17c478bd9Sstevel@tonic-gate /* 27c478bd9Sstevel@tonic-gate * CDDL HEADER START 37c478bd9Sstevel@tonic-gate * 47c478bd9Sstevel@tonic-gate * The contents of this file are subject to the terms of the 525cf1a30Sjl * Common Development and Distribution License (the "License"). 625cf1a30Sjl * You may not use this file except in compliance with the License. 77c478bd9Sstevel@tonic-gate * 87c478bd9Sstevel@tonic-gate * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 97c478bd9Sstevel@tonic-gate * or http://www.opensolaris.org/os/licensing. 107c478bd9Sstevel@tonic-gate * See the License for the specific language governing permissions 117c478bd9Sstevel@tonic-gate * and limitations under the License. 127c478bd9Sstevel@tonic-gate * 137c478bd9Sstevel@tonic-gate * When distributing Covered Code, include this CDDL HEADER in each 147c478bd9Sstevel@tonic-gate * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 157c478bd9Sstevel@tonic-gate * If applicable, add the following below this CDDL HEADER, with the 167c478bd9Sstevel@tonic-gate * fields enclosed by brackets "[]" replaced with your own identifying 177c478bd9Sstevel@tonic-gate * information: Portions Copyright [yyyy] [name of copyright owner] 187c478bd9Sstevel@tonic-gate * 197c478bd9Sstevel@tonic-gate * CDDL HEADER END 207c478bd9Sstevel@tonic-gate */ 217c478bd9Sstevel@tonic-gate /* 2225cf1a30Sjl * Copyright 2006 Sun Microsystems, Inc. All rights reserved. 232eaee53eSmb * Use is subject to license terms. 247c478bd9Sstevel@tonic-gate */ 257c478bd9Sstevel@tonic-gate 267c478bd9Sstevel@tonic-gate #ifndef _DCS_H 277c478bd9Sstevel@tonic-gate #define _DCS_H 287c478bd9Sstevel@tonic-gate 297c478bd9Sstevel@tonic-gate #ifdef __cplusplus 307c478bd9Sstevel@tonic-gate extern "C" { 317c478bd9Sstevel@tonic-gate #endif 327c478bd9Sstevel@tonic-gate 337c478bd9Sstevel@tonic-gate #include <poll.h> 347c478bd9Sstevel@tonic-gate #include <signal.h> 357c478bd9Sstevel@tonic-gate 367c478bd9Sstevel@tonic-gate #include "remote_cfg.h" 377c478bd9Sstevel@tonic-gate #include "rdr_param_types.h" 387c478bd9Sstevel@tonic-gate 397c478bd9Sstevel@tonic-gate 407c478bd9Sstevel@tonic-gate #define DCS_SERVICE "sun-dr" 417c478bd9Sstevel@tonic-gate #define SUN_DR_PORT 665 427c478bd9Sstevel@tonic-gate #define DCS_BACKLOG 10 437c478bd9Sstevel@tonic-gate 447c478bd9Sstevel@tonic-gate #define BLOCKFOREVER (-1) 457c478bd9Sstevel@tonic-gate #define DCS_SND_TIMEOUT 60000 /* 1 minute */ 467c478bd9Sstevel@tonic-gate #define DCS_RCV_TIMEOUT 300000 /* 5 minutes */ 477c478bd9Sstevel@tonic-gate #define DCS_RCV_CB_TIMEOUT 43200000 /* 12 hours */ 487c478bd9Sstevel@tonic-gate 497c478bd9Sstevel@tonic-gate #define DCS_ERR_OFFSET 12000 507c478bd9Sstevel@tonic-gate #define MAX_MSG_LEN 512 517c478bd9Sstevel@tonic-gate 527c478bd9Sstevel@tonic-gate #define DCS_MAX_SESSIONS 128 