379 lines
7.8 KiB
C
379 lines
7.8 KiB
C
/*
|
|
* Copyright (C) 2015 Tobias Brunner
|
|
* Copyright (C) 2006 Martin Willi
|
|
* HSR Hochschule fuer Technik Rapperswil
|
|
*
|
|
* This program is free software; you can redistribute it and/or modify it
|
|
* under the terms of the GNU General Public License as published by the
|
|
* Free Software Foundation; either version 2 of the License, or (at your
|
|
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
|
|
*
|
|
* This program is distributed in the hope that it will be useful, but
|
|
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
|
|
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
|
* for more details.
|
|
*/
|
|
|
|
#ifndef STROKE_MSG_H_
|
|
#define STROKE_MSG_H_
|
|
|
|
#include <sys/types.h>
|
|
|
|
#include <library.h>
|
|
|
|
/**
|
|
* Socket which is used to communicate between charon and stroke
|
|
*/
|
|
#define STROKE_SOCKET IPSEC_PIDDIR "/charon.ctl"
|
|
|
|
/**
|
|
* Number of bytes by which the buffer is increased as needed
|
|
*/
|
|
#define STROKE_BUF_LEN_INC 1024
|
|
|
|
typedef enum list_flag_t list_flag_t;
|
|
|
|
/**
|
|
* Definition of the LIST flags, used for
|
|
* the various stroke list* commands.
|
|
*/
|
|
enum list_flag_t {
|
|
/** don't list anything */
|
|
LIST_NONE = 0x0000,
|
|
/** list all raw public keys */
|
|
LIST_PUBKEYS = 0x0001,
|
|
/** list all host/user certs */
|
|
LIST_CERTS = 0x0002,
|
|
/** list all ca certs */
|
|
LIST_CACERTS = 0x0004,
|
|
/** list all ocsp signer certs */
|
|
LIST_OCSPCERTS = 0x0008,
|
|
/** list all aa certs */
|
|
LIST_AACERTS = 0x0010,
|
|
/** list all attribute certs */
|
|
LIST_ACERTS = 0x0020,
|
|
/** list all access control groups */
|
|
LIST_GROUPS = 0x0040,
|
|
/** list all ca information records */
|
|
LIST_CAINFOS = 0x0080,
|
|
/** list all crls */
|
|
LIST_CRLS = 0x0100,
|
|
/** list all ocsp cache entries */
|
|
LIST_OCSP = 0x0200,
|
|
/** list all supported algorithms */
|
|
LIST_ALGS = 0x0400,
|
|
/** list plugin information */
|
|
LIST_PLUGINS = 0x0800,
|
|
/** all list options */
|
|
LIST_ALL = 0x0FFF,
|
|
};
|
|
|
|
typedef enum reread_flag_t reread_flag_t;
|
|
|
|
/**
|
|
* Definition of the REREAD flags, used for
|
|
* the various stroke reread* commands.
|
|
*/
|
|
enum reread_flag_t {
|
|
/** don't reread anything */
|
|
REREAD_NONE = 0x0000,
|
|
/** reread all secret keys */
|
|
REREAD_SECRETS = 0x0001,
|
|
/** reread all ca certs */
|
|
REREAD_CACERTS = 0x0002,
|
|
/** reread all ocsp signer certs */
|
|
REREAD_OCSPCERTS = 0x0004,
|
|
/** reread all aa certs */
|
|
REREAD_AACERTS = 0x0008,
|
|
/** reread all attribute certs */
|
|
REREAD_ACERTS = 0x0010,
|
|
/** reread all crls */
|
|
REREAD_CRLS = 0x0020,
|
|
/** all reread options */
|
|
REREAD_ALL = 0x003F,
|
|
};
|
|
|
|
typedef enum purge_flag_t purge_flag_t;
|
|
|
|
/**
|
|
* Definition of the PURGE flags, currently used for
|
|
* the stroke purgeocsp command.
