[apple/ipsec.git] / ipsec-tools / racoon / isakmp_xauth.h

/*	$NetBSD: isakmp_xauth.h,v 1.4 2006/09/09 16:22:09 manu Exp $	*/

/*	$KAME$ */

/*
 * Copyright (C) 2004 Emmanuel Dreyfus 
 * All rights reserved.
 * 
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. Neither the name of the project nor the names of its contributors
 *    may be used to endorse or promote products derived from this software
 *    without specific prior written permission.
 * 
 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 */

#ifndef _ISAKMP_XAUTH_H
#define _ISAKMP_XAUTH_H

/* ISAKMP mode config attribute types specific to the Xauth vendor ID */
#define	XAUTH_TYPE                16520
#define	XAUTH_USER_NAME           16521
#define	XAUTH_USER_PASSWORD       16522
#define	XAUTH_PASSCODE            16523
#define	XAUTH_MESSAGE             16524
#define	XAUTH_CHALLENGE           16525
#define	XAUTH_DOMAIN              16526
#define	XAUTH_STATUS              16527
#define	XAUTH_NEXT_PIN            16528
#define	XAUTH_ANSWER              16529

/* Types for XAUTH_TYPE */
#define	XAUTH_TYPE_GENERIC 	0
#define	XAUTH_TYPE_CHAP    	1
#define	XAUTH_TYPE_OTP     	2
#define	XAUTH_TYPE_SKEY    	3

/* Values for XAUTH_STATUS */
#define	XAUTH_STATUS_FAIL       0
#define	XAUTH_STATUS_OK         1

/* For phase 1 Xauth status */
struct xauth_state {
	int status; /* authentication status, used only on server side */
	int vendorid;
	int authtype;
	union {
		struct authgeneric {
			char *usr;
			char *pwd;
		} generic;
	} authdata;
#ifdef HAVE_LIBLDAP
	char *udn; /* ldap user dn */
#endif
};

/* What's been sent */
#define XAUTH_SENT_USERNAME 1
#define XAUTH_SENT_PASSWORD 2
#define XAUTH_SENT_EVERYTHING (XAUTH_SENT_USERNAME | XAUTH_SENT_PASSWORD)

/* For rmconf Xauth data */
struct xauth_rmconf {
	vchar_t *login;	/* xauth login */
	vchar_t *pass;	/* xauth password */
	int state;      /* what's been sent */
};

/* status */
#define XAUTHST_NOTYET	0
#define XAUTHST_REQSENT	1
#define XAUTHST_OK	2

struct xauth_reply_arg {
	isakmp_index index;
	int port;
	int id;
	int res;
};

struct ph1handle;
struct isakmp_data;
void xauth_sendreq(struct ph1handle *);
int xauth_attr_reply(struct ph1handle *, struct isakmp_data *, int);
int xauth_login_system(char *, char *);
void xauth_sendstatus(struct ph1handle *, int, int);
int xauth_check(struct ph1handle *);
int group_check(struct ph1handle *, char **, int);
vchar_t *isakmp_xauth_req(struct ph1handle *, struct isakmp_data *);
vchar_t *isakmp_xauth_set(struct ph1handle *, struct isakmp_data *);
void xauth_rmstate(struct xauth_state *);
void xauth_reply_stub(void *);
int xauth_reply(struct ph1handle *, int, int, int);
int xauth_rmconf_used(struct xauth_rmconf **);
void xauth_rmconf_delete(struct xauth_rmconf **);

#ifdef HAVE_LIBRADIUS
int xauth_login_radius(struct ph1handle *, char *, char *);
int xauth_radius_init(void);
#endif

#ifdef HAVE_LIBPAM
int xauth_login_pam(int, struct sockaddr_storage *, char *, char *);
#endif

#ifdef HAVE_LIBLDAP

#define LDAP_DFLT_HOST		"localhost"
#define LDAP_DFLT_USER		"cn"
#define LDAP_DFLT_ADDR		"racoon-address"
#define LDAP_DFLT_MASK		"racoon-netmask"
#define LDAP_DFLT_GROUP		"cn"
#define LDAP_DFLT_MEMBER	"member"

struct xauth_ldap_config {
	int		pver;
	vchar_t 	*host;
	int		port;
	vchar_t		*base;
	int		subtree;
	vchar_t		*bind_dn;
	vchar_t		*bind_pw;
	int		auth_type;
	vchar_t		*attr_user;
	vchar_t		*attr_addr;
	vchar_t		*attr_mask;
	vchar_t		*attr_group;
	vchar_t		*attr_member;
};

extern struct xauth_ldap_config xauth_ldap_config;

int xauth_ldap_init(void);
void xauth_ldap_flush(void);
int xauth_login_ldap(struct ph1handle *, char *, char *);
#endif

