Gitiles
Code Review Sign In
gerrit.opencord.org / freeDiameter-old / 13d9601bf947af3286764506368fc3d04672bfde / . / extensions / dict_eap / dict_eap.c
blob: 0de573163498249d3da8cc898c8ea51b367cfbd0 [file] [log] [blame]
Brian Waters13d96012017-12-08 16:53:31 -0600[diff] [blame^]1/*********************************************************************************************************
2* Software License Agreement (BSD License) *
3* Author: Sebastien Decugis <sdecugis@freediameter.net> *
4* *
5* Copyright (c) 2013, WIDE Project and NICT *
6* All rights reserved. *
7* *
8* Redistribution and use of this software in source and binary forms, with or without modification, are *
9* permitted provided that the following conditions are met: *
10* *
11* * Redistributions of source code must retain the above *
12* copyright notice, this list of conditions and the *
13* following disclaimer. *
14* *
15* * Redistributions in binary form must reproduce the above *
16* copyright notice, this list of conditions and the *
17* following disclaimer in the documentation and/or other *
18* materials provided with the distribution. *
19* *
20* * Neither the name of the WIDE Project or NICT nor the *
21* names of its contributors may be used to endorse or *
22* promote products derived from this software without *
23* specific prior written permission of WIDE Project and *
24* NICT. *
25* *
26* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED *
27* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A *
28* PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR *
29* ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT *
30* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS *
31* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR *
32* TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF *
33* ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. *
34*********************************************************************************************************/
35
36/*
37 * Dictionary definitions of objects specified in Diameter EAP application (RFC4072).
38 */
39#include <freeDiameter/extension.h>
40
41/* The content of this file follows the same structure as dict_base_proto.c */
42
43#define CHECK_dict_new( _type, _data, _parent, _ref ) \
44 CHECK_FCT( fd_dict_new( fd_g_config->cnf_dict, (_type), (_data), (_parent), (_ref)) );
45
46#define CHECK_dict_search( _type, _criteria, _what, _result ) \
47 CHECK_FCT( fd_dict_search( fd_g_config->cnf_dict, (_type), (_criteria), (_what), (_result), ENOENT) );
48
49struct local_rules_definition {
50 char *avp_name;
51 enum rule_position position;
52 int min;
53 int max;
54};
55
56#define RULE_ORDER( _position ) ((((_position) == RULE_FIXED_HEAD) || ((_position) == RULE_FIXED_TAIL)) ? 1 : 0 )
57
58#define PARSE_loc_rules( _rulearray, _parent) { \
59 int __ar; \
60 for (__ar=0; __ar < sizeof(_rulearray) / sizeof((_rulearray)[0]); __ar++) { \
61 struct dict_rule_data __data = { NULL, \
62 (_rulearray)[__ar].position, \
63 0, \
64 (_rulearray)[__ar].min, \
65 (_rulearray)[__ar].max}; \
66 __data.rule_order = RULE_ORDER(__data.rule_position); \
67 CHECK_FCT( fd_dict_search( \
68 fd_g_config->cnf_dict, \
69 DICT_AVP, \
70 AVP_BY_NAME, \
71 (_rulearray)[__ar].avp_name, \
72 &__data.rule_avp, 0 ) ); \
73 if ( !__data.rule_avp ) { \
74 TRACE_DEBUG(INFO, "AVP Not found: '%s'", (_rulearray)[__ar].avp_name ); \
75 return ENOENT; \
76 } \
77 CHECK_FCT_DO( fd_dict_new( fd_g_config->cnf_dict, DICT_RULE, &__data, _parent, NULL), \
78 { \
79 TRACE_DEBUG(INFO, "Error on rule with AVP '%s'", \
80 (_rulearray)[__ar].avp_name ); \
81 return EINVAL; \
82 } ); \
83 } \
84}
85
86#define enumval_def_u32( _val_, _str_ ) \
87 { _str_, { .u32 = _val_ }}
88
89#define enumval_def_os( _len_, _val_, _str_ ) \
90 { _str_, { .os = { .data = (unsigned char *)_val_, .len = _len_ }}}
91
92
93static int deap_entry(char * conffile)
94{
95 struct dict_object * eap;
96 TRACE_ENTRY("%p", conffile);
97
98 /* Applications section */
99 {
100 /* EAP (RFC 4072) */
101 {
102 struct dict_application_data data = { 5, "Diameter Extensible Authentication Protocol (EAP) Application" };
103 CHECK_dict_new( DICT_APPLICATION, &data , NULL, &eap);
104 }
105 }
106
107 /* AVP section */
108 {
109 /* EAP-Payload */
110 {
111 /*
112 The EAP-Payload AVP (AVP Code 462) is of type OctetString and is used
113 to encapsulate the actual EAP packet that is being exchanged between
114 the EAP client and the home Diameter server.
