1/* $NetBSD: remoteconf.h,v 1.7 2006/10/03 08:01:56 vanhu Exp $ */ 2 3/* Id: remoteconf.h,v 1.26 2006/05/06 15:52:44 manubsd Exp */ 4 5/* 6 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 7 * All rights reserved. 8 * 9 * Redistribution and use in source and binary forms, with or without 10 * modification, are permitted provided that the following conditions 11 * are met: 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 2. Redistributions in binary form must reproduce the above copyright 15 * notice, this list of conditions and the following disclaimer in the 16 * documentation and/or other materials provided with the distribution. 17 * 3. Neither the name of the project nor the names of its contributors 18 * may be used to endorse or promote products derived from this software 19 * without specific prior written permission. 20 * 21 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 24 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31 * SUCH DAMAGE. 32 */ 33 34#ifndef _REMOTECONF_H 35#define _REMOTECONF_H 36 37/* remote configuration */ 38 39#include <sys/queue.h> 40#include "genlist.h" 41#ifdef ENABLE_HYBRID 42#include "isakmp_var.h" 43#include "isakmp_xauth.h" 44#endif 45 46struct proposalspec; 47 48struct etypes { 49 int type; 50 struct etypes *next; 51}; 52 53/* Script hooks */ 54#define SCRIPT_PHASE1_UP 0 55#define SCRIPT_PHASE1_DOWN 1 56#define SCRIPT_MAX 1 57extern char *script_names[SCRIPT_MAX + 1]; 58 59struct remoteconf { 60 struct sockaddr *remote; /* remote IP address */ 61 /* if family is AF_UNSPEC, that is 62 * for anonymous configuration. */ 63 64 struct etypes *etypes; /* exchange type list. the head 65 * is a type to be sent first. */ 66 int doitype; /* doi type */ 67 int sittype; /* situation type */ 68 69 int idvtype; /* my identifier type */ 70 vchar_t *idv; /* my identifier */ 71 vchar_t *key; /* my pre-shared key */ 72 struct genlist *idvl_p; /* peer's identifiers list */ 73 74 int certtype; /* certificate type if need */ 75 char *mycertfile; /* file name of my certificate */ 76 char *myprivfile; /* file name of my private key file */ 77 char *peerscertfile; /* file name of peer's certifcate */ 78 int getcert_method; /* the way to get peer's certificate */ 79 int cacerttype; /* CA type is needed */ 80 char *cacertfile; /* file name of CA */ 81 int getcacert_method; /* the way to get the CA */ 82 int send_cert; /* send to CERT or not */ 83 int send_cr; /* send to CR or not */ 84 int verify_cert; /* verify a CERT strictly */ 85 int verify_identifier; /* vefify the peer's identifier */ 86 int nonce_size; /* the number of bytes of nonce */ 87 int passive; /* never initiate */ 88 int ike_frag; /* IKE fragmentation */ 89 int esp_frag; /* ESP fragmentation */ 90 int mode_cfg; /* Gets config through mode config */ 91 int support_proxy; /* support mip6/proxy */ 92#define GENERATE_POLICY_NONE 0 93#define GENERATE_POLICY_REQUIRE 1 94#define GENERATE_POLICY_UNIQUE 2 95 int gen_policy; /* generate policy if no policy found */ 96 int ini_contact; /* initial contact */ 97 int pcheck_level; /* level of propocl checking */ 98 int nat_traversal; /* NAT-Traversal */ 99 vchar_t *script[SCRIPT_MAX + 1];/* script hooks paths */ 100 int dh_group; /* use it when only aggressive mode */ 101 struct dhgroup *dhgrp; /* use it when only aggressive mode */ 102 /* above two can't be defined by user*/ 103 104 int retry_counter; /* times to retry. */ 105 int retry_interval; /* interval each retry. */ 106 /* above 2 values are copied from localconf. */ 107 108 int dpd; /* Negociate DPD support ? */ 109 int dpd_retry; /* in seconds */ 110 int dpd_interval; /* in seconds */ 111 int dpd_maxfails; 112 113 int ph1id; /* ph1id to be matched with sainfo sections */ 114 115 int weak_phase1_check; /* act on unencrypted deletions ? */ 116 117 struct isakmpsa *proposal; /* proposal list */ 118 struct remoteconf *inherited_from; /* the original rmconf 119 from which this one 120 was inherited */ 121 struct proposalspec *prhead; 122 123 struct genlist *rsa_private, /* lists of PlainRSA keys to use */ 124 *rsa_public; 125 126#ifdef ENABLE_HYBRID 127 struct xauth_rmconf *xauth; 128#endif 129 130 TAILQ_ENTRY(remoteconf) chain; /* next remote conf */ 131}; 132 133struct dhgroup; 134 135/* ISAKMP SA specification */ 136struct isakmpsa { 137 int prop_no; 138 int trns_no; 139 time_t lifetime; 140 size_t lifebyte; 141 int enctype; 142 int encklen; 143 int authmethod; 144 int hashtype; 145 int vendorid; 146#ifdef HAVE_GSSAPI 147 vchar_t *gssid; 148#endif 149 int dh_group; /* don't use it if aggressive mode */ 150 struct dhgroup *dhgrp; /* don't use it if aggressive mode */ 151 152 struct isakmpsa *next; /* next transform */ 153 struct remoteconf *rmconf; /* backpointer to remoteconf */ 154}; 155 156struct idspec { 157 int idtype; /* identifier type */ 158 vchar_t *id; /* identifier */ 159}; 160 161typedef struct remoteconf * (rmconf_func_t)(struct remoteconf *rmconf, void *data); 162 163extern struct remoteconf *getrmconf __P((struct sockaddr *)); 164extern struct remoteconf *getrmconf_strict 165 __P((struct sockaddr *remote, int allow_anon)); 166extern struct remoteconf *copyrmconf __P((struct sockaddr *)); 167extern struct remoteconf *newrmconf __P((void)); 168extern struct remoteconf *duprmconf __P((struct remoteconf *)); 169extern void delrmconf __P((struct remoteconf *)); 170extern void delisakmpsa __P((struct isakmpsa *)); 171extern void deletypes __P((struct etypes *)); 172extern struct etypes * dupetypes __P((struct etypes *)); 173extern void insrmconf __P((struct remoteconf *)); 174extern void remrmconf __P((struct remoteconf *)); 175extern void flushrmconf __P((void)); 176extern void initrmconf __P((void)); 177extern void save_rmconf __P((void)); 178extern void save_rmconf_flush __P((void)); 179 180extern struct etypes *check_etypeok 181 __P((struct remoteconf *, u_int8_t)); 182extern struct remoteconf *foreachrmconf __P((rmconf_func_t rmconf_func, 183 void *data)); 184 185extern struct isakmpsa *newisakmpsa __P((void)); 186extern struct isakmpsa *dupisakmpsa __P((struct isakmpsa *)); 187 188extern void insisakmpsa __P((struct isakmpsa *, struct remoteconf *)); 189 190extern void dumprmconf __P((void)); 191 192extern struct idspec *newidspec __P((void)); 193 194extern vchar_t *script_path_add __P((vchar_t *)); 195 196#endif /* _REMOTECONF_H */ 197