RADIUS Server Configuration and RADIUS CSAP

Overview

Copyright (C) 2004-2022 OKTET Labs Ltd. More…

// typedefs

typedef uint8_t tapi_radius_attr_type_t;

typedef void (*radius_callback)(
    const tapi_radius_packet_t *pkt,
    void *userdata
    );

typedef struct tapi_radius_pkt_handler_data tapi_radius_pkt_handler_data;
typedef struct tapi_radius_serv_s tapi_radius_serv_t;
typedef struct tapi_radius_clnt_s tapi_radius_clnt_t;
typedef struct tapi_auth_tls_s tapi_auth_tls_t;
typedef struct tapi_auth_info_s tapi_auth_info_t;
typedef struct tapi_auth_wifi_s tapi_auth_wifi_t;

// enums

enum tapi_auth_eap_t;
enum tapi_auth_key_mgmt_t;
enum tapi_auth_proto_t;
enum tapi_radius_acct_status_t;
enum tapi_radius_code_t;
enum tapi_radius_nas_port_type_t;
enum tapi_radius_term_action_t;
enum tapi_radius_term_cause_t;
enum tapi_radius_type_t;
enum tapi_radius_usr_list_t;

// structs

struct tapi_auth_info_s;
struct tapi_auth_tls_s;
struct tapi_auth_wifi_s;
struct tapi_radius_attr_info_t;
struct tapi_radius_attr_list_t;
struct tapi_radius_attr_t;
struct tapi_radius_clnt_s;
struct tapi_radius_packet_t;
struct tapi_radius_pkt_handler_data;
struct tapi_radius_serv_s;

// global functions

static const char* tapi_radius_code2str(tapi_radius_code_t code);
static const char* tapi_radius_attr_type2str(tapi_radius_type_t type);
static const char* tapi_radius_acct_status2str(tapi_radius_acct_status_t status);
static const char* tapi_radius_term_cause2str(tapi_radius_term_cause_t cause);
void tapi_radius_dict_init();
const tapi_radius_attr_info_t* tapi_radius_dict_lookup(tapi_radius_attr_type_t type);
const tapi_radius_attr_info_t* tapi_radius_dict_lookup_by_name(const char* name);
void tapi_radius_attr_list_init(tapi_radius_attr_list_t* list);
te_errno tapi_radius_attr_list_push(tapi_radius_attr_list_t* list, const tapi_radius_attr_t* attr);
te_errno tapi_radius_attr_list_push_value(tapi_radius_attr_list_t* list, const char* name, ...);
void tapi_radius_attr_list_free(tapi_radius_attr_list_t* list);
te_errno tapi_radius_attr_list_copy(tapi_radius_attr_list_t* dst, const tapi_radius_attr_list_t* src);
const tapi_radius_attr_t* tapi_radius_attr_list_find(const tapi_radius_attr_list_t* list, tapi_radius_attr_type_t type);
te_errno tapi_radius_attr_list_to_string(const tapi_radius_attr_list_t* list, char** str);
te_errno tapi_radius_parse_packet(const uint8_t* data, size_t data_len, tapi_radius_packet_t* packet);
tapi_tad_trrecv_cb_data* tapi_radius_trrecv_cb_data(radius_callback callback, void* user_data);
te_errno tapi_radius_csap_create(const char* ta, int sid, const char* device, const in_addr_t net_addr, int port, csap_handle_t* csap);
te_errno tapi_radius_serv_enable(const char* ta_name);
te_errno tapi_radius_serv_disable(const char* ta_name);
te_errno tapi_radius_serv_set(const char* ta_name, const tapi_radius_serv_t* cfg);
te_errno tapi_radius_serv_add_client(const char* ta_name, const tapi_radius_clnt_t* cfg);
te_errno tapi_radius_serv_del_client(const char* ta_name, const struct in_addr* net_addr);
te_errno tapi_radius_serv_add_user(const char* ta_name, const char* user_name, te_bool acpt_user, const tapi_radius_attr_list_t* check_attrs, const tapi_radius_attr_list_t* acpt_attrs, const tapi_radius_attr_list_t* chlg_attrs);
te_errno tapi_radius_serv_set_user_attr(const char* ta_name, const char* user_name, tapi_radius_usr_list_t list_type, const tapi_radius_attr_list_t* attrs);
te_errno tapi_radius_serv_del_user(const char* ta_name, const char* user_name);
te_errno tapi_radius_add_auth(const char* ta_name, const tapi_auth_info_t* auth, const tapi_radius_attr_list_t* acpt_attrs, const tapi_radius_attr_list_t* chlg_attrs);
static te_errno tapi_radius_del_auth(const char* ta_name, const tapi_auth_info_t* auth);
static te_errno tapi_radius_disable_auth(const char* ta_name, tapi_auth_info_t* auth);
static te_errno tapi_supp_set(const char* ta_name, const char* if_name, int value);
te_errno tapi_supp_set_wifi_auth(const char* ta_name, const char* if_name, const tapi_auth_wifi_t* wifi);
te_errno tapi_supp_set_auth(const char* ta_name, const char* if_name, const tapi_auth_info_t* info);
te_errno tapi_supp_reset(const char* ta_name, const char* if_name);