115 */
116 struct dict_avp_data data = {
117 462, /* Code */
118 0, /* Vendor */
119 "EAP-Payload", /* Name */
120 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
121 AVP_FLAG_MANDATORY, /* Fixed flag values */
122 AVP_TYPE_OCTETSTRING /* base type of data */
123 };
124 CHECK_dict_new( DICT_AVP, &data , NULL, NULL);
125 }
126
127 /* EAP-Reissued-Payload */
128 {
129 /*
130 The EAP-Reissued-Payload AVP (AVP Code 463) is of type OctetString.
131 */
132 struct dict_avp_data data = {
133 463, /* Code */
134 0, /* Vendor */
135 "EAP-Reissued-Payload", /* Name */
136 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
137 AVP_FLAG_MANDATORY, /* Fixed flag values */
138 AVP_TYPE_OCTETSTRING /* base type of data */
139 };
140 CHECK_dict_new( DICT_AVP, &data , NULL, NULL);
141 }
142
143 /* EAP-Master-Session-Key */
144 {
145 /*
146 The EAP-Master-Session-Key AVP (AVP Code 464) is of type OctetString.
147 It contains keying material for protecting the communications between
148 the user and the NAS. Exactly how this keying material is used
149 depends on the link layer in question, and is beyond the scope of
150 this document.
151 */
152 struct dict_avp_data data = {
153 464, /* Code */
154 0, /* Vendor */
155 "EAP-Master-Session-Key", /* Name */
156 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
157 AVP_FLAG_MANDATORY, /* Fixed flag values */
158 AVP_TYPE_OCTETSTRING /* base type of data */
159 };
160 CHECK_dict_new( DICT_AVP, &data , NULL, NULL);
161 }
162
163 /* EAP-Key-Name */
164 {
165 /*
166 The EAP-Key-Name AVP (Radius Attribute Type 102) is of type
167 OctetString. It contains an opaque key identifier (name) generated
168 by the EAP method. Exactly how this name is used depends on the link
169 layer in question, and is beyond the scope of this document (see
170 [EAPKey] for more discussion).
171
172 Note that not all link layers use this name, and currently most EAP
173 methods do not generate it. Since the NAS operates in pass-through
174 mode, it cannot know the Key-Name before receiving it from the AAA
175 server. As a result, a Key-Name AVP sent in a Diameter-EAP-Request
176 MUST NOT contain any data. A home Diameter server receiving a
177 Diameter-EAP-Request with a Key-Name AVP with non-empty data MUST
178 silently discard the AVP. In addition, the home Diameter server
179 SHOULD include this AVP in Diameter-EAP-Response only if an empty
180 EAP-Key-Name AVP was present in Diameter-EAP-Request.
181 */
182 struct dict_avp_data data = {
183 102, /* Code */
184 0, /* Vendor */
185 "EAP-Key-Name", /* Name */
186 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
187 AVP_FLAG_MANDATORY, /* Fixed flag values */
188 AVP_TYPE_OCTETSTRING /* base type of data */
189 };
190 CHECK_dict_new( DICT_AVP, &data , NULL, NULL);
191 }
192
193 /* Accounting-EAP-Auth-Method */
194 {
195 /*
196 The Accounting-EAP-Auth-Method AVP (AVP Code 465) is of type
197 Unsigned64. In case of expanded types [EAP, Section 5.7], this AVP
198 contains the value ((Vendor-Id * 2^32) + Vendor-Type).
199 */
200 struct dict_avp_data data = {
201 465, /* Code */
202 0, /* Vendor */
203 "Accounting-EAP-Auth-Method", /* Name */
204 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
205 AVP_FLAG_MANDATORY, /* Fixed flag values */
206 AVP_TYPE_UNSIGNED64 /* base type of data */
207 };
208 CHECK_dict_new( DICT_AVP, &data , NULL, NULL);
209 }
210
211 }
212
213/********************/
214/* Commands section */
215/********************/
216 {
217 /* To avoid defining global variables for all the AVP that we use here, we do search the dictionary in each sub-block.
