1/*	$NetBSD: remoteconf.h,v 1.7 2006/10/03 08:01:56 vanhu Exp $	*/
2
3/* Id: remoteconf.h,v 1.26 2006/05/06 15:52:44 manubsd Exp */
4
5/*
6 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
7 * All rights reserved.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 * 1. Redistributions of source code must retain the above copyright
13 *    notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright
15 *    notice, this list of conditions and the following disclaimer in the
16 *    documentation and/or other materials provided with the distribution.
17 * 3. Neither the name of the project nor the names of its contributors
18 *    may be used to endorse or promote products derived from this software
19 *    without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 */
33
34#ifndef _REMOTECONF_H
35#define _REMOTECONF_H
36
37/* remote configuration */
38
39#include <sys/queue.h>
40#include "genlist.h"
41#ifdef ENABLE_HYBRID
42#include "isakmp_var.h"
43#include "isakmp_xauth.h"
44#endif
45
46struct proposalspec;
47
48struct etypes {
49	int type;
50	struct etypes *next;
51};
52
53/* Script hooks */
54#define SCRIPT_PHASE1_UP	0
55#define SCRIPT_PHASE1_DOWN	1
56#define SCRIPT_MAX		1
57extern char *script_names[SCRIPT_MAX + 1];
58
59struct remoteconf {
60	struct sockaddr *remote;	/* remote IP address */
61					/* if family is AF_UNSPEC, that is
62					 * for anonymous configuration. */
63
64	struct etypes *etypes;		/* exchange type list. the head
65					 * is a type to be sent first. */
66	int doitype;			/* doi type */
67	int sittype;			/* situation type */
68
69	int idvtype;			/* my identifier type */
70	vchar_t *idv;			/* my identifier */
71	vchar_t *key;			/* my pre-shared key */
72	struct genlist *idvl_p;         /* peer's identifiers list */
73
74	int certtype;			/* certificate type if need */
75	char *mycertfile;		/* file name of my certificate */
76	char *myprivfile;		/* file name of my private key file */
77	char *peerscertfile;		/* file name of peer's certifcate */
78	int getcert_method;		/* the way to get peer's certificate */
79	int cacerttype;			/* CA type is needed */
80	char *cacertfile;		/* file name of CA */
81	int getcacert_method;		/* the way to get the CA */
82	int send_cert;			/* send to CERT or not */
83	int send_cr;			/* send to CR or not */
84	int verify_cert;		/* verify a CERT strictly */
85	int verify_identifier;		/* vefify the peer's identifier */
86	int nonce_size;			/* the number of bytes of nonce */
87	int passive;			/* never initiate */
88	int ike_frag;			/* IKE fragmentation */
89	int esp_frag;			/* ESP fragmentation */
90	int mode_cfg;			/* Gets config through mode config */
91	int support_proxy;		/* support mip6/proxy */
92#define GENERATE_POLICY_NONE   0
93#define GENERATE_POLICY_REQUIRE        1
94#define GENERATE_POLICY_UNIQUE 2
95	int gen_policy;			/* generate policy if no policy found */
96	int ini_contact;		/* initial contact */
97	int pcheck_level;		/* level of propocl checking */
98	int nat_traversal;		/* NAT-Traversal */
99	vchar_t *script[SCRIPT_MAX + 1];/* script hooks paths */
100	int dh_group;			/* use it when only aggressive mode */
101	struct dhgroup *dhgrp;		/* use it when only aggressive mode */
102					/* above two can't be defined by user*/
103
104	int retry_counter;		/* times to retry. */
105	int retry_interval;		/* interval each retry. */
106				/* above 2 values are copied from localconf. */
107
108	int dpd;				/* Negociate DPD support ? */
109	int dpd_retry;			/* in seconds */
110	int dpd_interval;		/* in seconds */
111	int dpd_maxfails;
112
113	int ph1id; /* ph1id to be matched with sainfo sections */
114
115	int weak_phase1_check;		/* act on unencrypted deletions ? */
116
117	struct isakmpsa *proposal;	/* proposal list */
118	struct remoteconf *inherited_from;	/* the original rmconf
119						   from which this one
120						   was inherited */
121	struct proposalspec *prhead;
122
123	struct genlist	*rsa_private,	/* lists of PlainRSA keys to use */
124			*rsa_public;
125
126#ifdef ENABLE_HYBRID
127	struct xauth_rmconf *xauth;
128#endif
129
130	TAILQ_ENTRY(remoteconf) chain;	/* next remote conf */
131};
132
133struct dhgroup;
134
135/* ISAKMP SA specification */
136struct isakmpsa {
137	int prop_no;
138	int trns_no;
139	time_t lifetime;
140	size_t lifebyte;
141	int enctype;
142	int encklen;
143	int authmethod;
144	int hashtype;
145	int vendorid;
146#ifdef HAVE_GSSAPI
147	vchar_t *gssid;
148#endif
149	int dh_group;			/* don't use it if aggressive mode */
150	struct dhgroup *dhgrp;		/* don't use it if aggressive mode */
151
152	struct isakmpsa *next;		/* next transform */
153	struct remoteconf *rmconf;	/* backpointer to remoteconf */
154};
155
156struct idspec {
157	int idtype;                     /* identifier type */
158	vchar_t *id;                    /* identifier */
159};
160
161typedef struct remoteconf * (rmconf_func_t)(struct remoteconf *rmconf, void *data);
162
163extern struct remoteconf *getrmconf __P((struct sockaddr *));
164extern struct remoteconf *getrmconf_strict
165	__P((struct sockaddr *remote, int allow_anon));
166extern struct remoteconf *copyrmconf __P((struct sockaddr *));
167extern struct remoteconf *newrmconf __P((void));
168extern struct remoteconf *duprmconf __P((struct remoteconf *));
169extern void delrmconf __P((struct remoteconf *));
170extern void delisakmpsa __P((struct isakmpsa *));
171extern void deletypes __P((struct etypes *));
172extern struct etypes * dupetypes __P((struct etypes *));
173extern void insrmconf __P((struct remoteconf *));
174extern void remrmconf __P((struct remoteconf *));
175extern void flushrmconf __P((void));
176extern void initrmconf __P((void));
177extern void save_rmconf __P((void));
178extern void save_rmconf_flush __P((void));
179
180extern struct etypes *check_etypeok
181	__P((struct remoteconf *, u_int8_t));
182extern struct remoteconf *foreachrmconf __P((rmconf_func_t rmconf_func,
183					     void *data));
184
185extern struct isakmpsa *newisakmpsa __P((void));
186extern struct isakmpsa *dupisakmpsa __P((struct isakmpsa *));
187
188extern void insisakmpsa __P((struct isakmpsa *, struct remoteconf *));
189
190extern void dumprmconf __P((void));
191
192extern struct idspec *newidspec __P((void));
193
194extern vchar_t *script_path_add __P((vchar_t *));
195
196#endif /* _REMOTECONF_H */
197