537c478bd9Sstevel@tonic-gate 542eaee53eSmb /* 552eaee53eSmb * Header files for per-socket IPsec 562eaee53eSmb */ 572eaee53eSmb #include <netinet/in.h> 582eaee53eSmb #include <net/pfkeyv2.h> 592eaee53eSmb 602eaee53eSmb 612eaee53eSmb /* 62*bbf21555SRichard Lowe * The IPsec socket option struct, from ipsec(4P): 632eaee53eSmb * 642eaee53eSmb * typedef struct ipsec_req { 652eaee53eSmb * uint_t ipsr_ah_req; AH request 662eaee53eSmb * uint_t ipsr_esp_req; ESP request 672eaee53eSmb * uint_t ipsr_self_encap_req; Self-Encap request 682eaee53eSmb * uint8_t ipsr_auth_alg; Auth algs for AH 692eaee53eSmb * uint8_t ipsr_esp_alg; Encr algs for ESP 702eaee53eSmb * uint8_t ipsr_esp_auth_alg; Auth algs for ESP 712eaee53eSmb * } ipsec_req_t; 722eaee53eSmb * 732eaee53eSmb * The -a option sets the ipsr_auth_alg field. Allowable arguments 742eaee53eSmb * are "none", "md5", or "sha1". The -e option sets the ipsr_esp_alg 752eaee53eSmb * field. Allowable arguments are "none", "des", or "3des". "none" 762eaee53eSmb * is the default for both options. The -u option sets the ipsr_esp_auth_alg 772eaee53eSmb * field. Allowable arguments are the same as -a. 782eaee53eSmb * 792eaee53eSmb * The arguments ("md5", "des", etc.) are named so that they match 80*bbf21555SRichard Lowe * kmd(8)'s accepted arguments which are listed on the SC in 812eaee53eSmb * /etc/opt/SUNWSMS/SMS/config/kmd_policy.cf. 822eaee53eSmb */ 832eaee53eSmb #define AH_REQ (IPSEC_PREF_REQUIRED | IPSEC_PREF_UNIQUE) 842eaee53eSmb #define ESP_REQ (IPSEC_PREF_REQUIRED | IPSEC_PREF_UNIQUE) 852eaee53eSmb #define SELF_ENCAP_REQ 0x0 862eaee53eSmb 872eaee53eSmb /* 882eaee53eSmb * A type to hold the command line argument string used to select a 892eaee53eSmb * particular authentication header (AH) or encapsulating security 902eaee53eSmb * payload (ESP) algorithm and the ID used for that algorithm when 912eaee53eSmb * filling the ipsec_req_t structure which is passed to 922eaee53eSmb * setsockopt(3SOCKET). 932eaee53eSmb */ 942eaee53eSmb typedef struct dcs_alg { 952eaee53eSmb char *arg_name; 962eaee53eSmb uint8_t alg_id; 972eaee53eSmb } dcs_alg_t; 982eaee53eSmb 992eaee53eSmb 1007c478bd9Sstevel@tonic-gate /* 1017c478bd9Sstevel@tonic-gate * Debugging 1027c478bd9Sstevel@tonic-gate */ 1037c478bd9Sstevel@tonic-gate #define DBG_NONE 0x00000000 1047c478bd9Sstevel@tonic-gate #define DBG_ALL 0xFFFFFFFF 1057c478bd9Sstevel@tonic-gate #define DBG_INFO 0x00000001 1067c478bd9Sstevel@tonic-gate #define DBG_MSG 0x00000002 1077c478bd9Sstevel@tonic-gate #define DBG_SES 0x00000004 1087c478bd9Sstevel@tonic-gate #define DBG_STATE 0x00000008 1097c478bd9Sstevel@tonic-gate 1107c478bd9Sstevel@tonic-gate #ifdef DCS_DEBUG 1117c478bd9Sstevel@tonic-gate 1127c478bd9Sstevel@tonic-gate /* 1137c478bd9Sstevel@tonic-gate * supported options for debug version: 