Annotation of embedaddon/ipsec-tools/src/racoon/isakmp_cfg.h, revision 1.1
1.1 ! misho 1: /* $NetBSD: isakmp_cfg.h,v 1.6 2006/09/09 16:22:09 manu Exp $ */
! 2:
! 3: /* $KAME$ */
! 4:
! 5: /*
! 6: * Copyright (C) 2004 Emmanuel Dreyfus
! 7: * All rights reserved.
! 8: *
! 9: * Redistribution and use in source and binary forms, with or without
! 10: * modification, are permitted provided that the following conditions
! 11: * are met:
! 12: * 1. Redistributions of source code must retain the above copyright
! 13: * notice, this list of conditions and the following disclaimer.
! 14: * 2. Redistributions in binary form must reproduce the above copyright
! 15: * notice, this list of conditions and the following disclaimer in the
! 16: * documentation and/or other materials provided with the distribution.
! 17: * 3. Neither the name of the project nor the names of its contributors
! 18: * may be used to endorse or promote products derived from this software
! 19: * without specific prior written permission.
! 20: *
! 21: * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
! 22: * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
! 23: * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
! 24: * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
! 25: * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
! 26: * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
! 27: * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
! 28: * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
! 29: * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
! 30: * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
! 31: * SUCH DAMAGE.
! 32: */
! 33:
! 34: #ifdef HAVE_LIBPAM
! 35: #include <security/pam_appl.h>
! 36: #endif
! 37:
! 38: /*
! 39: * XXX don't forget to update
! 40: * src/racoon/handler.c:exclude_cfg_addr()
! 41: * if you add IPv6 capability
! 42: */
! 43:
! 44: /* Attribute types */
! 45: #define INTERNAL_IP4_ADDRESS 1
! 46: #define INTERNAL_IP4_NETMASK 2
! 47: #define INTERNAL_IP4_DNS 3
! 48: #define INTERNAL_IP4_NBNS 4
! 49: #define INTERNAL_ADDRESS_EXPIRY 5
! 50: #define INTERNAL_IP4_DHCP 6
! 51: #define APPLICATION_VERSION 7
! 52: #define INTERNAL_IP6_ADDRESS 8
! 53: #define INTERNAL_IP6_NETMASK 9
! 54: #define INTERNAL_IP6_DNS 10
! 55: #define INTERNAL_IP6_NBNS 11
! 56: #define INTERNAL_IP6_DHCP 12
! 57: #define INTERNAL_IP4_SUBNET 13
! 58: #define SUPPORTED_ATTRIBUTES 14
! 59: #define INTERNAL_IP6_SUBNET 15
! 60:
! 61: /* For APPLICATION_VERSION */
! 62: #define ISAKMP_CFG_RACOON_VERSION "racoon / IPsec-tools"
! 63:
! 64: /* For the wins servers -- XXX find the value somewhere ? */
! 65: #define MAXWINS 4
! 66:
! 67: /*
! 68: * Global configuration for ISAKMP mode confiration address allocation
! 69: * Read from the mode_cfg section of racoon.conf
! 70: */
! 71: struct isakmp_cfg_port {
! 72: char used;
! 73: #ifdef HAVE_LIBPAM
! 74: pam_handle_t *pam;
! 75: #endif
! 76: };
! 77:
! 78: struct isakmp_cfg_config {
! 79: in_addr_t network4;
