ipsec-tools/racoon/isakmp_cfg.h

   1 /*      $KAME$ */
   2
   3 /*
   4  * Copyright (C) 2004 Emmanuel Dreyfus
   5  * All rights reserved.
   6  *
   7  * Redistribution and use in source and binary forms, with or without
   8  * modification, are permitted provided that the following conditions
   9  * are met:
  10  * 1. Redistributions of source code must retain the above copyright
  11  *    notice, this list of conditions and the following disclaimer.
  12  * 2. Redistributions in binary form must reproduce the above copyright
  13  *    notice, this list of conditions and the following disclaimer in the
  14  *    documentation and/or other materials provided with the distribution.
  15  * 3. Neither the name of the project nor the names of its contributors
  16  *    may be used to endorse or promote products derived from this software
  17  *    without specific prior written permission.
  18  *
  19  * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
  20  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  21  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  22  * ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
  23  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  24  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  25  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  26  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  27  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  28  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  29  * SUCH DAMAGE.
  30  */
  31
  32 #ifdef HAVE_LIBPAM
  33 #ifdef __APPLE__
  34 #include <pam/pam_appl.h>
  35 #else
  36 #include <security/pam_appl.h>
  37 #endif
  38 #endif
  39
  40 /*
  41  * XXX don't forget to update
  42  * src/racoon/handler.c:exclude_cfg_addr()
  43  * if you add IPv6 capability
  44  */
  45
  46 /* Attribute types */
  47 #define INTERNAL_IP4_ADDRESS        1
  48 #define INTERNAL_IP4_NETMASK        2
  49 #define INTERNAL_IP4_DNS            3
  50 #define INTERNAL_IP4_NBNS           4
  51 #define INTERNAL_ADDRESS_EXPIRY     5
  52 #define INTERNAL_IP4_DHCP           6
  53 #define APPLICATION_VERSION         7
  54 #define INTERNAL_IP6_ADDRESS        8
  55 #define INTERNAL_IP6_NETMASK        9
  56 #define INTERNAL_IP6_DNS           10
  57 #define INTERNAL_IP6_NBNS          11
  58 #define INTERNAL_IP6_DHCP          12
  59 #define INTERNAL_IP4_SUBNET        13
  60 #define SUPPORTED_ATTRIBUTES       14
  61 #define INTERNAL_IP6_SUBNET        15
  62
  63 /* For APPLICATION_VERSION */
  64 #define ISAKMP_CFG_RACOON_VERSION "KAME/racoon " \
  65                                   "+ Hybrid auth Patches <manu@netbsd.org>"
  66
  67 /*
  68  * Global configuration for ISAKMP mode confiration address allocation
  69  * Readen from the mode_cfg section of racoon.conf
  70  */
  71 struct isakmp_cfg_port {
  72         char    used;
  73 #ifdef HAVE_LIBPAM
  74         pam_handle_t *pam;
  75 #endif
  76 };
  77
  78 struct isakmp_cfg_config {
  79         in_addr_t       network4;
  80         in_addr_t       netmask4;
  81         in_addr_t       dns4;
  82         in_addr_t       nbns4;
  83         struct isakmp_cfg_port *port_pool;
  84         int authsource;
  85         int confsource;
  86         int accounting;
  87         size_t pool_size;
  88         int auth_throttle;
  89         char motd[MAXPATHLEN + 1];
  90         int pfs_group;
  91         int save_passwd;
  92 };
  93
  94 /* For authsource */
  95 #define ISAKMP_CFG_AUTH_SYSTEM  0
  96 #define ISAKMP_CFG_AUTH_RADIUS  1
  97 #define ISAKMP_CFG_AUTH_PAM     2
