isakmp_xauth.h revision f8a6a7636d53a5730c58ae041e4e09ae12e1657c
1/* $NetBSD: isakmp_xauth.h,v 1.7 2011/03/14 15:50:36 vanhu Exp $ */ 2 3/* $KAME$ */ 4 5/* 6 * Copyright (C) 2004 Emmanuel Dreyfus 7 * All rights reserved. 8 * 9 * Redistribution and use in source and binary forms, with or without 10 * modification, are permitted provided that the following conditions 11 * are met: 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 2. Redistributions in binary form must reproduce the above copyright 15 * notice, this list of conditions and the following disclaimer in the 16 * documentation and/or other materials provided with the distribution. 17 * 3. Neither the name of the project nor the names of its contributors 18 * may be used to endorse or promote products derived from this software 19 * without specific prior written permission. 20 * 21 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 24 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31 * SUCH DAMAGE. 32 */ 33 34#ifndef _ISAKMP_XAUTH_H 35#define _ISAKMP_XAUTH_H 36 37#include "schedule.h" 38 39/* ISAKMP mode config attribute types specific to the Xauth vendor ID */ 40#define XAUTH_TYPE 16520 41#define XAUTH_USER_NAME 16521 42#define XAUTH_USER_PASSWORD 16522 43#define XAUTH_PASSCODE 16523 44#define XAUTH_MESSAGE 16524 45#define XAUTH_CHALLENGE 16525 46#define XAUTH_DOMAIN 16526 47#define XAUTH_STATUS 16527 48#define XAUTH_NEXT_PIN 16528 49#define XAUTH_ANSWER 16529 50 51/* Types for XAUTH_TYPE */ 52#define XAUTH_TYPE_GENERIC 0 53#define XAUTH_TYPE_CHAP 1 54#define XAUTH_TYPE_OTP 2 55#define XAUTH_TYPE_SKEY 3 56 57/* Values for XAUTH_STATUS */ 58#define XAUTH_STATUS_FAIL 0 59#define XAUTH_STATUS_OK 1 60 61/* For phase 1 Xauth status */ 62struct xauth_state { 63 int status; /* authentication status, used only on server side */ 64 int vendorid; 65 int authtype; 66 union { 67 struct authgeneric { 68 char *usr; 69 char *pwd; 70 } generic; 71 } authdata; 72#ifdef HAVE_LIBLDAP 73 char *udn; /* ldap user dn */ 74#endif 75}; 76 77/* What's been sent */ 78#define XAUTH_SENT_USERNAME 1 79#define XAUTH_SENT_PASSWORD 2 80#define XAUTH_SENT_EVERYTHING (XAUTH_SENT_USERNAME | XAUTH_SENT_PASSWORD) 81 82/* For rmconf Xauth data */ 83struct xauth_rmconf { 84 vchar_t *login; /* xauth login */ 85 vchar_t *pass; /* xauth password */ 86 int state; /* what's been sent */ 87}; 88 89/* status */ 90#define XAUTHST_NOTYET 0 91#define XAUTHST_REQSENT 1 92#define XAUTHST_OK 2 93 94struct xauth_reply_arg { 95 struct sched sc; 96 isakmp_index index; 97 int port; 98 int id; 99 int res; 100}; 101 102struct ph1handle; 103struct isakmp_data; 104void xauth_sendreq(struct ph1handle *); 105int xauth_attr_reply(struct ph1handle *, struct isakmp_data *, int); 106int xauth_login_system(char *, char *); 107void xauth_sendstatus(struct ph1handle *, int, int); 108int xauth_check(struct ph1handle *); 109int group_check(struct ph1handle *, char **, int); 110vchar_t *isakmp_xauth_req(struct ph1handle *, struct isakmp_data *); 111vchar_t *isakmp_xauth_set(struct ph1handle *, struct isakmp_data *); 112void xauth_rmstate(struct xauth_state *); 113void xauth_reply_stub(struct sched *); 114int xauth_reply(struct ph1handle *, int, int, int); 115int xauth_rmconf_used(struct xauth_rmconf **); 116void xauth_rmconf_delete(struct xauth_rmconf **); 117struct xauth_rmconf * xauth_rmconf_dup(struct xauth_rmconf *); 118 119#ifdef HAVE_LIBPAM 120int xauth_login_pam(int, struct sockaddr *, char *, char *); 121#endif 122 123#ifdef HAVE_LIBRADIUS 124 125#define RADIUS_MAX_SERVERS 5 126 127struct rad_serv { 128 vchar_t *host; 129 int port; 130 vchar_t *secret; 131}; 132 133struct xauth_rad_config { 134 struct rad_serv auth_server_list[RADIUS_MAX_SERVERS]; 135 int auth_server_count; 136 struct rad_serv acct_server_list[RADIUS_MAX_SERVERS]; 137 int acct_server_count; 138 int timeout; 139 int retries; 140}; 141 142extern struct xauth_rad_config xauth_rad_config; 143 144int xauth_radius_init_conf(int free); 145int xauth_radius_init(void); 146int xauth_login_radius(struct ph1handle *, char *, char *); 147 148#endif 149 150#ifdef HAVE_LIBLDAP 151 152#define LDAP_DFLT_HOST "localhost" 153#define LDAP_DFLT_USER "cn" 154#define LDAP_DFLT_ADDR "racoon-address" 155#define LDAP_DFLT_MASK "racoon-netmask" 156#define LDAP_DFLT_GROUP "cn" 157#define LDAP_DFLT_MEMBER "member" 158 159struct xauth_ldap_config { 160 int pver; 161 vchar_t *host; 162 int port; 163 vchar_t *base; 164 int subtree; 165 vchar_t *bind_dn; 166 vchar_t *bind_pw; 167 int auth_type; 168 vchar_t *attr_user; 169 vchar_t *attr_addr; 170 vchar_t *attr_mask; 171 vchar_t *attr_group; 172 vchar_t *attr_member; 173}; 174 175extern struct xauth_ldap_config xauth_ldap_config; 176 177int xauth_ldap_init_conf(void); 178int xauth_login_ldap(struct ph1handle *, char *, char *); 179 180#endif 181 182#endif /* _ISAKMP_XAUTH_H */ 183