218 * This is far from optimal, but the code is clearer like this, and the time it requires at execution is not noticeable.
219 */
220 /* Diameter-EAP-Request (DER) Command */
221 {
222 /*
223 The Diameter-EAP-Request (DER) command, indicated by the Command-Code
224 field set to 268 and the 'R' bit set in the Command Flags field, is
225 sent by a Diameter client to a Diameter server, and conveys an
226 EAP-Response from the EAP client. The Diameter-EAP-Request MUST
227 contain one EAP-Payload AVP containing the actual EAP payload. An
228 EAP-Payload AVP with no data MAY be sent to the Diameter server to
229 initiate an EAP authentication session.
230
231 The DER message MAY be the result of a multi-round authentication
232 exchange that occurs when the DEA is received with the Result-Code
233 AVP set to DIAMETER_MULTI_ROUND_AUTH [BASE]. A subsequent DER
234 message MUST include any State AVPs [NASREQ] that were present in the
235 DEA. For re-authentication, it is recommended that the Identity
236 request be skipped in order to reduce the number of authentication
237 round trips. This is only possible when the user's identity is
238 already known by the home Diameter server.
239
240 Message format
241
242 <Diameter-EAP-Request> ::= < Diameter Header: 268, REQ, PXY >
243 < Session-Id >
244 { Auth-Application-Id }
245 { Origin-Host }
246 { Origin-Realm }
247 { Destination-Realm }
248 { Auth-Request-Type }
249 [ Destination-Host ]
250 [ NAS-Identifier ]
251 [ NAS-IP-Address ]
252 [ NAS-IPv6-Address ]
253 [ NAS-Port ]
254 [ NAS-Port-Id ]
255 [ NAS-Port-Type ]
256 [ Origin-State-Id ]
257 [ Port-Limit ]
258 [ User-Name ]
259 { EAP-Payload }
260 [ EAP-Key-Name ]
261 [ Service-Type ]
262 [ State ]
263 [ Authorization-Lifetime ]
264 [ Auth-Grace-Period ]
265 [ Auth-Session-State ]
266 [ Callback-Number ]
267 [ Called-Station-Id ]
268 [ Calling-Station-Id ]
269 [ Originating-Line-Info ]
270 [ Connect-Info ]
271 * [ Framed-Compression ]
272 [ Framed-Interface-Id ]
273 [ Framed-IP-Address ]
274 * [ Framed-IPv6-Prefix ]
275 [ Framed-IP-Netmask ]
276 [ Framed-MTU ]
277 [ Framed-Protocol ]
278 * [ Tunneling ]
279 * [ Proxy-Info ]
280 * [ Route-Record ]
281 * [ AVP ]
282 */
283 struct dict_object * cmd;
284 struct dict_cmd_data data = {
285 268, /* Code */
286 "Diameter-EAP-Request", /* Name */
287 CMD_FLAG_REQUEST | CMD_FLAG_PROXIABLE | CMD_FLAG_ERROR, /* Fixed flags */
288 CMD_FLAG_REQUEST | CMD_FLAG_PROXIABLE /* Fixed flag values */
289 };
290 struct local_rules_definition rules[] =
291 { { "Session-Id", RULE_FIXED_HEAD, -1, 1 }
292 ,{ "Auth-Application-Id", RULE_REQUIRED, -1, 1 }
293 ,{ "Origin-Host", RULE_REQUIRED, -1, 1 }
294 ,{ "Origin-Realm", RULE_REQUIRED, -1, 1 }
295 ,{ "Destination-Realm", RULE_REQUIRED, -1, 1 }
296 ,{ "Auth-Request-Type", RULE_REQUIRED, -1, 1 }
