1/*	$NetBSD: isakmp_xauth.h,v 1.4 2006/09/09 16:22:09 manu Exp $	*/
2
3/*	$KAME$ */
4
5/*
6 * Copyright (C) 2004 Emmanuel Dreyfus
7 * All rights reserved.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 * 1. Redistributions of source code must retain the above copyright
13 *    notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright
15 *    notice, this list of conditions and the following disclaimer in the
16 *    documentation and/or other materials provided with the distribution.
17 * 3. Neither the name of the project nor the names of its contributors
18 *    may be used to endorse or promote products derived from this software
19 *    without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 */
33
34#ifndef _ISAKMP_XAUTH_H
35#define _ISAKMP_XAUTH_H
36
37/* ISAKMP mode config attribute types specific to the Xauth vendor ID */
38#define	XAUTH_TYPE                16520
39#define	XAUTH_USER_NAME           16521
40#define	XAUTH_USER_PASSWORD       16522
41#define	XAUTH_PASSCODE            16523
42#define	XAUTH_MESSAGE             16524
43#define	XAUTH_CHALLENGE           16525
44#define	XAUTH_DOMAIN              16526
45#define	XAUTH_STATUS              16527
46#define	XAUTH_NEXT_PIN            16528
47#define	XAUTH_ANSWER              16529
48
49/* Types for XAUTH_TYPE */
50#define	XAUTH_TYPE_GENERIC 	0
51#define	XAUTH_TYPE_CHAP    	1
52#define	XAUTH_TYPE_OTP     	2
53#define	XAUTH_TYPE_SKEY    	3
54
55/* Values for XAUTH_STATUS */
56#define	XAUTH_STATUS_FAIL       0
57#define	XAUTH_STATUS_OK         1
58
59/* For phase 1 Xauth status */
60struct xauth_state {
61	int status; /* authentication status, used only on server side */
62	int vendorid;
63	int authtype;
64	union {
65		struct authgeneric {
66			char *usr;
67			char *pwd;
68		} generic;
69	} authdata;
70#ifdef HAVE_LIBLDAP
71	char *udn; /* ldap user dn */
72#endif
73};
74
75/* What's been sent */
76#define XAUTH_SENT_USERNAME 1
77#define XAUTH_SENT_PASSWORD 2
78#define XAUTH_SENT_EVERYTHING (XAUTH_SENT_USERNAME | XAUTH_SENT_PASSWORD)
79
80/* For rmconf Xauth data */
81struct xauth_rmconf {
82	vchar_t *login;	/* xauth login */
83	vchar_t *pass;	/* xauth password */
84	int state;      /* what's been sent */
85};
86
87/* status */
88#define XAUTHST_NOTYET	0
89#define XAUTHST_REQSENT	1
90#define XAUTHST_OK	2
91
92struct xauth_reply_arg {
93	isakmp_index index;
94	int port;
95	int id;
96	int res;
97};
98
99struct ph1handle;
100struct isakmp_data;
101void xauth_sendreq(struct ph1handle *);
102int xauth_attr_reply(struct ph1handle *, struct isakmp_data *, int);
103int xauth_login_system(char *, char *);
104void xauth_sendstatus(struct ph1handle *, int, int);
105int xauth_check(struct ph1handle *);
106int group_check(struct ph1handle *, char **, int);
107vchar_t *isakmp_xauth_req(struct ph1handle *, struct isakmp_data *);
108vchar_t *isakmp_xauth_set(struct ph1handle *, struct isakmp_data *);
109void xauth_rmstate(struct xauth_state *);
110void xauth_reply_stub(void *);
111int xauth_reply(struct ph1handle *, int, int, int);
112int xauth_rmconf_used(struct xauth_rmconf **);
113void xauth_rmconf_delete(struct xauth_rmconf **);
114
115#ifdef HAVE_LIBRADIUS
116int xauth_login_radius(struct ph1handle *, char *, char *);
117int xauth_radius_init(void);
118#endif
119
120#ifdef HAVE_LIBPAM
121int xauth_login_pam(int, struct sockaddr *, char *, char *);
122#endif
123
124#ifdef HAVE_LIBLDAP
125
126#define LDAP_DFLT_HOST		"localhost"
127#define LDAP_DFLT_USER		"cn"
128#define LDAP_DFLT_ADDR		"racoon-address"
129#define LDAP_DFLT_MASK		"racoon-netmask"
130#define LDAP_DFLT_GROUP		"cn"
131#define LDAP_DFLT_MEMBER	"member"
132
133struct xauth_ldap_config {
134	int		pver;
135	vchar_t 	*host;
136	int		port;
137	vchar_t		*base;
138	int		subtree;
139	vchar_t		*bind_dn;
140	vchar_t		*bind_pw;
141	int		auth_type;
142	vchar_t		*attr_user;
143	vchar_t		*attr_addr;
144	vchar_t		*attr_mask;
145	vchar_t		*attr_group;
146	vchar_t		*attr_member;
147};
148
149extern struct xauth_ldap_config xauth_ldap_config;
150
151int xauth_ldap_init(void);
152int xauth_login_ldap(struct ph1handle *, char *, char *);
153#endif
154
155#endif /* _ISAKMP_XAUTH_H */
156