! 80: in_addr_t netmask4;
! 81: in_addr_t dns4[MAXNS];
! 82: int dns4_index;
! 83: in_addr_t nbns4[MAXWINS];
! 84: int nbns4_index;
! 85: struct isakmp_cfg_port *port_pool;
! 86: int authsource;
! 87: int groupsource;
! 88: char **grouplist;
! 89: int groupcount;
! 90: int confsource;
! 91: int accounting;
! 92: size_t pool_size;
! 93: int auth_throttle;
! 94: /* XXX move this to a unity specific sub-structure */
! 95: char default_domain[MAXPATHLEN + 1];
! 96: char motd[MAXPATHLEN + 1];
! 97: struct unity_netentry *splitnet_list;
! 98: int splitnet_count;
! 99: int splitnet_type;
! 100: char *splitdns_list;
! 101: int splitdns_len;
! 102: int pfs_group;
! 103: int save_passwd;
! 104: };
! 105:
! 106: /* For utmp updating */
! 107: #define TERMSPEC "vpn%d"
! 108:
! 109: /* For authsource */
! 110: #define ISAKMP_CFG_AUTH_SYSTEM 0
! 111: #define ISAKMP_CFG_AUTH_RADIUS 1
! 112: #define ISAKMP_CFG_AUTH_PAM 2
! 113: #define ISAKMP_CFG_AUTH_LDAP 4
! 114:
! 115: /* For groupsource */
! 116: #define ISAKMP_CFG_GROUP_SYSTEM 0
! 117: #define ISAKMP_CFG_GROUP_LDAP 1
! 118:
! 119: /* For confsource */
! 120: #define ISAKMP_CFG_CONF_LOCAL 0
! 121: #define ISAKMP_CFG_CONF_RADIUS 1
! 122: #define ISAKMP_CFG_CONF_LDAP 2
! 123:
! 124: /* For accounting */
! 125: #define ISAKMP_CFG_ACCT_NONE 0
! 126: #define ISAKMP_CFG_ACCT_RADIUS 1
! 127: #define ISAKMP_CFG_ACCT_PAM 2
! 128: #define ISAKMP_CFG_ACCT_LDAP 3
! 129: #define ISAKMP_CFG_ACCT_SYSTEM 4
! 130:
! 131: /* For pool_size */
! 132: #define ISAKMP_CFG_MAX_CNX 255
! 133:
! 134: /* For motd */
! 135: #define ISAKMP_CFG_MOTD "/etc/motd"
! 136:
! 137: /* For default domain */
! 138: #define ISAKMP_CFG_DEFAULT_DOMAIN ""
! 139:
! 140: extern struct isakmp_cfg_config isakmp_cfg_config;
! 141:
! 142: /*
! 143: * ISAKMP mode config state
! 144: */
! 145: #define LOGINLEN 31
! 146: struct isakmp_cfg_state {
! 147: int flags; /* See below */
! 148: unsigned int port; /* address index */
! 149: char login[LOGINLEN + 1]; /* login */
! 150: struct in_addr addr4; /* IPv4 address */
! 151: struct in_addr mask4; /* IPv4 netmask */
! 152: struct in_addr dns4[MAXNS]; /* IPv4 DNS (when client only) */
! 153: int dns4_index; /* Number of IPv4 DNS (client only) */
! 154: struct in_addr wins4[MAXWINS]; /* IPv4 WINS (when client only) */
! 155: int wins4_index; /* Number of IPv4 WINS (client only) */
! 156: char default_domain[MAXPATHLEN + 1]; /* Default domain recieved */
! 157: struct unity_netentry
! 158: *split_include; /* UNITY_SPLIT_INCLUDE */
! 159: int include_count; /* Number of SPLIT_INCLUDES */
! 160: struct unity_netentry
! 161: *split_local; /* UNITY_LOCAL_LAN */
! 162: int local_count; /* Number of SPLIT_LOCAL */
! 163: struct xauth_state xauth; /* Xauth state, if revelant */
! 164: struct isakmp_ivm *ivm; /* XXX Use iph1's ivm? */
! 165: u_int32_t last_msgid; /* Last message-ID */
! 166: };
! 167:
! 168: /* flags */
! 169: #define ISAKMP_CFG_VENDORID_XAUTH 0x01 /* Supports Xauth */
