1/* $NetBSD: isakmp_cfg.h,v 1.6 2006/09/09 16:22:09 manu Exp $ */ 2 3/* $KAME$ */ 4 5/* 6 * Copyright (C) 2004 Emmanuel Dreyfus 7 * All rights reserved. 8 * 9 * Redistribution and use in source and binary forms, with or without 10 * modification, are permitted provided that the following conditions 11 * are met: 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 2. Redistributions in binary form must reproduce the above copyright 15 * notice, this list of conditions and the following disclaimer in the 16 * documentation and/or other materials provided with the distribution. 17 * 3. Neither the name of the project nor the names of its contributors 18 * may be used to endorse or promote products derived from this software 19 * without specific prior written permission. 20 * 21 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 24 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31 * SUCH DAMAGE. 32 */ 33#ifndef _ISAKMP_CFG_H 34#define _ISAKMP_CFG_H 35 36 37#include "racoon_types.h" 38#include <resolv.h> 39 40 41 42/* Attribute types */ 43#define INTERNAL_IP4_ADDRESS 1 44#define INTERNAL_IP4_NETMASK 2 45#define INTERNAL_IP4_DNS 3 46#define INTERNAL_IP4_NBNS 4 47#define INTERNAL_ADDRESS_EXPIRY 5 48#define INTERNAL_IP4_DHCP 6 49#define APPLICATION_VERSION 7 50#define INTERNAL_IP6_ADDRESS 8 51#define INTERNAL_IP6_NETMASK 9 52#define INTERNAL_IP6_DNS 10 53#define INTERNAL_IP6_NBNS 11 54#define INTERNAL_IP6_DHCP 12 55#define INTERNAL_IP4_SUBNET 13 56#define SUPPORTED_ATTRIBUTES 14 57#define INTERNAL_IP6_SUBNET 15 58 59/* For APPLICATION_VERSION */ 60#define ISAKMP_CFG_RACOON_VERSION "racoon / IPsec-tools" 61 62/* For the wins servers -- XXX find the value somewhere ? */ 63#define MAXWINS 4 64 65/* 66 * Global configuration for ISAKMP mode confiration address allocation 67 * Read from the mode_cfg section of racoon.conf 68 */ 69struct isakmp_cfg_port { 70 char used; 71}; 72 73struct isakmp_cfg_config { 74 in_addr_t network4; 75 in_addr_t netmask4; 76 in_addr_t dns4[MAXNS]; 77 int dns4_index; 78 in_addr_t nbns4[MAXWINS]; 79 int nbns4_index; 80 struct isakmp_cfg_port *port_pool; 81 int authsource; 82 int groupsource; 83 char **grouplist; 84 int groupcount; 85 int confsource; 86 int accounting; 87 size_t pool_size; 88 int auth_throttle; 89 /* XXX move this to a unity specific sub-structure */ 90 char default_domain[MAXPATHLEN + 1]; 91 char motd[MAXPATHLEN + 1]; 92 struct unity_netentry *splitnet_list; 93 int splitnet_count; 94 int splitnet_type; 95 char *splitdns_list; 96 int splitdns_len; 97 int pfs_group; 98 int save_passwd; 99}; 100 101/* For utmp updating */ 102#define TERMSPEC "vpn%d" 103 104/* For authsource */ 105#define ISAKMP_CFG_AUTH_SYSTEM 0 106#define ISAKMP_CFG_AUTH_RADIUS 1 107#define ISAKMP_CFG_AUTH_PAM 2 108#define ISAKMP_CFG_AUTH_LDAP 4 109 110/* For groupsource */ 111#define ISAKMP_CFG_GROUP_SYSTEM 0 112#define ISAKMP_CFG_GROUP_LDAP 1 113 114/* For confsource */ 115#define ISAKMP_CFG_CONF_LOCAL 0 116#define ISAKMP_CFG_CONF_RADIUS 1 117#define ISAKMP_CFG_CONF_LDAP 2 118 119/* For accounting */ 120#define ISAKMP_CFG_ACCT_NONE 0 121#define ISAKMP_CFG_ACCT_RADIUS 1 122#define ISAKMP_CFG_ACCT_PAM 2 123#define ISAKMP_CFG_ACCT_LDAP 3 124#define ISAKMP_CFG_ACCT_SYSTEM 4 125 126/* For pool_size */ 127#define ISAKMP_CFG_MAX_CNX 255 128 129/* For motd */ 130#define ISAKMP_CFG_MOTD "/etc/motd" 131 132/* For default domain */ 133#define ISAKMP_CFG_DEFAULT_DOMAIN "" 134 135extern struct isakmp_cfg_config isakmp_cfg_config; 136 137/* 138 * ISAKMP mode config state 139 */ 140#define LOGINLEN 31 