// macros

#define TAPI_AUTH_CIPHER_CCMP
#define TAPI_AUTH_CIPHER_NONE
#define TAPI_AUTH_CIPHER_TKIP
#define TAPI_AUTH_CIPHER_WEP
#define TAPI_AUTH_CIPHER_WEP104
#define TAPI_AUTH_CIPHER_WEP40
#define TAPI_RADIUS_ACCT_PORT
#define TAPI_RADIUS_ATTR_MIN_LEN
#define TAPI_RADIUS_AUTH_LEN
#define TAPI_RADIUS_AUTH_PORT
#define TAPI_RADIUS_PACKET_MAX_LEN
#define TAPI_RADIUS_PACKET_MIN_LEN

Detailed Documentation

Copyright (C) 2004-2022 OKTET Labs Ltd. All rights reserved.

Typedefs

typedef uint8_t tapi_radius_attr_type_t

Type of RADIUS attribute

typedef struct tapi_radius_serv_s tapi_radius_serv_t

Structure that keeps configuration of RADIUS Server. This structure was created to make tapi_radius_serv_set() function backward compatible when someone adds a new configuration value for RADIUS Server.

typedef struct tapi_radius_clnt_s tapi_radius_clnt_t

Structure that keeps configuration of RADIUS Client. This structure was created to make tapi_radius_serv_add_client() function backward compatible when someone adds a new configuration value for RADIUS Client.

typedef struct tapi_auth_tls_s tapi_auth_tls_t

TLS private key and certificate info

typedef struct tapi_auth_info_s tapi_auth_info_t

Configuration parameters for EAP authentication

typedef struct tapi_auth_wifi_s tapi_auth_wifi_t

Wireless-specific authentication parameters

Global Functions

static const char* tapi_radius_code2str(tapi_radius_code_t code)

Convert the code of RADIUS packet from integer to readable string.

non-reenterable in the case of unknown value

Parameters:

code

the code value of RADIUS packet

Returns:

string literal pointer

static const char* tapi_radius_attr_type2str(tapi_radius_type_t type)

Convert the type of RADIUS attribute from integer to readable string.

non-reenterable in the case of unknown value

Parameters:

type

RADIUS attribute type

Returns:

string literal pointer

static const char* tapi_radius_acct_status2str(tapi_radius_acct_status_t status)

Convert Accounting Status from integer to readable string.

non-reenterable in the case of unknown value

Parameters:

status

Accounting status value

Returns:

string literal pointer

static const char* tapi_radius_term_cause2str(tapi_radius_term_cause_t cause)

Convert the value of Acct-Terminate-Cause RADIUS attribute from integer to readable string.

non-reenterable in the case of unknown value

Parameters:

cause

the value of Acct-Terminate-Cause attribute

Returns:

string literal pointer

void tapi_radius_dict_init()

Initialize RADIUS attribute dictionary (this function should be called before any other TAPI RADIUS calls)

const tapi_radius_attr_info_t* tapi_radius_dict_lookup(tapi_radius_attr_type_t type)

