#ifndef _REMOTECONF_H
#define _REMOTECONF_H
#include <sys/queue.h>
#include "genlist.h"
#ifdef ENABLE_HYBRID
#include "isakmp_var.h"
#include "isakmp_xauth.h"
#endif
#include <CoreFoundation/CFData.h>
#include "algorithm.h"
struct proposalspec {
time_t lifetime;
int lifebyte;
struct secprotospec *spspec;
struct proposalspec *next;
struct proposalspec *prev;
};
struct secprotospec {
int prop_no;
int trns_no;
int strength;
int encklen;
time_t lifetime;
int lifebyte;
int proto_id;
int ipsec_level;
int encmode;
int vendorid;
char *gssid;
struct sockaddr_storage *remote;
int algclass[MAXALGCLASS];
struct secprotospec *next;
struct secprotospec *prev;
struct proposalspec *back;
};
struct etypes {
int type;
struct etypes *next;
};
enum {
DPD_ALGO_DEFAULT = 0,
DPD_ALGO_INBOUND_DETECT,
DPD_ALGO_BLACKHOLE_DETECT,
DPD_ALGO_MAX,
};
#define SCRIPT_PHASE1_UP 0
#define SCRIPT_PHASE1_DOWN 1
#define SCRIPT_MAX 1
extern char *script_names[SCRIPT_MAX + 1];
struct remoteconf {
struct sockaddr_storage *remote;
int remote_prefix;
struct etypes *etypes;
int doitype;
int sittype;
int idvtype;
vchar_t *idv;
vchar_t *key;
struct genlist *idvl_p;
int identity_in_keychain;
vchar_t *keychainCertRef;
int secrettype;
vchar_t *shared_secret;
vchar_t *open_dir_auth_group;
int certtype;
char *mycertfile;
char *myprivfile;
char *peerscertfile;
int getcert_method;
int cacerttype;
char *cacertfile;
int getcacert_method;
int send_cert;
int send_cr;
int verify_cert;
int cert_verification;
int cert_verification_option;
int verify_identifier;
int nonce_size;
int passive;
int ike_frag;
int esp_frag;
int mode_cfg;
int support_proxy;
#define GENERATE_POLICY_NONE 0
#define GENERATE_POLICY_REQUIRE 1
#define GENERATE_POLICY_UNIQUE 2
int gen_policy;
int ini_contact;
int pcheck_level;
int nat_traversal;
int natt_multiple_user;
int natt_keepalive;
vchar_t *script[SCRIPT_MAX + 1];
int dh_group;
struct dhgroup *dhgrp;
int retry_counter;
int retry_interval;
int dpd;
int dpd_retry;
int dpd_interval;
int dpd_maxfails;
int dpd_algo;
int idle_timeout;
int idle_timeout_dir;
int ph1id;
int weak_phase1_check;
struct isakmpsa *proposal;
struct remoteconf *inherited_from;
struct proposalspec *prhead;
#ifdef ENABLE_HYBRID
struct xauth_rmconf *xauth;
#endif
int initiate_ph1rekey;
int to_remove;
int to_delete;
int linked_to_ph1;
TAILQ_ENTRY(remoteconf) chain;
};
struct dhgroup;
struct isakmpsa {
int prop_no;
int trns_no;
time_t lifetime;
size_t lifebyte;
int enctype;
int encklen;
int authmethod;
int hashtype;
int vendorid;
#ifdef HAVE_GSSAPI
vchar_t *gssid;
#endif
int dh_group;
struct dhgroup *dhgrp;
struct isakmpsa *next;
struct remoteconf *rmconf;
};
struct idspec {
int idtype;
vchar_t *id;
};
typedef struct remoteconf * (rmconf_func_t)(struct remoteconf *rmconf, void *data);
extern struct remoteconf *getrmconf __P((struct sockaddr_storage *));
extern struct remoteconf *getrmconf_strict
__P((struct sockaddr_storage *remote, int allow_anon));
extern int link_rmconf_to_ph1 __P((struct remoteconf *));
extern int unlink_rmconf_from_ph1 __P((struct remoteconf *));
extern int no_remote_configs __P((int));
extern struct remoteconf *copyrmconf __P((struct sockaddr_storage *));
extern struct remoteconf *newrmconf __P((void));
extern struct remoteconf *duprmconf __P((struct remoteconf *));
extern void delrmconf __P((struct remoteconf *));
extern void delisakmpsa __P((struct isakmpsa *));
extern void deletypes __P((struct etypes *));
extern struct etypes * dupetypes __P((struct etypes *));
extern void insrmconf __P((struct remoteconf *));
extern void remrmconf __P((struct remoteconf *));
extern void flushrmconf __P((void));
extern void initrmconf __P((void));
extern struct etypes *check_etypeok
__P((struct remoteconf *, u_int8_t));
extern struct remoteconf *foreachrmconf __P((rmconf_func_t rmconf_func,
void *data));
extern struct isakmpsa *newisakmpsa __P((void));
extern struct isakmpsa *dupisakmpsa __P((struct isakmpsa *));
extern void insisakmpsa __P((struct isakmpsa *, struct remoteconf *));
extern void dumprmconf __P((void));
extern struct idspec *newidspec __P((void));
extern vchar_t *script_path_add __P((vchar_t *));
extern void rsa_key_free __P((void *entry));
#endif