1 /* $NetBSD: isakmp_xauth.h,v 1.10 2020/11/25 18:11:00 bouyer Exp $ */ 2 3 /* $KAME$ */ 4 5 /* 6 * Copyright (C) 2004 Emmanuel Dreyfus 7 * All rights reserved. 8 * 9 * Redistribution and use in source and binary forms, with or without 10 * modification, are permitted provided that the following conditions 11 * are met: 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 2. Redistributions in binary form must reproduce the above copyright 15 * notice, this list of conditions and the following disclaimer in the 16 * documentation and/or other materials provided with the distribution. 17 * 3. Neither the name of the project nor the names of its contributors 18 * may be used to endorse or promote products derived from this software 19 * without specific prior written permission. 20 * 21 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 24 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31 * SUCH DAMAGE. 32 */ 33 34 #ifndef _ISAKMP_XAUTH_H 35 #define _ISAKMP_XAUTH_H 36 37 #include "schedule.h" 38 39 /* ISAKMP mode config attribute types specific to the Xauth vendor ID */ 40 #define XAUTH_TYPE 16520 41 #define XAUTH_USER_NAME 16521 42 #define XAUTH_USER_PASSWORD 16522 43 #define XAUTH_PASSCODE 16523 44 #define XAUTH_MESSAGE 16524 45 #define XAUTH_CHALLENGE 16525 46 #define XAUTH_DOMAIN 16526 47 #define XAUTH_STATUS 16527 48 #define XAUTH_NEXT_PIN 16528 49 #define XAUTH_ANSWER 16529 50 51 /* Types for XAUTH_TYPE */ 52 #define XAUTH_TYPE_GENERIC 0 53 #define XAUTH_TYPE_CHAP 1 54 #define XAUTH_TYPE_OTP 2 55 #define XAUTH_TYPE_SKEY 3 56 57 /* Values for XAUTH_STATUS */ 58 #define XAUTH_STATUS_FAIL 0 59 #define XAUTH_STATUS_OK 1 60 61 /* For phase 1 Xauth status */ 62 struct xauth_state { 63 int status; /* authentication status, used only on server side */ 64 int vendorid; 65 int authtype; 66 union { 67 struct authgeneric { 68 char *usr; 69 char *pwd; 70 } generic; 71 } authdata; 72 #ifdef HAVE_LIBLDAP 73 char *udn; /* ldap user dn */ 74 #endif 75 }; 76 77 /* What's been sent */ 78 #define XAUTH_SENT_USERNAME 1 79 #define XAUTH_SENT_PASSWORD 2 80 #define XAUTH_SENT_EVERYTHING (XAUTH_SENT_USERNAME | XAUTH_SENT_PASSWORD) 81 82 /* For rmconf Xauth data */ 83 struct xauth_rmconf { 84 vchar_t *login; /* xauth login */ 85 vchar_t *pass; /* xauth password */ 86 int state; /* what's been sent */ 87 }; 88 89 /* status */ 90 #define XAUTHST_NOTYET 0 91 #define XAUTHST_REQSENT 1 92 #define XAUTHST_OK 2 93 94 struct xauth_reply_arg { 95 struct sched sc; 96 isakmp_index index; 97 int port; 98 int id; 99 int res; 100 }; 101 102 struct ph1handle; 103 struct isakmp_data; 104 void xauth_sendreq(struct ph1handle *); 105 int xauth_attr_reply(struct ph1handle *, struct isakmp_data *, int); 106 int xauth_login_system(char *, char *); 107 void xauth_sendstatus(struct ph1handle *, int, int); 108 int xauth_check(struct ph1handle *); 109 int group_check(struct ph1handle *, char **, int); 110 vchar_t *isakmp_xauth_req(struct ph1handle *, struct isakmp_data *); 111 vchar_t *isakmp_xauth_set(struct ph1handle *, struct isakmp_data *); 112 void xauth_rmstate(struct xauth_state *); 113 void xauth_reply_stub(struct sched *); 114 int xauth_reply(struct ph1handle *, int, int, int); 115 int xauth_rmconf_used(struct xauth_rmconf **); 116 void xauth_rmconf_delete(struct xauth_rmconf **); 117 struct xauth_rmconf * xauth_rmconf_dup(struct xauth_rmconf *); 118 119 #ifdef HAVE_LIBPAM 120 int xauth_login_pam(int, struct sockaddr *, char *, char *); 121 #endif 122 123 #ifdef HAVE_LIBRADIUS 124 125 #define RADIUS_MAX_SERVERS 5 126 127 struct rad_serv { 128 vchar_t *host; 129 int port; 130 vchar_t *secret; 131 }; 132 133 struct xauth_rad_config { 134 struct rad_serv auth_server_list[RADIUS_MAX_SERVERS]; 135 int auth_server_count; 136 struct rad_serv acct_server_list[RADIUS_MAX_SERVERS]; 137 int acct_server_count; 138 int timeout; 139 int retries; 140 }; 141 142 extern struct xauth_rad_config xauth_rad_config; 143 144 int xauth_radius_init_conf(int free); 145 int xauth_radius_init(void); 146 int xauth_login_radius(struct ph1handle *, char *, char *); 147 148 #endif 149 150 #ifdef HAVE_LIBLDAP 151 152 #define LDAP_DFLT_HOST "localhost" 153 #define LDAP_DFLT_USER "cn" 154 #define LDAP_DFLT_ADDR "racoon-address" 155 #define LDAP_DFLT_MASK "racoon-netmask" 156 #define LDAP_DFLT_GROUP "cn" 157 #define LDAP_DFLT_MEMBER "member" 158 159 struct xauth_ldap_config { 160 int pver; 161 int debug; 162 int timeout; 163 vchar_t *uri; 164 vchar_t *host; 165 int port; 166 int tls; 167 vchar_t *base; 168 int subtree; 169 vchar_t *bind_dn; 170 vchar_t *bind_pw; 171 int auth_type; 172 vchar_t *attr_user; 173 vchar_t *attr_addr; 174 vchar_t *attr_mask; 175 vchar_t *attr_group; 176 vchar_t *attr_member; 177 }; 178 179 extern struct xauth_ldap_config xauth_ldap_config; 180 181 int xauth_ldap_init_conf(void); 182 int xauth_login_ldap(struct ph1handle *, char *, char *); 183 184 #endif 185 186 #endif /* _ISAKMP_XAUTH_H */ 187