NuFW: src/clients/lib/libnuclient.h Source File

00001 /*
00002  ** Copyright 2004-2008 - INL
00003  ** Written by Eric Leblond <regit@inl.fr>
00004  **            Vincent Deffontaines <vincent@inl.fr>
00005  ** INL http://www.inl.fr/
00006  **
00007  ** $Id: libnuclient.h 5285 2008-11-21 15:39:55Z pollux $
00008  **
00009  ** This program is free software; you can redistribute it and/or modify
00010  ** it under the terms of the GNU General Public License as published by
00011  ** the Free Software Foundation, version 3 of the License.
00012  **
00013  ** This program is distributed in the hope that it will be useful,
00014  ** but WITHOUT ANY WARRANTY; without even the implied warranty of
00015  ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
00016  ** GNU General Public License for more details.
00017  **
00018  ** You should have received a copy of the GNU General Public License
00019  ** along with this program; if not, write to the Free Software
00020  ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
00021  */
00022 
00023 #ifndef LIBNUCLIENT_H
00024 #define LIBNUCLIENT_H
00025 
00026 #ifdef _FEATURES_H
00027 #   error "libnuclient.h have to be included before <features.h>"
00028 #endif
00029 
00030 #include <arpa/inet.h>
00031 #include <assert.h>
00032 #include <ctype.h>
00033 #include <dirent.h>
00034 #include <errno.h>
00035 #include <grp.h>
00036 #include <limits.h>
00037 #include <netdb.h>
00038 #include <pwd.h>
00039 #include <signal.h>
00040 #include <stdarg.h>
00041 #include <stdio.h>
00042 #include <stdlib.h>
00043 #include <string.h>
00044 #include <syslog.h>
00045 #include <sys/ioctl.h>
00046 #include <sys/socket.h>
00047 #include <sys/time.h>
00048 #include <sys/types.h>
00049 #include <unistd.h>
00050 #include <termios.h>
00051 #include <time.h>
00052 #include <unistd.h>
00053 #include <sys/stat.h>
00054 #include <fcntl.h>
00055 
00056 #include <errno.h>
00057 
00058 #include <netinet/in.h>
00059 #include <netinet/tcp.h>
00060 #include <netdb.h>
00061 #include <fcntl.h>
00062 #include <signal.h>
00063 #include <unistd.h>
00064 #include <string.h>
00065 #include <nussl.h>
00066 
00067 #include "nufw_source.h"
00068 
00069 #include "nubase.h"
00070 #include "nuclient.h"
00071 
00072 /* Constants */
00073 #define SENT_TEST_INTERVAL 30
00074 
00075 #ifndef CONNTABLE_BUCKETS
00076 
00077 #define CONNTABLE_BUCKETS 5003
00078 #endif
00079 
00080 /*> max number of packets to authenticate in a single tls packet */
00081 #define CONN_MAX 10
00082 
00083 #define MIN_DELAY_SEC 0
00084 #define MIN_DELAY_USEC 50*1000
00085 #define MAX_DELAY_SEC 1
00086 #define MAX_DELAY_USEC 600*1000
00087 
00088 /* Macros declarations */
00089 #define SET_ERROR(ERR, FAMILY, CODE) \
00090         if (ERR != NULL) \
00091         { \
00092                 ERR->family = FAMILY; \
00093                 ERR->error = CODE; \
00094         }
00095 
00096 #define PACKET_ITEM_MAXSIZE \
00097         ( sizeof(struct nu_authreq) + sizeof(struct nu_authfield_ipv6) \
00098           + sizeof(struct nu_authfield_app) + PROGNAME_BASE64_WIDTH )
00099 
00100 #define PACKET_SIZE \
00101         ( sizeof(struct nu_header) + CONN_MAX * PACKET_ITEM_MAXSIZE )
00102 
00108 #define panic(format, args...) \
00109         do_panic(__FILE__, __LINE__, format, ##args )
00110 
00116 #define nu_assert(test, format, args...) \
00117         do { if (!(test)) do_panic(__FILE__, __LINE__, format, ##args ); } while (0)
00118 
00119 
00120 /* Type declarations */
00121 
00130 typedef struct conn_type {
00131         unsigned int protocol;  
00132         struct in6_addr ip_src; 
00133         unsigned short port_src;        
00134         struct in6_addr ip_dst; 
00135         unsigned short port_dst;        
00136         unsigned long uid;      
00137         unsigned long inode;    
00138         unsigned int retransmit;        
00139         time_t createtime;      
00142         struct conn_type *next;
00143 } conn_t;
00144 
00157 typedef struct {
00158         conn_t *buckets[CONNTABLE_BUCKETS];
00159 } conntable_t;
00160 
00161 /* nuauth_session_t structure */
00162 
00163 /* -- PRIVATE STRUCTURE -- */
00164 struct nuauth_session {
00165         nussl_session* nussl;
00166 
00167         u_int32_t userid;       
00168         char *username; 
00169         char *password; 
00170         char *pem_key; /* Path to file */
00171         char *pem_cert; /* Path to file */
00172         char *pem_ca; /* Path to file */
00173         char *pem_crl; /* Path to file */
00174         char *pkcs12_file; /* Path to file */
00175         char *pkcs12_password; /* Path to file */
00177         char* (*username_callback)();
00179         char* (*passwd_callback)();
00180 
00181         char *nuauth_cert_dn;
00182 
00183         char *krb5_service;
00184 
00185         conntable_t *ct;        
00186         u_int32_t packet_seq;   
00187         int auth_by_default;    
00188         unsigned char debug_mode;       
00189         unsigned char verbose;  
00190         unsigned char diffie_hellman;   
00191         int has_src_addr;               
00192         struct sockaddr_storage src_addr;       
00195         u_int8_t server_mode;
00196 
00202         unsigned char connected;
00203 
00205         time_t timestamp_last_sent;
00206 
00208         struct timeval sleep_delay;
00209 
00211         struct timeval min_sleep_delay;
00212 
00214         struct timeval max_sleep_delay;
00215 
00217         int suppress_ca_warning;
00218 
00220         int suppress_fqdn_verif;
00221 };
00222 
00223 
00224 /* Funstions declarations */
00225 
00226 char *locale_to_utf8(char *inbuf);
00227 
00228 void nu_exit_clean(nuauth_session_t * session);
00229 
00230 int compare(nuauth_session_t * session, conntable_t * old, conntable_t * new,
00231             nuclient_error * err);
00232 
00233 void do_panic(const char *filename, unsigned long line, const char *fmt,
00234               ...);
00235 
00236 void ask_session_end(nuauth_session_t * session);
00237 
00238 #endif