297 ,{ "Destination-Host", RULE_OPTIONAL, -1, 1 }
298 ,{ "NAS-Identifier", RULE_OPTIONAL, -1, 1 }
299 ,{ "NAS-IP-Address", RULE_OPTIONAL, -1, 1 }
300 ,{ "NAS-IPv6-Address", RULE_OPTIONAL, -1, 1 }
301 ,{ "NAS-Port", RULE_OPTIONAL, -1, 1 }
302 ,{ "NAS-Port-Id", RULE_OPTIONAL, -1, 1 }
303 ,{ "NAS-Port-Type", RULE_OPTIONAL, -1, 1 }
304 ,{ "Origin-State-Id", RULE_OPTIONAL, -1, 1 }
305 ,{ "Port-Limit", RULE_OPTIONAL, -1, 1 }
306 ,{ "User-Name", RULE_OPTIONAL, -1, 1 }
307 ,{ "EAP-Payload", RULE_REQUIRED, -1, 1 }
308 ,{ "EAP-Key-Name", RULE_OPTIONAL, -1, 1 }
309 ,{ "Service-Type", RULE_OPTIONAL, -1, 1 }
310 ,{ "State", RULE_OPTIONAL, -1, 1 }
311 ,{ "Authorization-Lifetime", RULE_OPTIONAL, -1, 1 }
312 ,{ "Auth-Grace-Period", RULE_OPTIONAL, -1, 1 }
313 ,{ "Auth-Session-State", RULE_OPTIONAL, -1, 1 }
314 ,{ "Callback-Number", RULE_OPTIONAL, -1, 1 }
315 ,{ "Called-Station-Id", RULE_OPTIONAL, -1, 1 }
316 ,{ "Calling-Station-Id", RULE_OPTIONAL, -1, 1 }
317 ,{ "Originating-Line-Info", RULE_OPTIONAL, -1, 1 }
318 ,{ "Connect-Info", RULE_OPTIONAL, -1, 1 }
319 ,{ "Framed-Compression", RULE_OPTIONAL, -1,-1 }
320 ,{ "Framed-Interface-Id", RULE_OPTIONAL, -1, 1 }
321 ,{ "Framed-IP-Address", RULE_OPTIONAL, -1, 1 }
322 ,{ "Framed-IPv6-Prefix", RULE_OPTIONAL, -1,-1 }
323 ,{ "Framed-IP-Netmask", RULE_OPTIONAL, -1, 1 }
324 ,{ "Framed-MTU", RULE_OPTIONAL, -1, 1 }
325 ,{ "Framed-Protocol", RULE_OPTIONAL, -1, 1 }
326 ,{ "Tunneling", RULE_OPTIONAL, -1,-1 }
327 ,{ "Proxy-Info", RULE_OPTIONAL, -1,-1 }
328 ,{ "Route-Record", RULE_OPTIONAL, -1,-1 }
329 };
330
331 CHECK_dict_new( DICT_COMMAND, &data , eap, &cmd);
332 PARSE_loc_rules( rules, cmd );
333 }
334
335 /* Diameter-EAP-Answer (DEA) Command */
336 {
337 /*
338 The Diameter-EAP-Answer (DEA) message, indicated by the Command-Code
339 field set to 268 and the 'R' bit cleared in the Command Flags field,
340 is sent by the Diameter server to the client for one of the following
341 reasons:
342
343 1. The message is part of a multi-round authentication exchange, and
344 the server is expecting a subsequent Diameter-EAP-Request. This
345 is indicated by setting the Result-Code to
346 DIAMETER_MULTI_ROUND_AUTH, and MAY include zero or more State
347 AVPs.
348
349 2. The EAP client has been successfully authenticated and
350 authorized, in which case the message MUST include the
351 Result-Code AVP indicating success, and SHOULD include an
352 EAP-Payload of type EAP-Success. This event MUST cause the
353 access device to provide service to the EAP client.
354
355 3. The EAP client has not been successfully authenticated and/or
356 authorized, and the Result-Code AVP is set to indicate failure.
357 This message SHOULD include an EAP-Payload, but this AVP is not
358 used to determine whether service is to be provided.
