XAUTH support
This commit is contained in:
parent
1ac372fdce
commit
3347bb2306
|
@ -183,6 +183,9 @@ static const char *const state_name[] = {
|
|||
"STATE_INFO",
|
||||
"STATE_INFO_PROTECTED",
|
||||
|
||||
"STATE_XAUTH_R0",
|
||||
"STATE_XAUTH_R1",
|
||||
|
||||
"STATE_MODE_CFG_R0",
|
||||
"STATE_MODE_CFG_R1",
|
||||
"STATE_MODE_CFG_R2",
|
||||
|
@ -216,7 +219,10 @@ const char *const state_story[] = {
|
|||
|
||||
"got Informational Message in clear", /* STATE_INFO */
|
||||
"got encrypted Informational Message", /* STATE_INFO_PROTECTED */
|
||||
|
||||
|
||||
"sent XAUTH request, expecting reply", /* STATE_XAUTH_R0 */
|
||||
"sent XAUTH status, expecting ack", /* STATE_XAUTH_R1 */
|
||||
|
||||
"sent ModeCfg reply", /* STATE_MODE_CFG_R0 */
|
||||
"sent ModeCfg reply", /* STATE_MODE_CFG_R1 */
|
||||
"received ModeCfg ack", /* STATE_MODE_CFG_R2 */
|
||||
|
@ -487,6 +493,9 @@ const char *const sa_policy_bit_names[] = {
|
|||
"GROUTED",
|
||||
"UP",
|
||||
"MODECFGPUSH",
|
||||
"XAUTHPSK",
|
||||
"XAUTHRSASIG",
|
||||
"XAUTHSERVER",
|
||||
NULL
|
||||
};
|
||||
|
||||
|
@ -675,7 +684,49 @@ enum_names auth_alg_names =
|
|||
{ AUTH_ALGORITHM_HMAC_MD5, AUTH_ALGORITHM_HMAC_RIPEMD, auth_alg_name
|
||||
, &extended_auth_alg_names };
|
||||
|
||||
const char *const modecfg_attr_name[] = {
|
||||
/* From draft-beaulieu-ike-xauth */
|
||||
static const char *const xauth_type_name[] = {
|
||||
"Generic",
|
||||
"RADIUS-CHAP",
|
||||
"OTP",
|
||||
"S/KEY",
|
||||
};
|
||||
|
||||
enum_names xauth_type_names =
|
||||
{ XAUTH_TYPE_GENERIC, XAUTH_TYPE_SKEY, xauth_type_name, NULL};
|
||||
|
||||
/* From draft-beaulieu-ike-xauth */
|
||||
static const char *const xauth_attr_tv_name[] = {
|
||||
"XAUTH_TYPE",
|
||||
NULL,
|
||||
NULL,
|
||||
NULL,
|
||||
NULL,
|
||||
NULL,
|
||||
NULL,
|
||||
"XAUTH_STATUS",
|
||||
};
|
||||
|
||||
enum_names xauth_attr_tv_names = {
|
||||
XAUTH_TYPE + ISAKMP_ATTR_AF_TV,
|
||||
XAUTH_STATUS + ISAKMP_ATTR_AF_TV, xauth_attr_tv_name, NULL };
|
||||
|
||||
static const char *const xauth_attr_name[] = {
|
||||
"XAUTH_USER_NAME",
|
||||
"XAUTH_USER_PASSWORD",
|
||||
"XAUTH_PASSCODE",
|
||||
"XAUTH_MESSAGE",
|
||||
"XAUTH_CHALLENGE",
|
||||
"XAUTH_DOMAIN",
|
||||
"XAUTH_STATUS (wrong TLV syntax, should be TV)",
|
||||
"XAUTH_NEXT_PIN",
|
||||
"XAUTH_ANSWER",
|
||||
};
|
||||
|
||||
enum_names xauth_attr_names =
|
||||
{ XAUTH_USER_NAME , XAUTH_ANSWER, xauth_attr_name , &xauth_attr_tv_names };
|
||||
|
||||
static const char *const modecfg_attr_name[] = {
|
||||
"INTERNAL_IP4_ADDRESS",
|
||||
"INTERNAL_IP4_NETMASK",
|
||||
"INTERNAL_IP4_DNS",
|
||||
|
@ -695,7 +746,7 @@ const char *const modecfg_attr_name[] = {
|
|||
};
|
||||
|
||||
enum_names modecfg_attr_names =
|
||||
{ INTERNAL_IP4_ADDRESS , INTERNAL_IP6_SUBNET, modecfg_attr_name , NULL };
|
||||
{ INTERNAL_IP4_ADDRESS, INTERNAL_IP6_SUBNET, modecfg_attr_name , &xauth_attr_names };
|
||||
|
||||
/* Oakley Lifetime Type attribute */
|
||||
|
||||
|
|
|
@ -506,11 +506,18 @@ enum state_kind {
|
|||
STATE_INFO,
|
||||
STATE_INFO_PROTECTED,
|
||||
|
||||
STATE_MODE_CFG_R0, /* these states are used on the responder */
|
||||
