1/*	$NetBSD: isakmp_cfg.h,v 1.6 2006/09/09 16:22:09 manu Exp $	*/
2
3/*	$KAME$ */
4
5/*
6 * Copyright (C) 2004 Emmanuel Dreyfus
7 * All rights reserved.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 * 1. Redistributions of source code must retain the above copyright
13 *    notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright
15 *    notice, this list of conditions and the following disclaimer in the
16 *    documentation and/or other materials provided with the distribution.
17 * 3. Neither the name of the project nor the names of its contributors
18 *    may be used to endorse or promote products derived from this software
19 *    without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 */
33#ifndef _ISAKMP_CFG_H
34#define _ISAKMP_CFG_H
35
36
37#include "racoon_types.h"
38#include <resolv.h>
39
40
41
42/* Attribute types */
43#define INTERNAL_IP4_ADDRESS        1
44#define INTERNAL_IP4_NETMASK        2
45#define INTERNAL_IP4_DNS            3
46#define INTERNAL_IP4_NBNS           4
47#define INTERNAL_ADDRESS_EXPIRY     5
48#define INTERNAL_IP4_DHCP           6
49#define APPLICATION_VERSION         7
50#define INTERNAL_IP6_ADDRESS        8
51#define INTERNAL_IP6_NETMASK        9
52#define INTERNAL_IP6_DNS           10
53#define INTERNAL_IP6_NBNS          11
54#define INTERNAL_IP6_DHCP          12
55#define INTERNAL_IP4_SUBNET        13
56#define SUPPORTED_ATTRIBUTES       14
57#define INTERNAL_IP6_SUBNET        15
58
59/* For APPLICATION_VERSION */
60#define ISAKMP_CFG_RACOON_VERSION "racoon / IPsec-tools"
61
62/* For the wins servers -- XXX find the value somewhere ? */
63#define MAXWINS 4
64
65/*
66 * Global configuration for ISAKMP mode confiration address allocation
67 * Read from the mode_cfg section of racoon.conf
68 */
69struct isakmp_cfg_port {
70	char	used;
71};
72
73struct isakmp_cfg_config {
74	in_addr_t		network4;
75	in_addr_t		netmask4;
76	in_addr_t		dns4[MAXNS];
77	int			dns4_index;
78	in_addr_t		nbns4[MAXWINS];
79	int			nbns4_index;
80	struct isakmp_cfg_port 	*port_pool;
81	int			authsource;
82	int			groupsource;
83	char			**grouplist;
84	int			groupcount;
85	int			confsource;
86	int			accounting;
87	size_t			pool_size;
88	int			auth_throttle;
89	/* XXX move this to a unity specific sub-structure */
90	char			default_domain[MAXPATHLEN + 1];
91	char			motd[MAXPATHLEN + 1];
92	struct unity_netentry	*splitnet_list;
93	int			splitnet_count;
94	int			splitnet_type;
95	char 			*splitdns_list;
96	int			splitdns_len;
97	int			pfs_group;
98	int			save_passwd;
99};
100
101/* For utmp updating */
102#define TERMSPEC	"vpn%d"
103
104/* For authsource */
105#define ISAKMP_CFG_AUTH_SYSTEM	0
106#define ISAKMP_CFG_AUTH_RADIUS	1
107#define ISAKMP_CFG_AUTH_PAM	2
108#define ISAKMP_CFG_AUTH_LDAP	4
109
110/* For groupsource */
111#define ISAKMP_CFG_GROUP_SYSTEM	0
112#define ISAKMP_CFG_GROUP_LDAP	1
113
114/* For confsource */
115#define ISAKMP_CFG_CONF_LOCAL	0
116#define ISAKMP_CFG_CONF_RADIUS	1
117#define ISAKMP_CFG_CONF_LDAP	2
118
119/* For accounting */
120#define ISAKMP_CFG_ACCT_NONE	0
121#define ISAKMP_CFG_ACCT_RADIUS	1
122#define ISAKMP_CFG_ACCT_PAM	2
123#define ISAKMP_CFG_ACCT_LDAP	3
124#define ISAKMP_CFG_ACCT_SYSTEM	4
125
126/* For pool_size */
127#define ISAKMP_CFG_MAX_CNX	255
128
129/* For motd */
130#define ISAKMP_CFG_MOTD	"/etc/motd"
131
132/* For default domain */
133#define ISAKMP_CFG_DEFAULT_DOMAIN ""
134
135extern struct isakmp_cfg_config isakmp_cfg_config;
136
137/*
138 * ISAKMP mode config state
139 */
140#define LOGINLEN 31
141struct isakmp_cfg_state {
