1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License, Version 1.0 only 6 * (the "License"). You may not use this file except in compliance 7 * with the License. 8 * 9 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 10 * or http://www.opensolaris.org/os/licensing. 11 * See the License for the specific language governing permissions 12 * and limitations under the License. 13 * 14 * When distributing Covered Code, include this CDDL HEADER in each 15 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 16 * If applicable, add the following below this CDDL HEADER, with the 17 * fields enclosed by brackets "[]" replaced with your own identifying 18 * information: Portions Copyright [yyyy] [name of copyright owner] 19 * 20 * CDDL HEADER END 21 */ 22 /* 23 * Copyright 2005 Sun Microsystems, Inc. All rights reserved. 24 * Use is subject to license terms. 25 */ 26 27 #ifndef _DCS_H 28 #define _DCS_H 29 30 #pragma ident "%Z%%M% %I% %E% SMI" 31 32 #ifdef __cplusplus 33 extern "C" { 34 #endif 35 36 #include <poll.h> 37 #include <signal.h> 38 39 #include "remote_cfg.h" 40 #include "rdr_param_types.h" 41 42 43 #define DCS_SERVICE "sun-dr" 44 #define SUN_DR_PORT 665 45 #define DCS_BACKLOG 10 46 47 #define BLOCKFOREVER (-1) 48 #define DCS_SND_TIMEOUT 60000 /* 1 minute */ 49 #define DCS_RCV_TIMEOUT 300000 /* 5 minutes */ 50 #define DCS_RCV_CB_TIMEOUT 43200000 /* 12 hours */ 51 52 #define DCS_ERR_OFFSET 12000 53 #define MAX_MSG_LEN 512 54 55 #define DCS_MAX_SESSIONS 128 56 57 /* 58 * Header files for per-socket IPsec 59 */ 60 #include <netinet/in.h> 61 #include <net/pfkeyv2.h> 62 63 64 /* 65 * The IPsec socket option struct, from ipsec(7P): 66 * 67 * typedef struct ipsec_req { 68 * uint_t ipsr_ah_req; AH request 69 * uint_t ipsr_esp_req; ESP request 70 * uint_t ipsr_self_encap_req; Self-Encap request 71 * uint8_t ipsr_auth_alg; Auth algs for AH 72 * uint8_t ipsr_esp_alg; Encr algs for ESP 73 * uint8_t ipsr_esp_auth_alg; Auth algs for ESP 74 * } ipsec_req_t; 75 * 76 * The -a option sets the ipsr_auth_alg field. Allowable arguments 77 * are "none", "md5", or "sha1". The -e option sets the ipsr_esp_alg 78 * field. Allowable arguments are "none", "des", or "3des". "none" 79 * is the default for both options. The -u option sets the ipsr_esp_auth_alg 80 * field. Allowable arguments are the same as -a. 81 * 82 * The arguments ("md5", "des", etc.) are named so that they match 83 * kmd(1m)'s accepted arguments which are listed on the SC in 84 * /etc/opt/SUNWSMS/SMS/config/kmd_policy.cf. 85 */ 86 #define AH_REQ (IPSEC_PREF_REQUIRED | IPSEC_PREF_UNIQUE) 87 #define ESP_REQ (IPSEC_PREF_REQUIRED | IPSEC_PREF_UNIQUE) 88 #define SELF_ENCAP_REQ 0x0 89 90 /* 91 * A type to hold the command line argument string used to select a 92 * particular authentication header (AH) or encapsulating security 93 * payload (ESP) algorithm and the ID used for that algorithm when 94 * filling the ipsec_req_t structure which is passed to 95 * setsockopt(3SOCKET). 