Mercurial > hg > waaad

changeset 350:c47a045fd4d6

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Commit before the golden week
author Sebastien Decugis <sdecugis@nict.go.jp>
date Fri, 01 May 2009 18:29:27 +0900
parents 087d76efb83d
children 932ed12e1821
files doc/radius_gw.conf.sample extensions/radius_gw/notes.txt extensions/radius_gw/radius_gw.h extensions/radius_gw/radius_gw_internal.h
diffstat 4 files changed, 170 insertions(+), 20 deletions(-) [+]
line wrap: on
line diff
--- a/doc/radius_gw.conf.sample	Fri May 01 14:58:46 2009 +0900
+++ b/doc/radius_gw.conf.sample	Fri May 01 18:29:27 2009 +0900
@@ -38,6 +38,7 @@
 # Once the list of extensions for an incoming message has been called (or empty list), 
 # if some of the attributes have not been handled, an error is loggued.
 
+
 ##################
 # RADIUS Clients #
 ##################
--- a/extensions/radius_gw/notes.txt	Fri May 01 14:58:46 2009 +0900
+++ b/extensions/radius_gw/notes.txt	Fri May 01 18:29:27 2009 +0900
@@ -3,36 +3,30 @@
 radius_gw: base code for the gateway. 
 This extension alone does nothing but logging messages with unknown codes or attributes.
 
-Other extensions register callbacks to handle messages / attributes.
+Other extensions provide callbacks to handle messages / attributes.
 These sub-extensions are loaded according to the configuration of the main extension.
-Several sub-extensions should not register for the same attribute / message.
 
-Extensions are registered by RADIUS request codes. Examples of codes are:
- 1: Access-Request
- 4: Accounting-Request
- 
-The complete list can be found there: http://www.iana.org/assignments/radius-types (RADIUS Packet Type Codes registry)
+The complete list of RADIUS command codes can be found there: 
+http://www.iana.org/assignments/radius-types (RADIUS Packet Type Codes registry)
 
 *** Basic principles ***
 
-When a RADIUS request is received (answers are discarded):
- - parse and validate the request
+When a RADIUS message is received (should be a request):
+ - parse and validate the message
    - format
    - authenticator
    - duplicate
-   - ...
-   - creates a structure as described in radius_gw.h to hold the RADIUS message information:
-     - data
-     - metadata:
+   - ... (?)
+   - creates a rad_t structure (radius_gw.h) containing the RADIUS message information:
+     - message data
+     - and metadata:
        - attribute description
        - already handled by an extension? (always initialized to 0)
- - session object ??
- - Create a new empty Diameter message
- - Pass the RADIUS parsed message, diameter message, and session to all registered extensions, 
-     in the order specified in configuration
+ - Pass the RADIUS parsed message, and locations for a diameter message and session to all registered extensions, 
+     in the order specified in configuration.
    - each extension may modify all its input (it must in particular set the "handled" flag to RADIUS attributes it
       converted to Diameter)
-   - The extension returns an error code. The error may mean:
+   - The extensions return error codes. The error may mean:
      - stop processing and return an immediate error to the RADIUS client (critical error).
      - (eventually for later) continue processing if a fallback extension is registered (not supported in initial version)
      - (eventually for later) An immediate RADIUS answer must be sent, without going to Diameter network. This can be used for example for 
@@ -42,7 +36,7 @@
    not valid, an error is returned to the RADIUS client and all data is discarded (after logging all useful information)
    
 When the Diameter answer is received, the radius_gw retrieves the corresponding RADIUS request from
-    the session, then creates a matching empty Answer message. 
+    the session, then a similar process happens (extensions are the same as for the request). 
  - It calls all registered extensions with:
    - session pointer
    - RADIUS request
--- a/extensions/radius_gw/radius_gw.h	Fri May 01 14:58:46 2009 +0900
+++ b/extensions/radius_gw/radius_gw.h	Fri May 01 18:29:27 2009 +0900
@@ -42,7 +42,92 @@
 /* This file extends definitions from the standard waaad API */
 #include <waaad/waaad.h>
 
