diff options
Diffstat (limited to 'src/libcharon/plugins/eap_radius/radius_client.h')
| -rw-r--r-- | src/libcharon/plugins/eap_radius/radius_client.h | 88 |
1 files changed, 88 insertions, 0 deletions
diff --git a/src/libcharon/plugins/eap_radius/radius_client.h b/src/libcharon/plugins/eap_radius/radius_client.h new file mode 100644 index 000000000..77ba94807 --- /dev/null +++ b/src/libcharon/plugins/eap_radius/radius_client.h @@ -0,0 +1,88 @@ +/* + * Copyright (C) 2009 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup radius_client radius_client + * @{ @ingroup eap_radius + */ + +#ifndef RADIUS_CLIENT_H_ +#define RADIUS_CLIENT_H_ + +#include "radius_message.h" + +typedef struct radius_client_t radius_client_t; + +/** + * RADIUS client functionality. + * + * To communicate with a RADIUS server, create a client and send messages over + * it. All instances share a fixed size pool of sockets. The client reserves + * a socket during request() and releases it afterwards. + */ +struct radius_client_t { + + /** + * Send a RADIUS request and wait for the response. + * + * The client fills in RADIUS Message identifier, NAS-Identifier, + * NAS-Port-Type, builds a Request-Authenticator and calculates the + * Message-Authenticator attribute. + * The received response gets verified using the Response-Identifier + * and the Message-Authenticator attribute. + * + * @param msg RADIUS request message to send + * @return response, NULL if timed out/verification failed + */ + radius_message_t* (*request)(radius_client_t *this, radius_message_t *msg); + + /** + * Decrypt the MSK encoded in a messages MS-MPPE-Send/Recv-Key. + * + * @param response RADIUS response message containing attributes + * @param request associated RADIUS request message + * @return allocated MSK, empty chunk if none found + */ + chunk_t (*decrypt_msk)(radius_client_t *this, radius_message_t *response, + radius_message_t *request); + + /** + * Destroy the client, release the socket. + */ + void (*destroy)(radius_client_t *this); +}; + +/** + * Create a RADIUS client, acquire a socket. + * + * This call might block if the socket pool is empty. + * + * @return radius_client_t object + */ +radius_client_t *radius_client_create(); + +/** + * Initialize the socket pool. + * + * @return TRUE if initialization successful + */ +bool radius_client_init(); + +/** + * Cleanup the socket pool. + */ +void radius_client_cleanup(); + +#endif /** RADIUS_CLIENT_H_ @}*/ |