Mercurial > hg > waaad
changeset 350:c47a045fd4d6
Commit before the golden week
author | Sebastien Decugis <sdecugis@nict.go.jp> |
---|---|
date | Fri, 01 May 2009 18:29:27 +0900 |
parents | 087d76efb83d |
children | 932ed12e1821 |
files | doc/radius_gw.conf.sample extensions/radius_gw/notes.txt extensions/radius_gw/radius_gw.h extensions/radius_gw/radius_gw_internal.h |
diffstat | 4 files changed, 170 insertions(+), 20 deletions(-) [+] |
line wrap: on
line diff
--- a/doc/radius_gw.conf.sample Fri May 01 14:58:46 2009 +0900 +++ b/doc/radius_gw.conf.sample Fri May 01 18:29:27 2009 +0900 @@ -38,6 +38,7 @@ # Once the list of extensions for an incoming message has been called (or empty list), # if some of the attributes have not been handled, an error is loggued. + ################## # RADIUS Clients # ##################
--- a/extensions/radius_gw/notes.txt Fri May 01 14:58:46 2009 +0900 +++ b/extensions/radius_gw/notes.txt Fri May 01 18:29:27 2009 +0900 @@ -3,36 +3,30 @@ radius_gw: base code for the gateway. This extension alone does nothing but logging messages with unknown codes or attributes. -Other extensions register callbacks to handle messages / attributes. +Other extensions provide callbacks to handle messages / attributes. These sub-extensions are loaded according to the configuration of the main extension. -Several sub-extensions should not register for the same attribute / message. -Extensions are registered by RADIUS request codes. Examples of codes are: - 1: Access-Request - 4: Accounting-Request - -The complete list can be found there: http://www.iana.org/assignments/radius-types (RADIUS Packet Type Codes registry) +The complete list of RADIUS command codes can be found there: +http://www.iana.org/assignments/radius-types (RADIUS Packet Type Codes registry) *** Basic principles *** -When a RADIUS request is received (answers are discarded): - - parse and validate the request +When a RADIUS message is received (should be a request): + - parse and validate the message - format - authenticator - duplicate - - ... - - creates a structure as described in radius_gw.h to hold the RADIUS message information: - - data - - metadata: + - ... (?) + - creates a rad_t structure (radius_gw.h) containing the RADIUS message information: + - message data + - and metadata: - attribute description - already handled by an extension? (always initialized to 0) - - session object ?? - - Create a new empty Diameter message - - Pass the RADIUS parsed message, diameter message, and session to all registered extensions, - in the order specified in configuration + - Pass the RADIUS parsed message, and locations for a diameter message and session to all registered extensions, + in the order specified in configuration. - each extension may modify all its input (it must in particular set the "handled" flag to RADIUS attributes it converted to Diameter) - - The extension returns an error code. The error may mean: + - The extensions return error codes. The error may mean: - stop processing and return an immediate error to the RADIUS client (critical error). - (eventually for later) continue processing if a fallback extension is registered (not supported in initial version) - (eventually for later) An immediate RADIUS answer must be sent, without going to Diameter network. This can be used for example for @@ -42,7 +36,7 @@ not valid, an error is returned to the RADIUS client and all data is discarded (after logging all useful information) When the Diameter answer is received, the radius_gw retrieves the corresponding RADIUS request from - the session, then creates a matching empty Answer message. + the session, then a similar process happens (extensions are the same as for the request). - It calls all registered extensions with: - session pointer - RADIUS request
--- a/extensions/radius_gw/radius_gw.h Fri May 01 14:58:46 2009 +0900 +++ b/extensions/radius_gw/radius_gw.h Fri May 01 18:29:27 2009 +0900 @@ -42,7 +42,92 @@ /* This file extends definitions from the standard waaad API */ #include <waaad/waaad.h> -/* We use the same lists as the main daemon */ +/* This type is used for all lists in this extension */ +struct rgw_list { + struct rgw_list *next; + struct rgw_list *prev; + struct rgw_list *head; +}; + +/**************************************************************/ +/* RADIUS messages */ +/**************************************************************/ + +/* Note on design: the parsing of RADIUS message is not very efficient since we have to duplicate the memory of all + attributes, instead of pointing back to them in the original message. Anyway, it makes adding / removing attributes simpler. */ + +/* This type describes a RADIUS attribute */ +struct rad_attr { + /* Meta data */ + struct rgw_list chain; /* link this attribute in a message */ + int handled; /* Has this attribute already been converted to Diameter? */ + + /* Data */ + uint8_t type; + uint8_t length; + union { + uint8_t buf[253]; + struct { + uint32_t vendor_id; + union { + uint8_t string[249]; /* generic format */ + struct { + uint8_t vendor_type; + uint8_t vendor_length; + uint8_t vendor_value[247]; + } tlv; /* TLV format defined in rfc2865#section-5.26 */ + struct { + unsigned m :1; + unsigned tag :7; + uint8_t data[248]; + } radext; /* Extended attributes defined in draft-ietf-radext-extended-attributes-08 */ + }; + } vsa; /* vendor-specific attributes */ + } data; /* Always fits in 253 bytes */ +}; + + +/* The following type represents a complete RADIUS message (internal representation) with parsing information */ +typedef struct _rad_t { + /* Metadata */ + struct rgw_list attributes; /* The list of attributes */ + + /* Data */ + uint8_t code; + uint8_t identifier; + uint16_t length; /* always stored in host byte-order */ + uint8_t authenticator[16]; +} rad_t; + + +/**************************************************************/ +/* Extensions registration */ +/**************************************************************/ + +#define RADIUS_GW_API_VER 1 /* increment when making changes to radius_gw_api definition bellow */ +struct radius_gw_api { + void * (*rga_conf_parse_cb) ( char * conf_file ); /* configuration parser. Returns NULL on error only */ + void (*rga_conf_free_cb) (void * conf); /* Free an object returned by previous cb */ + + int (*rga_rad_req_cb) ( void * conf, sess_id_t ** session, rad_t ** rad_req, msg_t ** diam_fw ); /* handle an incoming RADIUS message */ + int (*rga_diam_ans_cb) ( void * conf, sess_id_t ** session, msg_t ** diam_and, rad_t ** rad_fw ); /* handle the corresponding Diameter answer */ +}; + +/* All extensions must provide the following entry point that is called when the extension is loaded. +Beware, the same extension may be loaded several times, and receive different configuration files. +No global data should be initialized during this function; instead it should be done during the rga_conf_parse_cb call, +and store in the memory pointed by "conf" that is passed in turn to all callbacks. */ +extern int rga_register(int version, struct radius_gw_api * api); + + + +/**************************************************************/ +/* Functions exported by the radius_gw extension */ +/**************************************************************/ + +/* List management */ + +/* and so on ... */
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/extensions/radius_gw/radius_gw_internal.h Fri May 01 18:29:27 2009 +0900 @@ -0,0 +1,70 @@ +/********************************************************************************************************* +* Software License Agreement (BSD License) * +* Author: Sebastien Decugis <sdecugis@nict.go.jp> * +* * +* Copyright (c) 2008, WIDE Project and NICT * +* All rights reserved. * +* * +* Redistribution and use of this software in source and binary forms, with or without modification, are * +* permitted provided that the following conditions are met: * +* * +* * Redistributions of source code must retain the above * +* copyright notice, this list of conditions and the * +* following disclaimer. * +* * +* * Redistributions in binary form must reproduce the above * +* copyright notice, this list of conditions and the * +* following disclaimer in the documentation and/or other * +* materials provided with the distribution. * +* * +* * Neither the name of the WIDE Project or NICT nor the * +* names of its contributors may be used to endorse or * +* promote products derived from this software without * +* specific prior written permission of WIDE Project and * +* NICT. * +* * +* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED * +* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A * +* PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR * +* ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT * +* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS * +* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR * +* TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF * +* ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * +*********************************************************************************************************/ +/* This file contains the definitions needed by the radius_gw extension alone, not exported to sub-extensions. */ + +#ifndef _RADIUS_GW_INTERNAL_H +#define _RADIUS_GW_INTERNAL_H + +/* include the general stuff */ +#include "radius_gw.h" + + +/* The content of this file is mainly used to declare interfaces + between lex/yacc files and the main extension file. */ + +int rgw_add_extension( /* file, conffile, port(s), code_array, code_len */ ); + +int rgw_add_client(/* ip, key, keylen */); + +struct rgw_serv { + unsigned disabled :1; + unsigned ipv4_disabled :1; + unsigned ipv6_disabled :1; + unsigned :13; /* padding */ + + uint16_t port; /* stored in network byte order */ + + struct sockaddr_in ipv4_endpoint; + struct sockaddr_in6 ipv6_endpoint; +}; + +struct { + struct rgw_serv auth_serv; + struct rgw_serv acct_serv; +} rgw_servers; + + +#endif /* _RADIUS_GW_INTERNAL_H */ +