/* * CDDL HEADER START * * The contents of this file are subject to the terms of the * Common Development and Distribution License (the "License"). * You may not use this file except in compliance with the License. * * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE * or http://www.opensolaris.org/os/licensing. * See the License for the specific language governing permissions * and limitations under the License. * * When distributing Covered Code, include this CDDL HEADER in each * file and include the License file at usr/src/OPENSOLARIS.LICENSE. * If applicable, add the following below this CDDL HEADER, with the * fields enclosed by brackets "[]" replaced with your own identifying * information: Portions Copyright [yyyy] [name of copyright owner] * * CDDL HEADER END */ /* * Copyright 2000 by Cisco Systems, Inc. All rights reserved. * Copyright (c) 2008, 2010, Oracle and/or its affiliates. All rights reserved. */ #ifndef _ISCSI_AUTHCLIENT_H #define _ISCSI_AUTHCLIENT_H /* * This file is the include file for for iscsiAuthClient.c */ #ifdef __cplusplus extern "C" { #endif enum { iscsiAuthStringMaxLength = 512 }; enum { iscsiAuthStringBlockMaxLength = 1024 }; enum { iscsiAuthLargeBinaryMaxLength = 1024 }; enum { iscsiAuthRecvEndMaxCount = 10 }; enum { iscsiAuthClientSignature = 0x5984B2E3 }; enum { iscsiAuthChapResponseLength = 16 }; /* * Note: The ordering of these values are chosen to match * the ordering of the keys as shown in the iSCSI spec. * The table IscsiAuthClientKeyInfo in iscsiAuthClient.c * must also match this order. */ enum iscsiAuthKeyType_t { iscsiAuthKeyTypeNone = -1, iscsiAuthKeyTypeFirst = 0, iscsiAuthKeyTypeAuthMethod = iscsiAuthKeyTypeFirst, iscsiAuthKeyTypeChapAlgorithm, iscsiAuthKeyTypeChapUsername, iscsiAuthKeyTypeChapResponse, iscsiAuthKeyTypeChapIdentifier, iscsiAuthKeyTypeChapChallenge, iscsiAuthKeyTypeMaxCount, iscsiAuthKeyTypeLast = iscsiAuthKeyTypeMaxCount - 1 }; typedef enum iscsiAuthKeyType_t IscsiAuthKeyType; enum { /* * Common options for all keys. */ iscsiAuthOptionReject = -2, iscsiAuthOptionNotPresent = -1, iscsiAuthOptionNone = 1, iscsiAuthMethodChap = 2, iscsiAuthMethodMaxCount = 2, iscsiAuthChapAlgorithmMd5 = 5, iscsiAuthChapAlgorithmMaxCount = 2 }; enum iscsiAuthNegRole_t { iscsiAuthNegRoleOriginator = 1, iscsiAuthNegRoleResponder = 2 }; typedef enum iscsiAuthNegRole_t IscsiAuthNegRole; /* * Note: These values are chosen to map to the values sent * in the iSCSI header. */ enum iscsiAuthVersion_t { iscsiAuthVersionDraft8 = 2, iscsiAuthVersionRfc = 0 }; typedef enum iscsiAuthVersion_t IscsiAuthVersion; enum iscsiAuthStatus_t { iscsiAuthStatusNoError = 0, iscsiAuthStatusError, iscsiAuthStatusPass, iscsiAuthStatusFail, iscsiAuthStatusContinue, iscsiAuthStatusInProgress }; typedef enum iscsiAuthStatus_t IscsiAuthStatus; enum iscsiAuthDebugStatus_t { iscsiAuthDebugStatusNotSet = 