Class to create, format and send RADIUS requests and replies. More...

#include <RadiusMsg.h>

Public Member Functions
	RadiusMsg ()
	Constructor for receiving.

	RadiusMsg (RadiusCode code)
	Constructor for sending. RADIUS message type code is initialised.

uint8_t	code ()

void	addAttr (unsigned type, unsigned vendor, uint8_t *value, uint8_t length)

void	addAttr (unsigned type, unsigned vendor, const char *value)

void	addAttr (unsigned type, unsigned vendor, uint32_t value)

uint8_t	getAttr (unsigned type, unsigned vendor, uint8_t value, uint8_t length, uint8_t skip=0)

uint8_t	getAttr (unsigned type, unsigned vendor, uint32_t *value, uint8_t skip=0)

void	sign (uint8_t secret, uint8_t secretLength, RadiusMsg original=0)

uint16_t	sendto (UDPSocket *socket, IP4Address peer, uint16_t port)

void	encryptPassword (uint8_t data, uint8_t length, uint8_t secret, uint8_t secretLength, uint8_t *iv)

uint16_t	recv (UDPSocket *socket)

uint8_t	sendWaitReply (UDPSocket socket, IP4Address server, uint16_t port, RadiusMsg reply)

uint8_t	checkAuthenticatorsWithOriginal (uint8_t secret, uint8_t secretLength, RadiusMsg original)

Detailed Description

Class to create, format and send RADIUS requests and replies.

This class is used in conjunction with UDPSocket to create, format and send RADIUS requests, and to receive, authenticate and decode RADIUS replies. Works with the Arduino Ethernet shield to connect to a LAN and communicate with a RDAIUS server, such as Radiator RADIUS Server (http://www.airspayce.com/radiator)

Conforms broadly to RFC 2138 and 2139, with limitations:

Vendor Specific Attribautes are not supported
The only encrypted attribtute supported is User-Password

There is no RADIUS dictionary: When adding attributes to a reque or getting attriburtes from a reply, you are required to use the appropriate calls according to the attribute type of the attribute you are using: binary, string or integer

Member Function Documentation

void RadiusMsg::addAttr	(	unsigned	type,
		unsigned	vendor,
		uint8_t *	value,
		uint8_t	length
	)

Add an attribute to the request, binary octets

Parameters

[in]	type	The RADIUS attribute number
[in]	vendor	The vendor number of the attribue (unused, set to 0)
[in]	value	Pointer to the octets of the value
[in]	length	Number of octets in the value

References RadiusAttrHeader::length, RadiusAttrHeader::type, and RadiusAttrHeader::value.

Referenced by addAttr().

void RadiusMsg::addAttr	(	unsigned	type,
		unsigned	vendor,
		const char *	value
	)

Add a CString type attribute to the request

Parameters

[in]	type	The RADIUS attribute number
[in]	vendor	The vendor number of the attribue (unused, set to 0)
[in]	value	CString value to set. String up to (but not including) the first NUL are used to set th value

References addAttr().

void RadiusMsg::addAttr	(	unsigned	type,
		unsigned	vendor,
		uint32_t	value
	)

Add a 32 bit unsigned integer type to the request

Parameters

[in]	type	The RADIUS attribute number
[in]	vendor	The vendor number of the attribue (unused, set to 0)
[in]	value	32 bit unsigned integer value

References addAttr().

uint8_t RadiusMsg::checkAuthenticatorsWithOriginal	(	uint8_t *	secret,
		uint8_t	secretLength,
		RadiusMsg *	original
	)

Checks that the authenticator in the RadiusMsg is correct, and that therefore is verified as being from the expected peer. For RADIUS replies, requires the original request to be supplied.

Parameters

[in]	secret	The RADIUS shared secret
[in]	secretLength	Length of the secret in octets
[in]	original	When checking the authenticator of a RADIUS reply, this must point to the original request

Returns: true if authenticator is correct.

References RadiusPacket::authenticator, and RadiusPacket::code.

uint8_t RadiusMsg::code ( )

Return the RADIUS message type code

Returns: RADIUS message type code

References RadiusPacket::code.

