1: /* $NetBSD: isakmp_xauth.h,v 1.7 2011/03/14 15:50:36 vanhu Exp $ */
2:
3: /* $KAME$ */
4:
5: /*
6: * Copyright (C) 2004 Emmanuel Dreyfus
7: * All rights reserved.
8: *
9: * Redistribution and use in source and binary forms, with or without
10: * modification, are permitted provided that the following conditions
11: * are met:
12: * 1. Redistributions of source code must retain the above copyright
13: * notice, this list of conditions and the following disclaimer.
14: * 2. Redistributions in binary form must reproduce the above copyright
15: * notice, this list of conditions and the following disclaimer in the
16: * documentation and/or other materials provided with the distribution.
17: * 3. Neither the name of the project nor the names of its contributors
18: * may be used to endorse or promote products derived from this software
19: * without specific prior written permission.
20: *
21: * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
22: * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23: * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24: * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
25: * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26: * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27: * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28: * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29: * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30: * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31: * SUCH DAMAGE.
32: */
33:
34: #ifndef _ISAKMP_XAUTH_H
35: #define _ISAKMP_XAUTH_H
36:
37: #include "schedule.h"
38:
39: /* ISAKMP mode config attribute types specific to the Xauth vendor ID */
40: #define XAUTH_TYPE 16520
41: #define XAUTH_USER_NAME 16521
42: #define XAUTH_USER_PASSWORD 16522
43: #define XAUTH_PASSCODE 16523
44: #define XAUTH_MESSAGE 16524
45: #define XAUTH_CHALLENGE 16525
46: #define XAUTH_DOMAIN 16526
47: #define XAUTH_STATUS 16527
48: #define XAUTH_NEXT_PIN 16528
49: #define XAUTH_ANSWER 16529
50:
51: /* Types for XAUTH_TYPE */
52: #define XAUTH_TYPE_GENERIC 0
53: #define XAUTH_TYPE_CHAP 1
54: #define XAUTH_TYPE_OTP 2
55: #define XAUTH_TYPE_SKEY 3
56:
57: /* Values for XAUTH_STATUS */
58: #define XAUTH_STATUS_FAIL 0
59: #define XAUTH_STATUS_OK 1
60:
61: /* For phase 1 Xauth status */
62: struct xauth_state {
63: int status; /* authentication status, used only on server side */
64: int vendorid;
65: int authtype;
66: union {
67: struct authgeneric {
68: char *usr;
69: char *pwd;
70: } generic;
71: } authdata;
72: #ifdef HAVE_LIBLDAP
73: char *udn; /* ldap user dn */
74: #endif
75: };
76:
77: /* What's been sent */
78: #define XAUTH_SENT_USERNAME 1
79: #define XAUTH_SENT_PASSWORD 2
80: #define XAUTH_SENT_EVERYTHING (XAUTH_SENT_USERNAME | XAUTH_SENT_PASSWORD)
81:
82: /* For rmconf Xauth data */
83: struct xauth_rmconf {
84: vchar_t *login; /* xauth login */
85: vchar_t *pass; /* xauth password */
86: int state; /* what's been sent */
87: };
88:
89: /* status */
90: #define XAUTHST_NOTYET 0
91: #define XAUTHST_REQSENT 1
92: #define XAUTHST_OK 2
93:
94: struct xauth_reply_arg {
95: struct sched sc;
96: isakmp_index index;
97: int port;
98: int id;
99: int res;
100: };
101:
102: struct ph1handle;
103: struct isakmp_data;
104: void xauth_sendreq(struct ph1handle *);
105: int xauth_attr_reply(struct ph1handle *, struct isakmp_data *, int);
106: int xauth_login_system(char *, char *);
107: void xauth_sendstatus(struct ph1handle *, int, int);
108: int xauth_check(struct ph1handle *);
109: int group_check(struct ph1handle *, char **, int);
110: vchar_t *isakmp_xauth_req(struct ph1handle *, struct isakmp_data *);
111: vchar_t *isakmp_xauth_set(struct ph1handle *, struct isakmp_data *);
112: void xauth_rmstate(struct xauth_state *);
113: void xauth_reply_stub(struct sched *);
114: int xauth_reply(struct ph1handle *, int, int, int);
115: int xauth_rmconf_used(struct xauth_rmconf **);
116: void xauth_rmconf_delete(struct xauth_rmconf **);
117: struct xauth_rmconf * xauth_rmconf_dup(struct xauth_rmconf *);
118:
119: #ifdef HAVE_LIBPAM
120: int xauth_login_pam(int, struct sockaddr *, char *, char *);
121: #endif
122:
123: #ifdef HAVE_LIBRADIUS
124:
125: #define RADIUS_MAX_SERVERS 5
126:
127: struct rad_serv {
128: vchar_t *host;
129: int port;
130: vchar_t *secret;
131: };
132:
133: struct xauth_rad_config {
134: struct rad_serv auth_server_list[RADIUS_MAX_SERVERS];
135: int auth_server_count;
136: struct rad_serv acct_server_list[RADIUS_MAX_SERVERS];
137: int acct_server_count;
138: int timeout;
139: int retries;
140: };
141:
142: extern struct xauth_rad_config xauth_rad_config;
143:
144: int xauth_radius_init_conf(int free);
145: int xauth_radius_init(void);
146: int xauth_login_radius(struct ph1handle *, char *, char *);
147:
148: #endif
149:
150: #ifdef HAVE_LIBLDAP
151:
152: #define LDAP_DFLT_HOST "localhost"
153: #define LDAP_DFLT_USER "cn"
154: #define LDAP_DFLT_ADDR "racoon-address"
155: #define LDAP_DFLT_MASK "racoon-netmask"
156: #define LDAP_DFLT_GROUP "cn"
157: #define LDAP_DFLT_MEMBER "member"
158:
159: struct xauth_ldap_config {
160: int pver;
161: vchar_t *host;
162: int port;
163: vchar_t *base;
164: int subtree;
165: vchar_t *bind_dn;
166: vchar_t *bind_pw;
167: int auth_type;
168: vchar_t *attr_user;
169: vchar_t *attr_addr;
170: vchar_t *attr_mask;
171: vchar_t *attr_group;
172: vchar_t *attr_member;
173: };
174:
175: extern struct xauth_ldap_config xauth_ldap_config;
176:
177: int xauth_ldap_init_conf(void);
178: int xauth_login_ldap(struct ph1handle *, char *, char *);
179:
180: #endif
181:
182: #endif /* _ISAKMP_XAUTH_H */
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to isakmp_xauth.h CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / ipsec-tools / src / racoon