2 * iSCSI Authorization Library
4 * maintained by open-iscsi@@googlegroups.com
7 * Copyright (C) 2001 Cisco Systems, Inc.
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published
11 * by the Free Software Foundation; either version 2 of the License, or
12 * (at your option) any later version.
14 * This program is distributed in the hope that it will be useful, but
15 * WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
17 * General Public License for more details.
19 * See the file COPYING included with this distribution for more details.
27 AUTH_STR_MAX_LEN
= 256,
28 AUTH_STR_BLOCK_MAX_LEN
= 1024,
29 AUTH_LARGE_BINARY_MAX_LEN
= 1024,
30 AUTH_RECV_END_MAX_COUNT
= 10,
31 ACL_SIGNATURE
= 0x5984B2E3,
32 AUTH_CHAP_RSP_LEN
= 16,
36 * Note: The ordering of these values are chosen to match
37 * the ordering of the keys as shown in the iSCSI spec.
38 * The order of table key_names in acl_get_key_name()
39 * must match the order defined by enum auth_key_type.
42 AUTH_KEY_TYPE_NONE
= -1,
43 AUTH_KEY_TYPE_FIRST
= 0,
44 AUTH_KEY_TYPE_AUTH_METHOD
= AUTH_KEY_TYPE_FIRST
,
45 AUTH_KEY_TYPE_CHAP_ALG
,
46 AUTH_KEY_TYPE_CHAP_USERNAME
,
47 AUTH_KEY_TYPE_CHAP_RSP
,
48 AUTH_KEY_TYPE_CHAP_IDENTIFIER
,
49 AUTH_KEY_TYPE_CHAP_CHALLENGE
,
50 AUTH_KEY_TYPE_MAX_COUNT
,
51 AUTH_KEY_TYPE_LAST
= AUTH_KEY_TYPE_MAX_COUNT
- 1
55 /* Common options for all keys. */
56 AUTH_OPTION_REJECT
= -2,
57 AUTH_OPTION_NOT_PRESENT
= -1,
61 AUTH_METHOD_MAX_COUNT
= 2,
63 AUTH_CHAP_ALG_MD5
= 5,
64 AUTH_CHAP_ALG_MAX_COUNT
= 2
68 AUTH_NEG_ROLE_ORIGINATOR
= 1,
69 AUTH_NEG_ROLE_RESPONDER
= 2
73 AUTH_STATUS_NO_ERROR
= 0,
81 * Note: The order of table dbg_text in acl_dbg_status_to_text()
82 * must match the ordered defined by enum auth_dbg_status.
84 enum auth_dbg_status
{
85 AUTH_DBG_STATUS_NOT_SET
= 0,
87 AUTH_DBG_STATUS_AUTH_PASS
,
88 AUTH_DBG_STATUS_AUTH_RMT_FALSE
,
90 AUTH_DBG_STATUS_AUTH_FAIL
,
92 AUTH_DBG_STATUS_AUTH_METHOD_BAD
,
93 AUTH_DBG_STATUS_CHAP_ALG_BAD
,
94 AUTH_DBG_STATUS_PASSWD_DECRYPT_FAILED
,
95 AUTH_DBG_STATUS_PASSWD_TOO_SHORT_WITH_NO_IPSEC
,
96 AUTH_DBG_STATUS_AUTH_SERVER_ERROR
,
97 AUTH_DBG_STATUS_AUTH_STATUS_BAD
,
98 AUTH_DBG_STATUS_AUTHPASS_NOT_VALID
,
99 AUTH_DBG_STATUS_SEND_DUP_SET_KEY_VALUE
,
100 AUTH_DBG_STATUS_SEND_STR_TOO_LONG
,
101 AUTH_DBG_STATUS_SEND_TOO_MUCH_DATA
,
103 AUTH_DBG_STATUS_AUTH_METHOD_EXPECTED
,
104 AUTH_DBG_STATUS_CHAP_ALG_EXPECTED
,
105 AUTH_DBG_STATUS_CHAP_IDENTIFIER_EXPECTED
,
106 AUTH_DBG_STATUS_CHAP_CHALLENGE_EXPECTED
,
107 AUTH_DBG_STATUS_CHAP_RSP_EXPECTED
,
108 AUTH_DBG_STATUS_CHAP_USERNAME_EXPECTED
,
110 AUTH_DBG_STATUS_AUTH_METHOD_NOT_PRESENT
,
111 AUTH_DBG_STATUS_AUTH_METHOD_REJECT
,
112 AUTH_DBG_STATUS_AUTH_METHOD_NONE
,
113 AUTH_DBG_STATUS_CHAP_ALG_REJECT
,
114 AUTH_DBG_STATUS_CHAP_CHALLENGE_REFLECTED
,
115 AUTH_DBG_STATUS_PASSWD_IDENTICAL
,
117 AUTH_DBG_STATUS_LOCAL_PASSWD_NOT_SET
,
119 AUTH_DBG_STATUS_CHAP_IDENTIFIER_BAD
,
120 AUTH_DBG_STATUS_CHALLENGE_BAD
,
121 AUTH_DBG_STATUS_CHAP_RSP_BAD
,
122 AUTH_DBG_STATUS_UNEXPECTED_KEY_PRESENT
,
123 AUTH_DBG_STATUS_T_BIT_SET_ILLEGAL
,
124 AUTH_DBG_STATUS_T_BIT_SET_PREMATURE
,
126 AUTH_DBG_STATUS_RECV_MSG_COUNT_LIMIT
,
127 AUTH_DBG_STATUS_RECV_DUP_SET_KEY_VALUE
,
128 AUTH_DBG_STATUS_RECV_STR_TOO_LONG
,
129 AUTH_DBG_STATUS_RECV_TOO_MUCH_DATA
,
130 AUTH_DBG_STATUS_MAX_COUNT
133 enum auth_node_type
{
139 AUTH_PHASE_CONFIGURE
= 1,
140 AUTH_PHASE_NEGOTIATE
,
141 AUTH_PHASE_AUTHENTICATE
,
146 enum auth_local_state
{
147 AUTH_LOCAL_STATE_SEND_ALG
= 1,
148 AUTH_LOCAL_STATE_RECV_ALG
,
149 AUTH_LOCAL_STATE_RECV_CHALLENGE
,
150 AUTH_LOCAL_STATE_DONE
,
151 AUTH_LOCAL_STATE_ERROR
154 enum auth_rmt_state
{
155 AUTH_RMT_STATE_SEND_ALG
= 1,
156 AUTH_RMT_STATE_SEND_CHALLENGE
,
157 AUTH_RMT_STATE_RECV_RSP
,
162 struct auth_buffer_desc
{
168 unsigned int present
:1;
169 unsigned int processed
:1;