-/* We use the same lists as the main daemon */
+/* This type is used for all lists in this extension */
+struct rgw_list {
+	struct rgw_list *next;
+	struct rgw_list *prev;
+	struct rgw_list *head;
+};
+
+/**************************************************************/
+/*                  RADIUS messages                           */
+/**************************************************************/
+
+/* Note on design: the parsing of RADIUS message is not very efficient since we have to duplicate the memory of all
+ attributes, instead of pointing back to them in the original message. Anyway, it makes adding / removing attributes simpler. */
+
+/* This type describes a RADIUS attribute */
+struct rad_attr {
+	/* Meta data */
+	struct rgw_list	chain;	/* link this attribute in a message */
+	int		handled; /* Has this attribute already been converted to Diameter? */
+	
+	/* Data */
+	uint8_t		type;
+	uint8_t		length;
+	union 	{
+		uint8_t	buf[253];
+		struct {
+			uint32_t	vendor_id;
+			union {
+				uint8_t	string[249];			/* generic format */
+				struct {
+					uint8_t	vendor_type;
+					uint8_t	vendor_length;
+					uint8_t vendor_value[247];
+				} 	tlv;				/* TLV format defined in rfc2865#section-5.26 */
+				struct {
+					unsigned	m 	:1;
+					unsigned	tag	:7;
+					uint8_t		data[248];
+				} radext;				/* Extended attributes defined in draft-ietf-radext-extended-attributes-08 */
+			};
+		} 	vsa; /* vendor-specific attributes */
+	}		data; /* Always fits in 253 bytes */
+};
+	
+
+/* The following type represents a complete RADIUS message (internal representation) with parsing information */
+typedef struct _rad_t {
+	/* Metadata */
+	struct rgw_list	attributes;	/* The list of attributes */
+		
+	/* Data */
+	uint8_t		code;
+	uint8_t		identifier;
+	uint16_t	length;		/* always stored in host byte-order */
+	uint8_t		authenticator[16];
+} rad_t;
+
+
+/**************************************************************/
+/*                  Extensions registration                   */
+/**************************************************************/
+
+#define RADIUS_GW_API_VER	1 /* increment when making changes to radius_gw_api definition bellow */
+struct radius_gw_api {
+	void *  (*rga_conf_parse_cb) ( char * conf_file );	/* configuration parser. Returns NULL on error only */
+	void	(*rga_conf_free_cb) (void * conf); 		/* Free an object returned by previous cb */
+	
+	int	(*rga_rad_req_cb) ( void * conf, sess_id_t ** session, rad_t ** rad_req, msg_t ** diam_fw ); /* handle an incoming RADIUS message */
+	int	(*rga_diam_ans_cb) ( void * conf, sess_id_t ** session, msg_t ** diam_and, rad_t ** rad_fw ); /* handle the corresponding Diameter answer */
+};
+
+/* All extensions must provide the following entry point that is called when the extension is loaded.
+Beware, the same extension may be loaded several times, and receive different configuration files. 
+No global data should be initialized during this function; instead it should be done during the rga_conf_parse_cb call,
+and store in the memory pointed by "conf" that is passed in turn to all callbacks. */
+extern int rga_register(int version, struct radius_gw_api * api);
+
+
+
+/**************************************************************/
+/*      Functions exported by the radius_gw extension         */
+/**************************************************************/
+
+/* List management */
+
+/* and so on ... */
 
 
 
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/extensions/radius_gw/radius_gw_internal.h	Fri May 01 18:29:27 2009 +0900
@@ -0,0 +1,70 @@
+/*********************************************************************************************************
+* Software License Agreement (BSD License)                                                               *
+* Author: Sebastien Decugis <sdecugis@nict.go.jp>							 *
+*													 *
+* Copyright (c) 2008, WIDE Project and NICT								 *
+* All rights reserved.											 *
+* 													 *
+* Redistribution and use of this software in source and binary forms, with or without modification, are  *
+* permitted provided that the following conditions are met:						 *
+* 													 *
+* * Redistributions of source code must retain the above 						 *
+*   copyright notice, this list of conditions and the 							 *
+*   following disclaimer.										 *
+*    													 *
+* * Redistributions in binary form must reproduce the above 						 *
+*   copyright notice, this list of conditions and the 							 *
+*   following disclaimer in the documentation and/or other						 *
+*   materials provided with the distribution.								 *
+* 													 *
+* * Neither the name of the WIDE Project or NICT nor the 						 *
+*   names of its contributors may be used to endorse or 						 *
+*   promote products derived from this software without 						 *
+*   specific prior written permission of WIDE Project and 						 *
+*   NICT.												 *
+* 													 *
+* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED *
+* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A *
+* PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR *
+* ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 	 *
+* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 	 *
+* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR *
+* TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF   *
+* ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.								 *
+*********************************************************************************************************/
+/* This file contains the definitions needed by the radius_gw extension alone, not exported to sub-extensions. */
+  
+#ifndef _RADIUS_GW_INTERNAL_H
+#define _RADIUS_GW_INTERNAL_H
+
+/* include the general stuff */
+#include "radius_gw.h"
+
+
+/* The content of this file is mainly used to declare interfaces 
+    between lex/yacc files and the main extension file. */
+
+int rgw_add_extension( /* file, conffile, port(s), code_array, code_len */ );
+
+int rgw_add_client(/* ip, key, keylen */);
+
+struct rgw_serv {
+	unsigned	disabled	:1;
+	unsigned	ipv4_disabled	:1;
+	unsigned	ipv6_disabled	:1;
+	unsigned	:13; /* padding */
+	
+	uint16_t	port;	/* stored in network byte order */
+	
+	struct sockaddr_in	ipv4_endpoint;
+	struct sockaddr_in6	ipv6_endpoint;
+};
+
+struct {
+	struct rgw_serv	auth_serv;
+	struct rgw_serv	acct_serv;
+} rgw_servers;
+
+
+#endif /* _RADIUS_GW_INTERNAL_H */
+
"Welcome to our mercurial repository"