Home | History | Annotate | Download | only in racoon 
      1 /*	$NetBSD: isakmp_xauth.h,v 1.4 2006/09/09 16:22:09 manu Exp $	*/
      2 
      3 /*	$KAME$ */
      4 
      5 /*
      6  * Copyright (C) 2004 Emmanuel Dreyfus
      7  * All rights reserved.
      8  *
      9  * Redistribution and use in source and binary forms, with or without
     10  * modification, are permitted provided that the following conditions
     11  * are met:
     12  * 1. Redistributions of source code must retain the above copyright
     13  *    notice, this list of conditions and the following disclaimer.
     14  * 2. Redistributions in binary form must reproduce the above copyright
     15  *    notice, this list of conditions and the following disclaimer in the
     16  *    documentation and/or other materials provided with the distribution.
     17  * 3. Neither the name of the project nor the names of its contributors
     18  *    may be used to endorse or promote products derived from this software
     19  *    without specific prior written permission.
     20  *
     21  * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
     22  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
     23  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
     24  * ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
     25  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
     26  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
     27  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
     28  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
     29  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
     30  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
     31  * SUCH DAMAGE.
     32  */
     33 
     34 #ifndef _ISAKMP_XAUTH_H
     35 #define _ISAKMP_XAUTH_H
     36 
     37 /* ISAKMP mode config attribute types specific to the Xauth vendor ID */
     38 #define	XAUTH_TYPE                16520
     39 #define	XAUTH_USER_NAME           16521
     40 #define	XAUTH_USER_PASSWORD       16522
     41 #define	XAUTH_PASSCODE            16523
     42 #define	XAUTH_MESSAGE             16524
     43 #define	XAUTH_CHALLENGE           16525
     44 #define	XAUTH_DOMAIN              16526
     45 #define	XAUTH_STATUS              16527
     46 #define	XAUTH_NEXT_PIN            16528
     47 #define	XAUTH_ANSWER              16529
     48 
     49 /* Types for XAUTH_TYPE */
     50 #define	XAUTH_TYPE_GENERIC 	0
     51 #define	XAUTH_TYPE_CHAP    	1
     52 #define	XAUTH_TYPE_OTP     	2
     53 #define	XAUTH_TYPE_SKEY    	3
     54 
     55 /* Values for XAUTH_STATUS */
     56 #define	XAUTH_STATUS_FAIL       0
     57 #define	XAUTH_STATUS_OK         1
     58 
     59 /* For phase 1 Xauth status */
     60 struct xauth_state {
     61 	int status; /* authentication status, used only on server side */
     62 	int vendorid;
     63 	int authtype;
     64 	union {
     65 		struct authgeneric {
     66 			char *usr;
     67 			char *pwd;
     68 		} generic;
     69 	} authdata;
     70 #ifdef HAVE_LIBLDAP
     71 	char *udn; /* ldap user dn */
     72 #endif
     73 };
     74 
     75 /* What's been sent */
     76 #define XAUTH_SENT_USERNAME 1
     77 #define XAUTH_SENT_PASSWORD 2
     78 #define XAUTH_SENT_EVERYTHING (XAUTH_SENT_USERNAME | XAUTH_SENT_PASSWORD)
     79 
     80 /* For rmconf Xauth data */
     81 struct xauth_rmconf {
     82 	vchar_t *login;	/* xauth login */
     83 	vchar_t *pass;	/* xauth password */
     84 	int state;      /* what's been sent */
     85 };
     86 
     87 /* status */
     88 #define XAUTHST_NOTYET	0
     89 #define XAUTHST_REQSENT	1
     90 #define XAUTHST_OK	2
     91 
     92 struct xauth_reply_arg {
     93 	isakmp_index index;
     94 	int port;
     95 	int id;
     96 	int res;
     97 };
     98 
     99 struct ph1handle;
    100 struct isakmp_data;
    101 void xauth_sendreq(struct ph1handle *);
    102 int xauth_attr_reply(struct ph1handle *, struct isakmp_data *, int);
    103 int xauth_login_system(char *, char *);
    104 void xauth_sendstatus(struct ph1handle *, int, int);
    105 int xauth_check(struct ph1handle *);
    106 int group_check(struct ph1handle *, char **, int);
    107 vchar_t *isakmp_xauth_req(struct ph1handle *, struct isakmp_data *);
    108 vchar_t *isakmp_xauth_set(struct ph1handle *, struct isakmp_data *);
    109 void xauth_rmstate(struct xauth_state *);
    110 void xauth_reply_stub(void *);
    111 int xauth_reply(struct ph1handle *, int, int, int);
    112 int xauth_rmconf_used(struct xauth_rmconf **);
    113 void xauth_rmconf_delete(struct xauth_rmconf **);
    114 
    115 #ifdef HAVE_LIBRADIUS
    116 int xauth_login_radius(struct ph1handle *, char *, char *);
    117 int xauth_radius_init(void);
    118 #endif
    119 
    120 #ifdef HAVE_LIBPAM
    121 int xauth_login_pam(int, struct sockaddr *, char *, char *);
    122 #endif
    123 
    124 #ifdef HAVE_LIBLDAP
    125 
    126 #define LDAP_DFLT_HOST		"localhost"
    127 #define LDAP_DFLT_USER		"cn"
    128 #define LDAP_DFLT_ADDR		"racoon-address"
    129 #define LDAP_DFLT_MASK		"racoon-netmask"
    130 #define LDAP_DFLT_GROUP		"cn"
    131 #define LDAP_DFLT_MEMBER	"member"
    132 
    133 struct xauth_ldap_config {
    134 	int		pver;
    135 	vchar_t 	*host;
    136 	int		port;
    137 	vchar_t		*base;
    138 	int		subtree;
    139 	vchar_t		*bind_dn;
    140 	vchar_t		*bind_pw;
    141 	int		auth_type;
    142 	vchar_t		*attr_user;
    143 	vchar_t		*attr_addr;
    144 	vchar_t		*attr_mask;
    145 	vchar_t		*attr_group;
    146 	vchar_t		*attr_member;
    147 };
    148 
    149 extern struct xauth_ldap_config xauth_ldap_config;
    150 
    151 int xauth_ldap_init(void);
    152 int xauth_login_ldap(struct ph1handle *, char *, char *);
    153 #endif
    154 
    155 #endif /* _ISAKMP_XAUTH_H */
    156