170 unsigned int value_set
:1;
174 struct auth_large_binary_key
{
176 unsigned char *large_binary
;
179 struct auth_key_block
{
180 unsigned int transit_bit
:1;
181 unsigned int dup_set
:1;
182 unsigned int str_too_long
:1;
183 unsigned int too_much_data
:1;
184 unsigned int blk_length
:16;
186 struct auth_key key
[AUTH_KEY_TYPE_MAX_COUNT
];
189 struct auth_str_block
{
190 char str_block
[AUTH_STR_BLOCK_MAX_LEN
];
193 struct auth_large_binary
{
194 unsigned char large_binary
[AUTH_LARGE_BINARY_MAX_LEN
];
198 unsigned long signature
;
200 enum auth_node_type node_type
;
201 unsigned int auth_method_count
;
202 int auth_method_list
[AUTH_METHOD_MAX_COUNT
];
203 enum auth_neg_role auth_method_neg_role
;
204 unsigned int chap_alg_count
;
205 int chap_alg_list
[AUTH_CHAP_ALG_MAX_COUNT
];
207 char username
[AUTH_STR_MAX_LEN
];
209 unsigned int passwd_length
;
210 unsigned char passwd_data
[AUTH_STR_MAX_LEN
];
211 unsigned int chap_challenge_len
;
214 unsigned int auth_method_valid_count
;
215 int auth_method_valid_list
[AUTH_METHOD_MAX_COUNT
];
216 int auth_method_valid_neg_role
;
218 int recv_in_progress_flag
;
220 struct iscsi_session
*session_handle
; /*
221 * session_handle can only be
222 * used by acl_chap_auth_request
224 enum auth_phase phase
;
225 enum auth_local_state local_state
;
226 enum auth_rmt_state rmt_state
;
227 enum auth_status rmt_auth_status
;
228 enum auth_dbg_status dbg_status
;
229 int negotiated_auth_method
;
230 int negotiated_chap_alg
;
232 int auth_server_error_flag
;
233 int transit_bit_sent_flag
;
235 unsigned int send_chap_identifier
;
236 struct auth_large_binary_key send_chap_challenge
;
237 char chap_username
[AUTH_STR_MAX_LEN
];
239 int recv_chap_challenge_status
;
240 struct auth_large_binary_key recv_chap_challenge
;
242 char scratch_key_value
[AUTH_STR_MAX_LEN
];
244 struct auth_key_block recv_key_block
;
245 struct auth_key_block send_key_block
;
248 extern int acl_init(int node_type
, int buf_desc_count
,
249 struct auth_buffer_desc
*buff_desc
);
250 extern int acl_finish(struct iscsi_acl
*client
);
252 extern int acl_recv_begin(struct iscsi_acl
*client
);
253 extern int acl_recv_end(struct iscsi_acl
*client
,
254 struct iscsi_session
*session_handle
);
255 extern const char *acl_get_key_name(int key_type
);
256 extern int acl_get_next_key_type(int *key_type
);
257 extern int acl_recv_key_value(struct iscsi_acl
*client
, int key_type
,
258 const char *user_key_val
);
259 extern int acl_send_key_val(struct iscsi_acl
*client
, int key_type
,
260 int *key_present
, char *user_key_val
,
261 unsigned int max_length
);
262 extern int acl_recv_transit_bit(struct iscsi_acl
*client
, int value
);
263 extern int acl_send_transit_bit(struct iscsi_acl
*client
, int *value
);
264 extern int acl_set_user_name(struct iscsi_acl
*client
, const char *username
);
265 extern int acl_set_passwd(struct iscsi_acl
*client
,
266 const unsigned char *pw_data
, unsigned int pw_len
);
267 extern int acl_set_auth_rmt(struct iscsi_acl
*client
, int auth_rmt
);
268 extern int acl_set_ip_sec(struct iscsi_acl
*client
, int ip_sec
);
269 extern int acl_get_dbg_status(struct iscsi_acl
*client
, int *value
);
270 extern const char *acl_dbg_status_to_text(int dbg_status
);
271 extern enum auth_dbg_status
acl_chap_compute_rsp(struct iscsi_acl
*client
,
274 unsigned char *challenge_data
,
275 unsigned int challenge_len
,
276 unsigned char *response_data
);
277 extern int acl_chap_auth_request(struct iscsi_acl
*client
, char *username
,
279 unsigned char *challenge_data
,
280 unsigned int challenge_length
,
281 unsigned char *response_data
,
282 unsigned int rsp_length
);
283 extern int acl_data(unsigned char *out_data
, unsigned int *out_length
,
284 unsigned char *in_data
, unsigned int in_length
);
285 #endif /* #ifndef ISCSIAUTHCLIENT_H */