-Allocate [RFC3575] +51 IP-Address-Release [RFC3575] +52-249 Unassigned +250-253 Experimental Use [RFC3575] +254 Reserved [RFC3575] +255 Reserved [RFC3575]
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/extensions/radius_gw/rsc/rebuild_inc.sh Thu May 21 15:14:18 2009 +0900 @@ -0,0 +1,33 @@ +#/bin/bash + +# This script rebuilds the files rg_utils_*.inc. +# It should be called when the radius-types file is updated with: +# wget http://www.iana.org/assignments/radius-types + +if [ ! -f radius-types ]; +then echo "Missing file radius-types, please get a fresh copy first."; +exit 2; +fi + +if [ -f rg_utils_codes.inc ]; +then mv -f rg_utils_codes.inc rg_utils_codes.inc.bak; +fi + +if [ -f rg_utils_attrtype.inc ]; +then mv -f rg_utils_attrtype.inc rg_utils_attrtype.inc.bak; +fi + +echo "Rebuilding rg_utils_codes.inc..." + +# Not too sure how to rebuid radius-types-codes from radius-types, skipping... +echo "WARNING: radius-types-codes has not been rebuilt" + +awk -f register-parse.awk radius-types-codes > rg_utils_codes.inc + +echo "Rebuilding rg_utils_attrtype.inc..." +echo "WARNING: radius-types-attrtypes has not been rebuilt" + +awk -f register-parse.awk radius-types-attrtypes > rg_utils_attrtype.inc + +echo "Finished." +
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/extensions/radius_gw/rsc/register-parse.awk Thu May 21 15:14:18 2009 +0900 @@ -0,0 +1,4 @@ + { print "\t\t/*", $0, "*/" } # Add commented line of input + { if ($1 ~ /^[0-9][0-9]?[0-9]?$/) print "\tif ( c == " $1 ") return \"" $2, $3, $4, $5 "\";" } + { if ($1 ~ /^([0-9][0-9]?[0-9]?)-([0-9][0-9]?[0-9]?)$/) { split($1, a, "-"); + print "\tif ((c >= " a[1] ") && (c <= " a[2] ")) return \"" $2, $3, $4, $5 "\";" }}