1 files changed, 222 insertions, 0 deletions
diff --git a/ipsec-tools/src/racoon/isakmp_cfg.h b/ipsec-tools/src/racoon/isakmp_cfg.h
new file mode 100644
index 00000000..63fe4594
--- /dev/null
+++ b/ipsec-tools/src/racoon/isakmp_cfg.h
@@ -0,0 +1,222 @@
+/*	$NetBSD: isakmp_cfg.h,v 1.6 2006/09/09 16:22:09 manu Exp $	*/
+
+/*	$KAME$ */
+
+/*
+ * Copyright (C) 2004 Emmanuel Dreyfus
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the project nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_LIBPAM
+#include <security/pam_appl.h>
+#endif
+
+/* 
+ * XXX don't forget to update 
+ * src/racoon/handler.c:exclude_cfg_addr()
+ * if you add IPv6 capability
+ */
+
+/* Attribute types */
+#define INTERNAL_IP4_ADDRESS        1
+#define INTERNAL_IP4_NETMASK        2
+#define INTERNAL_IP4_DNS            3
+#define INTERNAL_IP4_NBNS           4
+#define INTERNAL_ADDRESS_EXPIRY     5
+#define INTERNAL_IP4_DHCP           6
+#define APPLICATION_VERSION         7
+#define INTERNAL_IP6_ADDRESS        8
+#define INTERNAL_IP6_NETMASK        9
+#define INTERNAL_IP6_DNS           10
+#define INTERNAL_IP6_NBNS          11
+#define INTERNAL_IP6_DHCP          12
+#define INTERNAL_IP4_SUBNET        13
+#define SUPPORTED_ATTRIBUTES       14
+#define INTERNAL_IP6_SUBNET        15
+
+/* For APPLICATION_VERSION */
+#define ISAKMP_CFG_RACOON_VERSION "racoon / IPsec-tools"
+
+/* For the wins servers -- XXX find the value somewhere ? */
+#define MAXWINS 4
+
+/* 
+ * Global configuration for ISAKMP mode confiration address allocation 
+ * Read from the mode_cfg section of racoon.conf
+ */
+struct isakmp_cfg_port {
+	char	used;
+#ifdef HAVE_LIBPAM
+	pam_handle_t *pam;
+#endif
+};
+
+struct isakmp_cfg_config {
+	in_addr_t		network4;
+	in_addr_t		netmask4;
+	in_addr_t		dns4[MAXNS];
+	int			dns4_index;
+	in_addr_t		nbns4[MAXWINS];
+	int			nbns4_index;
+	struct isakmp_cfg_port 	*port_pool;
+	int			authsource;
+	int			groupsource;
+	char			**grouplist;
+	int			groupcount;
+	int			confsource;
+	int			accounting;
+	size_t			pool_size;
+	int			auth_throttle;
+	/* XXX move this to a unity specific sub-structure */
+	char			default_domain[MAXPATHLEN + 1];
+	char			motd[MAXPATHLEN + 1];
+	struct unity_netentry	*splitnet_list;
+	int			splitnet_count;
+	int			splitnet_type;
+	char 			*splitdns_list;
+	int			splitdns_len;
+	int			pfs_group;
+	int			save_passwd;
+};
+
+/* For utmp updating */
+#define TERMSPEC	"vpn%d"
+
+/* For authsource */
+#define ISAKMP_CFG_AUTH_SYSTEM	0
+#define ISAKMP_CFG_AUTH_RADIUS	1
+#define ISAKMP_CFG_AUTH_PAM	2
+#define ISAKMP_CFG_AUTH_LDAP	4
+
+/* For groupsource */
+#define ISAKMP_CFG_GROUP_SYSTEM	0
+#define ISAKMP_CFG_GROUP_LDAP	1
+
+/* For confsource */
+#define ISAKMP_CFG_CONF_LOCAL	0
+#define ISAKMP_CFG_CONF_RADIUS	1
+#define ISAKMP_CFG_CONF_LDAP	2
+
+/* For accounting */
+#define ISAKMP_CFG_ACCT_NONE	0
+#define ISAKMP_CFG_ACCT_RADIUS	1
+#define ISAKMP_CFG_ACCT_PAM	2
+#define ISAKMP_CFG_ACCT_LDAP	3
+#define ISAKMP_CFG_ACCT_SYSTEM	4
+
+/* For pool_size */
+#define ISAKMP_CFG_MAX_CNX	255
+
+/* For motd */
+#define ISAKMP_CFG_MOTD	"/etc/motd"
+
+/* For default domain */
+#define ISAKMP_CFG_DEFAULT_DOMAIN ""
+
+extern struct isakmp_cfg_config isakmp_cfg_config;
+
+/*
+ * ISAKMP mode config state 
+ */
+#define LOGINLEN 31
+struct isakmp_cfg_state {
+	int flags;			/* See below */
+	unsigned int port;		/* address index */
+	char login[LOGINLEN + 1];	/* login */
+	struct in_addr addr4;		/* IPv4 address */
