5b8a88b127a4b0eba79c695e22219081039da7e5
[strongswan.git] / src / charon / plugins / eap_radius / radius_client.h
1 /*
2 * Copyright (C) 2009 Martin Willi
3 * Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 *
15 * $Id$
16 */
17
18 /**
19 * @defgroup radius_client radius_client
20 * @{ @ingroup eap_radius
21 */
22
23 #ifndef RADIUS_CLIENT_H_
24 #define RADIUS_CLIENT_H_
25
26 #include "radius_message.h"
27
28 typedef struct radius_client_t radius_client_t;
29
30 /**
31 * RADIUS client functionality.
32 *
33 * To communicate with a RADIUS server, create a client and send messages over
34 * it. All instances share a fixed size pool of sockets. During construction,
35 * one sockets gets reserved for the client, so each client uses a different
36 * but fixed port during its lifetime. On destruction, the socket is restored
37 * to the pool.
38 */
39 struct radius_client_t {
40
41 /**
42 * Send a RADIUS request and wait for the response.
43 *
44 * The client fills in RADIUS Message identifier, NAS-Identifier,
45 * NAS-Port-Type, builds a Request-Authenticator and calculates the
46 * Message-Authenticator attribute.
47 * The received response gets verified using the Response-Identifier
48 * and the Message-Authenticator attribute.
49 *
50 * @param msg RADIUS request message to send
51 * @return response, NULL if timed out/verification failed
52 */
53 radius_message_t* (*request)(radius_client_t *this, radius_message_t *msg);
54
55 /**
56 * Decrypt the MSK encoded in a messages MS-MPPE-Send/Recv-Key.
57 *
58 * @param response RADIUS response message containing attributes
59 * @param request associated RADIUS request message
60 * @return allocated MSK, empty chunk if none found
61 */
62 chunk_t (*decrypt_msk)(radius_client_t *this, radius_message_t *response,
63 radius_message_t *request);
64
65 /**
66 * Destroy the client, release the socket.
67 */
68 void (*destroy)(radius_client_t *this);
69 };
70
71 /**
72 * Create a RADIUS client, acquire a socket.
73 *
74 * This call might block if the socket pool is empty.
75 *
76 * @return radius_client_t object
77 */
78 radius_client_t *radius_client_create();
79
80 /**
81 * Initialize the socket pool.
82 *
83 * @return TRUE if initialization successful
84 */
85 bool radius_client_init();
86
87 /**
88 * Cleanup the socket pool.
89 */
90 void radius_client_cleanup();
91
92 #endif /* radius_client_H_ @}*/