  98
  99 /* For confsource */
 100 #define ISAKMP_CFG_CONF_LOCAL   0
 101 #define ISAKMP_CFG_CONF_RADIUS  1
 102
 103 /* For accounting */
 104 #define ISAKMP_CFG_ACCT_NONE    0
 105 #define ISAKMP_CFG_ACCT_RADIUS  1
 106 #define ISAKMP_CFG_ACCT_PAM     2
 107
 108 /* For pool_size */
 109 #define ISAKMP_CFG_MAX_CNX      255
 110
 111 /* For motd */
 112 #define ISAKMP_CFG_MOTD "/etc/motd"
 113
 114 extern struct isakmp_cfg_config isakmp_cfg_config;
 115
 116 /*
 117  * ISAKMP mode config state
 118  */
 119 #define LOGINLEN 31
 120 struct isakmp_cfg_state {
 121         int flags;                      /* See below */
 122         unsigned int port;              /* address index */
 123         char login[LOGINLEN + 1];       /* login */
 124         struct in_addr addr4;           /* IPv4 address */
 125         struct in_addr mask4;           /* IPv4 netmask */
 126         struct in_addr dns4;            /* IPv4 DNS (when client only) */
 127         struct in_addr wins4;           /* IPv4 WINS (when client only) */
 128         struct xauth_state xauth;       /* Xauth state, if revelant */
 129         struct isakmp_ivm *ivm;         /* XXX Use iph1's ivm? */
 130 };
 131
 132 /* flags */
 133 #define ISAKMP_CFG_VENDORID_XAUTH       0x01    /* Supports Xauth */
 134 #define ISAKMP_CFG_VENDORID_UNITY       0x02    /* Cisco Unity compliant */
 135 #define ISAKMP_CFG_PORT_ALLOCATED       0x04    /* Port allocated */
 136 #define ISAKMP_CFG_ADDR4_RADIUS         0x08    /* Address from RADIUS  */
 137 #define ISAKMP_CFG_MASK4_RADIUS         0x10    /* Netmask from RADIUS */
 138 #define ISAKMP_CFG_ADDR4_LOCAL          0x20    /* Address from local pool */
 139 #define ISAKMP_CFG_MASK4_LOCAL          0x40    /* Netmask from local pool */
 140 #define ISAKMP_CFG_GOT_ADDR4            0x80    /* Client got address */
 141 #define ISAKMP_CFG_GOT_MASK4            0x100   /* Client got mask */
 142 #define ISAKMP_CFG_GOT_DNS4             0x200   /* Client got DNS */
 143 #define ISAKMP_CFG_GOT_WINS4            0x400   /* Client got WINS */
 144 #define ISAKMP_CFG_DELETE_PH1           0x800   /* phase 1 should be deleted */
 145
 146 struct isakmp_pl_attr;
 147 struct ph1handle;
 148 struct isakmp_ivm;
 149 void isakmp_cfg_r(struct ph1handle *, vchar_t *);
 150 int isakmp_cfg_attr_r(struct ph1handle *, u_int32_t, struct isakmp_pl_attr *);
 151 int isakmp_cfg_reply(struct ph1handle *, struct isakmp_pl_attr *);
 152 int isakmp_cfg_request(struct ph1handle *, struct isakmp_pl_attr *);
 153 int isakmp_cfg_set(struct ph1handle *, struct isakmp_pl_attr *);
 154 int isakmp_cfg_send(struct ph1handle *, vchar_t *, u_int32_t, int, int);
 155 struct isakmp_ivm *isakmp_cfg_newiv(struct ph1handle *, u_int32_t);
 156 void isakmp_cfg_rmstate(struct ph1handle *);
 157 struct isakmp_cfg_state *isakmp_cfg_mkstate(void);
 158 vchar_t *isakmp_cfg_copy(struct ph1handle *, struct isakmp_data *);
 159 vchar_t *isakmp_cfg_short(struct ph1handle *, struct isakmp_data *, int);
 160 vchar_t *isakmp_cfg_string(struct ph1handle *, struct isakmp_data *, char *);
 161 int isakmp_cfg_getconfig(struct ph1handle *);
 162 int isakmp_cfg_setenv(struct ph1handle *, char ***, int *);
 163
 164 int isakmp_cfg_getport(struct ph1handle *);
 165 int isakmp_cfg_putport(struct ph1handle *, unsigned int);
 166
 167 #ifdef HAVE_LIBRADIUS
 168 struct rad_handle;
 169 extern struct rad_handle *radius_acct_state;
 170 int isakmp_cfg_radius_common(struct rad_handle *, int);
 171 #endif
 172
 173 #ifdef HAVE_LIBPAM
 174 int isakmp_cfg_accounting_pam(int, int);
 175 void cleanup_pam(int);
 176 #endif