src/racoon/isakmp_xauth.h - platform/external/ipsec-tools - Git at Google

 /*	$NetBSD: isakmp_xauth.h,v 1.4 2006/09/09 16:22:09 manu Exp $	*/

 /*	$KAME$ */

 /*
  * Copyright (C) 2004 Emmanuel Dreyfus
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
  * 1. Redistributions of source code must retain the above copyright
  *    notice, this list of conditions and the following disclaimer.
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in the
  *    documentation and/or other materials provided with the distribution.
  * 3. Neither the name of the project nor the names of its contributors
  *    may be used to endorse or promote products derived from this software
  *    without specific prior written permission.
  *
  * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  * ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  */

 #ifndef _ISAKMP_XAUTH_H
 #define _ISAKMP_XAUTH_H

 /* ISAKMP mode config attribute types specific to the Xauth vendor ID */
 #define	XAUTH_TYPE                16520
 #define	XAUTH_USER_NAME           16521
 #define	XAUTH_USER_PASSWORD       16522
 #define	XAUTH_PASSCODE            16523
 #define	XAUTH_MESSAGE             16524
 #define	XAUTH_CHALLENGE           16525
 #define	XAUTH_DOMAIN              16526
 #define	XAUTH_STATUS              16527
 #define	XAUTH_NEXT_PIN            16528
 #define	XAUTH_ANSWER              16529

 /* Types for XAUTH_TYPE */
 #define	XAUTH_TYPE_GENERIC 	0
 #define	XAUTH_TYPE_CHAP    	1
 #define	XAUTH_TYPE_OTP     	2
 #define	XAUTH_TYPE_SKEY    	3

 /* Values for XAUTH_STATUS */
 #define	XAUTH_STATUS_FAIL       0
 #define	XAUTH_STATUS_OK         1

 /* For phase 1 Xauth status */
 struct xauth_state {
 	int status; /* authentication status, used only on server side */
 	int vendorid;
 	int authtype;
 	union {
 		struct authgeneric {
 			char *usr;
 			char *pwd;
 		} generic;
 	} authdata;
 #ifdef HAVE_LIBLDAP
 	char *udn; /* ldap user dn */
 #endif
 };

 /* What's been sent */
 #define XAUTH_SENT_USERNAME 1
 #define XAUTH_SENT_PASSWORD 2
 #define XAUTH_SENT_EVERYTHING (XAUTH_SENT_USERNAME | XAUTH_SENT_PASSWORD)

 /* For rmconf Xauth data */
 struct xauth_rmconf {
 	vchar_t *login;	/* xauth login */
 	vchar_t *pass;	/* xauth password */
 	int state;      /* what's been sent */
 };

 /* status */
 #define XAUTHST_NOTYET	0
 #define XAUTHST_REQSENT	1
 #define XAUTHST_OK	2

 struct xauth_reply_arg {
 	isakmp_index index;
 	int port;
 	int id;
 	int res;
 };

 struct ph1handle;
 struct isakmp_data;
 void xauth_sendreq(struct ph1handle *);
 int xauth_attr_reply(struct ph1handle *, struct isakmp_data *, int);
 int xauth_login_system(char *, char *);
 void xauth_sendstatus(struct ph1handle *, int, int);
 int xauth_check(struct ph1handle *);
 int group_check(struct ph1handle *, char **, int);
 vchar_t *isakmp_xauth_req(struct ph1handle *, struct isakmp_data *);
 vchar_t *isakmp_xauth_set(struct ph1handle *, struct isakmp_data *);
 void xauth_rmstate(struct xauth_state *);
 void xauth_reply_stub(void *);
 int xauth_reply(struct ph1handle *, int, int, int);
 int xauth_rmconf_used(struct xauth_rmconf **);
 void xauth_rmconf_delete(struct xauth_rmconf **);

 #ifdef HAVE_LIBRADIUS
 int xauth_login_radius(struct ph1handle *, char *, char *);
 int xauth_radius_init(void);
 #endif

 #ifdef HAVE_LIBPAM
 int xauth_login_pam(int, struct sockaddr *, char *, char *);
 #endif

 #ifdef HAVE_LIBLDAP

 #define LDAP_DFLT_HOST		"localhost"
 #define LDAP_DFLT_USER		"cn"
 #define LDAP_DFLT_ADDR		"racoon-address"
 #define LDAP_DFLT_MASK		"racoon-netmask"
 #define LDAP_DFLT_GROUP		"cn"
 #define LDAP_DFLT_MEMBER	"member"

 struct xauth_ldap_config {
 	int		pver;
 	vchar_t 	*host;
 	int		port;
 	vchar_t		*base;
 	int		subtree;
 	vchar_t		*bind_dn;
 	vchar_t		*bind_pw;
 	int		auth_type;
 	vchar_t		*attr_user;
 	vchar_t		*attr_addr;
 	vchar_t		*attr_mask;
 	vchar_t		*attr_group;
 	vchar_t		*attr_member;
 };

 extern struct xauth_ldap_config xauth_ldap_config;

 int xauth_ldap_init(void);
 int xauth_login_ldap(struct ph1handle *, char *, char *);
 #endif

