12#ifdef ENABLE_RADIUS_AUTH
16#if defined(RADIUS_AUTH_FREERADIUS)
17#include <freeradius-client.h>
19#define RC_DICTIONARY_FILE "/etc/radiusclient/dictionary"
21#elif defined(RADIUS_AUTH_RADCLI)
23#include <radcli/radcli.h>
28#define RC_DICTIONARY_FILE "/etc/radcli/dictionary"
40#define G_LOG_DOMAIN "libgvm util"
42#ifndef PW_MAX_MSG_SIZE
43#define PW_MAX_MSG_SIZE 4096
55radius_init (
const char *hostname,
const char *secret)
58 char authserver[4096];
59 struct sockaddr_in6 ip6;
63 if (inet_pton (AF_INET6, hostname, &(ip6.sin6_addr)) == 1)
64 snprintf (authserver,
sizeof (authserver),
"[%s]::%s", hostname, secret);
66 snprintf (authserver,
sizeof (authserver),
"%s::%s", hostname, secret);
68#if defined(RADIUS_AUTH_RADCLI)
70 FILE *config_file = NULL;
71 char config_filename[35] =
"/tmp/gvm_radius_conf_XXXXXX";
72 int config_fd = mkstemp (config_filename);
76 g_warning (
"%s: Couldn't create temp radius config file: %s\n", __func__,
78 goto radius_init_fail;
81 config_file = fdopen (config_fd,
"w");
82 if (config_file == NULL)
85 g_warning (
"%s: Couldn't open temp radius config file %s: %s\n", __func__,
86 config_filename, strerror (errno));
87 goto radius_init_fail;
90 if (fprintf (config_file,
94 "seqfile /var/run/radius.seq\n"
100 RC_DICTIONARY_FILE, authserver, authserver)
103 fclose (config_file);
104 g_warning (
"%s: Couldn't write to temp radius config file %s:%s\n",
105 __func__, config_filename, strerror (errno));
106 unlink (config_filename);
107 goto radius_init_fail;
109 fclose (config_file);
111 rh = rc_read_config (config_filename);
114 g_warning (
"%s: Couldn't read temp radius config file %s\n", __func__,
116 unlink (config_filename);
117 goto radius_init_fail;
119 unlink (config_filename);
124 g_warning (
"radius_init: Couldn't allocate memory");
127 if (!rc_config_init (rh))
129 g_warning (
"radius_init: Couldn't initialize the config");
134 if (rc_add_config (rh,
"auth_order",
"radius",
"config", 0))
136 g_warning (
"radius_init: Couldn't set auth_order");
137 goto radius_init_fail;
139 if (rc_add_config (rh,
"login_tries",
"4",
"config", 0))
141 g_warning (
"radius_init: Couldn't set login_tries");
142 goto radius_init_fail;
144 if (rc_add_config (rh,
"dictionary", RC_DICTIONARY_FILE,
"config", 0))
146 g_warning (
"radius_init: Couldn't set dictionary");
147 goto radius_init_fail;
149 if (rc_add_config (rh,
"seqfile",
"/var/run/radius.seq",
"config", 0))
151 g_warning (
"radius_init: Couldn't set seqfile");
152 goto radius_init_fail;
154 if (rc_add_config (rh,
"radius_retries",
"3",
"config", 0))
156 g_warning (
"radius_init: Couldn't set radius_retries");
157 goto radius_init_fail;
159 if (rc_add_config (rh,
"radius_timeout",
"5",
"config", 0))
161 g_warning (
"radius_init: Couldn't set radius_timeout");
162 goto radius_init_fail;
164 if (rc_add_config (rh,
"radius_deadtime",
"0",
"config", 0))
166 g_warning (
"radius_init: Couldn't set radius_deadtime");
167 goto radius_init_fail;
169 if (rc_add_config (rh,
"authserver", authserver,
"config", 0) != 0)
171 g_warning (
"radius_init: Couldn't set authserver %s", authserver);
172 goto radius_init_fail;
174 if (rc_read_dictionary (rh, RC_DICTIONARY_FILE) != 0)
176 g_warning (
"radius_init: Couldn't read the dictionary file %s",
178 goto radius_init_fail;
201 const char *username,
const char *password)
203 uint32_t service = PW_AUTHENTICATE_ONLY;
204 char msg[PW_MAX_MSG_SIZE];
205 VALUE_PAIR *send = NULL, *received = NULL;
208 struct sockaddr_in ip4;
209 struct sockaddr_in6 ip6;
211 rh = radius_init (hostname, secret);
214 if (rc_avpair_add (rh, &send, PW_USER_NAME, (
char *) username, -1, 0) == NULL)
216 g_warning (
"radius_authenticate: Couldn't set the username");
217 goto authenticate_leave;
219 if (rc_avpair_add (rh, &send, PW_USER_PASSWORD, (
char *) password, -1, 0)
222 g_warning (
"radius_authenticate: Couldn't set the password");
223 goto authenticate_leave;
225 if (rc_avpair_add (rh, &send, PW_SERVICE_TYPE, &service, -1, 0) == NULL)
227 g_warning (
"radius_authenticate: Couldn't set the service type");
228 goto authenticate_leave;
233 g_warning (
"radius_authenticate: Couldn't resolve %s", hostname);
234 goto authenticate_leave;
238 if (rc_auth (rh, 0, send, &received, msg) == OK_RC)
244 rc_avpair_free (send);
246 rc_avpair_free (received);
264 const char *username,
const char *password)
int gvm_resolve(const char *name, void *dst, int family)
Resolves a hostname to an IPv4 or IPv6 address.
Definition networking.c:389
GVM Networking related API.
int radius_authenticate(const char *hostname, const char *secret, const char *username, const char *password)
Dummy function for manager.
Definition radiusutils.c:263
Headers of an API for Radius authentication.