0, iscsiAuthDebugStatusAuthPass, iscsiAuthDebugStatusAuthRemoteFalse, iscsiAuthDebugStatusAuthFail, iscsiAuthDebugStatusAuthMethodBad, iscsiAuthDebugStatusChapAlgorithmBad, iscsiAuthDebugStatusPasswordDecryptFailed, iscsiAuthDebugStatusPasswordTooShortWithNoIpSec, iscsiAuthDebugStatusAuthServerError, iscsiAuthDebugStatusAuthStatusBad, iscsiAuthDebugStatusAuthPassNotValid, iscsiAuthDebugStatusSendDuplicateSetKeyValue, iscsiAuthDebugStatusSendStringTooLong, iscsiAuthDebugStatusSendTooMuchData, iscsiAuthDebugStatusAuthMethodExpected, iscsiAuthDebugStatusChapAlgorithmExpected, iscsiAuthDebugStatusChapIdentifierExpected, iscsiAuthDebugStatusChapChallengeExpected, iscsiAuthDebugStatusChapResponseExpected, iscsiAuthDebugStatusChapUsernameExpected, iscsiAuthDebugStatusAuthMethodNotPresent, iscsiAuthDebugStatusAuthMethodReject, iscsiAuthDebugStatusAuthMethodNone, iscsiAuthDebugStatusChapAlgorithmReject, iscsiAuthDebugStatusChapChallengeReflected, iscsiAuthDebugStatusPasswordIdentical, iscsiAuthDebugStatusLocalPasswordNotSet, iscsiAuthDebugStatusChapIdentifierBad, iscsiAuthDebugStatusChapChallengeBad, iscsiAuthDebugStatusChapResponseBad, iscsiAuthDebugStatusUnexpectedKeyPresent, iscsiAuthDebugStatusTbitSetIllegal, iscsiAuthDebugStatusTbitSetPremature, iscsiAuthDebugStatusRecvMessageCountLimit, iscsiAuthDebugStatusRecvDuplicateSetKeyValue, iscsiAuthDebugStatusRecvStringTooLong, iscsiAuthDebugStatusRecvTooMuchData }; typedef enum iscsiAuthDebugStatus_t IscsiAuthDebugStatus; enum iscsiAuthNodeType_t { iscsiAuthNodeTypeInitiator = 1, iscsiAuthNodeTypeTarget = 2 }; typedef enum iscsiAuthNodeType_t IscsiAuthNodeType; enum iscsiAuthPhase_t { iscsiAuthPhaseConfigure = 1, iscsiAuthPhaseNegotiate, /* Negotiating */ iscsiAuthPhaseAuthenticate, /* Authenticating */ iscsiAuthPhaseDone, /* Authentication done */ iscsiAuthPhaseError }; typedef enum iscsiAuthPhase_t IscsiAuthPhase; enum iscsiAuthLocalState_t { iscsiAuthLocalStateSendAlgorithm = 1, iscsiAuthLocalStateRecvAlgorithm, iscsiAuthLocalStateRecvChallenge, iscsiAuthLocalStateDone, iscsiAuthLocalStateError }; typedef enum iscsiAuthLocalState_t IscsiAuthLocalState; enum iscsiAuthRemoteState_t { iscsiAuthRemoteStateSendAlgorithm = 1, iscsiAuthRemoteStateSendChallenge, iscsiAuthRemoteStateRecvResponse, iscsiAuthRemoteStateAuthRequest, iscsiAuthRemoteStateDone, iscsiAuthRemoteStateError }; typedef enum iscsiAuthRemoteState_t IscsiAuthRemoteState; typedef void IscsiAuthClientCallback(void *, void *, int); struct iscsiAuthClientGlobalStats_t { unsigned long requestSent; unsigned long responseReceived; }; typedef struct iscsiAuthClientGlobalStats_t IscsiAuthClientGlobalStats; struct iscsiAuthBufferDesc_t { unsigned int length; void *address; }; typedef struct iscsiAuthBufferDesc_t IscsiAuthBufferDesc; struct iscsiAuthKey_t { unsigned int present:1; unsigned int processed:1; unsigned int valueSet:1; /* 1 if the value is set to be valid */ char *string; }; typedef struct iscsiAuthKey_t IscsiAuthKey; struct iscsiAuthLargeBinaryKey_t { unsigned int length; unsigned char *largeBinary; }; typedef struct iscsiAuthLargeBinaryKey_t IscsiAuthLargeBinaryKey; struct iscsiAuthKeyBlock_t { unsigned