[BACK]Return to isakmp_cfg.h CVS log [TXT] [DIR] Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / ipsec-tools / src / racoon
File:  [ELWIX - Embedded LightWeight unIX -] / embedaddon / ipsec-tools / src / racoon / isakmp_cfg.h
Revision 1.1.1.1 (vendor branch): download - view: text, annotated - select for diffs - revision graph
Tue Feb 21 22:39:10 2012 UTC (12 years, 4 months ago) by misho
Branches: ipsec-tools, MAIN
CVS tags: v0_8_2p2, v0_8_1p0, v0_8_1, v0_8_0p0, v0_8_0, HEAD
ipsec-tools

    1: /*	$NetBSD: isakmp_cfg.h,v 1.6 2006/09/09 16:22:09 manu Exp $	*/
    2: 
    3: /*	$KAME$ */
    4: 
    5: /*
    6:  * Copyright (C) 2004 Emmanuel Dreyfus
    7:  * All rights reserved.
    8:  * 
    9:  * Redistribution and use in source and binary forms, with or without
   10:  * modification, are permitted provided that the following conditions
   11:  * are met:
   12:  * 1. Redistributions of source code must retain the above copyright
   13:  *    notice, this list of conditions and the following disclaimer.
   14:  * 2. Redistributions in binary form must reproduce the above copyright
   15:  *    notice, this list of conditions and the following disclaimer in the
   16:  *    documentation and/or other materials provided with the distribution.
   17:  * 3. Neither the name of the project nor the names of its contributors
   18:  *    may be used to endorse or promote products derived from this software
   19:  *    without specific prior written permission.
   20:  * 
   21:  * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
   22:  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
   23:  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
   24:  * ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
   25:  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
   26:  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
   27:  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
   28:  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
   29:  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
   30:  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
   31:  * SUCH DAMAGE.
   32:  */
   33: 
   34: #ifdef HAVE_LIBPAM
   35: #include <security/pam_appl.h>
   36: #endif
   37: 
   38: /* 
   39:  * XXX don't forget to update 
   40:  * src/racoon/handler.c:exclude_cfg_addr()
   41:  * if you add IPv6 capability
   42:  */
   43: 
   44: /* Attribute types */
   45: #define INTERNAL_IP4_ADDRESS        1
   46: #define INTERNAL_IP4_NETMASK        2
   47: #define INTERNAL_IP4_DNS            3
   48: #define INTERNAL_IP4_NBNS           4
   49: #define INTERNAL_ADDRESS_EXPIRY     5
   50: #define INTERNAL_IP4_DHCP           6
   51: #define APPLICATION_VERSION         7
   52: #define INTERNAL_IP6_ADDRESS        8
   53: #define INTERNAL_IP6_NETMASK        9
   54: #define INTERNAL_IP6_DNS           10
   55: #define INTERNAL_IP6_NBNS          11
   56: #define INTERNAL_IP6_DHCP          12
   57: #define INTERNAL_IP4_SUBNET        13
   58: #define SUPPORTED_ATTRIBUTES       14
   59: #define INTERNAL_IP6_SUBNET        15
   60: 
   61: /* For APPLICATION_VERSION */
   62: #define ISAKMP_CFG_RACOON_VERSION "racoon / IPsec-tools"
   63: 
