#ifndef _ISAKMP_XAUTH_H
#define _ISAKMP_XAUTH_H
#define XAUTH_TYPE 16520
#define XAUTH_USER_NAME 16521
#define XAUTH_USER_PASSWORD 16522
#define XAUTH_PASSCODE 16523
#define XAUTH_MESSAGE 16524
#define XAUTH_CHALLENGE 16525
#define XAUTH_DOMAIN 16526
#define XAUTH_STATUS 16527
#define XAUTH_NEXT_PIN 16528
#define XAUTH_ANSWER 16529
#define XAUTH_TYPE_GENERIC 0
#define XAUTH_TYPE_CHAP 1
#define XAUTH_TYPE_OTP 2
#define XAUTH_TYPE_SKEY 3
#define XAUTH_STATUS_FAIL 0
#define XAUTH_STATUS_OK 1
struct xauth_state {
int status;
int vendorid;
int authtype;
union {
struct authgeneric {
char *usr;
char *pwd;
} generic;
} authdata;
#ifdef HAVE_LIBLDAP
char *udn;
#endif
};
#define XAUTH_SENT_USERNAME 1
#define XAUTH_SENT_PASSWORD 2
#define XAUTH_SENT_EVERYTHING (XAUTH_SENT_USERNAME | XAUTH_SENT_PASSWORD)
struct xauth_rmconf {
vchar_t *login;
vchar_t *pass;
int state;
};
#define XAUTHST_NOTYET 0
#define XAUTHST_REQSENT 1
#define XAUTHST_OK 2
struct xauth_reply_arg {
isakmp_index index;
int port;
int id;
int res;
};
struct ph1handle;
struct isakmp_data;
void xauth_sendreq(struct ph1handle *);
int xauth_attr_reply(struct ph1handle *, struct isakmp_data *, int);
int xauth_login_system(char *, char *);
void xauth_sendstatus(struct ph1handle *, int, int);
int xauth_check(struct ph1handle *);
int group_check(struct ph1handle *, char **, int);
vchar_t *isakmp_xauth_req(struct ph1handle *, struct isakmp_data *);
vchar_t *isakmp_xauth_set(struct ph1handle *, struct isakmp_data *);
void xauth_rmstate(struct xauth_state *);
void xauth_reply_stub(void *);
int xauth_reply(struct ph1handle *, int, int, int);
int xauth_rmconf_used(struct xauth_rmconf **);
void xauth_rmconf_delete(struct xauth_rmconf **);
#ifdef HAVE_LIBRADIUS
int xauth_login_radius(struct ph1handle *, char *, char *);
int xauth_radius_init(void);
#endif
#ifdef HAVE_LIBPAM
int xauth_login_pam(int, struct sockaddr_storage *, char *, char *);
#endif
#ifdef HAVE_LIBLDAP
#define LDAP_DFLT_HOST "localhost"
#define LDAP_DFLT_USER "cn"
#define LDAP_DFLT_ADDR "racoon-address"
#define LDAP_DFLT_MASK "racoon-netmask"
#define LDAP_DFLT_GROUP "cn"
#define LDAP_DFLT_MEMBER "member"
struct xauth_ldap_config {
int pver;
vchar_t *host;
int port;
vchar_t *base;
int subtree;
vchar_t *bind_dn;
vchar_t *bind_pw;
int auth_type;
vchar_t *attr_user;
vchar_t *attr_addr;
vchar_t *attr_mask;
vchar_t *attr_group;
vchar_t *attr_member;
};
extern struct xauth_ldap_config xauth_ldap_config;
int xauth_ldap_init(void);
void xauth_ldap_flush(void);
int xauth_login_ldap(struct ph1handle *, char *, char *);
#endif
#endif