int transitBit:1; /* To transit: TRUE or FALSE */ unsigned int duplicateSet:1; /* Set the value more than once */ unsigned int stringTooLong:1; /* Key value too long */ unsigned int tooMuchData:1; /* The keypair data blk overflows */ unsigned int blockLength:16; /* The length of the keypair data blk */ char *stringBlock; IscsiAuthKey key[iscsiAuthKeyTypeMaxCount]; }; typedef struct iscsiAuthKeyBlock_t IscsiAuthKeyBlock; struct iscsiAuthStringBlock_t { char stringBlock[iscsiAuthStringBlockMaxLength]; }; typedef struct iscsiAuthStringBlock_t IscsiAuthStringBlock; struct iscsiAuthLargeBinary_t { unsigned char largeBinary[iscsiAuthLargeBinaryMaxLength]; }; typedef struct iscsiAuthLargeBinary_t IscsiAuthLargeBinary; struct iscsiAuthClient_t { unsigned long signature; void *glueHandle; struct iscsiAuthClient_t *next; unsigned int authRequestId; IscsiAuthNodeType nodeType; unsigned int authMethodCount; int authMethodList[iscsiAuthMethodMaxCount]; IscsiAuthNegRole authMethodNegRole; unsigned int chapAlgorithmCount; int chapAlgorithmList[iscsiAuthChapAlgorithmMaxCount]; /* * To indicate if remote authentication is enabled (0 = no 1 = yes) * For the case of initiator, remote authentication enabled means * enabling target authentication. */ int authRemote; char username[iscsiAuthStringMaxLength]; int passwordPresent; unsigned int passwordLength; unsigned char passwordData[iscsiAuthStringMaxLength]; char methodListName[iscsiAuthStringMaxLength]; IscsiAuthVersion version; unsigned int chapChallengeLength; int ipSec; int base64; unsigned int authMethodValidCount; int authMethodValidList[iscsiAuthMethodMaxCount]; int authMethodValidNegRole; const char *rejectOptionName; const char *noneOptionName; int recvInProgressFlag; int recvEndCount; IscsiAuthClientCallback *callback; void *userHandle; void *messageHandle; IscsiAuthPhase phase; IscsiAuthLocalState localState; IscsiAuthRemoteState remoteState; IscsiAuthStatus remoteAuthStatus; IscsiAuthDebugStatus debugStatus; int negotiatedAuthMethod; int negotiatedChapAlgorithm; int authResponseFlag; int authServerErrorFlag; int transitBitSentFlag; unsigned int sendChapIdentifier; IscsiAuthLargeBinaryKey sendChapChallenge; char chapUsername[iscsiAuthStringMaxLength]; int recvChapChallengeStatus; IscsiAuthLargeBinaryKey recvChapChallenge; char scratchKeyValue[iscsiAuthStringMaxLength]; IscsiAuthKeyBlock recvKeyBlock; /* Received keypair data */ IscsiAuthKeyBlock sendKeyBlock; /* Keypair data to be sent */ }; typedef struct iscsiAuthClient_t IscsiAuthClient; #ifdef __cplusplus } #endif #include <sys/iscsi_authclientglue.h> #ifdef __cplusplus extern "C" { #endif extern IscsiAuthClientGlobalStats iscsiAuthClientGlobalStats; extern int iscsiAuthClientInit(int, int, IscsiAuthBufferDesc *); extern int iscsiAuthClientFinish(IscsiAuthClient *); extern int iscsiAuthClientRecvBegin(IscsiAuthClient *); extern int iscsiAuthClientRecvEnd(IscsiAuthClient *, IscsiAuthClientCallback *, void *, void *); extern const char *iscsiAuthClientGetKeyName(int); extern