Lookup specified attribute in RADIUS dictionary by its numeric type

Parameters:

type

Attribute type to lookup

Returns:

Pointer to dictionary entry or NULL if not found

const tapi_radius_attr_info_t* tapi_radius_dict_lookup_by_name(const char* name)

Lookup specified attribute in RADIUS dictionary by its name

Parameters:

name

Attribute name to lookup

Returns:

Pointer to dictionary entry or NULL if not found

void tapi_radius_attr_list_init(tapi_radius_attr_list_t* list)

Initialize a list of RADIUS attributes

Parameters:

list

List to initialize

te_errno tapi_radius_attr_list_push(tapi_radius_attr_list_t* list, const tapi_radius_attr_t* attr)

Push an attribute to the end of RADIUS attribute list

Parameters:

list

Attribute list

attr

Attribute to push

Returns:

Zero on success or error code.

te_errno tapi_radius_attr_list_push_value(tapi_radius_attr_list_t* list, const char* name, ...)

Create RADIUS attribute by name and value and push it to the end of attribute list. Type of value is determined from the dictionary. Values are: for TAPI_RADIUS_TYPE_INTEGER (int value) for TAPI_RADIUS_TYPE_TEXT (char *value) for TAPI_RADIUS_TYPE_STRING (uint8_t *value, int length) E.g.: tapi_radius_attr_list_push_value(&list, “NAS-Port”, 20);

Parameters:

list

Attribute list to push attribute to

name

Attribute name

Returns:

Zero on success or error code.

void tapi_radius_attr_list_free(tapi_radius_attr_list_t* list)

Free memory allocated for attribute list

Parameters:

list

List to free

te_errno tapi_radius_attr_list_copy(tapi_radius_attr_list_t* dst, const tapi_radius_attr_list_t* src)

Copy RADIUS attribute list

Parameters:

dst

Location for the new copy of list

src

Original attribute list

Returns:

Zero on success or error code.

const tapi_radius_attr_t* tapi_radius_attr_list_find(const tapi_radius_attr_list_t* list, tapi_radius_attr_type_t type)

Find specified attribute in the attribute list

Parameters:

list

Attribute list

type

Identifier of attribute to find

Returns:

Pointer to attribute in the list or NULL if not found.

te_errno tapi_radius_attr_list_to_string(const tapi_radius_attr_list_t* list, char** str)

Convert attribute list into a string of comma-separated pairs ‘Attribute=Value’

Parameters:

list

Attribute list

str

Location for a pointer to result string (will be allocated by this function)

Returns:

Zero on success or result code.

te_errno tapi_radius_parse_packet(const uint8_t* data, size_t data_len, tapi_radius_packet_t* packet)

Parse binary RADIUS packet payload to C structure

Parameters:

data

RADIUS packet data

data_len

Length of packet data

packet

Packet structure to be filled

Returns:

Zero on success or error code.

tapi_tad_trrecv_cb_data* tapi_radius_trrecv_cb_data(radius_callback callback, void* user_data)

Prepare callback data to be passed in tapi_tad_trrecv_{wait,stop,get} to process received RADIUS packets.

Parameters:

callback

Callback for RADIUS packets handling

user_data

User-supplied data to be passed to callback

Returns:

Pointer to allocated callback data or NULL.

te_errno tapi_radius_csap_create(const char* ta, int sid, const char* device, const in_addr_t net_addr, int port, csap_handle_t* csap)

Create ‘udp.ip4.eth’ CSAP for capturing RADIUS packets

Parameters:

ta

Test Agent name

sid

RCF session identifier

device

Ethernet device name on agent to attach

net_addr

Local IP address on Test Agent

port

UDP port (network byte order) on Test Agent (TAPI_RADIUS_AUTH_PORT, TAPI_RADIUS_ACCT_PORT, or -1 to keep unspecified)

csap

Handle of new CSAP (OUT)

Returns:

Zero on success or error code.

te_errno tapi_radius_serv_enable(const char* ta_name)

Enables RADIUS Server on the particular Agent.

Parameters:

ta_name

Test Agent name

Returns:

Zero on success or error code.

te_errno tapi_radius_serv_disable(const char* ta_name)

Disables RADIUS Server on the particular Agent.