96 */ 97 typedef struct dcs_alg { 98 char *arg_name; 99 uint8_t alg_id; 100 } dcs_alg_t; 101 102 103 /* 104 * Debugging 105 */ 106 #define DBG_NONE 0x00000000 107 #define DBG_ALL 0xFFFFFFFF 108 #define DBG_INFO 0x00000001 109 #define DBG_MSG 0x00000002 110 #define DBG_SES 0x00000004 111 #define DBG_STATE 0x00000008 112 113 #ifdef DCS_DEBUG 114 115 /* 116 * supported options for debug version: 117 * 118 * -d control the amount of debugging 119 * -S control standalone mode 120 * -s control maximum active sessions 121 * -a control the IPsec AH algorithm ("none", "md5", or "sha1") 122 * -e control the IPsec ESP encr algorithm ("none", "des", or "3des") 123 * -u control the IPsec ESP auth algorithm ("none", "md5", or "sha1") 124 */ 125 #define OPT_STR "d:Ss:a:e:u:" 126 127 #else /* DCS_DEBUG */ 128 129 /* 130 * supported options for non-debug version: 131 * 132 * -s control maximum active sessions 133 * -a control the IPsec AH algorithm ("none", "md5", or "sha1") 134 * -e control the IPsec ESP encr algorithm ("none", "des", or "3des") 135 * -u control the IPsec ESP auth algorithm ("none", "md5", or "sha1") 136 */ 137 #define OPT_STR "s:a:e:u:" 138 139 #endif /* DCS_DEBUG */ 140 141 142 /* 143 * Error codes that are used internally in the DCS. These error codes 144 * are mapped to the strings listed to the right of each error code 145 * as a comment. 146 */ 147 typedef enum { 148 149 /* 150 * Network Errors: 151 */ 152 DCS_INIT_ERR = 0, /* network initialization failed */ 153 DCS_NO_PORT, /* failed to acquire reserved port */ 154 DCS_CONNECT_ERR, /* connection attempt failed */ 155 DCS_RECEIVE_ERR, /* unable to receive message */ 156 DCS_OP_REPLY_ERR, /* unable to send message for %s operation */ 157 DCS_NO_SERV, /* %s service not found, using reserved */ 158 /* port 665 */ 159 DCS_DISCONNECT, /* client disconnected */ 160 161 /* 162 * Session Errors: 163 */ 164 DCS_SES_HAND_ERR, /* failed to start a new session handler */ 165 DCS_ABORT_ERR, /* abort attempt of session, %d, unsuccessful */ 166 DCS_VER_INVAL, /* unsupported message protocol version %d.%d */ 167 DCS_SES_ABORTED, /* session aborted */ 168 169 /* 170 * DR Request Errors: 171 */ 172 DCS_UNKNOWN_OP, /* unknown operation requested */ 173 DCS_OP_FAILED, /* operation failed */ 174 DCS_SES_SEQ_INVAL, /* invalid session establishment sequence */ 175 DCS_NO_SES_ESTBL, /* %s operation issued before session */ 176 /* established */ 177 DCS_MSG_INVAL, /* received an invalid message */ 178 DCS_CONF_CB_ERR, /* confirm callback failed, aborting operation */ 179 DCS_MSG_CB_ERR, /* message callback failed, continuing */ 180 DCS_BAD_RETRY_VAL, /* retry value invalid (%d) */ 181 DCS_BAD_TIME_VAL, /* timeout value invalid (%d) */ 182 DCS_RETRY, /* retrying operation, attempt %d */ 183 184 /* 185 * General Errors: 186 */ 187 DCS_NO_PRIV, /* permission denied */ 188 DCS_INT_ERR, /* internal error: %s: %s */ 189 DCS_UNKNOWN_ERR, /* unrecognized error reported */ 190 DCS_BAD_OPT, /* illegal option (-%c), exiting */ 191 DCS_BAD_OPT_ARG, /* illegal argument to -%c flag (%s), %s */ 192 DCS_CFGA_UNKNOWN, /* configuration administration unknown error */ 