359
360 If the message from the Diameter client included a request for
361 authorization, a successful response MUST include the authorization
362 AVPs that are relevant to the service being provided.
363
364 Message format
365
366 <Diameter-EAP-Answer> ::= < Diameter Header: 268, PXY >
367 < Session-Id >
368 { Auth-Application-Id }
369 { Auth-Request-Type }
370 { Result-Code }
371 { Origin-Host }
372 { Origin-Realm }
373 [ User-Name ]
374 [ EAP-Payload ]
375 [ EAP-Reissued-Payload ]
376 [ EAP-Master-Session-Key ]
377 [ EAP-Key-Name ]
378 [ Multi-Round-Time-Out ]
379 [ Accounting-EAP-Auth-Method ]
380 [ Service-Type ]
381 * [ Class ]
382 * [ Configuration-Token ]
383 [ Acct-Interim-Interval ]
384 [ Error-Message ]
385 [ Error-Reporting-Host ]
386 * [ Failed-AVP ]
387 [ Idle-Timeout ]
388 [ Authorization-Lifetime ]
389 [ Auth-Grace-Period ]
390 [ Auth-Session-State ]
391 [ Re-Auth-Request-Type ]
392 [ Session-Timeout ]
393 [ State ]
394 * [ Reply-Message ]
395 [ Origin-State-Id ]
396 * [ Filter-Id ]
397 [ Port-Limit ]
398 [ Callback-Id ]
399 [ Callback-Number ]
400 [ Framed-Appletalk-Link ]
401 * [ Framed-Appletalk-Network ]
402 [ Framed-Appletalk-Zone ]
403 * [ Framed-Compression ]
404 [ Framed-Interface-Id ]
405 [ Framed-IP-Address ]
406 * [ Framed-IPv6-Prefix ]
407 [ Framed-IPv6-Pool ]
408 * [ Framed-IPv6-Route ]
409 [ Framed-IP-Netmask ]
410 * [ Framed-Route ]
411 [ Framed-Pool ]
412 [ Framed-IPX-Network ]
413 [ Framed-MTU ]
414 [ Framed-Protocol ]
415 [ Framed-Routing ]
416 * [ NAS-Filter-Rule ]
417 * [ QoS-Filter-Rule ]
418 * [ Tunneling ]
419 * [ Redirect-Host ]
420 [ Redirect-Host-Usage ]
421 [ Redirect-Max-Cache-Time ]
422 * [ Proxy-Info ]
423 * [ AVP ]
424 */
425 struct dict_object * cmd;
426 struct dict_cmd_data data = {
427 268, /* Code */
428 "Diameter-EAP-Answer", /* Name */
429 CMD_FLAG_REQUEST | CMD_FLAG_PROXIABLE, /* Fixed flags */
430 CMD_FLAG_PROXIABLE /* Fixed flag values */
431 };
432 struct local_rules_definition rules[] =
433 { { "Session-Id", RULE_FIXED_HEAD, -1, 1 }
434 ,{ "Auth-Application-Id", RULE_REQUIRED, -1, 1 }
435 ,{ "Auth-Request-Type", RULE_REQUIRED, -1, 1 }
436 ,{ "Result-Code", RULE_REQUIRED, -1, 1 }
437 ,{ "Origin-Host", RULE_REQUIRED, -1, 1 }
438 ,{ "Origin-Realm", RULE_REQUIRED, -1, 1 }
439 ,{ "User-Name", RULE_OPTIONAL, -1, 1 }
440 ,{ "EAP-Payload", RULE_OPTIONAL, -1, 1 }
441 ,{ "EAP-Reissued-Payload", RULE_OPTIONAL, -1, 1 }
442 ,{ "EAP-Master-Session-Key", RULE_OPTIONAL, -1, 1 }
443 ,{ "EAP-Key-Name", RULE_OPTIONAL, -1, 1 }
444 ,{ "Multi-Round-Time-Out", RULE_OPTIONAL, -1, 1 }
445 ,{ "Accounting-EAP-Auth-Method", RULE_OPTIONAL, -1, 1 }
446 ,{ "Service-Type", RULE_OPTIONAL, -1, 1 }
447 ,{ "Class", RULE_OPTIONAL, -1,-1 }
448 ,{ "Configuration-Token", RULE_OPTIONAL, -1,-1 }
