/*
 * CDDL HEADER START
 *
 * The contents of this file are subject to the terms of the
 * Common Development and Distribution License (the "License").
 * You may not use this file except in compliance with the License.
 *
 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
 * or http://www.opensolaris.org/os/licensing.
 * See the License for the specific language governing permissions
 * and limitations under the License.
 *
 * When distributing Covered Code, include this CDDL HEADER in each
 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
 * If applicable, add the following below this CDDL HEADER, with the
 * fields enclosed by brackets "[]" replaced with your own identifying
 * information: Portions Copyright [yyyy] [name of copyright owner]
 *
 * CDDL HEADER END
 */
/*
 * Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
 * Use is subject to license terms.
 */

#ifndef	_DCS_H
#define	_DCS_H

#pragma ident	"%Z%%M%	%I%	%E% SMI"

#ifdef	__cplusplus
extern "C" {
#endif

#include <poll.h>
#include <signal.h>

#include "remote_cfg.h"
#include "rdr_param_types.h"


#define	DCS_SERVICE		"sun-dr"
#define	SUN_DR_PORT		665
#define	DCS_BACKLOG		10

#define	BLOCKFOREVER		(-1)
#define	DCS_SND_TIMEOUT		60000		/* 1 minute */
#define	DCS_RCV_TIMEOUT		300000		/* 5 minutes */
#define	DCS_RCV_CB_TIMEOUT	43200000	/* 12 hours */

#define	DCS_ERR_OFFSET		12000
#define	MAX_MSG_LEN		512

#define	DCS_MAX_SESSIONS	128

/*
 * Header files for per-socket IPsec
 */
#include <netinet/in.h>
#include <net/pfkeyv2.h>


/*
 * The IPsec socket option struct, from ipsec(7P):
 *
 *     typedef struct ipsec_req {
 *         uint_t      ipsr_ah_req;            AH request
 *         uint_t      ipsr_esp_req;           ESP request
 *         uint_t      ipsr_self_encap_req;    Self-Encap request
 *         uint8_t     ipsr_auth_alg;          Auth algs for AH
 *         uint8_t     ipsr_esp_alg;           Encr algs for ESP
 *         uint8_t     ipsr_esp_auth_alg;      Auth algs for ESP
 *     } ipsec_req_t;
 *
 * The -a option sets the ipsr_auth_alg field. Allowable arguments
 * are "none", "md5", or "sha1". The -e option sets the ipsr_esp_alg
 * field. Allowable arguments are "none", "des", or "3des". "none"
 * is the default for both options. The -u option sets the ipsr_esp_auth_alg
 * field. Allowable arguments are the same as -a.
 *
 * The arguments ("md5", "des", etc.) are named so that they match
 * kmd(1m)'s accepted arguments which are listed on the SC in
 * /etc/opt/SUNWSMS/SMS/config/kmd_policy.cf.
 */
#define	AH_REQ		(IPSEC_PREF_REQUIRED | IPSEC_PREF_UNIQUE)
#define	ESP_REQ		(IPSEC_PREF_REQUIRED | IPSEC_PREF_UNIQUE)
#define	SELF_ENCAP_REQ	0x0

/*
 * A type to hold the command line argument string used to select a
 * particular authentication header (AH) or encapsulating security
 * payload (ESP) algorithm and the ID used for that algorithm when
 * filling the ipsec_req_t structure which is passed to
 * setsockopt(3SOCKET).
 */
typedef struct dcs_alg {
	char		*arg_name;
	uint8_t		alg_id;
} dcs_alg_t;


/*
 * Debugging
 */
#define	DBG_NONE	0x00000000
#define	DBG_ALL		0xFFFFFFFF
#define	DBG_INFO	0x00000001
#define	DBG_MSG		0x00000002
#define	DBG_SES		0x00000004
#define	DBG_STATE	0x00000008

#ifdef DCS_DEBUG

/*
 * supported options for debug version:
 *
 * -d  control the amount of debugging
 * -S  control standalone mode
 * -s  control maximum active sessions
 * -a  control the IPsec AH algorithm ("none", "md5", or "sha1")
 * -e  control the IPsec ESP encr algorithm ("none", "des", or "3des")
 * -u  control the IPsec ESP auth algorithm ("none", "md5", or "sha1")
 * -l  control the use of libdscp for endpoint authentication.
 */
#define	OPT_STR		"d:Ss:a:e:u:l"

#else /* DCS_DEBUG */

/*
 * supported options for non-debug version:
 *
 * -s  control maximum active sessions
 * -a  control the IPsec AH algorithm ("none", "md5", or "sha1")
 * -e  control the IPsec ESP encr algorithm ("none", "des", or "3des")
 * -u  control the IPsec ESP auth algorithm ("none", "md5", or "sha1")
 * -l  control the use of libdscp for endpoint authentication.
 */
#define	OPT_STR		"s:a:e:u:l"

#endif /* DCS_DEBUG */


/*
 * Error codes that are used internally in the DCS. These error codes
 * are mapped to the strings listed to the right of each error code
 * as a comment.
 */
typedef enum {

	/*
	 * Network Errors:
	 */
	DCS_INIT_ERR = 0,   /* network initialization failed		   */
	DCS_NO_PORT,	    /* failed to acquire reserved port		   */
	DCS_CONNECT_ERR,    /* connection attempt failed		   */
	DCS_RECEIVE_ERR,    /* unable to receive message		   */
	DCS_OP_REPLY_ERR,   /* unable to send message for %s operation	   */
	DCS_NO_SERV,	    /* %s service not found, using reserved	   */
			    /* port 665					   */
	DCS_DISCONNECT,	    /* client disconnected			   */

