You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
243 lines
6.6 KiB
243 lines
6.6 KiB
///////////////////////////////////////////////////////////////////////////////
|
|
//
|
|
// Copyright (c) Microsoft Corp. All rights reserved.
|
|
//
|
|
// FILE
|
|
//
|
|
// radpack.h
|
|
//
|
|
// SYNOPSIS
|
|
//
|
|
// Declares functions for packing and unpacking RADIUS packets.
|
|
//
|
|
// MODIFICATION HISTORY
|
|
//
|
|
// 02/01/2000 Original version.
|
|
//
|
|
///////////////////////////////////////////////////////////////////////////////
|
|
|
|
#ifndef RADPACK_H
|
|
#define RADPACK_H
|
|
#if _MSC_VER >= 1000
|
|
#pragma once
|
|
#endif
|
|
|
|
#ifndef RADIUS_ATTRIBUTE_DEFINED
|
|
#define RADIUS_ATTRIBUTE_DEFINED
|
|
|
|
struct RadiusAttribute
|
|
{
|
|
BYTE type;
|
|
BYTE length;
|
|
BYTE* value;
|
|
};
|
|
|
|
#endif // !RADIUS_ATTRIBUTE_DEFINED
|
|
|
|
enum RadiusPacketCode
|
|
{
|
|
RADIUS_ACCESS_REQUEST = 1,
|
|
RADIUS_ACCESS_ACCEPT = 2,
|
|
RADIUS_ACCESS_REJECT = 3,
|
|
RADIUS_ACCOUNTING_REQUEST = 4,
|
|
RADIUS_ACCOUNTING_RESPONSE = 5,
|
|
RADIUS_ACCESS_CHALLENGE = 11
|
|
};
|
|
|
|
enum RadiusAttributeType
|
|
{
|
|
RADIUS_USER_NAME = 1,
|
|
RADIUS_USER_PASSWORD = 2,
|
|
RADIUS_CHAP_PASSWORD = 3,
|
|
RADIUS_NAS_IP_ADDRESS = 4,
|
|
RADIUS_NAS_PORT = 5,
|
|
RADIUS_SERVICE_TYPE = 6,
|
|
RADIUS_FRAMED_PROTOCOL = 7,
|
|
RADIUS_FRAMED_IP_ADDRESS = 8,
|
|
RADIUS_FRAMED_IP_NETMASK = 9,
|
|
RADIUS_FRAMED_ROUTING = 10,
|
|
RADIUS_FILTER_ID = 11,
|
|
RADIUS_FRAMED_MTU = 12,
|
|
RADIUS_FRAMED_COMPRESSION = 13,
|
|
RADIUS_LOGIN_IP_HOST = 14,
|
|
RADIUS_LOGIN_SERVICE = 15,
|
|
RADIUS_LOGIN_TCP_PORT = 16,
|
|
RADIUS_UNASSIGNED = 17,
|
|
RADIUS_REPLY_MESSAGE = 18,
|
|
RADIUS_CALLBACK_NUMBER = 19,
|
|
RADIUS_CALLBACK_ID = 20,
|
|
RADIUS_UNASSIGNED2 = 21,
|
|
RADIUS_FRAMED_ROUTE = 22,
|
|
RADIUS_FRAMED_IPX_NETWORK = 23,
|
|
RADIUS_STATE = 24,
|
|
RADIUS_CLASS = 25,
|
|
RADIUS_VENDOR_SPECIFIC = 26,
|
|
RADIUS_SESSION_TIMEOUT = 27,
|
|
RADIUS_IDLE_TIMEOUT = 28,
|
|
RADIUS_TERMINATION_ACTION = 29,
|
|
RADIUS_CALLED_STATION_ID = 30,
|
|
RADIUS_CALLING_STATION_ID = 31,
|
|
RADIUS_NAS_IDENTIFIER = 32,
|
|
RADIUS_PROXY_STATE = 33,
|
|
RADIUS_LOGIN_LAT_SERVICE = 34,
|
|
RADIUS_LOGIN_LAT_NODE = 35,
|
|
RADIUS_LOGIN_LAT_GROUP = 36,
|
|
RADIUS_FRAMED_APPLETALK_LINK = 37,
|
|
RADIUS_FRAMED_APPLETALK_NETWORK = 38,
|
|
RADIUS_FRAMED_APPLETALK_ZONE = 39,
|
|
RADIUS_ACCT_STATUS_TYPE = 40,
|
|
RADIUS_ACCT_DELAY_TIME = 41,
|
|
RADIUS_ACCT_INPUT_OCTETS = 42,
|
|
RADIUS_ACCT_OUTPUT_OCTETS = 43,
|
|
RADIUS_ACCT_SESSION_ID = 44,
|
|
RADIUS_ACCT_AUTHENTIC = 45,
|
|
RADIUS_ACCT_SESSION_TIME = 46,
|
|
RADIUS_ACCT_INPUT_PACKETS = 47,
|
|
RADIUS_ACCT_OUTPUT_PACKETS = 48,
|
|
RADIUS_ACCT_TERMINATE_CAUSE = 49,
|
|
RADIUS_ACCT_MULTI_SESSION_ID = 50,
|
|
RADIUS_ACCT_LINK_COUNT = 51,
|
|
|
|
RADIUS_CHAP_CHALLENGE = 60,
|
|
RADIUS_NAS_PORT_TYPE = 61,
|
|
RADIUS_PORT_LIMIT = 62,
|
|
RADIUS_LOGIN_LAT_PORT = 63,
|
|
|
|
RADIUS_TUNNEL_PASSWORD = 69,
|
|
|
|
RADIUS_EAP_MESSAGE = 79,
|
|
RADIUS_SIGNATURE = 80
|
|
};
|
|
|
|
enum MicrosoftVendorType
|
|
{
|
|
MS_CHAP_MPPE_KEYS = 12,
|
|
MS_CHAP_MPPE_SEND_KEYS = 16,
|
|
MS_CHAP_MPPE_RECV_KEYS = 17
|
|
};
|
|
|
|
struct RadiusPacket
|
|
{
|
|
BYTE code;
|
|
BYTE identifier;
|
|
USHORT length;
|
|
const BYTE* authenticator;
|
|
RadiusAttribute* begin;
|
|
RadiusAttribute* end;
|
|
};
|
|
|
|
// Returns the number of bytes required to encode the packet or zero if the
|
|
// packet is too large.
