1 /*
2  * Copyright (C) 2016 Red Hat, Inc.
3  *
4  * Author: Nikos Mavrogiannopoulos
5  *
6  * This file is part of ocserv.
7  *
8  * ocserv is free software; you can redistribute it and/or
9  * modify it under the terms of the GNU Lesser General Public License
10  * as published by the Free Software Foundation; either version 2.1 of
11  * the License, or (at your option) any later version.
12  *
13  * This library is distributed in the hope that it will be useful, but
14  * WITHOUT ANY WARRANTY; without even the implied warranty of
15  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
16  * Lesser General Public License for more details.
17  *
18  * You should have received a copy of the GNU Lesser General Public License
19  * along with this program.  If not, see <http://www.gnu.org/licenses/>
20  */
21 #ifndef DEFS_H
22 #define DEFS_H
23 
24 #include <syslog.h>
25 
26 /* syslog value extensions */
27 #define LOG_HTTP_DEBUG 2048
28 #define LOG_TRANSFER_DEBUG 2049
29 #define LOG_SENSITIVE 2050
30 
31 
32 /* User Disconnect reasons (must be > 0) */
33 #define REASON_ANY 1
34 #define REASON_USER_DISCONNECT 2
35 #define REASON_SERVER_DISCONNECT 3
36 #define REASON_IDLE_TIMEOUT 4
37 #define REASON_DPD_TIMEOUT 5
38 #define REASON_ERROR 6
39 #define REASON_SESSION_TIMEOUT 7
40 #define REASON_TEMP_DISCONNECT 8
41 #define REASON_HEALTH_PROBE 9
42 
43 /* Timeout (secs) for communication between main and sec-mod */
44 #define MAIN_SEC_MOD_TIMEOUT 120
45 #define MAX_WAIT_SECS 3
46 
47 /* Debug definitions for logger */
48 #define DEBUG_BASIC 1
49 #define DEBUG_INFO  2
50 #define DEBUG_DEBUG 3
51 #define DEBUG_HTTP  4
52 #define DEBUG_TRANSFERRED 5
53 #define DEBUG_SENSITIVE 8
54 #define DEBUG_TLS   9
55 
56 /* Authentication states */
57 enum {
58 	PS_AUTH_INACTIVE, /* no comm with worker */
59 	PS_AUTH_FAILED, /* tried authentication but failed */
60 	PS_AUTH_INIT, /* worker has sent an auth init msg */
61 	PS_AUTH_CONT, /* worker has sent an auth cont msg */
62 	PS_AUTH_COMPLETED /* successful authentication */
63 };
64 
65 /* IPC protocol commands */
66 typedef enum {
67 	AUTH_COOKIE_REP = 2,
68 	AUTH_COOKIE_REQ = 4,
69 	RESUME_STORE_REQ = 6,
70 	RESUME_DELETE_REQ = 7,
71 	RESUME_FETCH_REQ = 8,
72 	RESUME_FETCH_REP = 9,
73 	CMD_UDP_FD = 10,
74 	CMD_TUN_MTU = 11,
75 	CMD_TERMINATE = 12,
76 	CMD_SESSION_INFO = 13,
77 	CMD_BAN_IP = 16,
78 	CMD_BAN_IP_REPLY = 17,
79 	CMD_LATENCY_STATS_DELTA = 18,
80 
81 	/* from worker to sec-mod */
82 	CMD_SEC_AUTH_INIT = 120,
83 	CMD_SEC_AUTH_CONT,
84 	CMD_SEC_AUTH_REPLY,
85 	CMD_SEC_DECRYPT,
86 	CMD_SEC_SIGN,
87 	CMD_SEC_SIGN_DATA,
88 	CMD_SEC_SIGN_HASH,
89 	CMD_SEC_GET_PK,
90 	CMD_SEC_CLI_STATS,
91 
92 	/* from main to sec-mod and vice versa */
93 	MIN_SECM_CMD=239,
94 	CMD_SECM_SESSION_OPEN, /* sync: reply is CMD_SECM_SESSION_REPLY */
95 	CMD_SECM_SESSION_CLOSE, /* sync: reply is CMD_SECM_CLI_STATS */
96 	CMD_SECM_SESSION_REPLY,
97 	CMD_SECM_BAN_IP,
98 	CMD_SECM_BAN_IP_REPLY,
99 	CMD_SECM_CLI_STATS,
100 	CMD_SECM_LIST_COOKIES,
101 	CMD_SECM_LIST_COOKIES_REPLY,
102 	CMD_SECM_STATS, /* sent periodically */
103 	CMD_SECM_RELOAD,
104 	CMD_SECM_RELOAD_REPLY,
105 
106 	MAX_SECM_CMD,
107 } cmd_request_t;
108 
109 /* Error codes */
110 #define ERR_SUCCESS 0
111 #define ERR_BAD_COMMAND -2
112 #define ERR_AUTH_FAIL -3
113 #define ERR_AUTH_CONTINUE -4
114 #define ERR_WAIT_FOR_SCRIPT -5
115 #define ERR_MEM -6
116 #define ERR_READ_CONFIG -7
117 #define ERR_NO_IP -8
118 #define ERR_PARSING -9
119 #define ERR_EXEC -10
120 #define ERR_PEER_TERMINATED -11
121 #define ERR_CTL -12
122 #define ERR_NO_CMD_FD -13
123 
124 #define ERR_WORKER_TERMINATED ERR_PEER_TERMINATED
125 
126 #endif
127