+	struct in_addr mask4;		/* IPv4 netmask */
+	struct in_addr dns4[MAXNS];	/* IPv4 DNS (when client only) */
+	int dns4_index;			/* Number of IPv4 DNS (client only) */
+	struct in_addr wins4[MAXWINS];	/* IPv4 WINS (when client only) */
+	int wins4_index;		/* Number of IPv4 WINS (client only) */
+	char default_domain[MAXPATHLEN + 1];	/* Default domain recieved */
+	struct unity_netentry 
+	    *split_include; 		/* UNITY_SPLIT_INCLUDE */
+	int include_count;		/* Number of SPLIT_INCLUDES */
+	struct unity_netentry 
+	    *split_local;		/* UNITY_LOCAL_LAN */
+	int local_count;		/* Number of SPLIT_LOCAL */
+	struct xauth_state xauth;	/* Xauth state, if revelant */		
+	struct isakmp_ivm *ivm;		/* XXX Use iph1's ivm? */
+	u_int32_t last_msgid;           /* Last message-ID */
+};
+
+/* flags */
+#define ISAKMP_CFG_VENDORID_XAUTH	0x01	/* Supports Xauth */
+#define ISAKMP_CFG_VENDORID_UNITY	0x02	/* Cisco Unity compliant */
+#define ISAKMP_CFG_PORT_ALLOCATED	0x04	/* Port allocated */
+#define ISAKMP_CFG_ADDR4_EXTERN		0x08	/* Address from external config  */
+#define ISAKMP_CFG_MASK4_EXTERN		0x10	/* Netmask from external config */
+#define ISAKMP_CFG_ADDR4_LOCAL		0x20	/* Address from local pool */
+#define ISAKMP_CFG_MASK4_LOCAL		0x40	/* Netmask from local pool */
+#define ISAKMP_CFG_GOT_ADDR4		0x80	/* Client got address */
+#define ISAKMP_CFG_GOT_MASK4		0x100	/* Client got mask */
+#define ISAKMP_CFG_GOT_DNS4		0x200	/* Client got DNS */
+#define ISAKMP_CFG_GOT_WINS4		0x400	/* Client got WINS */
+#define ISAKMP_CFG_DELETE_PH1		0x800	/* phase 1 should be deleted */
+#define ISAKMP_CFG_GOT_DEFAULT_DOMAIN	0x1000	/* Client got default domain */
+#define ISAKMP_CFG_GOT_SPLIT_INCLUDE	0x2000	/* Client got a split network config */
+#define ISAKMP_CFG_GOT_SPLIT_LOCAL	0x4000	/* Client got a split LAN config */
+
+struct isakmp_pl_attr;
+struct ph1handle;
+struct isakmp_ivm;
+void isakmp_cfg_r(struct ph1handle *, vchar_t *);
+int isakmp_cfg_attr_r(struct ph1handle *, u_int32_t, struct isakmp_pl_attr *);
+int isakmp_cfg_reply(struct ph1handle *, struct isakmp_pl_attr *);
+int isakmp_cfg_request(struct ph1handle *, struct isakmp_pl_attr *);
+int isakmp_cfg_set(struct ph1handle *, struct isakmp_pl_attr *);
+int isakmp_cfg_send(struct ph1handle *, vchar_t *, u_int32_t, int, int);
+struct isakmp_ivm *isakmp_cfg_newiv(struct ph1handle *, u_int32_t);
+void isakmp_cfg_rmstate(struct ph1handle *);
+struct isakmp_cfg_state *isakmp_cfg_mkstate(void);
+vchar_t *isakmp_cfg_copy(struct ph1handle *, struct isakmp_data *);
+vchar_t *isakmp_cfg_short(struct ph1handle *, struct isakmp_data *, int);
+vchar_t *isakmp_cfg_varlen(struct ph1handle *, struct isakmp_data *, char *, size_t);
+vchar_t *isakmp_cfg_string(struct ph1handle *, struct isakmp_data *, char *);
+int isakmp_cfg_getconfig(struct ph1handle *);
+int isakmp_cfg_setenv(struct ph1handle *, char ***, int *);
+
+int isakmp_cfg_resize_pool(int);
+int isakmp_cfg_getport(struct ph1handle *);
+int isakmp_cfg_putport(struct ph1handle *, unsigned int);
+int isakmp_cfg_init(int);
+#define ISAKMP_CFG_INIT_COLD	1
+#define ISAKMP_CFG_INIT_WARM	0
+
+#ifdef HAVE_LIBRADIUS
+struct rad_handle;
+extern struct rad_handle *radius_acct_state;
+int isakmp_cfg_radius_common(struct rad_handle *, int); 
+#endif
+
+#ifdef HAVE_LIBPAM
+int isakmp_cfg_accounting_pam(int, int);
+void cleanup_pam(int);
+#endif
+
+int isakmp_cfg_accounting_system(int, struct sockaddr *, char *, int);