1147c478bd9Sstevel@tonic-gate * 1157c478bd9Sstevel@tonic-gate * -d control the amount of debugging 1167c478bd9Sstevel@tonic-gate * -S control standalone mode 1177c478bd9Sstevel@tonic-gate * -s control maximum active sessions 1182eaee53eSmb * -a control the IPsec AH algorithm ("none", "md5", or "sha1") 1192eaee53eSmb * -e control the IPsec ESP encr algorithm ("none", "des", or "3des") 1202eaee53eSmb * -u control the IPsec ESP auth algorithm ("none", "md5", or "sha1") 12125cf1a30Sjl * -l control the use of libdscp for endpoint authentication. 1227c478bd9Sstevel@tonic-gate */ 12325cf1a30Sjl #define OPT_STR "d:Ss:a:e:u:l" 1247c478bd9Sstevel@tonic-gate 1257c478bd9Sstevel@tonic-gate #else /* DCS_DEBUG */ 1267c478bd9Sstevel@tonic-gate 1277c478bd9Sstevel@tonic-gate /* 1287c478bd9Sstevel@tonic-gate * supported options for non-debug version: 1297c478bd9Sstevel@tonic-gate * 1307c478bd9Sstevel@tonic-gate * -s control maximum active sessions 1312eaee53eSmb * -a control the IPsec AH algorithm ("none", "md5", or "sha1") 1322eaee53eSmb * -e control the IPsec ESP encr algorithm ("none", "des", or "3des") 1332eaee53eSmb * -u control the IPsec ESP auth algorithm ("none", "md5", or "sha1") 13425cf1a30Sjl * -l control the use of libdscp for endpoint authentication. 1357c478bd9Sstevel@tonic-gate */ 13625cf1a30Sjl #define OPT_STR "s:a:e:u:l" 1377c478bd9Sstevel@tonic-gate 1387c478bd9Sstevel@tonic-gate #endif /* DCS_DEBUG */ 1397c478bd9Sstevel@tonic-gate 1407c478bd9Sstevel@tonic-gate 1417c478bd9Sstevel@tonic-gate /* 1427c478bd9Sstevel@tonic-gate * Error codes that are used internally in the DCS. These error codes 1437c478bd9Sstevel@tonic-gate * are mapped to the strings listed to the right of each error code 1447c478bd9Sstevel@tonic-gate * as a comment. 1457c478bd9Sstevel@tonic-gate */ 1467c478bd9Sstevel@tonic-gate typedef enum { 1477c478bd9Sstevel@tonic-gate 1487c478bd9Sstevel@tonic-gate /* 1497c478bd9Sstevel@tonic-gate * Network Errors: 1507c478bd9Sstevel@tonic-gate */ 1517c478bd9Sstevel@tonic-gate DCS_INIT_ERR = 0, /* network initialization failed */ 1527c478bd9Sstevel@tonic-gate DCS_NO_PORT, /* failed to acquire reserved port */ 1537c478bd9Sstevel@tonic-gate DCS_CONNECT_ERR, /* connection attempt failed */ 1547c478bd9Sstevel@tonic-gate DCS_RECEIVE_ERR, /* unable to receive message */ 1557c478bd9Sstevel@tonic-gate DCS_OP_REPLY_ERR, /* unable to send message for %s operation */ 1567c478bd9Sstevel@tonic-gate DCS_NO_SERV, /* %s service not found, using reserved */ 1577c478bd9Sstevel@tonic-gate /* port 665 */ 1587c478bd9Sstevel@tonic-gate DCS_DISCONNECT, /* client disconnected */ 1597c478bd9Sstevel@tonic-gate 1607c478bd9Sstevel@tonic-gate /* 1617c478bd9Sstevel@tonic-gate * Session Errors: 1627c478bd9Sstevel@tonic-gate */ 1637c478bd9Sstevel@tonic-gate DCS_SES_HAND_ERR, /* failed to start a new session handler */ 1647c478bd9Sstevel@tonic-gate DCS_ABORT_ERR, /* abort attempt of session, %d, unsuccessful */ 1657c478bd9Sstevel@tonic-gate DCS_VER_INVAL, /* unsupported message protocol version %d.