Referenced by RadiusMsg().

void RadiusMsg::encryptPassword	(	uint8_t *	data,
		uint8_t	length,
		uint8_t *	secret,
		uint8_t	secretLength,
		uint8_t *	iv
	)

Utility function for encryption passwords and other data in RADIUS RFC compliant fashion

Parameters

[in]	data	The data octets to encrypt
[in]	length	Number of octets in data
[in]	secret	The RADIUS shared secret
[in]	secretLength	Length of the secret in octets
[in]	iv	The intialisation vector

Referenced by sign().

uint8_t RadiusMsg::getAttr	(	unsigned	type,
		unsigned	vendor,
		uint8_t *	value,
		uint8_t *	length,
		uint8_t	skip = `0`
	)

Get the nth attribute with matching attribute number (and optional vendor number) Skips over 'skip' attributes to get the 'skip'th matching attribute

Parameters

[in]	type	The RADIUS attribute number
[in]	vendor	The vendor number of the attribue (unused, set to 0)
[in]	value	Destination to copy the value to
[in]	length	Caller sets this to the maximum permitted length available in value. if return is 1, up to length octets will be copied, and *length will be set to the actual number of octets copied.
[in]	skip	Number of matching attributes to skip (defaults to 0, which means get the first matching one)

Returns: true if a match was found and the value copied

References RadiusAttrHeader::length, RadiusAttrHeader::type, and RadiusAttrHeader::value.

Referenced by getAttr().

uint8_t RadiusMsg::getAttr	(	unsigned	type,
		unsigned	vendor,
		uint32_t *	value,
		uint8_t	skip = `0`
	)

Get the nth attribute with matching attribue number (and optional vendor number) as a 32 bit unsigned integer

Parameters

[in]	type	The RADIUS attribute number
[in]	vendor	The vendor number of the attribue (unused, set to 0)
[in]	value	Destination to copy the value to
[in]	skip	Number of matching attributes to skip (defaults to 0, which means get the first matching one)

Returns: true if a match was found and the value copied

References getAttr().

uint16_t RadiusMsg::recv ( UDPSocket * socket )

Fill the packet data in the RadiusMsg with the next packet received on socket. Blocks until a packet is received. Packets that are received and which dont look vaguely like a RADIUS essage are discarded

Parameters

socket Pointer to the UDP socket to receive from

Returns: The number of octets in the received message else 0 if the message was discarded

References RadiusPacket::length, and UDPSocket::recvfrom().

Referenced by sendWaitReply().

uint16_t RadiusMsg::sendto	(	UDPSocket *	socket,
		IP4Address	peer,
		uint16_t	port
	)

Sends this RADIUS message on a UDP Socket

Parameters

[in]	socket	Instance of UDPSocket to use to send the message
[in]	peer	IPV4Address of the destination RADIUS peer
[in]	port	Port number of the destination RADIUS peer

Returns: Returns the sent packet size for success, else -1

References RadiusPacket::length, and UDPSocket::sendto().

Referenced by sendWaitReply().

uint8_t RadiusMsg::sendWaitReply	(	UDPSocket *	socket,
		IP4Address	server,
		uint16_t	port,
		RadiusMsg *	reply
	)

Send a message to the destiantion server, and wait for a matching reply. Implements timeouts and retries until a matching reply is received Non-matching RADIUS requests are silently discarded. Blocks until a satisfying reply is received or all retries are exhausted

Parameters

[in]	socket	Pointer to the UDP socket used to send and receive
[in]	server	IP4Address of the destination server
[in]	port	The port number of the RADIUS server at the destination
[in]	reply	Pointer to a RadiusMsg which will be filled in with the reply (if any)

Returns: true if the request was snetr and a matchin reply received

References UDPSocket::available(), RadiusPacket::identifier, recv(), and sendto().

void RadiusMsg::sign	(	uint8_t *	secret,
		uint8_t	secretLength,
		RadiusMsg *	original = `0`
	)

Encrypts any parameters that require encryption, and sets the authethenticator for RADIUS codes that require it. Uses the shared secret for encryption and signing.

Parameters

[in]	secret	The RADIUS shared secret
[in]	secretLength	Length of the secret in octets
[in]	original	for RADIUS requests that are replies to an earlier request, this points to the original requerst, which is required to correctly set the authenticator in the reply.

References RadiusPacket::authenticator, RadiusPacket::code, encryptPassword(), RadiusAttrHeader::length, RadiusAttrHeader::type, and RadiusAttrHeader::value.

The documentation for this class was generated from the following files:

RadiusMsg.h
RadiusMsg.cpp

Public Member Functions

Detailed Description

Member Function Documentation