142	int flags;			/* See below */
143	unsigned int port;		/* address index */
144	char login[LOGINLEN + 1];	/* login */
145	struct in_addr addr4;		/* IPv4 address */
146	struct in_addr mask4;		/* IPv4 netmask */
147	struct in_addr dns4[MAXNS];	/* IPv4 DNS (when client only) */
148	int dns4_index;			/* Number of IPv4 DNS (client only) */
149	struct in_addr wins4[MAXWINS];	/* IPv4 WINS (when client only) */
150	int wins4_index;		/* Number of IPv4 WINS (client only) */
151	char default_domain[MAXPATHLEN + 1];	/* Default domain recieved */
152	struct unity_netentry
153	    *split_include; 		/* UNITY_SPLIT_INCLUDE */
154	int include_count;		/* Number of SPLIT_INCLUDES */
155	struct unity_netentry
156	    *split_local;		/* UNITY_LOCAL_LAN */
157	int local_count;		/* Number of SPLIT_LOCAL */
158	struct xauth_state xauth;	/* Xauth state, if revelant */
159	struct isakmp_ivm *ivm;		/* XXX Use iph1's ivm? */
160	u_int32_t last_msgid;           /* Last message-ID */
161	vchar_t	*attr_list;			/* list of mode config attributes - used when started by api */
162};
163
164/* flags */
165#define ISAKMP_CFG_VENDORID_XAUTH	0x01	/* Supports Xauth */
166#define ISAKMP_CFG_VENDORID_UNITY	0x02	/* Cisco Unity compliant */
167#define ISAKMP_CFG_PORT_ALLOCATED	0x04	/* Port allocated */
168#define ISAKMP_CFG_ADDR4_EXTERN		0x08	/* Address from external config  */
169#define ISAKMP_CFG_MASK4_EXTERN		0x10	/* Netmask from external config */
170#define ISAKMP_CFG_ADDR4_LOCAL		0x20	/* Address from local pool */
171#define ISAKMP_CFG_MASK4_LOCAL		0x40	/* Netmask from local pool */
172#define ISAKMP_CFG_GOT_ADDR4		0x80	/* Client got address */
173#define ISAKMP_CFG_GOT_MASK4		0x100	/* Client got mask */
174#define ISAKMP_CFG_GOT_DNS4		0x200	/* Client got DNS */
175#define ISAKMP_CFG_GOT_WINS4		0x400	/* Client got WINS */
176#define ISAKMP_CFG_DELETE_PH1		0x800	/* phase 1 should be deleted */
177#define ISAKMP_CFG_GOT_DEFAULT_DOMAIN	0x1000	/* Client got default domain */
178#define ISAKMP_CFG_GOT_SPLIT_INCLUDE	0x2000	/* Client got a split network config */
179#define ISAKMP_CFG_GOT_SPLIT_LOCAL	0x4000	/* Client got a split LAN config */
180#define ISAKMP_CFG_GOT_REPLY		0x8000	/* got config data from reply - don't process again */
181
182struct isakmp_pl_attr;
183struct isakmp_ivm;
184void isakmp_cfg_r (phase1_handle_t *, vchar_t *);
185int isakmp_cfg_attr_r (phase1_handle_t *, u_int32_t, struct isakmp_pl_attr *, vchar_t *);
186int isakmp_cfg_reply (phase1_handle_t *, struct isakmp_pl_attr *);
187int isakmp_cfg_request (phase1_handle_t *, struct isakmp_pl_attr *, vchar_t *);
188int isakmp_cfg_set (phase1_handle_t *, struct isakmp_pl_attr *, vchar_t *);
189int isakmp_cfg_send (phase1_handle_t *, vchar_t *, u_int32_t, int, int, int, vchar_t *);
190struct isakmp_ivm *isakmp_cfg_newiv (phase1_handle_t *, u_int32_t);
191void isakmp_cfg_rmstate (phase1_handle_t *);
192struct isakmp_cfg_state *isakmp_cfg_mkstate (void);
193vchar_t *isakmp_cfg_copy (phase1_handle_t *, struct isakmp_data *);
194vchar_t *isakmp_cfg_short (phase1_handle_t *, struct isakmp_data *, int);
195vchar_t *isakmp_cfg_varlen (phase1_handle_t *, struct isakmp_data *, char *, size_t);
196vchar_t *isakmp_cfg_string (phase1_handle_t *, struct isakmp_data *, char *);
197int isakmp_cfg_getconfig (phase1_handle_t *);
198
199int isakmp_cfg_resize_pool (int);
200int isakmp_cfg_getport (phase1_handle_t *);
201int isakmp_cfg_putport (phase1_handle_t *, unsigned int);
202int isakmp_cfg_init (int);
203#define ISAKMP_CFG_INIT_COLD	1
204#define ISAKMP_CFG_INIT_WARM	0
205
206#endif /* _ISAKMP_CFG_H */
207