1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
|
/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License, Version 1.0 only
* (the "License"). You may not use this file except in compliance
* with the License.
*
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
* or http://www.opensolaris.org/os/licensing.
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information: Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*/
/*
* Copyright (c) 1999-2001 by Sun Microsystems, Inc.
* All rights reserved.
*/
#ifndef _AAA_H
#define _AAA_H
#pragma ident "%Z%%M% %I% %E% SMI"
/*
* aaa.h -- AAA defines and structures (Diameter interface)
*/
#ifdef __cplusplus
extern "C" {
#endif
/*
* If the following is defined, the foreign agent will communicate directly
* with the home agent, (using a proxy) but will still use the diameter API
* protocol. The only changes to the code will be the handling the different
* messages, and the generation of keys.
*
* #define TEST_DIAMETER
*/
/*
* These constants are used to control where AAA looks for the diameter
* server.
*/
#define LOOPBACK "127.0.0.1"
#define AAA_PORT 769
#define MAX_SERVER_NAME_LEN 1024
#ifndef MIN
#define MIN(x, y) (((x) > (y))?(y):(x))
#endif
/*
* Maximum lengths of NAIs and challenges
*/
#define MAX_NAI_LEN 256
#define MAX_CHALLENGE_LEN 16
/* Max size of an incomming or outgoing tcp packet. */
#define MAX_TCP_LEN 4096
/* biggest key to generate (for debug testing) */
#define MAX_GENERATE_KEY_LEN 16
/*
* SPI values to be used with AAA protocols.
* Currently only Radius is used.
*/
#define RADIUS_SPI 2
/*
* Diameter API defines. (from the specification
*/
typedef enum {
MOBILE_IP_OPEN_SESSION_REQUEST = 1, /* 01 */
MOBILE_IP_OPEN_SESSION_ANSWER, /* 02 */
MOBILE_IP_OPEN_SESSION_INDICATION, /* 03 */
MOBILE_IP_OPEN_SESSION_INDICATION_RESPONSE, /* 04 */
MOBILE_IP_ACCOUNTING_START_REQUEST, /* 05 */
MOBILE_IP_ACCOUNTING_START_ANSWER, /* 06 */
MOBILE_IP_ACCOUNTING_INTERIM_REQUEST, /* 07 */
MOBILE_IP_ACCOUNTING_INTERIM_ANSWER, /* 08 */
MOBILE_IP_ACCOUNTING_STOP_REQUEST, /* 09 */
MOBILE_IP_ACCOUNTING_STOP_ANSWER, /* 10 */
MOBILE_IP_CLOSE_SESSION_REQUEST, /* 11 */
MOBILE_IP_CLOSE_SESSION_ANSWER /* 12 */
} AAA_CommandCode;
typedef enum {
MOBILE_NODE_NAI = 1, /* 01 */
FOREIGN_AGENT_NAI, /* 02 */
REGISTRATION_REQUEST, /* 03 */
NUMBER_OF_CHALLENGE_BYTES_IN_RR, /* 04 */
MOBILE_NODE_RESPONSE, /* 05 */
MOBILE_NODE_HOME_ADDRESS, /* 06 */
HOME_AGENT_ADDRESS, /* 07 */
RESULT_CODE, /* 08 */
REGISTRATION_REPLY, /* 09 */
MN_FA_SPI, /* 10 */
MN_FA_KEY, /* 11 */
FA_HA_SPI, /* 12 */
FA_HA_KEY, /* 13 */
SESSION_TIMEOUT, /* 14 */
HA_FA_KEY, /* 15 */
FA_MN_KEY, /* 16 */
MN_HA_SPI, /* 17 */
MN_HA_KEY, /* 18 */
HA_MN_KEY, /* 19 */
SESSION_TIMEOUT_1, /* 20 */
SESSION_TIME, /* 21 */
FOREIGN_AGENT_ADDRESS, /* 22 */
MN_AAA_SPI, /* 23 */
IS_FROM_HA, /* 24 */
REV_TUN, /* 25 */
MN_HANDLE, /* 26 */
RELEASE_INDICATOR, /* 27 */
MN_FA_CHALLENGE_VALUE /* 28 */
} AAA_AVPCode;
/*
* This structure is the header of a diameter API message.