141struct isakmp_cfg_state { 142 int flags; /* See below */ 143 unsigned int port; /* address index */ 144 char login[LOGINLEN + 1]; /* login */ 145 struct in_addr addr4; /* IPv4 address */ 146 struct in_addr mask4; /* IPv4 netmask */ 147 struct in_addr dns4[MAXNS]; /* IPv4 DNS (when client only) */ 148 int dns4_index; /* Number of IPv4 DNS (client only) */ 149 struct in_addr wins4[MAXWINS]; /* IPv4 WINS (when client only) */ 150 int wins4_index; /* Number of IPv4 WINS (client only) */ 151 char default_domain[MAXPATHLEN + 1]; /* Default domain recieved */ 152 struct unity_netentry 153 *split_include; /* UNITY_SPLIT_INCLUDE */ 154 int include_count; /* Number of SPLIT_INCLUDES */ 155 struct unity_netentry 156 *split_local; /* UNITY_LOCAL_LAN */ 157 int local_count; /* Number of SPLIT_LOCAL */ 158 struct xauth_state xauth; /* Xauth state, if revelant */ 159 struct isakmp_ivm *ivm; /* XXX Use iph1's ivm? */ 160 u_int32_t last_msgid; /* Last message-ID */ 161 vchar_t *attr_list; /* list of mode config attributes - used when started by api */ 162}; 163 164/* flags */ 165#define ISAKMP_CFG_VENDORID_XAUTH 0x01 /* Supports Xauth */ 166#define ISAKMP_CFG_VENDORID_UNITY 0x02 /* Cisco Unity compliant */ 167#define ISAKMP_CFG_PORT_ALLOCATED 0x04 /* Port allocated */ 168#define ISAKMP_CFG_ADDR4_EXTERN 0x08 /* Address from external config */ 169#define ISAKMP_CFG_MASK4_EXTERN 0x10 /* Netmask from external config */ 170#define ISAKMP_CFG_ADDR4_LOCAL 0x20 /* Address from local pool */ 171#define ISAKMP_CFG_MASK4_LOCAL 0x40 /* Netmask from local pool */ 172#define ISAKMP_CFG_GOT_ADDR4 0x80 /* Client got address */ 173#define ISAKMP_CFG_GOT_MASK4 0x100 /* Client got mask */ 174#define ISAKMP_CFG_GOT_DNS4 0x200 /* Client got DNS */ 175#define ISAKMP_CFG_GOT_WINS4 0x400 /* Client got WINS */ 176#define ISAKMP_CFG_DELETE_PH1 0x800 /* phase 1 should be deleted */ 177#define ISAKMP_CFG_GOT_DEFAULT_DOMAIN 0x1000 /* Client got default domain */ 178#define ISAKMP_CFG_GOT_SPLIT_INCLUDE 0x2000 /* Client got a split network config */ 179#define ISAKMP_CFG_GOT_SPLIT_LOCAL 0x4000 /* Client got a split LAN config */ 180#define ISAKMP_CFG_GOT_REPLY 0x8000 /* got config data from reply - don't process again */ 181 182struct isakmp_pl_attr; 183struct isakmp_ivm; 184void isakmp_cfg_r (phase1_handle_t *, vchar_t *); 185int isakmp_cfg_attr_r (phase1_handle_t *, u_int32_t, struct isakmp_pl_attr *, vchar_t *); 186int isakmp_cfg_reply (phase1_handle_t *, struct isakmp_pl_attr *); 187int isakmp_cfg_request (phase1_handle_t *, struct isakmp_pl_attr *, vchar_t *); 188int isakmp_cfg_set (phase1_handle_t *, struct isakmp_pl_attr *, vchar_t *); 189int isakmp_cfg_send (phase1_handle_t *, vchar_t *, u_int32_t, int, int, int, vchar_t *); 190struct isakmp_ivm *isakmp_cfg_newiv (phase1_handle_t *, u_int32_t); 191void isakmp_cfg_rmstate (phase1_handle_t *); 192struct isakmp_cfg_state *isakmp_cfg_mkstate (void); 193vchar_t *isakmp_cfg_copy (phase1_handle_t *, struct isakmp_data *); 194vchar_t *isakmp_cfg_short (phase1_handle_t *, struct isakmp_data *, int); 195vchar_t *isakmp_cfg_varlen (phase1_handle_t *, struct isakmp_data *, char *, size_t); 196vchar_t *isakmp_cfg_string (phase1_handle_t *, struct isakmp_data *, char *); 197int isakmp_cfg_getconfig (phase1_handle_t *); 198 199int isakmp_cfg_resize_pool (int); 200int isakmp_cfg_getport (phase1_handle_t *); 201int isakmp_cfg_putport (phase1_handle_t *, unsigned int); 202int isakmp_cfg_init (int); 203#define ISAKMP_CFG_INIT_COLD 1 204#define ISAKMP_CFG_INIT_WARM 0 205 206#endif /* _ISAKMP_CFG_H */ 207