|
|
*/
|
|
enum purge_flag_t {
|
|
/** don't purge anything */
|
|
PURGE_NONE = 0x0000,
|
|
/** purge ocsp cache entries */
|
|
PURGE_OCSP = 0x0001,
|
|
/** purge CRL cache entries */
|
|
PURGE_CRLS = 0x0002,
|
|
/** purge X509 cache entries */
|
|
PURGE_CERTS = 0x0004,
|
|
/** purge IKE_SAs without a CHILD_SA */
|
|
PURGE_IKE = 0x0008,
|
|
};
|
|
|
|
typedef enum export_flag_t export_flag_t;
|
|
|
|
/**
|
|
* Definition of the export flags
|
|
*/
|
|
enum export_flag_t {
|
|
/** export an X509 certificate */
|
|
EXPORT_X509 = 0x0001,
|
|
/** export an X509 end entity certificate for a connection */
|
|
EXPORT_CONN_CERT = 0x0002,
|
|
/** export the complete trust chain of a connection */
|
|
EXPORT_CONN_CHAIN = 0x0004,
|
|
};
|
|
|
|
/**
|
|
* CRL certificate validation policy
|
|
*/
|
|
typedef enum {
|
|
CRL_STRICT_NO,
|
|
CRL_STRICT_YES,
|
|
CRL_STRICT_IFURI,
|
|
} crl_policy_t;
|
|
|
|
|
|
typedef struct stroke_end_t stroke_end_t;
|
|
|
|
/**
|
|
* definition of a peer in a stroke message
|
|
*/
|
|
struct stroke_end_t {
|
|
char *auth;
|
|
char *auth2;
|
|
char *id;
|
|
char *id2;
|
|
char *eap_id;
|
|
char *rsakey;
|
|
char *cert;
|
|
char *cert2;
|
|
char *ca;
|
|
char *ca2;
|
|
char *groups;
|
|
char *groups2;
|
|
char *cert_policy;
|
|
char *updown;
|
|
char *address;
|
|
uint16_t ikeport;
|
|
char *sourceip;
|
|
char *dns;
|
|
char *subnets;
|
|
int sendcert;
|
|
int hostaccess;
|
|
int tohost;
|
|
int allow_any;
|
|
uint8_t protocol;
|
|
uint16_t from_port;
|
|
uint16_t to_port;
|
|
};
|
|
|
|
typedef struct stroke_msg_t stroke_msg_t;
|
|
|
|
/**
|
|
* @brief A stroke message sent over the unix socket.
|
|
*/
|
|
struct stroke_msg_t {
|
|
/* length of this message with all strings */
|
|
uint16_t length;
|
|
|
|
/* type of the message */
|
|
enum {
|
|
/* initiate a connection */
|
|
STR_INITIATE,
|
|
/* install SPD entries for a policy */
|
|
STR_ROUTE,
|
|
/* uninstall SPD entries for a policy */
|
|
STR_UNROUTE,
|
|
/* add a connection */
|
|
STR_ADD_CONN,
|
|
/* delete a connection */
|
|
STR_DEL_CONN,
|
|
/* terminate connection */
|
|
STR_TERMINATE,
|
|
/* terminate connection by peers srcip/virtual ip */
|
|
STR_TERMINATE_SRCIP,
|
|
/* rekey a connection */
|
|
STR_REKEY,
|
|
/* show connection status */
|
|
STR_STATUS,
|
|
/* show verbose connection status */
|
|
STR_STATUS_ALL,
|
|
/* show verbose connection status, non-blocking variant */
|
|
STR_STATUS_ALL_NOBLK,
|
|
/* add a ca information record */
|
|
STR_ADD_CA,
|
|
/* delete ca information record */
|
|
STR_DEL_CA,
|
|
/* set a log type to log/not log */
|
|
STR_LOGLEVEL,
|
|
/* configure global options for stroke */
|
|
STR_CONFIG,
|
|
/* list various objects */
|
|
STR_LIST,
|
|
/* reread various objects */
|
|
STR_REREAD,
|
|
/* purge various objects */
|
|
STR_PURGE,
|
|
/* show pool leases */
|
|
STR_LEASES,
|
|
/* export credentials */
|
|
STR_EXPORT,
|
|
/* print memory usage details */
|
|
STR_MEMUSAGE,
|
|