449 ,{ "Acct-Interim-Interval", RULE_OPTIONAL, -1, 1 }
450 ,{ "Error-Message", RULE_OPTIONAL, -1, 1 }
451 ,{ "Error-Reporting-Host", RULE_OPTIONAL, -1, 1 }
452 ,{ "Failed-AVP", RULE_OPTIONAL, -1,-1 }
453 ,{ "Idle-Timeout", RULE_OPTIONAL, -1, 1 }
454 ,{ "Authorization-Lifetime", RULE_OPTIONAL, -1, 1 }
455 ,{ "Auth-Grace-Period", RULE_OPTIONAL, -1, 1 }
456 ,{ "Auth-Session-State", RULE_OPTIONAL, -1, 1 }
457 ,{ "Re-Auth-Request-Type", RULE_OPTIONAL, -1, 1 }
458 ,{ "Session-Timeout", RULE_OPTIONAL, -1, 1 }
459 ,{ "State", RULE_OPTIONAL, -1, 1 }
460 ,{ "Reply-Message", RULE_OPTIONAL, -1,-1 }
461 ,{ "Origin-State-Id", RULE_OPTIONAL, -1, 1 }
462 ,{ "Filter-Id", RULE_OPTIONAL, -1,-1 }
463 ,{ "Port-Limit", RULE_OPTIONAL, -1, 1 }
464 ,{ "Callback-Id", RULE_OPTIONAL, -1, 1 }
465 ,{ "Callback-Number", RULE_OPTIONAL, -1, 1 }
466 ,{ "Framed-AppleTalk-Link", RULE_OPTIONAL, -1, 1 }
467 ,{ "Framed-AppleTalk-Network", RULE_OPTIONAL, -1,-1 }
468 ,{ "Framed-AppleTalk-Zone", RULE_OPTIONAL, -1, 1 }
469 ,{ "Framed-Compression", RULE_OPTIONAL, -1,-1 }
470 ,{ "Framed-Interface-Id", RULE_OPTIONAL, -1, 1 }
471 ,{ "Framed-IP-Address", RULE_OPTIONAL, -1, 1 }
472 ,{ "Framed-IPv6-Prefix", RULE_OPTIONAL, -1,-1 }
473 ,{ "Framed-IPv6-Pool", RULE_OPTIONAL, -1, 1 }
474 ,{ "Framed-IPv6-Route", RULE_OPTIONAL, -1,-1 }
475 ,{ "Framed-IP-Netmask", RULE_OPTIONAL, -1, 1 }
476 ,{ "Framed-Route", RULE_OPTIONAL, -1,-1 }
477 ,{ "Framed-Pool", RULE_OPTIONAL, -1, 1 }
478 ,{ "Framed-IPX-Network", RULE_OPTIONAL, -1, 1 }
479 ,{ "Framed-MTU", RULE_OPTIONAL, -1, 1 }
480 ,{ "Framed-Protocol", RULE_OPTIONAL, -1, 1 }
481 ,{ "Framed-Routing", RULE_OPTIONAL, -1, 1 }
482 ,{ "NAS-Filter-Rule", RULE_OPTIONAL, -1,-1 }
483 ,{ "QoS-Filter-Rule", RULE_OPTIONAL, -1,-1 }
484 ,{ "Tunneling", RULE_OPTIONAL, -1,-1 }
485 ,{ "Redirect-Host", RULE_OPTIONAL, -1,-1 }
486 ,{ "Redirect-Host-Usage", RULE_OPTIONAL, -1, 1 }
487 ,{ "Redirect-Max-Cache-Time", RULE_OPTIONAL, -1, 1 }
488 ,{ "Proxy-Info", RULE_OPTIONAL, -1,-1 }
489 };
490
491 CHECK_dict_new( DICT_COMMAND, &data , eap, &cmd);
492 PARSE_loc_rules( rules, cmd );
493 }
494
495 /* Accounting-Request */
496 {
497 /*
498 Add additional rules of the ABNF (compared to Base definition):
499
500 Attribute Name | ACR | ACA |
501 ---------------------------------------|-----+-----+
502 Accounting-EAP-Auth-Method | 0+ | 0 |
503 */
504 struct dict_object * cmd;
505 struct local_rules_definition rules[] =
506 { { "Accounting-EAP-Auth-Method", RULE_OPTIONAL, -1,-1 }
507 };
508
509 CHECK_dict_search( DICT_COMMAND, CMD_BY_NAME, "Accounting-Request", &cmd);
510 PARSE_loc_rules( rules, cmd );
511 }
512
513 }
514
515 LOG_D( "Extension 'Dictionary definitions for EAP' initialized");
516 return 0;
517}
518
519EXTENSION_ENTRY("dict_eap", deap_entry, "dict_nasreq");