#endif /* _ISAKMP_XAUTH_H */
Commit	Line	Data
d1e348cf A	1	/* $NetBSD: isakmp_xauth.h,v 1.4 2006/09/09 16:22:09 manu Exp $ */
d1e348cf A	2
52b7d2ce A	3	/* $KAME$ */
	4
	5	/*
	6	* Copyright (C) 2004 Emmanuel Dreyfus
	7	* All rights reserved.
	8	*
	9	* Redistribution and use in source and binary forms, with or without
	10	* modification, are permitted provided that the following conditions
	11	* are met:
	12	* 1. Redistributions of source code must retain the above copyright
	13	* notice, this list of conditions and the following disclaimer.
	14	* 2. Redistributions in binary form must reproduce the above copyright
	15	* notice, this list of conditions and the following disclaimer in the
	16	* documentation and/or other materials provided with the distribution.
	17	* 3. Neither the name of the project nor the names of its contributors
	18	* may be used to endorse or promote products derived from this software
	19	* without specific prior written permission.
	20	*
	21	* THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
	22	* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
	23	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
	24	* ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
	25	* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
	26	* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
	27	* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
	28	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
	29	* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
	30	* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
	31	* SUCH DAMAGE.
	32	*/
	33
d1e348cf A	34	#ifndef _ISAKMP_XAUTH_H
	35	#define _ISAKMP_XAUTH_H
	36
52b7d2ce A	37	/* ISAKMP mode config attribute types specific to the Xauth vendor ID */
	38	#define XAUTH_TYPE 16520
	39	#define XAUTH_USER_NAME 16521
	40	#define XAUTH_USER_PASSWORD 16522
	41	#define XAUTH_PASSCODE 16523
	42	#define XAUTH_MESSAGE 16524
	43	#define XAUTH_CHALLENGE 16525
	44	#define XAUTH_DOMAIN 16526
	45	#define XAUTH_STATUS 16527
	46	#define XAUTH_NEXT_PIN 16528
	47	#define XAUTH_ANSWER 16529
	48
	49	/* Types for XAUTH_TYPE */
	50	#define XAUTH_TYPE_GENERIC 0
	51	#define XAUTH_TYPE_CHAP 1
	52	#define XAUTH_TYPE_OTP 2
	53	#define XAUTH_TYPE_SKEY 3
	54
	55	/* Values for XAUTH_STATUS */
	56	#define XAUTH_STATUS_FAIL 0
	57	#define XAUTH_STATUS_OK 1
	58
d1e348cf	59	/* For phase 1 Xauth status */
52b7d2ce	60	struct xauth_state {
d1e348cf	61	int status; /* authentication status, used only on server side */
52b7d2ce A	62	int vendorid;
	63	int authtype;
	64	union {
	65	struct authgeneric {
	66	char *usr;
	67	char *pwd;
	68	} generic;
	69	} authdata;
d1e348cf A	70	#ifdef HAVE_LIBLDAP
	71	char udn; / ldap user dn */
	72	#endif
	73	};
	74
	75	/* What's been sent */
	76	#define XAUTH_SENT_USERNAME 1
	77	#define XAUTH_SENT_PASSWORD 2
	78	#define XAUTH_SENT_EVERYTHING (XAUTH_SENT_USERNAME \| XAUTH_SENT_PASSWORD)
	79
	80	/* For rmconf Xauth data */
	81	struct xauth_rmconf {
	82	vchar_t login; / xauth login */
	83	vchar_t pass; / xauth password */
	84	int state; /* what's been sent */
52b7d2ce A	85	};
	86
	87	/* status */
	88	#define XAUTHST_NOTYET 0
	89	#define XAUTHST_REQSENT 1
	90	#define XAUTHST_OK 2
	91
	92	struct xauth_reply_arg {
	93	isakmp_index index;
	94	int port;
	95	int id;
	96	int res;
	97	};
	98
	99	struct ph1handle;
d1e348cf	100	struct isakmp_data;
52b7d2ce	101	void xauth_sendreq(struct ph1handle *);
d1e348cf	102	int xauth_attr_reply(struct ph1handle , struct isakmp_data , int);
52b7d2ce A	103	int xauth_login_system(char , char );
	104	void xauth_sendstatus(struct ph1handle *, int, int);
	105	int xauth_check(struct ph1handle *);
d1e348cf	106	int group_check(struct ph1handle , char *, int);
52b7d2ce A	107	vchar_t isakmp_xauth_req(struct ph1handle , struct isakmp_data *);
	108	vchar_t isakmp_xauth_set(struct ph1handle , struct isakmp_data *);
	109	void xauth_rmstate(struct xauth_state *);
	110	void xauth_reply_stub(void *);
d1e348cf A	111	int xauth_reply(struct ph1handle *, int, int, int);
	112	int xauth_rmconf_used(struct xauth_rmconf **);
	113	void xauth_rmconf_delete(struct xauth_rmconf **);
52b7d2ce A	114
	115	#ifdef HAVE_LIBRADIUS
	116	int xauth_login_radius(struct ph1handle , char , char *);
	117	int xauth_radius_init(void);
	118	#endif
d1e348cf	119
52b7d2ce	120	#ifdef HAVE_LIBPAM
85f41bec	121	int xauth_login_pam(int, struct sockaddr_storage , char , char *);
52b7d2ce	122	#endif
d1e348cf A	123
	124	#ifdef HAVE_LIBLDAP
	125
	126	#define LDAP_DFLT_HOST "localhost"
	127	#define LDAP_DFLT_USER "cn"
	128	#define LDAP_DFLT_ADDR "racoon-address"
	129	#define LDAP_DFLT_MASK "racoon-netmask"
	130	#define LDAP_DFLT_GROUP "cn"
	131	#define LDAP_DFLT_MEMBER "member"
	132
	133	struct xauth_ldap_config {
	134	int pver;
	135	vchar_t *host;
	136	int port;
	137	vchar_t *base;
	138	int subtree;
	139	vchar_t *bind_dn;
	140	vchar_t *bind_pw;
	141	int auth_type;
	142	vchar_t *attr_user;
	143	vchar_t *attr_addr;
	144	vchar_t *attr_mask;
	145	vchar_t *attr_group;
	146	vchar_t *attr_member;
	147	};
	148
	149	extern struct xauth_ldap_config xauth_ldap_config;
	150
	151	int xauth_ldap_init(void);
	152	void xauth_ldap_flush(void);
	153	int xauth_login_ldap(struct ph1handle , char , char *);
	154	#endif
	155
	156	#endif /* _ISAKMP_XAUTH_H */