 #endif /* _ISAKMP_XAUTH_H */
	/* $NetBSD: isakmp_xauth.h,v 1.4 2006/09/09 16:22:09 manu Exp $ */

	/* $KAME$ */

	/*
	* Copyright (C) 2004 Emmanuel Dreyfus
	* All rights reserved.
	*
	* Redistribution and use in source and binary forms, with or without
	* modification, are permitted provided that the following conditions
	* are met:
	* 1. Redistributions of source code must retain the above copyright
	* notice, this list of conditions and the following disclaimer.
	* 2. Redistributions in binary form must reproduce the above copyright
	* notice, this list of conditions and the following disclaimer in the
	* documentation and/or other materials provided with the distribution.
	* 3. Neither the name of the project nor the names of its contributors
	* may be used to endorse or promote products derived from this software
	* without specific prior written permission.
	*
	* THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
	* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
	* ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
	* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
	* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
	* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
	* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
	* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
	* SUCH DAMAGE.
	*/

	#ifndef _ISAKMP_XAUTH_H
	#define _ISAKMP_XAUTH_H

	/* ISAKMP mode config attribute types specific to the Xauth vendor ID */
	#define XAUTH_TYPE 16520
	#define XAUTH_USER_NAME 16521
	#define XAUTH_USER_PASSWORD 16522
	#define XAUTH_PASSCODE 16523
	#define XAUTH_MESSAGE 16524
	#define XAUTH_CHALLENGE 16525
	#define XAUTH_DOMAIN 16526
	#define XAUTH_STATUS 16527
	#define XAUTH_NEXT_PIN 16528
	#define XAUTH_ANSWER 16529

	/* Types for XAUTH_TYPE */
	#define XAUTH_TYPE_GENERIC 0
	#define XAUTH_TYPE_CHAP 1
	#define XAUTH_TYPE_OTP 2
	#define XAUTH_TYPE_SKEY 3

	/* Values for XAUTH_STATUS */
	#define XAUTH_STATUS_FAIL 0
	#define XAUTH_STATUS_OK 1

	/* For phase 1 Xauth status */
	struct xauth_state {
	int status; /* authentication status, used only on server side */
	int vendorid;
	int authtype;
	union {
	struct authgeneric {
	char *usr;
	char *pwd;
	} generic;
	} authdata;
	#ifdef HAVE_LIBLDAP
	char udn; / ldap user dn */
	#endif
	};

	/* What's been sent */
	#define XAUTH_SENT_USERNAME 1
	#define XAUTH_SENT_PASSWORD 2
	#define XAUTH_SENT_EVERYTHING (XAUTH_SENT_USERNAME \| XAUTH_SENT_PASSWORD)

	/* For rmconf Xauth data */
	struct xauth_rmconf {
	vchar_t login; / xauth login */
	vchar_t pass; / xauth password */
	int state; /* what's been sent */
	};

	/* status */
	#define XAUTHST_NOTYET 0
	#define XAUTHST_REQSENT 1
	#define XAUTHST_OK 2

	struct xauth_reply_arg {
	isakmp_index index;
	int port;
	int id;
	int res;
	};

	struct ph1handle;
	struct isakmp_data;
	void xauth_sendreq(struct ph1handle *);
	int xauth_attr_reply(struct ph1handle , struct isakmp_data , int);
	int xauth_login_system(char , char );
	void xauth_sendstatus(struct ph1handle *, int, int);
	int xauth_check(struct ph1handle *);
	int group_check(struct ph1handle , char *, int);
	vchar_t isakmp_xauth_req(struct ph1handle , struct isakmp_data *);
	vchar_t isakmp_xauth_set(struct ph1handle , struct isakmp_data *);
	void xauth_rmstate(struct xauth_state *);
	void xauth_reply_stub(void *);
	int xauth_reply(struct ph1handle *, int, int, int);
	int xauth_rmconf_used(struct xauth_rmconf **);
	void xauth_rmconf_delete(struct xauth_rmconf **);

	#ifdef HAVE_LIBRADIUS
	int xauth_login_radius(struct ph1handle , char , char *);
	int xauth_radius_init(void);
	#endif

	#ifdef HAVE_LIBPAM
	int xauth_login_pam(int, struct sockaddr , char , char *);
	#endif

	#ifdef HAVE_LIBLDAP

	#define LDAP_DFLT_HOST "localhost"
	#define LDAP_DFLT_USER "cn"
	#define LDAP_DFLT_ADDR "racoon-address"
	#define LDAP_DFLT_MASK "racoon-netmask"
	#define LDAP_DFLT_GROUP "cn"
	#define LDAP_DFLT_MEMBER "member"

	struct xauth_ldap_config {
	int pver;
	vchar_t *host;
	int port;
	vchar_t *base;
	int subtree;
	vchar_t *bind_dn;
	vchar_t *bind_pw;
	int auth_type;
	vchar_t *attr_user;
	vchar_t *attr_addr;
	vchar_t *attr_mask;
	vchar_t *attr_group;
	vchar_t *attr_member;
	};

	extern struct xauth_ldap_config xauth_ldap_config;

	int xauth_ldap_init(void);
	int xauth_login_ldap(struct ph1handle , char , char *);
	#endif

	#endif /* _ISAKMP_XAUTH_H */