%d */ 1667c478bd9Sstevel@tonic-gate DCS_SES_ABORTED, /* session aborted */ 1677c478bd9Sstevel@tonic-gate 1687c478bd9Sstevel@tonic-gate /* 1697c478bd9Sstevel@tonic-gate * DR Request Errors: 1707c478bd9Sstevel@tonic-gate */ 1717c478bd9Sstevel@tonic-gate DCS_UNKNOWN_OP, /* unknown operation requested */ 1727c478bd9Sstevel@tonic-gate DCS_OP_FAILED, /* operation failed */ 1737c478bd9Sstevel@tonic-gate DCS_SES_SEQ_INVAL, /* invalid session establishment sequence */ 1747c478bd9Sstevel@tonic-gate DCS_NO_SES_ESTBL, /* %s operation issued before session */ 1757c478bd9Sstevel@tonic-gate /* established */ 1767c478bd9Sstevel@tonic-gate DCS_MSG_INVAL, /* received an invalid message */ 1777c478bd9Sstevel@tonic-gate DCS_CONF_CB_ERR, /* confirm callback failed, aborting operation */ 1787c478bd9Sstevel@tonic-gate DCS_MSG_CB_ERR, /* message callback failed, continuing */ 1797c478bd9Sstevel@tonic-gate DCS_BAD_RETRY_VAL, /* retry value invalid (%d) */ 1807c478bd9Sstevel@tonic-gate DCS_BAD_TIME_VAL, /* timeout value invalid (%d) */ 1817c478bd9Sstevel@tonic-gate DCS_RETRY, /* retrying operation, attempt %d */ 1827c478bd9Sstevel@tonic-gate 1837c478bd9Sstevel@tonic-gate /* 1847c478bd9Sstevel@tonic-gate * General Errors: 1857c478bd9Sstevel@tonic-gate */ 1867c478bd9Sstevel@tonic-gate DCS_NO_PRIV, /* permission denied */ 1877c478bd9Sstevel@tonic-gate DCS_INT_ERR, /* internal error: %s: %s */ 1887c478bd9Sstevel@tonic-gate DCS_UNKNOWN_ERR, /* unrecognized error reported */ 1897c478bd9Sstevel@tonic-gate DCS_BAD_OPT, /* illegal option (-%c), exiting */ 1907c478bd9Sstevel@tonic-gate DCS_BAD_OPT_ARG, /* illegal argument to -%c flag (%s), %s */ 1917c478bd9Sstevel@tonic-gate DCS_CFGA_UNKNOWN, /* configuration administration unknown error */ 1927c478bd9Sstevel@tonic-gate DCS_CFGA_ERR, /* %s: %s */ 1937c478bd9Sstevel@tonic-gate DCS_RSRC_ERR, /* resource info init error (%d) */ 1942eaee53eSmb DCS_NO_ERR, /* no error */ 1957c478bd9Sstevel@tonic-gate DCS_MSG_COUNT /* NULL */ 1967c478bd9Sstevel@tonic-gate 1977c478bd9Sstevel@tonic-gate } dcs_err_code; 1987c478bd9Sstevel@tonic-gate 1997c478bd9Sstevel@tonic-gate 2007c478bd9Sstevel@tonic-gate /* 2017c478bd9Sstevel@tonic-gate * Public error codes. These error codes are returned to the 2027c478bd9Sstevel@tonic-gate * client in the event of a fatal error. Since the DCS can 2037c478bd9Sstevel@tonic-gate * report either a libcfgadm or internal error, there is a 2047c478bd9Sstevel@tonic-gate * possiblity of conflicting error codes. To avoid this, the 2057c478bd9Sstevel@tonic-gate * DCS error codes are offset by a constant value. However, 2067c478bd9Sstevel@tonic-gate * 0 will always indicate that no errors have occurred. 