Parameters:

ta_name

Test Agent name

Returns:

Zero on success or error code.

te_errno tapi_radius_serv_set(const char* ta_name, const tapi_radius_serv_t* cfg)

Update RADIUS Server Configuration.

Parameters:

ta_name

Test Agent name

cfg

RADIUS Server configuration information

Returns:

Zero on success or error code.

te_errno tapi_radius_serv_add_client(const char* ta_name, const tapi_radius_clnt_t* cfg)

Add a new RADIUS Client record on RADIUS Server. Clients differ in network address, which is specified as a field of tapi_radius_clnt_t data structure.

Parameters:

ta_name

Test Agent name

cfg

RADIUS Client configuration information

Returns:

Zero on success or error code.

te_errno tapi_radius_serv_del_client(const char* ta_name, const struct in_addr* net_addr)

Delete RADIUS Client record from RADIUS Server.

Parameters:

ta_name

Test Agent name

net_addr

RADIUS Client’s network address

Returns:

Zero on success or error code.

te_errno tapi_radius_serv_add_user(const char* ta_name, const char* user_name, te_bool acpt_user, const tapi_radius_attr_list_t* check_attrs, const tapi_radius_attr_list_t* acpt_attrs, const tapi_radius_attr_list_t* chlg_attrs)

Add user configuration on RADIUS Server.

Parameters:

ta_name

Test Agent name

user_name

User name

acpt_user

Wheter this user should be accepted on successful authentication

check_attrs

A list of RADIUS attributes that should be checked additionally for this user

acpt_attrs

A list of RADIUS attributes that should be sent to this user in Access-Accept RADIUS message. May be NULL if no special attributes desired.

chlg_attrs

A list of RADIUS attributes that should be sent to this user in Access-Challenge RADIUS message May be NULL if no special attributes desired.

Returns:

Zero on success or error code.

te_errno tapi_radius_serv_set_user_attr(const char* ta_name, const char* user_name, tapi_radius_usr_list_t list_type, const tapi_radius_attr_list_t* attrs)

Updates the particular user list on RADIUS Server

Parameters:

ta_name

Test Agent name

user_name

User name

list_type

Which list to modify

attrs

A list of RADIUS attributes that should be used for specified user (new list)

Returns:

Zero on success or error code.

te_errno tapi_radius_serv_del_user(const char* ta_name, const char* user_name)

Delete user configuration from RADIUS Server.

Parameters:

ta_name

Test Agent name

user_name

User name

Returns:

Zero on success or error code.

static te_errno tapi_supp_set(const char* ta_name, const char* if_name, int value)

Enable/disable supplicant at specified interface

Parameters:

ta_name

Name of TA where supplicant resides

if_name

Name of interface which is controlled by supplicant

value

Required supplicant state (0 to disable, 1 to enable)

Returns:

Status of the operation.

te_errno tapi_supp_set_auth(const char* ta_name, const char* if_name, const tapi_auth_info_t* info)

Configure supplicant to use EAP authentication and set method-specific parameters on the Agent.

Parameters:

ta_name

Test Agent name where supplicant reside

if_name

Interface name

info

EAP method-specific information

Returns:

Status of the operation

te_errno tapi_supp_reset(const char* ta_name, const char* if_name)

Reset supplicant parameters to default values

Parameters:

ta_name

Test Agent name where supplicant reside

if_name

Interface name

Returns:

Status of the operation.

Macros

#define TAPI_AUTH_CIPHER_NONE

Wireless cipher algorithms

#define TAPI_RADIUS_ACCT_PORT

Default UDP port for RADIUS accounting service

#define TAPI_RADIUS_ATTR_MIN_LEN

Minimal length of attribute in packet

#define TAPI_RADIUS_AUTH_LEN

Length of authenticator

#define TAPI_RADIUS_AUTH_PORT

Default UDP port for RADIUS authentication service

#define TAPI_RADIUS_PACKET_MAX_LEN

Maximal length of packet

#define TAPI_RADIUS_PACKET_MIN_LEN

Minimal length of packet