/* XAUTH states */
|
||||
|
||||
STATE_XAUTH_R0, /* server state: sent request, awaiting reply */
|
||||
STATE_XAUTH_R1, /* server state: sent success/fail, awaiting reply */
|
||||
|
||||
/* Mode Config states */
|
||||
|
||||
STATE_MODE_CFG_R0, /* responder states */
|
||||
STATE_MODE_CFG_R1,
|
||||
STATE_MODE_CFG_R2,
|
||||
|
||||
STATE_MODE_CFG_I1, /* this is used on the initiator */
|
||||
STATE_MODE_CFG_I1, /* initiator states */
|
||||
STATE_MODE_CFG_I2,
|
||||
STATE_MODE_CFG_I3,
|
||||
|
||||
|
@ -640,7 +647,32 @@ extern enum_names attr_msg_type_names;
|
|||
#define SUPPORTED_ATTRIBUTES 14
|
||||
#define INTERNAL_IP6_SUBNET 15
|
||||
|
||||
#define MODECFG_ROOF 16
|
||||
|
||||
extern enum_names modecfg_attr_names;
|
||||
/* XAUTH attribute values */
|
||||
#define XAUTH_TYPE 16520
|
||||
#define XAUTH_USER_NAME 16521
|
||||
#define XAUTH_USER_PASSWORD 16522
|
||||
#define XAUTH_PASSCODE 16523
|
||||
#define XAUTH_MESSAGE 16524
|
||||
#define XAUTH_CHALLENGE 16525
|
||||
#define XAUTH_DOMAIN 16526
|
||||
#define XAUTH_STATUS 16527
|
||||
#define XAUTH_NEXT_PIN 16528
|
||||
#define XAUTH_ANSWER 16529
|
||||
|
||||
#define XAUTH_BASE XAUTH_TYPE
|
||||
|
||||
extern enum_names xauth_attr_names;
|
||||
|
||||
/* XAUTH authentication types */
|
||||
#define XAUTH_TYPE_GENERIC 0
|
||||
#define XAUTH_TYPE_CHAP 1
|
||||
#define XAUTH_TYPE_OTP 2
|
||||
#define XAUTH_TYPE_SKEY 3
|
||||
|
||||
extern enum_names xauth_type_names;
|
||||
|
||||
/* Exchange types
|
||||
* RFC2408 "Internet Security Association and Key Management Protocol (ISAKMP)"
|
||||
|
@ -754,7 +786,7 @@ extern const char *prettypolicy(lset_t policy);
|
|||
#define POLICY_RSASIG LELEM(1)
|
||||
|
||||
#define POLICY_ISAKMP_SHIFT 0 /* log2(POLICY_PSK) */
|
||||
#define POLICY_ID_AUTH_MASK LRANGES(POLICY_PSK, POLICY_RSASIG)
|
||||
#define POLICY_ID_AUTH_MASK (POLICY_PSK | POLICY_RSASIG | POLICY_XAUTH_PSK | POLICY_XAUTH_RSASIG)
|
||||
#define POLICY_ISAKMP_MASK POLICY_ID_AUTH_MASK /* all so far */
|
||||
|
||||
/* Quick Mode (IPSEC) attributes */
|
||||
|
@ -796,7 +828,9 @@ extern const char *prettypolicy(lset_t policy);
|
|||
#define POLICY_GROUTED LELEM(15) /* do we want this group routed? */
|
||||
#define POLICY_UP LELEM(16) /* do we want this up? */
|
||||
#define POLICY_MODECFG_PUSH LELEM(17) /* is modecfg pushed by server? */
|
||||
|
||||
#define POLICY_XAUTH_PSK LELEM(18) /* do we support XAUTH????PreShared? */
|
||||
#define POLICY_XAUTH_RSASIG LELEM(19) /* do we support XAUTH????RSA? */
|
||||
#define POLICY_XAUTH_SERVER LELEM(20) /* are we an XAUTH server? */
|
||||
|
||||
/* Any IPsec policy? If not, a connection description
|
||||
* is only for ISAKMP SA, not IPSEC SA. (A pun, I admit.)
|
||||
|
@ -806,7 +840,7 @@ extern const char *prettypolicy(lset_t policy);
|
|||
#define HAS_IPSEC_POLICY(p) (((p) & POLICY_IPSEC_MASK) != 0)
|
||||
|
||||
/* Don't allow negotiation? */
|
||||
#define NEVER_NEGOTIATE(p) (LDISJOINT((p), POLICY_PSK | POLICY_RSASIG))
|
||||
#define NEVER_NEGOTIATE(p) (LDISJOINT((p), POLICY_ID_AUTH_MASK))
|
||||
|
||||
|
||||
/* Oakley transform attributes
|
||||
|
|
Loading…
Reference in New Issue