! 170: #define ISAKMP_CFG_VENDORID_UNITY 0x02 /* Cisco Unity compliant */
! 171: #define ISAKMP_CFG_PORT_ALLOCATED 0x04 /* Port allocated */
! 172: #define ISAKMP_CFG_ADDR4_EXTERN 0x08 /* Address from external config */
! 173: #define ISAKMP_CFG_MASK4_EXTERN 0x10 /* Netmask from external config */
! 174: #define ISAKMP_CFG_ADDR4_LOCAL 0x20 /* Address from local pool */
! 175: #define ISAKMP_CFG_MASK4_LOCAL 0x40 /* Netmask from local pool */
! 176: #define ISAKMP_CFG_GOT_ADDR4 0x80 /* Client got address */
! 177: #define ISAKMP_CFG_GOT_MASK4 0x100 /* Client got mask */
! 178: #define ISAKMP_CFG_GOT_DNS4 0x200 /* Client got DNS */
! 179: #define ISAKMP_CFG_GOT_WINS4 0x400 /* Client got WINS */
! 180: #define ISAKMP_CFG_DELETE_PH1 0x800 /* phase 1 should be deleted */
! 181: #define ISAKMP_CFG_GOT_DEFAULT_DOMAIN 0x1000 /* Client got default domain */
! 182: #define ISAKMP_CFG_GOT_SPLIT_INCLUDE 0x2000 /* Client got a split network config */
! 183: #define ISAKMP_CFG_GOT_SPLIT_LOCAL 0x4000 /* Client got a split LAN config */
! 184:
! 185: struct isakmp_pl_attr;
! 186: struct ph1handle;
! 187: struct isakmp_ivm;
! 188: void isakmp_cfg_r(struct ph1handle *, vchar_t *);
! 189: int isakmp_cfg_attr_r(struct ph1handle *, u_int32_t, struct isakmp_pl_attr *);
! 190: int isakmp_cfg_reply(struct ph1handle *, struct isakmp_pl_attr *);
! 191: int isakmp_cfg_request(struct ph1handle *, struct isakmp_pl_attr *);
! 192: int isakmp_cfg_set(struct ph1handle *, struct isakmp_pl_attr *);
! 193: int isakmp_cfg_send(struct ph1handle *, vchar_t *, u_int32_t, int, int);
! 194: struct isakmp_ivm *isakmp_cfg_newiv(struct ph1handle *, u_int32_t);
! 195: void isakmp_cfg_rmstate(struct ph1handle *);
! 196: struct isakmp_cfg_state *isakmp_cfg_mkstate(void);
! 197: vchar_t *isakmp_cfg_copy(struct ph1handle *, struct isakmp_data *);
! 198: vchar_t *isakmp_cfg_short(struct ph1handle *, struct isakmp_data *, int);
! 199: vchar_t *isakmp_cfg_varlen(struct ph1handle *, struct isakmp_data *, char *, size_t);
! 200: vchar_t *isakmp_cfg_string(struct ph1handle *, struct isakmp_data *, char *);
! 201: int isakmp_cfg_getconfig(struct ph1handle *);
! 202: int isakmp_cfg_setenv(struct ph1handle *, char ***, int *);
! 203:
! 204: int isakmp_cfg_resize_pool(int);
! 205: int isakmp_cfg_getport(struct ph1handle *);
! 206: int isakmp_cfg_putport(struct ph1handle *, unsigned int);
! 207: int isakmp_cfg_init(int);
! 208: #define ISAKMP_CFG_INIT_COLD 1
! 209: #define ISAKMP_CFG_INIT_WARM 0
! 210:
! 211: #ifdef HAVE_LIBRADIUS
! 212: struct rad_handle;
! 213: extern struct rad_handle *radius_acct_state;
! 214: int isakmp_cfg_radius_common(struct rad_handle *, int);
! 215: #endif
! 216:
! 217: #ifdef HAVE_LIBPAM
! 218: int isakmp_cfg_accounting_pam(int, int);
! 219: void cleanup_pam(int);
! 220: #endif
! 221:
! 222: int isakmp_cfg_accounting_system(int, struct sockaddr *, char *, int);
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to isakmp_cfg.h CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / ipsec-tools / src / racoon