Annotation of embedaddon/ipsec-tools/src/racoon/isakmp_cfg.h, revision 1.1.1.1
1.1 misho 1: /* $NetBSD: isakmp_cfg.h,v 1.6 2006/09/09 16:22:09 manu Exp $ */
2:
3: /* $KAME$ */
4:
5: /*
6: * Copyright (C) 2004 Emmanuel Dreyfus
7: * All rights reserved.
8: *
9: * Redistribution and use in source and binary forms, with or without
10: * modification, are permitted provided that the following conditions
11: * are met:
12: * 1. Redistributions of source code must retain the above copyright
13: * notice, this list of conditions and the following disclaimer.
14: * 2. Redistributions in binary form must reproduce the above copyright
15: * notice, this list of conditions and the following disclaimer in the
16: * documentation and/or other materials provided with the distribution.
17: * 3. Neither the name of the project nor the names of its contributors
18: * may be used to endorse or promote products derived from this software
19: * without specific prior written permission.
20: *
21: * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
22: * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23: * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24: * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
25: * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26: * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27: * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28: * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29: * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30: * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31: * SUCH DAMAGE.
32: */
33:
34: #ifdef HAVE_LIBPAM
35: #include <security/pam_appl.h>
36: #endif
37:
38: /*
39: * XXX don't forget to update
40: * src/racoon/handler.c:exclude_cfg_addr()
41: * if you add IPv6 capability
42: */
43:
44: /* Attribute types */
45: #define INTERNAL_IP4_ADDRESS 1
46: #define INTERNAL_IP4_NETMASK 2
47: #define INTERNAL_IP4_DNS 3
48: #define INTERNAL_IP4_NBNS 4
49: #define INTERNAL_ADDRESS_EXPIRY 5
50: #define INTERNAL_IP4_DHCP 6
51: #define APPLICATION_VERSION 7
52: #define INTERNAL_IP6_ADDRESS 8
53: #define INTERNAL_IP6_NETMASK 9
54: #define INTERNAL_IP6_DNS 10
55: #define INTERNAL_IP6_NBNS 11
56: #define INTERNAL_IP6_DHCP 12
57: #define INTERNAL_IP4_SUBNET 13
58: #define SUPPORTED_ATTRIBUTES 14
59: #define INTERNAL_IP6_SUBNET 15
60:
61: /* For APPLICATION_VERSION */
62: #define ISAKMP_CFG_RACOON_VERSION "racoon / IPsec-tools"
63:
64: /* For the wins servers -- XXX find the value somewhere ? */
65: #define MAXWINS 4
66:
67: /*
68: * Global configuration for ISAKMP mode confiration address allocation
69: * Read from the mode_cfg section of racoon.conf
70: */
71: struct isakmp_cfg_port {
72: char used;
73: #ifdef HAVE_LIBPAM
74: pam_handle_t *pam;
75: #endif
76: };
77:
78: struct isakmp_cfg_config {
79: in_addr_t network4;
80: in_addr_t netmask4;
81: in_addr_t dns4[MAXNS];
82: int dns4_index;
83: in_addr_t nbns4[MAXWINS];
84: int nbns4_index;
85: struct isakmp_cfg_port *port_pool;
86: int authsource;
87: int groupsource;
88: char **grouplist;
89: int groupcount;
90: int confsource;
91: int accounting;
92: size_t pool_size;
93: int auth_throttle;
94: /* XXX move this to a unity specific sub-structure */
95: char default_domain[MAXPATHLEN + 1];
96: char motd[MAXPATHLEN + 1];
97: struct unity_netentry *splitnet_list;
98: int splitnet_count;
99: int splitnet_type;
100: char *splitdns_list;
101: int splitdns_len;
102: int pfs_group;
103: int save_passwd;
104: };
105:
106: /* For utmp updating */
107: #define TERMSPEC "vpn%d"
108:
109: /* For authsource */
110: #define ISAKMP_CFG_AUTH_SYSTEM 0
111: #define ISAKMP_CFG_AUTH_RADIUS 1
112: #define ISAKMP_CFG_AUTH_PAM 2
113: #define ISAKMP_CFG_AUTH_LDAP 4
114:
115: /* For groupsource */
116: #define ISAKMP_CFG_GROUP_SYSTEM 0
117: #define ISAKMP_CFG_GROUP_LDAP 1
118:
119: /* For confsource */
120: #define ISAKMP_CFG_CONF_LOCAL 0
121: #define ISAKMP_CFG_CONF_RADIUS 1
122: #define ISAKMP_CFG_CONF_LDAP 2
123:
124: /* For accounting */
125: #define ISAKMP_CFG_ACCT_NONE 0
126: #define ISAKMP_CFG_ACCT_RADIUS 1
127: #define ISAKMP_CFG_ACCT_PAM 2
128: #define ISAKMP_CFG_ACCT_LDAP 3
129: #define ISAKMP_CFG_ACCT_SYSTEM 4
130:
131: /* For pool_size */
132: #define ISAKMP_CFG_MAX_CNX 255
133:
134: /* For motd */
