1*a6d42e7dSPeter Dunlap /* 2*a6d42e7dSPeter Dunlap * CDDL HEADER START 3*a6d42e7dSPeter Dunlap * 4*a6d42e7dSPeter Dunlap * The contents of this file are subject to the terms of the 5*a6d42e7dSPeter Dunlap * Common Development and Distribution License (the "License"). 6*a6d42e7dSPeter Dunlap * You may not use this file except in compliance with the License. 7*a6d42e7dSPeter Dunlap * 8*a6d42e7dSPeter Dunlap * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9*a6d42e7dSPeter Dunlap * or http://www.opensolaris.org/os/licensing. 10*a6d42e7dSPeter Dunlap * See the License for the specific language governing permissions 11*a6d42e7dSPeter Dunlap * and limitations under the License. 12*a6d42e7dSPeter Dunlap * 13*a6d42e7dSPeter Dunlap * When distributing Covered Code, include this CDDL HEADER in each 14*a6d42e7dSPeter Dunlap * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15*a6d42e7dSPeter Dunlap * If applicable, add the following below this CDDL HEADER, with the 16*a6d42e7dSPeter Dunlap * fields enclosed by brackets "[]" replaced with your own identifying 17*a6d42e7dSPeter Dunlap * information: Portions Copyright [yyyy] [name of copyright owner] 18*a6d42e7dSPeter Dunlap * 19*a6d42e7dSPeter Dunlap * CDDL HEADER END 20*a6d42e7dSPeter Dunlap */ 21*a6d42e7dSPeter Dunlap /* 22*a6d42e7dSPeter Dunlap * Copyright 2008 Sun Microsystems, Inc. All rights reserved. 23*a6d42e7dSPeter Dunlap * Use is subject to license terms. 24*a6d42e7dSPeter Dunlap */ 25*a6d42e7dSPeter Dunlap 26*a6d42e7dSPeter Dunlap #ifndef _CHAP_H 27*a6d42e7dSPeter Dunlap #define _CHAP_H 28*a6d42e7dSPeter Dunlap 29*a6d42e7dSPeter Dunlap #ifdef __cplusplus 30*a6d42e7dSPeter Dunlap extern "C" { 31*a6d42e7dSPeter Dunlap #endif 32*a6d42e7dSPeter Dunlap 33*a6d42e7dSPeter Dunlap #include <netinet/in.h> 34*a6d42e7dSPeter Dunlap #include <sys/int_types.h> 35*a6d42e7dSPeter Dunlap 36*a6d42e7dSPeter Dunlap #include <sys/iscsit/iscsi_if.h> 37*a6d42e7dSPeter Dunlap #include <sys/iscsit/radius_protocol.h> 38*a6d42e7dSPeter Dunlap 39*a6d42e7dSPeter Dunlap typedef enum chap_validation_status_type { 40*a6d42e7dSPeter Dunlap CHAP_VALIDATION_PASSED, /* CHAP validation passed */ 41*a6d42e7dSPeter Dunlap CHAP_VALIDATION_INVALID_RESPONSE, /* Invalid CHAP response */ 42*a6d42e7dSPeter Dunlap CHAP_VALIDATION_DUP_SECRET, /* Same CHAP secret used */ 43*a6d42e7dSPeter Dunlap /* for authentication in the */ 44*a6d42e7dSPeter Dunlap /* other direction */ 45*a6d42e7dSPeter Dunlap CHAP_VALIDATION_UNKNOWN_AUTH_METHOD, /* Unknown authentication */ 46*a6d42e7dSPeter Dunlap /* method */ 47*a6d42e7dSPeter Dunlap CHAP_VALIDATION_INTERNAL_ERROR, /* MISC internal error */ 48*a6d42e7dSPeter Dunlap CHAP_VALIDATION_RADIUS_ACCESS_ERROR, /* Problem accessing RADIUS */ 49*a6d42e7dSPeter Dunlap CHAP_VALIDATION_BAD_RADIUS_SECRET, /* Invalid RADIUS shared */ 50*a6d42e7dSPeter Dunlap /* secret */ 51*a6d42e7dSPeter Dunlap CHAP_VALIDATION_UNKNOWN_RADIUS_CODE /* Irrelevant or unknown */ 52*a6d42e7dSPeter Dunlap /* RADIUS packet code */ 53*a6d42e7dSPeter Dunlap /* returned */ 54*a6d42e7dSPeter Dunlap } chap_validation_status_type; 55*a6d42e7dSPeter Dunlap 56*a6d42e7dSPeter Dunlap typedef enum authentication_method_type { 57*a6d42e7dSPeter Dunlap RADIUS_AUTHENTICATION, 58*a6d42e7dSPeter Dunlap DIRECT_AUTHENTICATION 59*a6d42e7dSPeter Dunlap } authentication_method_type; 60*a6d42e7dSPeter Dunlap 61*a6d42e7dSPeter Dunlap typedef struct radius_config { 62*a6d42e7dSPeter Dunlap iscsi_ipaddr_t rad_svr_addr; /* IPv6 enabled */ 63*a6d42e7dSPeter Dunlap uint32_t rad_svr_port; 64*a6d42e7dSPeter Dunlap uint8_t rad_svr_shared_secret[MAX_RAD_SHARED_SECRET_LEN]; 65*a6d42e7dSPeter Dunlap uint32_t rad_svr_shared_secret_len; 66*a6d42e7dSPeter Dunlap } RADIUS_CONFIG; 67*a6d42e7dSPeter Dunlap 68*a6d42e7dSPeter Dunlap /* 69*a6d42e7dSPeter Dunlap * To validate a target CHAP response given the associated challenge. 70*a6d42e7dSPeter Dunlap * 71*a6d42e7dSPeter Dunlap * target_chap_name - The CHAP name of the target being authenticated. 72*a6d42e7dSPeter Dunlap * initiator_chap_name - The CHAP name of the authenticating initiator. 73*a6d42e7dSPeter Dunlap * challenge - The CHAP challenge to which the target responded. 74*a6d42e7dSPeter Dunlap * target_response - The target's CHAP response to be validated. 75*a6d42e7dSPeter Dunlap * identifier - The identifier associated with the CHAP challenge. 76*a6d42e7dSPeter Dunlap * auth_method - The authentication method to be used. 77*a6d42e7dSPeter Dunlap * auth_config_data - Any required configuration data to support the 78*a6d42e7dSPeter Dunlap * specified authentication method. 79*a6d42e7dSPeter Dunlap */ 80*a6d42e7dSPeter Dunlap chap_validation_status_type 81*a6d42e7dSPeter Dunlap chap_validate( 82*a6d42e7dSPeter Dunlap char *target_chap_name, 83*a6d42e7dSPeter Dunlap char *initiator_chap_name, 84*a6d42e7dSPeter Dunlap uint8_t *challenge, 85*a6d42e7dSPeter Dunlap uint8_t *target_response, 86*a6d42e7dSPeter Dunlap uint8_t identifier, 87*a6d42e7dSPeter Dunlap authentication_method_type auth_method, 88*a6d42e7dSPeter Dunlap void *auth_config_data); 89*a6d42e7dSPeter Dunlap 90*a6d42e7dSPeter Dunlap #ifdef __cplusplus 91*a6d42e7dSPeter Dunlap } 92*a6d42e7dSPeter Dunlap #endif 93*a6d42e7dSPeter Dunlap 94*a6d42e7dSPeter Dunlap #endif /* _CHAP_H */ 95