ipsec-tools/racoon/isakmp_xauth.h

   1 /*      $NetBSD: isakmp_xauth.h,v 1.4 2006/09/09 16:22:09 manu Exp $    */
   2
   3 /*      $KAME$ */
   4
   5 /*
   6  * Copyright (C) 2004 Emmanuel Dreyfus
   7  * All rights reserved.
   8  *
   9  * Redistribution and use in source and binary forms, with or without
  10  * modification, are permitted provided that the following conditions
  11  * are met:
  12  * 1. Redistributions of source code must retain the above copyright
  13  *    notice, this list of conditions and the following disclaimer.
  14  * 2. Redistributions in binary form must reproduce the above copyright
  15  *    notice, this list of conditions and the following disclaimer in the
  16  *    documentation and/or other materials provided with the distribution.
  17  * 3. Neither the name of the project nor the names of its contributors
  18  *    may be used to endorse or promote products derived from this software
  19  *    without specific prior written permission.
  20  *
  21  * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
  22  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  23  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  24  * ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
  25  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  26  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  27  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  28  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  29  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  30  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  31  * SUCH DAMAGE.
  32  */
  33
  34 #ifndef _ISAKMP_XAUTH_H
  35 #define _ISAKMP_XAUTH_H
  36
  37 /* ISAKMP mode config attribute types specific to the Xauth vendor ID */
  38 #define XAUTH_TYPE                16520
  39 #define XAUTH_USER_NAME           16521
  40 #define XAUTH_USER_PASSWORD       16522
  41 #define XAUTH_PASSCODE            16523
  42 #define XAUTH_MESSAGE             16524
  43 #define XAUTH_CHALLENGE           16525
  44 #define XAUTH_DOMAIN              16526
  45 #define XAUTH_STATUS              16527
  46 #define XAUTH_NEXT_PIN            16528
  47 #define XAUTH_ANSWER              16529
  48
  49 /* Types for XAUTH_TYPE */
  50 #define XAUTH_TYPE_GENERIC      0
  51 #define XAUTH_TYPE_CHAP         1
  52 #define XAUTH_TYPE_OTP          2
  53 #define XAUTH_TYPE_SKEY         3
  54
  55 /* Values for XAUTH_STATUS */
  56 #define XAUTH_STATUS_FAIL       0
  57 #define XAUTH_STATUS_OK         1
  58
  59 /* For phase 1 Xauth status */
  60 struct xauth_state {
  61         int status; /* authentication status, used only on server side */
  62         int vendorid;
  63         int authtype;
  64         union {
  65                 struct authgeneric {
  66                         char *usr;
  67                         char *pwd;
  68                 } generic;
  69         } authdata;
  70 #ifdef HAVE_LIBLDAP
  71         char *udn; /* ldap user dn */
  72 #endif
  73 };
  74
  75 /* What's been sent */
  76 #define XAUTH_SENT_USERNAME 1
  77 #define XAUTH_SENT_PASSWORD 2
  78 #define XAUTH_SENT_EVERYTHING (XAUTH_SENT_USERNAME | XAUTH_SENT_PASSWORD)
  79
  80 /* For rmconf Xauth data */
  81 struct xauth_rmconf {
  82         vchar_t *login; /* xauth login */
  83         vchar_t *pass;  /* xauth password */
  84         int state;      /* what's been sent */
  85 };
  86
  87 /* status */
  88 #define XAUTHST_NOTYET  0
  89 #define XAUTHST_REQSENT 1
  90 #define XAUTHST_OK      2
  91
  92 struct xauth_reply_arg {
  93         isakmp_index index;
  94         int port;
  95         int id;
  96         int res;
  97 };
  98
  99 struct ph1handle;
 100 struct isakmp_data;
 101 void xauth_sendreq(struct ph1handle *);
 102 int xauth_attr_reply(struct ph1handle *, struct isakmp_data *, int);
 103 int xauth_login_system(char *, char *);
 104 void xauth_sendstatus(struct ph1handle *, int, int);
 105 int xauth_check(struct ph1handle *);
 106 int group_check(struct ph1handle *, char **, int);
 107 vchar_t *isakmp_xauth_req(struct ph1handle *, struct isakmp_data *);
 108 vchar_t *isakmp_xauth_set(struct ph1handle *, struct isakmp_data *);
 109 void xauth_rmstate(struct xauth_state *);
 110 void xauth_reply_stub(void *);
 111 int xauth_reply(struct ph1handle *, int, int, int);
 112 int xauth_rmconf_used(struct xauth_rmconf **);
 113 void xauth_rmconf_delete(struct xauth_rmconf **);
 114
 115 #ifdef HAVE_LIBRADIUS
 116 int xauth_login_radius(struct ph1handle *, char *, char *);
 117 int xauth_radius_init(void);
 118 #endif
 119
 120 #ifdef HAVE_LIBPAM
 121 int xauth_login_pam(int, struct sockaddr *, char *, char *);
 122 #endif
 123
 124 #ifdef HAVE_LIBLDAP
 125
 126 #define LDAP_DFLT_HOST          "localhost"
 127 #define LDAP_DFLT_USER          "cn"
 128 #define LDAP_DFLT_ADDR          "racoon-address"
 129 #define LDAP_DFLT_MASK          "racoon-netmask"
 130 #define LDAP_DFLT_GROUP         "cn"
 131 #define LDAP_DFLT_MEMBER        "member"
 132
 133 struct xauth_ldap_config {
 134         int             pver;
 135         vchar_t         *host;
 136         int             port;
 137         vchar_t         *base;
 138         int             subtree;
 139         vchar_t         *bind_dn;
 140         vchar_t         *bind_pw;
 141         int             auth_type;
 142         vchar_t         *attr_user;
 143         vchar_t         *attr_addr;
 144         vchar_t         *attr_mask;
 145         vchar_t         *attr_group;
 146         vchar_t         *attr_member;
 147 };
 148
 149 extern struct xauth_ldap_config xauth_ldap_config;
 150
 151 int xauth_ldap_init(void);
 152 void xauth_ldap_flush(void);
 153 int xauth_login_ldap(struct ph1handle *, char *, char *);
 154 #endif
 155
 156 #endif /* _ISAKMP_XAUTH_H */