/* set username and password for a connection */
|
|
STR_USER_CREDS,
|
|
/* print/reset counters */
|
|
STR_COUNTERS,
|
|
/* more to come */
|
|
} type;
|
|
|
|
/* verbosity of output returned from charon (-from -1=silent to 4=private)*/
|
|
int output_verbosity;
|
|
|
|
union {
|
|
/* data for STR_INITIATE, STR_ROUTE, STR_UP, STR_DOWN, ... */
|
|
struct {
|
|
char *name;
|
|
} initiate, route, unroute, terminate, rekey, status, del_conn, del_ca;
|
|
|
|
/* data for STR_TERMINATE_SRCIP */
|
|
struct {
|
|
char *start;
|
|
char *end;
|
|
} terminate_srcip;
|
|
|
|
/* data for STR_ADD_CONN */
|
|
struct {
|
|
char *name;
|
|
int version;
|
|
char *eap_identity;
|
|
char *aaa_identity;
|
|
char *xauth_identity;
|
|
int mode;
|
|
int mobike;
|
|
int aggressive;
|
|
int pushmode;
|
|
int force_encap;
|
|
int fragmentation;
|
|
int ipcomp;
|
|
time_t inactivity;
|
|
int proxy_mode;
|
|
int install_policy;
|
|
int close_action;
|
|
uint32_t reqid;
|
|
uint32_t tfc;
|
|
uint8_t ikedscp;
|
|
|
|
crl_policy_t crl_policy;
|
|
int unique;
|
|
struct {
|
|
char *ike;
|
|
char *esp;
|
|
char *ah;
|
|
} algorithms;
|
|
struct {
|
|
int reauth;
|
|
time_t ipsec_lifetime;
|
|
time_t ike_lifetime;
|
|
time_t margin;
|
|
uint64_t life_bytes;
|
|
uint64_t margin_bytes;
|
|
uint64_t life_packets;
|
|
uint64_t margin_packets;
|
|
unsigned long tries;
|
|
unsigned long fuzz;
|
|
} rekey;
|
|
struct {
|
|
time_t delay;
|
|
time_t timeout;
|
|
int action;
|
|
} dpd;
|
|
struct {
|
|
int mediation;
|
|
char *mediated_by;
|
|
char *peerid;
|
|
} ikeme;
|
|
struct {
|
|
uint32_t value;
|
|
uint32_t mask;
|
|
} mark_in, mark_out;
|
|
stroke_end_t me, other;
|
|
uint32_t replay_window;
|
|
bool sha256_96;
|
|
} add_conn;
|
|
|
|
/* data for STR_ADD_CA */
|
|
struct {
|
|
char *name;
|
|
char *cacert;
|
|
char *crluri;
|
|
char *crluri2;
|
|
char *ocspuri;
|
|
char *ocspuri2;
|
|
char *certuribase;
|
|
} add_ca;
|
|
|
|
/* data for STR_LOGLEVEL */
|
|
struct {
|
|
char *type;
|
|
int level;
|
|
} loglevel;
|
|
|
|
/* data for STR_CONFIG */
|
|
struct {
|
|
int cachecrl;
|
|
} config;
|
|
|
|
/* data for STR_LIST */
|
|
struct {
|
|
list_flag_t flags;
|
|
int utc;
|
|
} list;
|
|
|
|
/* data for STR_REREAD */
|
|
struct {
|
|
reread_flag_t flags;
|
|
} reread;
|
|
|
|
/* data for STR_PURGE */
|
|
struct {
|
|
purge_flag_t flags;
|
|
} purge;
|
|
|
|
/* data for STR_EXPORT */
|
|
struct {
|
|
export_flag_t flags;
|
|
char *selector;
|
|
} export;
|
|
|
|
/* data for STR_LEASES */
|
|
struct {
|
|
char *pool;
|
|
char *address;
|
|
} leases;
|
|
|
|
/* data for STR_USER_CREDS */
|
|
struct {
|
|
char *name;
|
|
char *username;
|
|
char *password;
|
|
} user_creds;
|
|
|
|
/* data for STR_COUNTERS */
|
|
struct {
|
|
/* reset or print counters? */
|
|
int reset;
|
|
char *name;
|
|
} counters;
|
|
};
|
|
/* length of the string buffer */
|
|
uint16_t buflen;
|
|
/* string buffer */
|
|
char buffer[];
|
|
};
|
|
|
|
#endif /* STROKE_MSG_H_ */
|