1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
|
/*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* the Free Software Foundation; either version 2 of the License, or (at
* your option) any later version. either
* version 2.1 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the Free Software
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
*/
#ifndef CLIENTS_H
#define CLIENTS_H
/*
* $Id$
*
* @file clients.h
* @brief Function declarations and structures to manage clients.
*
* @author Arran Cudbard-Bell <a.cudbardb@freeradius.org>
* @copyright 2015 The FreeRADIUS server project
*/
typedef struct radclient_list RADCLIENT_LIST;
/** Describes a host allowed to send packets to the server
*
*/
typedef struct radclient {
RADCLIENT_LIST *list; //!< parent list
fr_ipaddr_t ipaddr; //!< IPv4/IPv6 address of the host.
fr_ipaddr_t src_ipaddr; //!< IPv4/IPv6 address to send responses
//!< from (family must match ipaddr).
char const *longname; //!< Client identifier.
char const *shortname; //!< Client nickname.
char const *secret; //!< Secret PSK.
bool message_authenticator; //!< Require RADIUS message authenticator in requests.
char const *nas_type; //!< Type of client (arbitrary).
char const *login; //!< Username to use for simultaneous use checks.
char const *password; //!< Password to use for simultaneous use checks.
char const *server; //!< Virtual server client is associated with.
int number; //!< Unique client number.
CONF_SECTION *cs; //!< CONF_SECTION that was parsed to generate the client.
#ifdef WITH_STATS
fr_stats_t auth; //!< Authentication stats.
# ifdef WITH_ACCOUNTING
fr_stats_t acct; //!< Accounting stats.
# endif
# ifdef WITH_COA
fr_stats_t coa; //!< Change of Authorization stats.
fr_stats_t dsc; //!< Disconnect-Request stats.
# endif
#endif
struct timeval response_window; //!< How long the client has to respond.
int proto; //!< Protocol number.
#ifdef WITH_TCP
fr_socket_limit_t limit; //!< Connections per client (TCP clients only).
#endif
#ifdef WITH_TLS
bool tls_required; //!< whether TLS encryption is required.
#endif
#ifdef WITH_DYNAMIC_CLIENTS
uint32_t lifetime; //!< How long before the client is removed.
uint32_t dynamic; //!< Whether the client was dynamically defined.
time_t created; //!< When the client was created.
time_t last_new_client; //!< Used for relate limiting addition and deletion of
//!< dynamic clients.
char const *client_server; //!< Virtual server associated with this dynamic client.
//!< Only used where client specifies a network of potential
//!< clients.
bool rate_limit; //!< Where addition of clients should be rate limited.
fr_event_t *ev; //!< for deleting dynamic clients
#endif
#ifdef WITH_COA
char const *coa_name; //!< Name of the CoA home server or pool.
home_server_t *coa_home_server; //!< The CoA home_server_t the client is associated with.
//!< Must be used exclusively from coa_pool.
home_pool_t *coa_home_pool; //!< The CoA home_pool_t the client is associated with.
//!< Must be used exclusively from coa_server.
bool defines_coa_server; //!< Client also defines a home_server.
#endif
} RADCLIENT;
/** Callback for retrieving values when building client sections
*
* Example:
@code{.c}
int _client_value_cb(char **out, CONF_PAIR const *cp, void *data)
{
my_result *result = data;
char *value;
value = get_attribute_from_result(result, cf_pair_value(cp));
if (!value) {
*out = NULL;
return 0;
}
*out = talloc_strdup(value);
free_attribute(value);
if (!*out) return -1;
return 0;
}
@endcode
*
* @param[out] out Where to write a pointer to the talloced value buffer.
* @param[in] cp The value of the CONF_PAIR specifies the attribute name to retrieve from the result.
* @param[in] data Pointer to the result struct to copy values from.
* @return 0 on success -1 on failure.
*/
typedef int (*client_value_cb_t)(char **out, CONF_PAIR const *cp, void *data);
RADCLIENT_LIST *client_list_init(CONF_SECTION *cs);
void client_list_free(RADCLIENT_LIST *clients);
RADCLIENT_LIST *client_list_parse_section(CONF_SECTION *section, bool tls_required);
void client_free(RADCLIENT *client);
bool client_add(RADCLIENT_LIST *clients, RADCLIENT *client);
#ifdef WITH_DYNAMIC_CLIENTS
void client_delete(RADCLIENT_LIST *clients, RADCLIENT *client);
RADCLIENT *client_afrom_request(RADCLIENT_LIST *clients, REQUEST *request);
#endif
int client_map_section(CONF_SECTION *out, CONF_SECTION const *map, client_value_cb_t func, void *data);
RADCLIENT *client_afrom_cs(TALLOC_CTX *ctx, CONF_SECTION *cs, bool in_server, bool with_coa);
RADCLIENT *client_afrom_query(TALLOC_CTX *ctx, char const *identifier, char const *secret, char const *shortname,
char const *type, char const *server, bool require_ma)
CC_HINT(nonnull(2, 3));
RADCLIENT *client_find(RADCLIENT_LIST const *clients, fr_ipaddr_t const *ipaddr, int proto);
RADCLIENT *client_findbynumber(RADCLIENT_LIST const *clients, int number);
RADCLIENT *client_find_old(fr_ipaddr_t const *ipaddr);
bool client_add_dynamic(RADCLIENT_LIST *clients, RADCLIENT *master, RADCLIENT *c);
RADCLIENT *client_read(char const *filename, int in_server, int flag);
#endif /* CLIENTS_H */
|