   64: /* For the wins servers -- XXX find the value somewhere ? */
   65: #define MAXWINS 4
   66: 
   67: /* 
   68:  * Global configuration for ISAKMP mode confiration address allocation 
   69:  * Read from the mode_cfg section of racoon.conf
   70:  */
   71: struct isakmp_cfg_port {
   72: 	char	used;
   73: #ifdef HAVE_LIBPAM
   74: 	pam_handle_t *pam;
   75: #endif
   76: };
   77: 
   78: struct isakmp_cfg_config {
   79: 	in_addr_t		network4;
   80: 	in_addr_t		netmask4;
   81: 	in_addr_t		dns4[MAXNS];
   82: 	int			dns4_index;
   83: 	in_addr_t		nbns4[MAXWINS];
   84: 	int			nbns4_index;
   85: 	struct isakmp_cfg_port 	*port_pool;
   86: 	int			authsource;
   87: 	int			groupsource;
   88: 	char			**grouplist;
   89: 	int			groupcount;
   90: 	int			confsource;
   91: 	int			accounting;
   92: 	size_t			pool_size;
   93: 	int			auth_throttle;
   94: 	/* XXX move this to a unity specific sub-structure */
   95: 	char			default_domain[MAXPATHLEN + 1];
   96: 	char			motd[MAXPATHLEN + 1];
   97: 	struct unity_netentry	*splitnet_list;
   98: 	int			splitnet_count;
   99: 	int			splitnet_type;
  100: 	char 			*splitdns_list;
  101: 	int			splitdns_len;
  102: 	int			pfs_group;
  103: 	int			save_passwd;
  104: };
  105: 
  106: /* For utmp updating */
  107: #define TERMSPEC	"vpn%d"
  108: 
  109: /* For authsource */
  110: #define ISAKMP_CFG_AUTH_SYSTEM	0
  111: #define ISAKMP_CFG_AUTH_RADIUS	1
  112: #define ISAKMP_CFG_AUTH_PAM	2
  113: #define ISAKMP_CFG_AUTH_LDAP	4
  114: 
  115: /* For groupsource */
  116: #define ISAKMP_CFG_GROUP_SYSTEM	0
  117: #define ISAKMP_CFG_GROUP_LDAP	1
  118: 
  119: /* For confsource */
  120: #define ISAKMP_CFG_CONF_LOCAL	0
  121: #define ISAKMP_CFG_CONF_RADIUS	1
  122: #define ISAKMP_CFG_CONF_LDAP	2
  123: 
  124: /* For accounting */
  125: #define ISAKMP_CFG_ACCT_NONE	0
  126: #define ISAKMP_CFG_ACCT_RADIUS	1
  127: #define ISAKMP_CFG_ACCT_PAM	2
  128: #define ISAKMP_CFG_ACCT_LDAP	3
  129: #define ISAKMP_CFG_ACCT_SYSTEM	4
  130: 
  131: /* For pool_size */
  132: #define ISAKMP_CFG_MAX_CNX	255
  133: 
  134: /* For motd */
  135: #define ISAKMP_CFG_MOTD	"/etc/motd"
  136: 
  137: /* For default domain */
  138: #define ISAKMP_CFG_DEFAULT_DOMAIN ""
  139: 
  140: extern struct isakmp_cfg_config isakmp_cfg_config;
  141: 
  142: /*
  143:  * ISAKMP mode config state 
  144:  */
  145: #define LOGINLEN 31
  146: struct isakmp_cfg_state {
  147: 	int flags;			/* See below */
  148: 	unsigned int port;		/* address index */
  149: 	char login[LOGINLEN + 1];	/* login */
  150: 	struct in_addr addr4;		/* IPv4 address */
  151: 	struct in_addr mask4;		/* IPv4 netmask */
  152: 	struct in_addr dns4[MAXNS];	/* IPv4 DNS (when client only) */
  153: 	int dns4_index;			/* Number of IPv4 DNS (client only) */
  154: 	struct in_addr wins4[MAXWINS];	/* IPv4 WINS (when client only) */
  155: 	int wins4_index;		/* Number of IPv4 WINS (client only) */
  156: 	char default_domain[MAXPATHLEN + 1];	/* Default domain recieved */
  157: 	struct unity_netentry 
  158: 	    *split_include; 		/* UNITY_SPLIT_INCLUDE */
  159: 	int include_count;		/* Number of SPLIT_INCLUDES */
  160: 	struct unity_netentry 
  161: 	    *split_local;		/* UNITY_LOCAL_LAN */
  162: 	int local_count;		/* Number of SPLIT_LOCAL */