int iscsiAuthClientGetNextKeyType(int *); extern int iscsiAuthClientKeyNameToKeyType(const char *); extern int iscsiAuthClientRecvKeyValue(IscsiAuthClient *, int, const char *); extern int iscsiAuthClientSendKeyValue(IscsiAuthClient *, int, int *, char *, unsigned int); extern int iscsiAuthClientRecvTransitBit(IscsiAuthClient *, int); extern int iscsiAuthClientSendTransitBit(IscsiAuthClient *, int *); extern int iscsiAuthClientSetAuthMethodList(IscsiAuthClient *, unsigned int, const int *); extern int iscsiAuthClientSetAuthMethodNegRole(IscsiAuthClient *, int); extern int iscsiAuthClientSetChapAlgorithmList(IscsiAuthClient *, unsigned int, const int *); extern int iscsiAuthClientSetUsername(IscsiAuthClient *, const char *); extern int iscsiAuthClientSetPassword(IscsiAuthClient *, const unsigned char *, unsigned int); extern int iscsiAuthClientSetAuthRemote(IscsiAuthClient *, int); extern int iscsiAuthClientSetGlueHandle(IscsiAuthClient *, void *); extern int iscsiAuthClientSetMethodListName(IscsiAuthClient *, const char *); extern int iscsiAuthClientSetIpSec(IscsiAuthClient *, int); extern int iscsiAuthClientSetBase64(IscsiAuthClient *, int); extern int iscsiAuthClientSetChapChallengeLength(IscsiAuthClient *, unsigned int); extern int iscsiAuthClientSetVersion(IscsiAuthClient *, int); extern int iscsiAuthClientCheckPasswordNeeded(IscsiAuthClient *, int *); extern int iscsiAuthClientGetAuthPhase(IscsiAuthClient *, int *); extern int iscsiAuthClientGetAuthStatus(IscsiAuthClient *, int *); extern int iscsiAuthClientAuthStatusPass(int); extern int iscsiAuthClientGetAuthMethod(IscsiAuthClient *, int *); extern int iscsiAuthClientGetChapAlgorithm(IscsiAuthClient *, int *); extern int iscsiAuthClientGetChapUsername(IscsiAuthClient *, char *, unsigned int); extern int iscsiAuthClientSendStatusCode(IscsiAuthClient *, int *); extern int iscsiAuthClientGetDebugStatus(IscsiAuthClient *, int *); extern const char *iscsiAuthClientDebugStatusToText(int); /* * The following is called by platform dependent code. */ extern void iscsiAuthClientAuthResponse(IscsiAuthClient *, int); /* * The following routines are considered platform dependent, * and need to be implemented for use by iscsiAuthClient.c. */ extern int iscsiAuthClientChapAuthRequest(IscsiAuthClient *, char *, unsigned int, unsigned char *, unsigned int, unsigned char *, unsigned int); extern void iscsiAuthClientChapAuthCancel(IscsiAuthClient *); extern int iscsiAuthClientTextToNumber(const char *, unsigned long *); extern void iscsiAuthClientNumberToText(unsigned long, char *, unsigned int); extern void iscsiAuthRandomSetData(unsigned char *, unsigned int); extern void iscsiAuthMd5Init(IscsiAuthMd5Context *); extern void iscsiAuthMd5Update(IscsiAuthMd5Context *, unsigned char *, unsigned int); extern void iscsiAuthMd5Final(unsigned char *, IscsiAuthMd5Context *); extern int iscsiAuthClientData(unsigned char *, unsigned int *, unsigned char *, unsigned int); #ifdef __cplusplus } #endif #endif /* _ISCSI_AUTHCLIENT_H */