135: #define ISAKMP_CFG_MOTD "/etc/motd"
136:
137: /* For default domain */
138: #define ISAKMP_CFG_DEFAULT_DOMAIN ""
139:
140: extern struct isakmp_cfg_config isakmp_cfg_config;
141:
142: /*
143: * ISAKMP mode config state
144: */
145: #define LOGINLEN 31
146: struct isakmp_cfg_state {
147: int flags; /* See below */
148: unsigned int port; /* address index */
149: char login[LOGINLEN + 1]; /* login */
150: struct in_addr addr4; /* IPv4 address */
151: struct in_addr mask4; /* IPv4 netmask */
152: struct in_addr dns4[MAXNS]; /* IPv4 DNS (when client only) */
153: int dns4_index; /* Number of IPv4 DNS (client only) */
154: struct in_addr wins4[MAXWINS]; /* IPv4 WINS (when client only) */
155: int wins4_index; /* Number of IPv4 WINS (client only) */
156: char default_domain[MAXPATHLEN + 1]; /* Default domain recieved */
157: struct unity_netentry
158: *split_include; /* UNITY_SPLIT_INCLUDE */
159: int include_count; /* Number of SPLIT_INCLUDES */
160: struct unity_netentry
161: *split_local; /* UNITY_LOCAL_LAN */
162: int local_count; /* Number of SPLIT_LOCAL */
163: struct xauth_state xauth; /* Xauth state, if revelant */
164: struct isakmp_ivm *ivm; /* XXX Use iph1's ivm? */
165: u_int32_t last_msgid; /* Last message-ID */
166: };
167:
168: /* flags */
169: #define ISAKMP_CFG_VENDORID_XAUTH 0x01 /* Supports Xauth */
170: #define ISAKMP_CFG_VENDORID_UNITY 0x02 /* Cisco Unity compliant */
171: #define ISAKMP_CFG_PORT_ALLOCATED 0x04 /* Port allocated */
172: #define ISAKMP_CFG_ADDR4_EXTERN 0x08 /* Address from external config */
173: #define ISAKMP_CFG_MASK4_EXTERN 0x10 /* Netmask from external config */
174: #define ISAKMP_CFG_ADDR4_LOCAL 0x20 /* Address from local pool */
175: #define ISAKMP_CFG_MASK4_LOCAL 0x40 /* Netmask from local pool */
176: #define ISAKMP_CFG_GOT_ADDR4 0x80 /* Client got address */
177: #define ISAKMP_CFG_GOT_MASK4 0x100 /* Client got mask */
178: #define ISAKMP_CFG_GOT_DNS4 0x200 /* Client got DNS */
179: #define ISAKMP_CFG_GOT_WINS4 0x400 /* Client got WINS */
180: #define ISAKMP_CFG_DELETE_PH1 0x800 /* phase 1 should be deleted */
181: #define ISAKMP_CFG_GOT_DEFAULT_DOMAIN 0x1000 /* Client got default domain */
182: #define ISAKMP_CFG_GOT_SPLIT_INCLUDE 0x2000 /* Client got a split network config */
183: #define ISAKMP_CFG_GOT_SPLIT_LOCAL 0x4000 /* Client got a split LAN config */
184:
185: struct isakmp_pl_attr;
186: struct ph1handle;
187: struct isakmp_ivm;
188: void isakmp_cfg_r(struct ph1handle *, vchar_t *);
189: int isakmp_cfg_attr_r(struct ph1handle *, u_int32_t, struct isakmp_pl_attr *);
190: int isakmp_cfg_reply(struct ph1handle *, struct isakmp_pl_attr *);
191: int isakmp_cfg_request(struct ph1handle *, struct isakmp_pl_attr *);
192: int isakmp_cfg_set(struct ph1handle *, struct isakmp_pl_attr *);
193: int isakmp_cfg_send(struct ph1handle *, vchar_t *, u_int32_t, int, int);
194: struct isakmp_ivm *isakmp_cfg_newiv(struct ph1handle *, u_int32_t);
195: void isakmp_cfg_rmstate(struct ph1handle *);
196: struct isakmp_cfg_state *isakmp_cfg_mkstate(void);
197: vchar_t *isakmp_cfg_copy(struct ph1handle *, struct isakmp_data *);
198: vchar_t *isakmp_cfg_short(struct ph1handle *, struct isakmp_data *, int);
199: vchar_t *isakmp_cfg_varlen(struct ph1handle *, struct isakmp_data *, char *, size_t);
200: vchar_t *isakmp_cfg_string(struct ph1handle *, struct isakmp_data *, char *);
201: int isakmp_cfg_getconfig(struct ph1handle *);
202: int isakmp_cfg_setenv(struct ph1handle *, char ***, int *);
203:
204: int isakmp_cfg_resize_pool(int);
205: int isakmp_cfg_getport(struct ph1handle *);
206: int isakmp_cfg_putport(struct ph1handle *, unsigned int);
207: int isakmp_cfg_init(int);
208: #define ISAKMP_CFG_INIT_COLD 1
209: #define ISAKMP_CFG_INIT_WARM 0
210:
211: #ifdef HAVE_LIBRADIUS
212: struct rad_handle;
213: extern struct rad_handle *radius_acct_state;
214: int isakmp_cfg_radius_common(struct rad_handle *, int);
215: #endif
216:
217: #ifdef HAVE_LIBPAM
218: int isakmp_cfg_accounting_pam(int, int);
219: void cleanup_pam(int);
220: #endif
221:
222: int isakmp_cfg_accounting_system(int, struct sockaddr *, char *, int);
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to isakmp_cfg.h CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / ipsec-tools / src / racoon