1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
|
/*
* Copyright (C) 2009 Martin Willi
* Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
* Free Software Foundation; either version 2 of the License, or (at your
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*/
/**
* @defgroup radius_client radius_client
* @{ @ingroup eap_radius
*/
#ifndef RADIUS_CLIENT_H_
#define RADIUS_CLIENT_H_
#include "radius_message.h"
typedef struct radius_client_t radius_client_t;
/**
* RADIUS client functionality.
*
* To communicate with a RADIUS server, create a client and send messages over
* it. All instances share a fixed size pool of sockets. The client reserves
* a socket during request() and releases it afterwards.
*/
struct radius_client_t {
/**
* Send a RADIUS request and wait for the response.
*
* The client fills in RADIUS Message identifier, NAS-Identifier,
* NAS-Port-Type, builds a Request-Authenticator and calculates the
* Message-Authenticator attribute.
* The received response gets verified using the Response-Identifier
* and the Message-Authenticator attribute.
*
* @param msg RADIUS request message to send
* @return response, NULL if timed out/verification failed
*/
radius_message_t* (*request)(radius_client_t *this, radius_message_t *msg);
/**
* Decrypt the MSK encoded in a messages MS-MPPE-Send/Recv-Key.
*
* @param response RADIUS response message containing attributes
* @param request associated RADIUS request message
* @return allocated MSK, empty chunk if none found
*/
chunk_t (*decrypt_msk)(radius_client_t *this, radius_message_t *response,
radius_message_t *request);
/**
* Destroy the client, release the socket.
*/
void (*destroy)(radius_client_t *this);
};
/**
* Create a RADIUS client, acquire a socket.
*
* This call might block if the socket pool is empty.
*
* @return radius_client_t object
*/
radius_client_t *radius_client_create();
/**
* Initialize the socket pool.
*
* @return TRUE if initialization successful
*/
bool radius_client_init();
/**
* Cleanup the socket pool.
*/
void radius_client_cleanup();
#endif /** RADIUS_CLIENT_H_ @}*/
|