|
|
ULONG
|
|
WINAPI
|
|
GetBufferSizeRequired(
|
|
const RadiusPacket& packet,
|
|
const RadiusAttribute* proxyState, // May be NULL
|
|
BOOL alwaysSign
|
|
) throw ();
|
|
|
|
// Encodes the packet into 'buffer'. The buffer must be large enough to hold
|
|
// the packet and packet.length must be set to the value returned by
|
|
// GetBufferSizeRequired.
|
|
VOID
|
|
WINAPI
|
|
PackBuffer(
|
|
const BYTE* secret,
|
|
ULONG secretLength,
|
|
RadiusPacket& packet,
|
|
const RadiusAttribute* proxyState,
|
|
BOOL alwaysSign,
|
|
BYTE* buffer
|
|
) throw ();
|
|
|
|
// Returns the first occurence of a given attribute type in the packet.
|
|
RadiusAttribute*
|
|
WINAPI
|
|
FindAttribute(
|
|
const RadiusPacket& packet,
|
|
BYTE type
|
|
);
|
|
|
|
const ULONG MALFORMED_PACKET = (ULONG)-1;
|
|
|
|
// Returns the number of attributes in the buffer or MALFORMED_PACKET if the
|
|
// buffer does not contain a valid RADIUS packet.
|
|
ULONG
|
|
WINAPI
|
|
GetAttributeCount(
|
|
const BYTE* buffer,
|
|
ULONG bufferLength
|
|
) throw ();
|
|
|
|
// Unpacks the buffer into packet. packet.begin must point to an array with
|
|
// enough room to hold the attributes.
|
|
VOID
|
|
WINAPI
|
|
UnpackBuffer(
|
|
BYTE* buffer,
|
|
ULONG bufferLength,
|
|
RadiusPacket& packet
|
|
) throw ();
|
|
|
|
// Struct describing how to encrypt an attribute.
|
|
struct CryptParameters
|
|
{
|
|
BOOL encrypted;
|
|
BOOL salted;
|
|
ULONG offset;
|
|
};
|
|
|
|
// Returns information about how to encrypt/decrypt an attribute.
|
|
VOID
|
|
WINAPI
|
|
GetCryptParameters(
|
|
const RadiusAttribute& attr,
|
|
CryptParameters& parms
|
|
) throw ();
|
|
|
|
enum AuthResult
|
|
{
|
|
AUTH_BAD_AUTHENTICATOR,
|
|
AUTH_BAD_SIGNATURE,
|
|
AUTH_MISSING_SIGNATURE,
|
|
AUTH_UNKNOWN,
|
|
AUTH_AUTHENTIC
|
|
};
|
|
|
|
// Authenticates the packet and decrypts the attributes.
|
|
AuthResult
|
|
WINAPI
|
|
AuthenticateAndDecrypt(
|
|
const BYTE* requestAuthenticator,
|
|
const BYTE* secret,
|
|
ULONG secretLength,
|
|
BYTE* buffer,
|
|
ULONG bufferLength,
|
|
RadiusPacket& packet
|
|
) throw ();
|
|
|
|
// Allocates and initializes a RadiusPacket struct to hold 'nattr' attributes.
|
|
#define ALLOC_PACKET(packet, nattr) \
|
|
{ size_t nbyte = sizeof(RadiusPacket) + (nattr) * sizeof(RadiusAttribute); \
|
|
(packet) = (RadiusPacket*)_alloca(nbyte); \
|
|
(packet)->begin = (RadiusAttribute*)((packet) + 1); \
|
|
(packet)->end = (RadiusAttribute*)((PBYTE)(packet) + nbyte); \
|
|
}
|
|
|
|
// Allocates and initializes a RadiusPacket struct to hold the attributes in
|
|
// 'buf'.
|
|
#define ALLOC_PACKET_FOR_BUFFER(packet, buf, buflen) \
|
|
{ size_t nattr = GetAttributeCount(buf, buflen); \
|
|
if (nattr != MALFORMED_PACKET) \
|
|
ALLOC_PACKET(packet, nattr) \
|
|
else \
|
|
packet = NULL; \
|
|
}
|
|
|
|
// Allocates a buffer to hold 'packet'.
|
|
#define ALLOC_BUFFER_FOR_PACKET(buf, packet, ps, sign) \
|
|
{ (packet)->length = (USHORT)GetBufferSizeRequired(*(packet), (ps), (sign)); \
|
|
(buf) = (PBYTE)((packet)->length ? _alloca((packet)->length) : NULL); \
|
|
}
|
|
|
|
#endif // RADPACK_H
|