4 * Copyright (C) 2004 Emmanuel Dreyfus
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 * 3. Neither the name of the project nor the names of its contributors
16 * may be used to endorse or promote products derived from this software
17 * without specific prior written permission.
19 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
20 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
23 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
25 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
26 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
33 * XXX don't forget to update
34 * src/racoon/handler.c:exclude_cfg_addr()
35 * if you add IPv6 capability
39 #define INTERNAL_IP4_ADDRESS 1
40 #define INTERNAL_IP4_NETMASK 2
41 #define INTERNAL_IP4_DNS 3
42 #define INTERNAL_IP4_NBNS 4
43 #define INTERNAL_ADDRESS_EXPIRY 5
44 #define INTERNAL_IP4_DHCP 6
45 #define APPLICATION_VERSION 7
46 #define INTERNAL_IP6_ADDRESS 8
47 #define INTERNAL_IP6_NETMASK 9
48 #define INTERNAL_IP6_DNS 10
49 #define INTERNAL_IP6_NBNS 11
50 #define INTERNAL_IP6_DHCP 12
51 #define INTERNAL_IP4_SUBNET 13
52 #define SUPPORTED_ATTRIBUTES 14
53 #define INTERNAL_IP6_SUBNET 15
55 /* For APPLICATION_VERSION */
56 #define ISAKMP_CFG_RACOON_VERSION "KAME/racoon " \
57 "+ Hybrid auth Patches <manu@netbsd.org>"
60 * Global configuration for ISAKMP mode confiration address allocation
61 * Readen from the mode_cfg section of racoon.conf
63 struct isakmp_cfg_config {
74 char motd[MAXPATHLEN + 1];
78 #define ISAKMP_CFG_AUTH_SYSTEM 0
79 #define ISAKMP_CFG_AUTH_RADIUS 1
82 #define ISAKMP_CFG_CONF_LOCAL 0
83 #define ISAKMP_CFG_CONF_RADIUS 1
86 #define ISAKMP_CFG_ACCT_NONE 0
87 #define ISAKMP_CFG_ACCT_RADIUS 1
90 #define ISAKMP_CFG_MAX_CNX 255
93 #define ISAKMP_CFG_MOTD "/etc/motd"
95 extern struct isakmp_cfg_config isakmp_cfg_config;
98 * ISAKMP mode config state
101 struct isakmp_cfg_state {
102 int flags; /* See below */
103 unsigned int port; /* address index */
104 char login[LOGINLEN + 1]; /* login */
105 struct in_addr addr4; /* IPv4 address */
106 struct in_addr mask4; /* IPv4 netmask */
107 struct in_addr dns4; /* IPv4 DNS (when client only) */
108 struct in_addr wins4; /* IPv4 WINS (when client only) */
109 struct xauth_state xauth; /* Xauth state, if revelant */
110 struct isakmp_ivm *ivm; /* XXX Use iph1's ivm? */
114 #define ISAKMP_CFG_VENDORID_XAUTH 0x01 /* Supports Xauth */
115 #define ISAKMP_CFG_VENDORID_UNITY 0x02 /* Cisco Unity compliant */
116 #define ISAKMP_CFG_PORT_ALLOCATED 0x04 /* Port allocated */
117 #define ISAKMP_CFG_ADDR4_RADIUS 0x08 /* Address from RADIUS */
118 #define ISAKMP_CFG_MASK4_RADIUS 0x10 /* Netmask from RADIUS */
119 #define ISAKMP_CFG_ADDR4_LOCAL 0x20 /* Address from local pool */
120 #define ISAKMP_CFG_MASK4_LOCAL 0x40 /* Netmask from local pool */
121 #define ISAKMP_CFG_GOT_ADDR4 0x80 /* Client got address */
122 #define ISAKMP_CFG_GOT_MASK4 0x100 /* Client got mask */
123 #define ISAKMP_CFG_GOT_DNS4 0x200 /* Client got DNS */
124 #define ISAKMP_CFG_GOT_WINS4 0x400 /* Client got WINS */
125 #define ISAKMP_CFG_DELETE_PH1 0x800 /* phase 1 should be deleted */
127 struct isakmp_pl_attr;
130 void isakmp_cfg_r(struct ph1handle *, vchar_t *);
131 int isakmp_cfg_attr_r(struct ph1handle *, u_int32_t, struct isakmp_pl_attr *);
132 int isakmp_cfg_reply(struct ph1handle *, struct isakmp_pl_attr *);
133 int isakmp_cfg_request(struct ph1handle *, struct isakmp_pl_attr *);
134 int isakmp_cfg_set(struct ph1handle *, struct isakmp_pl_attr *);
135 int isakmp_cfg_send(struct ph1handle *, vchar_t *, u_int32_t, int, int);
136 struct isakmp_ivm *isakmp_cfg_newiv(struct ph1handle *, u_int32_t);
137 void isakmp_cfg_rmstate(struct ph1handle *);
138 struct isakmp_cfg_state *isakmp_cfg_mkstate(void);
139 vchar_t *isakmp_cfg_copy(struct ph1handle *, struct isakmp_data *);
140 vchar_t *isakmp_cfg_short(struct ph1handle *, struct isakmp_data *, int);
141 vchar_t *isakmp_cfg_string(struct ph1handle *, struct isakmp_data *, char *);
142 int isakmp_cfg_getconfig(struct ph1handle *);
143 void isakmp_cfg_setenv(struct ph1handle *);
145 int isakmp_cfg_getport(struct ph1handle *);
146 int isakmp_cfg_putport(struct ph1handle *, unsigned int);
148 #ifdef HAVE_LIBRADIUS
150 int isakmp_cfg_radius_common(struct rad_handle *, int);