2077c478bd9Sstevel@tonic-gate */ 2087c478bd9Sstevel@tonic-gate typedef enum { 2097c478bd9Sstevel@tonic-gate DCS_OK = 0, 2107c478bd9Sstevel@tonic-gate DCS_ERROR = DCS_ERR_OFFSET, 2117c478bd9Sstevel@tonic-gate DCS_MSG_INVAL_ERR, 2127c478bd9Sstevel@tonic-gate DCS_VER_INVAL_ERR, 2137c478bd9Sstevel@tonic-gate DCS_NO_SES_ERR, 2147c478bd9Sstevel@tonic-gate DCS_SES_INVAL_ERR, 2157c478bd9Sstevel@tonic-gate DCS_SES_SEQ_INVAL_ERR, 2167c478bd9Sstevel@tonic-gate DCS_SES_ABORTED_ERR 2177c478bd9Sstevel@tonic-gate } dcs_err_t; 2187c478bd9Sstevel@tonic-gate 2197c478bd9Sstevel@tonic-gate 2207c478bd9Sstevel@tonic-gate /* 2217c478bd9Sstevel@tonic-gate * DCS states. These states are the states that the DCS moves 2227c478bd9Sstevel@tonic-gate * through as it processes a DR request. The order represents 2237c478bd9Sstevel@tonic-gate * the transitions performed in a successful operation. 2247c478bd9Sstevel@tonic-gate */ 2257c478bd9Sstevel@tonic-gate typedef enum { 2267c478bd9Sstevel@tonic-gate DCS_CONNECTED = 1, 2277c478bd9Sstevel@tonic-gate DCS_SES_REQ, 2287c478bd9Sstevel@tonic-gate DCS_SES_ESTBL, 2297c478bd9Sstevel@tonic-gate DCS_CONF_PENDING, 2307c478bd9Sstevel@tonic-gate DCS_CONF_DONE, 2317c478bd9Sstevel@tonic-gate DCS_SES_END 2327c478bd9Sstevel@tonic-gate } dcs_ses_state_t; 2337c478bd9Sstevel@tonic-gate 2347c478bd9Sstevel@tonic-gate 2357c478bd9Sstevel@tonic-gate /* 2367c478bd9Sstevel@tonic-gate * Message Contents 2377c478bd9Sstevel@tonic-gate */ 2387c478bd9Sstevel@tonic-gate typedef struct message { 2397c478bd9Sstevel@tonic-gate rdr_msg_hdr_t *hdr; 2407c478bd9Sstevel@tonic-gate cfga_params_t *params; 2417c478bd9Sstevel@tonic-gate } message_t; 2427c478bd9Sstevel@tonic-gate 2437c478bd9Sstevel@tonic-gate 2447c478bd9Sstevel@tonic-gate /* 2457c478bd9Sstevel@tonic-gate * Session information 2467c478bd9Sstevel@tonic-gate */ 2477c478bd9Sstevel@tonic-gate typedef struct session { 2487c478bd9Sstevel@tonic-gate unsigned long id; 2497c478bd9Sstevel@tonic-gate unsigned short major_version; 2507c478bd9Sstevel@tonic-gate unsigned short minor_version; 2517c478bd9Sstevel@tonic-gate unsigned long random_req; 2527c478bd9Sstevel@tonic-gate unsigned long random_resp; 2537c478bd9Sstevel@tonic-gate 2547c478bd9Sstevel@tonic-gate int fd; 2557c478bd9Sstevel@tonic-gate dcs_ses_state_t state; 2567c478bd9Sstevel@tonic-gate message_t curr_msg; 2577c478bd9Sstevel@tonic-gate } session_t; 2587c478bd9Sstevel@tonic-gate 2597c478bd9Sstevel@tonic-gate 2607c478bd9Sstevel@tonic-gate /* 2617c478bd9Sstevel@tonic-gate * Message Direction 2627c478bd9Sstevel@tonic-gate */ 2637c478bd9Sstevel@tonic-gate typedef enum { 2647c478bd9Sstevel@tonic-gate DCS_SEND, 2657c478bd9Sstevel@tonic-gate DCS_RECEIVE 2667c478bd9Sstevel@tonic-gate } dcs_msg_type_t; 