isakmp_xauth.h revision f8a6a7636d53a5730c58ae041e4e09ae12e1657c 
1/*	$NetBSD: isakmp_xauth.h,v 1.7 2011/03/14 15:50:36 vanhu Exp $	*/
2
3/*	$KAME$ */
4
5/*
6 * Copyright (C) 2004 Emmanuel Dreyfus
7 * All rights reserved.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 * 1. Redistributions of source code must retain the above copyright
13 *    notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright
15 *    notice, this list of conditions and the following disclaimer in the
16 *    documentation and/or other materials provided with the distribution.
17 * 3. Neither the name of the project nor the names of its contributors
18 *    may be used to endorse or promote products derived from this software
19 *    without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 */
33
34#ifndef _ISAKMP_XAUTH_H
35#define _ISAKMP_XAUTH_H
36
37#include "schedule.h"
38
39/* ISAKMP mode config attribute types specific to the Xauth vendor ID */
40#define	XAUTH_TYPE                16520
41#define	XAUTH_USER_NAME           16521
42#define	XAUTH_USER_PASSWORD       16522
43#define	XAUTH_PASSCODE            16523
44#define	XAUTH_MESSAGE             16524
45#define	XAUTH_CHALLENGE           16525
46#define	XAUTH_DOMAIN              16526
47#define	XAUTH_STATUS              16527
48#define	XAUTH_NEXT_PIN            16528
49#define	XAUTH_ANSWER              16529
50
51/* Types for XAUTH_TYPE */
52#define	XAUTH_TYPE_GENERIC 	0
53#define	XAUTH_TYPE_CHAP    	1
54#define	XAUTH_TYPE_OTP     	2
55#define	XAUTH_TYPE_SKEY    	3
56
57/* Values for XAUTH_STATUS */
58#define	XAUTH_STATUS_FAIL       0
59#define	XAUTH_STATUS_OK         1
60
61/* For phase 1 Xauth status */
62struct xauth_state {
63	int status; /* authentication status, used only on server side */
64	int vendorid;
65	int authtype;
66	union {
67		struct authgeneric {
68			char *usr;
69			char *pwd;
70		} generic;
71	} authdata;
72#ifdef HAVE_LIBLDAP
73	char *udn; /* ldap user dn */
74#endif
75};
76
77/* What's been sent */
78#define XAUTH_SENT_USERNAME 1
79#define XAUTH_SENT_PASSWORD 2
80#define XAUTH_SENT_EVERYTHING (XAUTH_SENT_USERNAME | XAUTH_SENT_PASSWORD)
81
82/* For rmconf Xauth data */
83struct xauth_rmconf {
84	vchar_t *login;	/* xauth login */
85	vchar_t *pass;	/* xauth password */
86	int state;      /* what's been sent */
87};
88
89/* status */
90#define XAUTHST_NOTYET	0
91#define XAUTHST_REQSENT	1
92#define XAUTHST_OK	2
93
94struct xauth_reply_arg {
95	struct sched sc;
96	isakmp_index index;
97	int port;
98	int id;
99	int res;
100};
101
102struct ph1handle;
103struct isakmp_data;
104void xauth_sendreq(struct ph1handle *);
105int xauth_attr_reply(struct ph1handle *, struct isakmp_data *, int);
106int xauth_login_system(char *, char *);
107void xauth_sendstatus(struct ph1handle *, int, int);
108int xauth_check(struct ph1handle *);
109int group_check(struct ph1handle *, char **, int);
110vchar_t *isakmp_xauth_req(struct ph1handle *, struct isakmp_data *);
111vchar_t *isakmp_xauth_set(struct ph1handle *, struct isakmp_data *);
112void xauth_rmstate(struct xauth_state *);
113void xauth_reply_stub(struct sched *);
114int xauth_reply(struct ph1handle *, int, int, int);
115int xauth_rmconf_used(struct xauth_rmconf **);
116void xauth_rmconf_delete(struct xauth_rmconf **);
117struct xauth_rmconf * xauth_rmconf_dup(struct xauth_rmconf *);
118
119#ifdef HAVE_LIBPAM
120int xauth_login_pam(int, struct sockaddr *, char *, char *);
121#endif
122
123#ifdef HAVE_LIBRADIUS
124
125#define RADIUS_MAX_SERVERS 5
126
127struct rad_serv {
128	vchar_t		*host;
129	int		port;
130	vchar_t		*secret;
131};
132
133struct xauth_rad_config {
134	struct rad_serv	auth_server_list[RADIUS_MAX_SERVERS];
135	int		auth_server_count;
136	struct rad_serv	acct_server_list[RADIUS_MAX_SERVERS];
137	int		acct_server_count;
138	int		timeout;
139	int		retries;
140};
141
142extern struct xauth_rad_config xauth_rad_config;
143
144int xauth_radius_init_conf(int free);
145int xauth_radius_init(void);
146int xauth_login_radius(struct ph1handle *, char *, char *);
147
148#endif
149
150#ifdef HAVE_LIBLDAP
151
152#define LDAP_DFLT_HOST		"localhost"
153#define LDAP_DFLT_USER		"cn"
154#define LDAP_DFLT_ADDR		"racoon-address"
155#define LDAP_DFLT_MASK		"racoon-netmask"
156#define LDAP_DFLT_GROUP		"cn"
157#define LDAP_DFLT_MEMBER	"member"
158
159struct xauth_ldap_config {
160	int		pver;
161	vchar_t 	*host;
162	int		port;
163	vchar_t		*base;
164	int		subtree;
165	vchar_t		*bind_dn;
166	vchar_t		*bind_pw;
167	int		auth_type;
168	vchar_t		*attr_user;
169	vchar_t		*attr_addr;
170	vchar_t		*attr_mask;
171	vchar_t		*attr_group;
172	vchar_t		*attr_member;
173};
174
175extern struct xauth_ldap_config xauth_ldap_config;
176
177int xauth_ldap_init_conf(void);
178int xauth_login_ldap(struct ph1handle *, char *, char *);
179
180#endif
181
182#endif /* _ISAKMP_XAUTH_H */
183