	/*
	 * Session Errors:
	 */
	DCS_SES_HAND_ERR,   /* failed to start a new session handler	   */
	DCS_ABORT_ERR,	    /* abort attempt of session, %d, unsuccessful  */
	DCS_VER_INVAL,	    /* unsupported message protocol version %d.%d  */
	DCS_SES_ABORTED,    /* session aborted				   */

	/*
	 * DR Request Errors:
	 */
	DCS_UNKNOWN_OP,	    /* unknown operation requested		   */
	DCS_OP_FAILED,	    /* operation failed				   */
	DCS_SES_SEQ_INVAL,  /* invalid session establishment sequence	   */
	DCS_NO_SES_ESTBL,   /* %s operation issued before session	   */
			    /* established				   */
	DCS_MSG_INVAL,	    /* received an invalid message		   */
	DCS_CONF_CB_ERR,    /* confirm callback failed, aborting operation */
	DCS_MSG_CB_ERR,	    /* message callback failed, continuing	   */
	DCS_BAD_RETRY_VAL,  /* retry value invalid (%d)			   */
	DCS_BAD_TIME_VAL,   /* timeout value invalid (%d)		   */
	DCS_RETRY,	    /* retrying operation, attempt %d		   */

	/*
	 * General Errors:
	 */
	DCS_NO_PRIV,	    /* permission denied			   */
	DCS_INT_ERR,	    /* internal error: %s: %s			   */
	DCS_UNKNOWN_ERR,    /* unrecognized error reported		   */
	DCS_BAD_OPT,	    /* illegal option (-%c), exiting		   */
	DCS_BAD_OPT_ARG,    /* illegal argument to -%c flag (%s), %s	   */
	DCS_CFGA_UNKNOWN,   /* configuration administration unknown error  */
	DCS_CFGA_ERR,	    /* %s: %s					   */
	DCS_RSRC_ERR,	    /* resource info init error (%d)		   */
	DCS_NO_ERR,	    /* no error					   */
	DCS_MSG_COUNT	    /* NULL					   */

} dcs_err_code;


/*
 * Public error codes. These error codes are returned to the
 * client in the event of a fatal error. Since the DCS can
 * report either a libcfgadm or internal error, there is a
 * possiblity of conflicting error codes. To avoid this, the
 * DCS error codes are offset by a constant value. However,
 * 0 will always indicate that no errors have occurred.
 */
typedef enum {
	DCS_OK = 0,
	DCS_ERROR = DCS_ERR_OFFSET,
	DCS_MSG_INVAL_ERR,
	DCS_VER_INVAL_ERR,
	DCS_NO_SES_ERR,
	DCS_SES_INVAL_ERR,
	DCS_SES_SEQ_INVAL_ERR,
	DCS_SES_ABORTED_ERR
} dcs_err_t;


/*
 * DCS states. These states are the states that the DCS moves
 * through as it processes a DR request. The order represents
 * the transitions performed in a successful operation.
 */
typedef enum {
	DCS_CONNECTED = 1,
	DCS_SES_REQ,
	DCS_SES_ESTBL,
	DCS_CONF_PENDING,
	DCS_CONF_DONE,
	DCS_SES_END
} dcs_ses_state_t;


/*
 * Message Contents
 */
typedef struct message {
	rdr_msg_hdr_t	*hdr;
	cfga_params_t	*params;
} message_t;


/*
 * Session information
 */
typedef struct session {
	unsigned long	id;
	unsigned short	major_version;
	unsigned short	minor_version;
	unsigned long	random_req;
	unsigned long	random_resp;

	int		fd;
	dcs_ses_state_t	state;
	message_t	curr_msg;
} session_t;


/*
 * Message Direction
 */
typedef enum {
	DCS_SEND,
	DCS_RECEIVE
} dcs_msg_type_t;


/*
 * Globals
 */
extern ulong_t	dcs_debug;
extern int	standalone;
extern ulong_t	max_sessions;
extern int	use_libdscp;


/*
 * From dcs.c:
 */
int dcs_dispatch_message(rdr_msg_hdr_t *hdr, cfga_params_t *params);
void init_msg(rdr_msg_hdr_t *hdr);

/*
 * From dcs_ses.c:
 */
int ses_start(int fd);
int ses_close(int err_code);
int ses_abort(long ses_id);
void ses_abort_enable(void);
void ses_abort_disable(void);
void abort_handler(void);
int ses_setlocale(char *locale);
void ses_init_signals(sigset_t *mask);
void ses_sleep(int sec);
int ses_poll(struct pollfd fds[], nfds_t nfds, int timeout);
session_t *curr_ses(void);
long curr_ses_id(void);

/*
 * From dcs_msg.c:
 */
void dcs_log_msg(int priority, int code, ...);
char *dcs_cfga_str(char **err_str, int err_code);
void dcs_dbg(int level, char *fmt, ...);
void print_msg_hdr(dcs_msg_type_t type, rdr_msg_hdr_t *hdr);
const char *dcs_strerror(int err_code);


/*
 * If the dcs_debug global variable is not set, no
 * debugging messages will be logged.
 */
#define	DCS_DBG		if (dcs_debug) dcs_dbg
#define	PRINT_MSG_DBG	if (dcs_debug) print_msg_hdr


#ifdef	__cplusplus
}
#endif

#endif /* _DCS_H */