  163: 	struct xauth_state xauth;	/* Xauth state, if revelant */		
  164: 	struct isakmp_ivm *ivm;		/* XXX Use iph1's ivm? */
  165: 	u_int32_t last_msgid;           /* Last message-ID */
  166: };
  167: 
  168: /* flags */
  169: #define ISAKMP_CFG_VENDORID_XAUTH	0x01	/* Supports Xauth */
  170: #define ISAKMP_CFG_VENDORID_UNITY	0x02	/* Cisco Unity compliant */
  171: #define ISAKMP_CFG_PORT_ALLOCATED	0x04	/* Port allocated */
  172: #define ISAKMP_CFG_ADDR4_EXTERN		0x08	/* Address from external config  */
  173: #define ISAKMP_CFG_MASK4_EXTERN		0x10	/* Netmask from external config */
  174: #define ISAKMP_CFG_ADDR4_LOCAL		0x20	/* Address from local pool */
  175: #define ISAKMP_CFG_MASK4_LOCAL		0x40	/* Netmask from local pool */
  176: #define ISAKMP_CFG_GOT_ADDR4		0x80	/* Client got address */
  177: #define ISAKMP_CFG_GOT_MASK4		0x100	/* Client got mask */
  178: #define ISAKMP_CFG_GOT_DNS4		0x200	/* Client got DNS */
  179: #define ISAKMP_CFG_GOT_WINS4		0x400	/* Client got WINS */
  180: #define ISAKMP_CFG_DELETE_PH1		0x800	/* phase 1 should be deleted */
  181: #define ISAKMP_CFG_GOT_DEFAULT_DOMAIN	0x1000	/* Client got default domain */
  182: #define ISAKMP_CFG_GOT_SPLIT_INCLUDE	0x2000	/* Client got a split network config */
  183: #define ISAKMP_CFG_GOT_SPLIT_LOCAL	0x4000	/* Client got a split LAN config */
  184: 
  185: struct isakmp_pl_attr;
  186: struct ph1handle;
  187: struct isakmp_ivm;
  188: void isakmp_cfg_r(struct ph1handle *, vchar_t *);
  189: int isakmp_cfg_attr_r(struct ph1handle *, u_int32_t, struct isakmp_pl_attr *);
  190: int isakmp_cfg_reply(struct ph1handle *, struct isakmp_pl_attr *);
  191: int isakmp_cfg_request(struct ph1handle *, struct isakmp_pl_attr *);
  192: int isakmp_cfg_set(struct ph1handle *, struct isakmp_pl_attr *);
  193: int isakmp_cfg_send(struct ph1handle *, vchar_t *, u_int32_t, int, int);
  194: struct isakmp_ivm *isakmp_cfg_newiv(struct ph1handle *, u_int32_t);
  195: void isakmp_cfg_rmstate(struct ph1handle *);
  196: struct isakmp_cfg_state *isakmp_cfg_mkstate(void);
  197: vchar_t *isakmp_cfg_copy(struct ph1handle *, struct isakmp_data *);
  198: vchar_t *isakmp_cfg_short(struct ph1handle *, struct isakmp_data *, int);
  199: vchar_t *isakmp_cfg_varlen(struct ph1handle *, struct isakmp_data *, char *, size_t);
  200: vchar_t *isakmp_cfg_string(struct ph1handle *, struct isakmp_data *, char *);
  201: int isakmp_cfg_getconfig(struct ph1handle *);
  202: int isakmp_cfg_setenv(struct ph1handle *, char ***, int *);
  203: 
  204: int isakmp_cfg_resize_pool(int);
  205: int isakmp_cfg_getport(struct ph1handle *);
  206: int isakmp_cfg_putport(struct ph1handle *, unsigned int);
  207: int isakmp_cfg_init(int);
  208: #define ISAKMP_CFG_INIT_COLD	1
  209: #define ISAKMP_CFG_INIT_WARM	0
  210: 
  211: #ifdef HAVE_LIBRADIUS
  212: struct rad_handle;
  213: extern struct rad_handle *radius_acct_state;
  214: int isakmp_cfg_radius_common(struct rad_handle *, int); 
  215: #endif
  216: 
  217: #ifdef HAVE_LIBPAM
  218: int isakmp_cfg_accounting_pam(int, int);
  219: void cleanup_pam(int);
  220: #endif
  221: 
  222: int isakmp_cfg_accounting_system(int, struct sockaddr *, char *, int);
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>