]> git.saurik.com Git - apple/ipsec.git/blob - ipsec-tools/racoon/isakmp_cfg.h
projects / apple / ipsec.git / blob
? search:


78622c90d3e9e33c7ca34626ae8853be429a7980
[apple/ipsec.git] / ipsec-tools / racoon / isakmp_cfg.h
1 /* $NetBSD: isakmp_cfg.h,v 1.6 2006/09/09 16:22:09 manu Exp $ */
2
3 /* $KAME$ */
4
5 /*
6 * Copyright (C) 2004 Emmanuel Dreyfus
7 * All rights reserved.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in the
16 * documentation and/or other materials provided with the distribution.
17 * 3. Neither the name of the project nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 */
33 #ifndef _ISAKMP_CFG_H
34 #define _ISAKMP_CFG_H
35
36
37 #include "racoon_types.h"
38
39
40
41 /* Attribute types */
42 #define INTERNAL_IP4_ADDRESS 1
43 #define INTERNAL_IP4_NETMASK 2
44 #define INTERNAL_IP4_DNS 3
45 #define INTERNAL_IP4_NBNS 4
46 #define INTERNAL_ADDRESS_EXPIRY 5
47 #define INTERNAL_IP4_DHCP 6
48 #define APPLICATION_VERSION 7
49 #define INTERNAL_IP6_ADDRESS 8
50 #define INTERNAL_IP6_NETMASK 9
51 #define INTERNAL_IP6_DNS 10
52 #define INTERNAL_IP6_NBNS 11
53 #define INTERNAL_IP6_DHCP 12
54 #define INTERNAL_IP4_SUBNET 13
55 #define SUPPORTED_ATTRIBUTES 14
56 #define INTERNAL_IP6_SUBNET 15
57
58 /* For APPLICATION_VERSION */
59 #define ISAKMP_CFG_RACOON_VERSION "racoon / IPsec-tools"
60
61 /* For the wins servers -- XXX find the value somewhere ? */
62 #define MAXWINS 4
63
64 #ifndef MAXNS
65 #define MAXNS 3
66 #endif
67
68 /*
69 * Global configuration for ISAKMP mode confiration address allocation
70 * Read from the mode_cfg section of racoon.conf
71 */
72 struct isakmp_cfg_port {
73 char used;
74 };
75
76 struct isakmp_cfg_config {
77 in_addr_t network4;
78 in_addr_t netmask4;
79 in_addr_t dns4[MAXNS];
80 int dns4_index;
81 in_addr_t nbns4[MAXWINS];
82 int nbns4_index;
83 struct isakmp_cfg_port *port_pool;
84 int authsource;
85 int groupsource;
86 char **grouplist;
87 int groupcount;
88 int confsource;
89 int accounting;
90 size_t pool_size;
91 int auth_throttle;
92 /* XXX move this to a unity specific sub-structure */
93 char default_domain[MAXPATHLEN + 1];
94 char motd[MAXPATHLEN + 1];
95 struct unity_netentry *splitnet_list;
96 int splitnet_count;
97 int splitnet_type;
98 char *splitdns_list;
99 int splitdns_len;
100 int pfs_group;
101 int save_passwd;
102 };
103
104 /* For utmp updating */
105 #define TERMSPEC "vpn%d"
106
107 /* For authsource */
108 #define ISAKMP_CFG_AUTH_SYSTEM 0
109 #define ISAKMP_CFG_AUTH_RADIUS 1
110 #define ISAKMP_CFG_AUTH_PAM 2
111 #define ISAKMP_CFG_AUTH_LDAP 4
112
113 /* For groupsource */
114 #define ISAKMP_CFG_GROUP_SYSTEM 0
115 #define ISAKMP_CFG_GROUP_LDAP 1
116
117 /* For confsource */
118 #define ISAKMP_CFG_CONF_LOCAL 0
119 #define ISAKMP_CFG_CONF_RADIUS 1
120 #define ISAKMP_CFG_CONF_LDAP 2
121
122 /* For accounting */
123 #define ISAKMP_CFG_ACCT_NONE 0
124 #define ISAKMP_CFG_ACCT_RADIUS 1
125 #define ISAKMP_CFG_ACCT_PAM 2
126 #define ISAKMP_CFG_ACCT_LDAP 3
127 #define ISAKMP_CFG_ACCT_SYSTEM 4
128
129 /* For pool_size */
130 #define ISAKMP_CFG_MAX_CNX 255
131
132 /* For motd */
133 #define ISAKMP_CFG_MOTD "/etc/motd"
134
135 /* For default domain */
136 #define ISAKMP_CFG_DEFAULT_DOMAIN ""
137
138 extern struct isakmp_cfg_config isakmp_cfg_config;
139
140 /*
141 * ISAKMP mode config state
142 */
143 #define LOGINLEN 31
144 struct isakmp_cfg_state {
145 int flags; /* See below */
146 unsigned int port; /* address index */
147 char login[LOGINLEN + 1]; /* login */