2677c478bd9Sstevel@tonic-gate 2687c478bd9Sstevel@tonic-gate 2697c478bd9Sstevel@tonic-gate /* 2707c478bd9Sstevel@tonic-gate * Globals 2717c478bd9Sstevel@tonic-gate */ 2727c478bd9Sstevel@tonic-gate extern ulong_t dcs_debug; 2737c478bd9Sstevel@tonic-gate extern int standalone; 2747c478bd9Sstevel@tonic-gate extern ulong_t max_sessions; 27525cf1a30Sjl extern int use_libdscp; 2767c478bd9Sstevel@tonic-gate 2777c478bd9Sstevel@tonic-gate 2787c478bd9Sstevel@tonic-gate /* 2797c478bd9Sstevel@tonic-gate * From dcs.c: 2807c478bd9Sstevel@tonic-gate */ 2817c478bd9Sstevel@tonic-gate int dcs_dispatch_message(rdr_msg_hdr_t *hdr, cfga_params_t *params); 2827c478bd9Sstevel@tonic-gate void init_msg(rdr_msg_hdr_t *hdr); 2837c478bd9Sstevel@tonic-gate 2847c478bd9Sstevel@tonic-gate /* 2857c478bd9Sstevel@tonic-gate * From dcs_ses.c: 2867c478bd9Sstevel@tonic-gate */ 2877c478bd9Sstevel@tonic-gate int ses_start(int fd); 2887c478bd9Sstevel@tonic-gate int ses_close(int err_code); 2897c478bd9Sstevel@tonic-gate int ses_abort(long ses_id); 2907c478bd9Sstevel@tonic-gate void ses_abort_enable(void); 2917c478bd9Sstevel@tonic-gate void ses_abort_disable(void); 2927c478bd9Sstevel@tonic-gate void abort_handler(void); 2937c478bd9Sstevel@tonic-gate int ses_setlocale(char *locale); 2947c478bd9Sstevel@tonic-gate void ses_init_signals(sigset_t *mask); 2957c478bd9Sstevel@tonic-gate void ses_sleep(int sec); 2967c478bd9Sstevel@tonic-gate int ses_poll(struct pollfd fds[], nfds_t nfds, int timeout); 2977c478bd9Sstevel@tonic-gate session_t *curr_ses(void); 2987c478bd9Sstevel@tonic-gate long curr_ses_id(void); 2997c478bd9Sstevel@tonic-gate 3007c478bd9Sstevel@tonic-gate /* 3017c478bd9Sstevel@tonic-gate * From dcs_msg.c: 3027c478bd9Sstevel@tonic-gate */ 3037c478bd9Sstevel@tonic-gate void dcs_log_msg(int priority, int code, ...); 3047c478bd9Sstevel@tonic-gate char *dcs_cfga_str(char **err_str, int err_code); 3057c478bd9Sstevel@tonic-gate void dcs_dbg(int level, char *fmt, ...); 3067c478bd9Sstevel@tonic-gate void print_msg_hdr(dcs_msg_type_t type, rdr_msg_hdr_t *hdr); 3077c478bd9Sstevel@tonic-gate const char *dcs_strerror(int err_code); 3087c478bd9Sstevel@tonic-gate 3097c478bd9Sstevel@tonic-gate 3107c478bd9Sstevel@tonic-gate /* 3117c478bd9Sstevel@tonic-gate * If the dcs_debug global variable is not set, no 3127c478bd9Sstevel@tonic-gate * debugging messages will be logged. 3137c478bd9Sstevel@tonic-gate */ 3147c478bd9Sstevel@tonic-gate #define DCS_DBG if (dcs_debug) dcs_dbg 3157c478bd9Sstevel@tonic-gate #define PRINT_MSG_DBG if (dcs_debug) print_msg_hdr 3167c478bd9Sstevel@tonic-gate 3177c478bd9Sstevel@tonic-gate 3187c478bd9Sstevel@tonic-gate #ifdef __cplusplus 3197c478bd9Sstevel@tonic-gate } 3207c478bd9Sstevel@tonic-gate #endif 3217c478bd9Sstevel@tonic-gate 3227c478bd9Sstevel@tonic-gate #endif /* _DCS_H */ 323