Annotation of embedaddon/ipsec-tools/src/racoon/isakmp_xauth.h, revision 1.1
1.1 ! misho 1: /* $NetBSD: isakmp_xauth.h,v 1.7 2011/03/14 15:50:36 vanhu Exp $ */
! 2:
! 3: /* $KAME$ */
! 4:
! 5: /*
! 6: * Copyright (C) 2004 Emmanuel Dreyfus
! 7: * All rights reserved.
! 8: *
! 9: * Redistribution and use in source and binary forms, with or without
! 10: * modification, are permitted provided that the following conditions
! 11: * are met:
! 12: * 1. Redistributions of source code must retain the above copyright
! 13: * notice, this list of conditions and the following disclaimer.
! 14: * 2. Redistributions in binary form must reproduce the above copyright
! 15: * notice, this list of conditions and the following disclaimer in the
! 16: * documentation and/or other materials provided with the distribution.
! 17: * 3. Neither the name of the project nor the names of its contributors
! 18: * may be used to endorse or promote products derived from this software
! 19: * without specific prior written permission.
! 20: *
! 21: * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
! 22: * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
! 23: * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
! 24: * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
! 25: * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
! 26: * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
! 27: * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
! 28: * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
! 29: * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
! 30: * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
! 31: * SUCH DAMAGE.
! 32: */
! 33:
! 34: #ifndef _ISAKMP_XAUTH_H
! 35: #define _ISAKMP_XAUTH_H
! 36:
! 37: #include "schedule.h"
! 38:
! 39: /* ISAKMP mode config attribute types specific to the Xauth vendor ID */
! 40: #define XAUTH_TYPE 16520
! 41: #define XAUTH_USER_NAME 16521
! 42: #define XAUTH_USER_PASSWORD 16522
! 43: #define XAUTH_PASSCODE 16523
! 44: #define XAUTH_MESSAGE 16524
! 45: #define XAUTH_CHALLENGE 16525
! 46: #define XAUTH_DOMAIN 16526
! 47: #define XAUTH_STATUS 16527
! 48: #define XAUTH_NEXT_PIN 16528
! 49: #define XAUTH_ANSWER 16529
! 50:
! 51: /* Types for XAUTH_TYPE */
! 52: #define XAUTH_TYPE_GENERIC 0
! 53: #define XAUTH_TYPE_CHAP 1
! 54: #define XAUTH_TYPE_OTP 2
! 55: #define XAUTH_TYPE_SKEY 3
! 56:
! 57: /* Values for XAUTH_STATUS */
! 58: #define XAUTH_STATUS_FAIL 0
! 59: #define XAUTH_STATUS_OK 1
! 60:
! 61: /* For phase 1 Xauth status */
! 62: struct xauth_state {
! 63: int status; /* authentication status, used only on server side */
! 64: int vendorid;
! 65: int authtype;
! 66: union {
! 67: struct authgeneric {
! 68: char *usr;
! 69: char *pwd;
! 70: } generic;
! 71: } authdata;
! 72: #ifdef HAVE_LIBLDAP
! 73: char *udn; /* ldap user dn */
! 74: #endif
! 75: };
! 76:
! 77: /* What's been sent */
! 78: #define XAUTH_SENT_USERNAME 1
! 79: #define XAUTH_SENT_PASSWORD 2
! 80: #define XAUTH_SENT_EVERYTHING (XAUTH_SENT_USERNAME | XAUTH_SENT_PASSWORD)
! 81:
! 82: /* For rmconf Xauth data */
! 83: struct xauth_rmconf {
! 84: vchar_t *login; /* xauth login */
! 85: vchar_t *pass; /* xauth password */
! 86: int state; /* what's been sent */
! 87: };
! 88:
! 89: /* status */
! 90: #define XAUTHST_NOTYET 0
! 91: #define XAUTHST_REQSENT 1
! 92: #define XAUTHST_OK 2
! 93:
! 94: struct xauth_reply_arg {
! 95: struct sched sc;
! 96: isakmp_index index;
! 97: int port;
! 98: int id;
! 99: int res;
! 100: };
! 101:
! 102: struct ph1handle;
! 103: struct isakmp_data;
! 104: void xauth_sendreq(struct ph1handle *);
! 105: int xauth_attr_reply(struct ph1handle *, struct isakmp_data *, int);
! 106: int xauth_login_system(char *, char *);
! 107: void xauth_sendstatus(struct ph1handle *, int, int);
! 108: int xauth_check(struct ph1handle *);
! 109: int group_check(struct ph1handle *, char **, int);
! 110: vchar_t *isakmp_xauth_req(struct ph1handle *, struct isakmp_data *);
! 111: vchar_t *isakmp_xauth_set(struct ph1handle *, struct isakmp_data *);
! 112: void xauth_rmstate(struct xauth_state *);
! 113: void xauth_reply_stub(struct sched *);
! 114: int xauth_reply(struct ph1handle *, int, int, int);
! 115: int xauth_rmconf_used(struct xauth_rmconf **);
! 116: void xauth_rmconf_delete(struct xauth_rmconf **);
! 117: struct xauth_rmconf * xauth_rmconf_dup(struct xauth_rmconf *);
! 118:
! 119: #ifdef HAVE_LIBPAM
! 120: int xauth_login_pam(int, struct sockaddr *, char *, char *);
! 121: #endif
! 122:
! 123: #ifdef HAVE_LIBRADIUS
! 124:
! 125: #define RADIUS_MAX_SERVERS 5
! 126:
! 127: struct rad_serv {
! 128: vchar_t *host;
! 129: int port;
! 130: vchar_t *secret;
! 131: };
! 132:
! 133: struct xauth_rad_config {
! 134: struct rad_serv auth_server_list[RADIUS_MAX_SERVERS];
! 135: int auth_server_count;
! 136: struct rad_serv acct_server_list[RADIUS_MAX_SERVERS];
! 137: int acct_server_count;
! 138: int timeout;
! 139: int retries;
! 140: };
! 141:
! 142: extern struct xauth_rad_config xauth_rad_config;
! 143:
! 144: int xauth_radius_init_conf(int free);
! 145: int xauth_radius_init(void);
! 146: int xauth_login_radius(struct ph1handle *, char *, char *);
! 147:
! 148: #endif
! 149:
! 150: #ifdef HAVE_LIBLDAP
! 151:
! 152: #define LDAP_DFLT_HOST "localhost"
! 153: #define LDAP_DFLT_USER "cn"
! 154: #define LDAP_DFLT_ADDR "racoon-address"
! 155: #define LDAP_DFLT_MASK "racoon-netmask"
! 156: #define LDAP_DFLT_GROUP "cn"
! 157: #define LDAP_DFLT_MEMBER "member"
! 158:
! 159: struct xauth_ldap_config {
! 160: int pver;
! 161: vchar_t *host;
! 162: int port;
! 163: vchar_t *base;
! 164: int subtree;
! 165: vchar_t *bind_dn;
! 166: vchar_t *bind_pw;
! 167: int auth_type;
! 168: vchar_t *attr_user;
! 169: vchar_t *attr_addr;
! 170: vchar_t *attr_mask;
! 171: vchar_t *attr_group;
! 172: vchar_t *attr_member;
! 173: };
! 174:
! 175: extern struct xauth_ldap_config xauth_ldap_config;
! 176:
! 177: int xauth_ldap_init_conf(void);
! 178: int xauth_login_ldap(struct ph1handle *, char *, char *);
! 179:
! 180: #endif
! 181:
! 182: #endif /* _ISAKMP_XAUTH_H */
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to isakmp_xauth.h CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / ipsec-tools / src / racoon