148 struct in_addr addr4; /* IPv4 address */
149 struct in_addr mask4; /* IPv4 netmask */
150 struct in_addr dns4[MAXNS]; /* IPv4 DNS (when client only) */
151 int dns4_index; /* Number of IPv4 DNS (client only) */
152 struct in_addr wins4[MAXWINS]; /* IPv4 WINS (when client only) */
153 int wins4_index; /* Number of IPv4 WINS (client only) */
154 char default_domain[MAXPATHLEN + 1]; /* Default domain recieved */
155 struct unity_netentry
156 *split_include; /* UNITY_SPLIT_INCLUDE */
157 int include_count; /* Number of SPLIT_INCLUDES */
158 struct unity_netentry
159 *split_local; /* UNITY_LOCAL_LAN */
160 int local_count; /* Number of SPLIT_LOCAL */
161 struct xauth_state xauth; /* Xauth state, if revelant */
162 struct isakmp_ivm *ivm; /* XXX Use iph1's ivm? */
163 u_int32_t last_msgid; /* Last message-ID */
164 vchar_t *attr_list; /* list of mode config attributes - used when started by api */
165 };
166
167 /* flags */
168 #define ISAKMP_CFG_VENDORID_XAUTH 0x01 /* Supports Xauth */
169 #define ISAKMP_CFG_VENDORID_UNITY 0x02 /* Cisco Unity compliant */
170 #define ISAKMP_CFG_PORT_ALLOCATED 0x04 /* Port allocated */
171 #define ISAKMP_CFG_ADDR4_EXTERN 0x08 /* Address from external config */
172 #define ISAKMP_CFG_MASK4_EXTERN 0x10 /* Netmask from external config */
173 #define ISAKMP_CFG_ADDR4_LOCAL 0x20 /* Address from local pool */
174 #define ISAKMP_CFG_MASK4_LOCAL 0x40 /* Netmask from local pool */
175 #define ISAKMP_CFG_GOT_ADDR4 0x80 /* Client got address */
176 #define ISAKMP_CFG_GOT_MASK4 0x100 /* Client got mask */
177 #define ISAKMP_CFG_GOT_DNS4 0x200 /* Client got DNS */
178 #define ISAKMP_CFG_GOT_WINS4 0x400 /* Client got WINS */
179 #define ISAKMP_CFG_DELETE_PH1 0x800 /* phase 1 should be deleted */
180 #define ISAKMP_CFG_GOT_DEFAULT_DOMAIN 0x1000 /* Client got default domain */
181 #define ISAKMP_CFG_GOT_SPLIT_INCLUDE 0x2000 /* Client got a split network config */
182 #define ISAKMP_CFG_GOT_SPLIT_LOCAL 0x4000 /* Client got a split LAN config */
183 #define ISAKMP_CFG_GOT_REPLY 0x8000 /* got config data from reply - don't process again */
184
185 struct isakmp_pl_attr;
186 struct isakmp_ivm;
187 void isakmp_cfg_r (phase1_handle_t *, vchar_t *);
188 int isakmp_cfg_attr_r (phase1_handle_t *, u_int32_t, struct isakmp_pl_attr *, vchar_t *);
189 int isakmp_cfg_reply (phase1_handle_t *, struct isakmp_pl_attr *);
190 int isakmp_cfg_request (phase1_handle_t *, struct isakmp_pl_attr *, vchar_t *);
191 int isakmp_cfg_set (phase1_handle_t *, struct isakmp_pl_attr *, vchar_t *);
192 int isakmp_cfg_send (phase1_handle_t *, vchar_t *, u_int32_t, int, int, int, vchar_t *);
193 struct isakmp_ivm *isakmp_cfg_newiv (phase1_handle_t *, u_int32_t);
194 void isakmp_cfg_rmstate (phase1_handle_t *);
195 struct isakmp_cfg_state *isakmp_cfg_mkstate (void);
196 vchar_t *isakmp_cfg_copy (phase1_handle_t *, struct isakmp_data *);
197 vchar_t *isakmp_cfg_short (phase1_handle_t *, struct isakmp_data *, int);
198 vchar_t *isakmp_cfg_varlen (phase1_handle_t *, struct isakmp_data *, char *, size_t);
199 vchar_t *isakmp_cfg_string (phase1_handle_t *, struct isakmp_data *, char *);
200 int isakmp_cfg_getconfig (phase1_handle_t *);
201
202 int isakmp_cfg_resize_pool (int);
203 int isakmp_cfg_getport (phase1_handle_t *);
204 int isakmp_cfg_putport (phase1_handle_t *, unsigned int);
205 int isakmp_cfg_init (int);
206 #define ISAKMP_CFG_INIT_COLD 1
207 #define ISAKMP_CFG_INIT_WARM 0
208
209 #endif /* _ISAKMP_CFG_H */
mirror of ipsec