193 DCS_CFGA_ERR, /* %s: %s */ 194 DCS_RSRC_ERR, /* resource info init error (%d) */ 195 DCS_NO_ERR, /* no error */ 196 DCS_MSG_COUNT /* NULL */ 197 198 } dcs_err_code; 199 200 201 /* 202 * Public error codes. These error codes are returned to the 203 * client in the event of a fatal error. Since the DCS can 204 * report either a libcfgadm or internal error, there is a 205 * possiblity of conflicting error codes. To avoid this, the 206 * DCS error codes are offset by a constant value. However, 207 * 0 will always indicate that no errors have occurred. 208 */ 209 typedef enum { 210 DCS_OK = 0, 211 DCS_ERROR = DCS_ERR_OFFSET, 212 DCS_MSG_INVAL_ERR, 213 DCS_VER_INVAL_ERR, 214 DCS_NO_SES_ERR, 215 DCS_SES_INVAL_ERR, 216 DCS_SES_SEQ_INVAL_ERR, 217 DCS_SES_ABORTED_ERR 218 } dcs_err_t; 219 220 221 /* 222 * DCS states. These states are the states that the DCS moves 223 * through as it processes a DR request. The order represents 224 * the transitions performed in a successful operation. 225 */ 226 typedef enum { 227 DCS_CONNECTED = 1, 228 DCS_SES_REQ, 229 DCS_SES_ESTBL, 230 DCS_CONF_PENDING, 231 DCS_CONF_DONE, 232 DCS_SES_END 233 } dcs_ses_state_t; 234 235 236 /* 237 * Message Contents 238 */ 239 typedef struct message { 240 rdr_msg_hdr_t *hdr; 241 cfga_params_t *params; 242 } message_t; 243 244 245 /* 246 * Session information 247 */ 248 typedef struct session { 249 unsigned long id; 250 unsigned short major_version; 251 unsigned short minor_version; 252 unsigned long random_req; 253 unsigned long random_resp; 254 255 int fd; 256 dcs_ses_state_t state; 257 message_t curr_msg; 258 } session_t; 259 260 261 /* 262 * Message Direction 263 */ 264 typedef enum { 265 DCS_SEND, 266 DCS_RECEIVE 267 } dcs_msg_type_t; 268 269 270 /* 271 * Globals 272 */ 273 extern ulong_t dcs_debug; 274 extern int standalone; 275 extern ulong_t max_sessions; 276 277 278 /* 279 * From dcs.c: 280 */ 281 int dcs_dispatch_message(rdr_msg_hdr_t *hdr, cfga_params_t *params); 282 void init_msg(rdr_msg_hdr_t *hdr); 283 284 /* 285 * From dcs_ses.c: 286 */ 287 int ses_start(int fd); 288 int ses_close(int err_code); 289 int ses_abort(long ses_id); 290 void ses_abort_enable(void); 291 void ses_abort_disable(void); 292 void abort_handler(void); 293 int ses_setlocale(char *locale); 294 void ses_init_signals(sigset_t *mask); 295 void ses_sleep(int sec); 296 int ses_poll(struct pollfd fds[], nfds_t nfds, int timeout); 297 session_t *curr_ses(void); 298 long curr_ses_id(void); 299 300 /* 301 * From dcs_msg.c: 302 */ 303 void dcs_log_msg(int priority, int code, ...); 304 char *dcs_cfga_str(char **err_str, int err_code); 305 void dcs_dbg(int level, char *fmt, ...); 306 void print_msg_hdr(dcs_msg_type_t type, rdr_msg_hdr_t *hdr); 307 const char *dcs_strerror(int err_code); 308 309 310 /* 311 * If the dcs_debug global variable is not set, no 312 * debugging messages will be logged. 313 */ 314 #define DCS_DBG if (dcs_debug) dcs_dbg 315 #define PRINT_MSG_DBG if (dcs_debug) print_msg_hdr 316 317 318 #ifdef __cplusplus 319 } 320 #endif 321 322 #endif /* _DCS_H */ 323