* All items are sent in network-byte-ordering.
*/
typedef struct {
uint32_t protocol;
uint32_t commandCode;
uint32_t handle;
uint32_t length;
} AAA_Packet;
/*
* AAA protocols API defines. (from the specification)
*/
typedef enum {
AAA_NONE = 0, /* 00 */
DIAMETER, /* 01 */
RADIUS /* 02 */
} AAA_Protocol_Code;
/*
* MIPResultCode is used in the protocol to communicate Mobile-IP
* specific errors. Per AAA specification.
*/
typedef enum {
MIP_SUCCESS = 0,
MIP_REASON_UNSPECIFIED = 1,
MIP_ADMINISTRATIVELY_PROHIBITED = 2,
MIP_INSUFFICIENT_RESOURCES = 3,
MIP_FAILED_AUTHENTICATION = 4
} MIPResultCode;
/*
* This structure refers to an Attribute Value Pair. The last field, data
* is really a place holder, rather than a data item. This structure is either
* allocated without a sizeof: malloc( sizeof(uint32_t) * 2 + dataLen),
* or it is used to point to the structure being returned:
* avpPtr = (AAA_AVP *)buffer;
*
* When this is used to point to a buffer, it can be moved along, byte by byte
* and the data place holder will be able to retrieve the data. This is
* necessary, since packets are variable length:
*
*
* Buffer:
*
* +-----------------------+
* | Header |
* +-----------------------+
* | First Record |
* | |
* |_________|-------------|
* | Second Record |
* |______________|--------|
*
* So, to parse the above, an AAA_AVP pointer would be set to the first record,
* the avpCode and Length would be read, and the data copied form the data
* portion of the record. Basically, this method is used so that the data
* Can be read as follows:
*
* AAA_Avp_p = (AAA_AVP *)&buffer[offset];
* code = AAA_Avp_p->code;
* length = AAA_Avp_p->length);
* memcpy(data, AAA_Avp_p->data, length - (2 * sizeof (uint32_t));
* offset += length;
*
* It could have also been done with pointer arrithmetic, but I thought it
* was harder to read/understand:
*
* code = *((uint32_t *)&buffer[offset]);
* ofset += sizeof (uint32_t);
* length = *((uint32_t *)&buffer[offset]);
* offset += sizeof (uint32_t);
* memcpy(data, &buffer[offset], length - (2 * sizeof (uint32_t));
* offset += length;
*
* (by the way -- the above code does not take into account byte alignment or
* network byte ordering, so don't cut and paste from these comments!)
*/
typedef struct {
uint32_t avpCode;
uint32_t length;
unsigned char data[1];
} AAA_AVP;
/* This enum defines the current state of the hash node */
typedef enum {
Initialized = 0,
WaitingForAuthorization,
Authorized
} AAA_State;
/* This structure is the structure that is kept in the hash */
typedef struct {
rwlock_t aaaNodeLock;
int32_t handle;
char mnNAI[MAX_NAI_LEN];
AAA_State State;
unsigned char mnChallenge[MAX_CHALLENGE_LEN];
ipaddr_t homeAddress;
ipaddr_t homeAgentAddress;
uint32_t timeOut;
void *messageHdr; /* RegReq from MN, used for Radius */
} AAA_HashEntry;
int startAAATaskThread();
int sendAccountingRecord(AAA_CommandCode, unsigned char *, uint32_t,
ipaddr_t, ipaddr_t, ipaddr_t, uint32_t, int32_t);
int AAAAuthenticateRegReq(unsigned char *, uint32_t, unsigned char *,
unsigned int, uint32_t, unsigned char *, uint32_t, uint32_t, ipaddr_t,
ipaddr_t, boolean_t, uint32_t, void *, unsigned char *, uint32_t);
#ifdef __cplusplus
}
#endif
#endif /* _AAA_H */
|
