|
Packit |
eace71 |
/*
|
|
Packit |
eace71 |
* iSCSI Authorization Library
|
|
Packit |
eace71 |
*
|
|
Packit |
eace71 |
* maintained by open-iscsi@@googlegroups.com
|
|
Packit |
eace71 |
*
|
|
Packit |
eace71 |
* Originally based on:
|
|
Packit |
eace71 |
* Copyright (C) 2001 Cisco Systems, Inc.
|
|
Packit |
eace71 |
*
|
|
Packit |
eace71 |
* This program is free software; you can redistribute it and/or modify
|
|
Packit |
eace71 |
* it under the terms of the GNU General Public License as published
|
|
Packit |
eace71 |
* by the Free Software Foundation; either version 2 of the License, or
|
|
Packit |
eace71 |
* (at your option) any later version.
|
|
Packit |
eace71 |
*
|
|
Packit |
eace71 |
* This program is distributed in the hope that it will be useful, but
|
|
Packit |
eace71 |
* WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
Packit |
eace71 |
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
Packit |
eace71 |
* General Public License for more details.
|
|
Packit |
eace71 |
*
|
|
Packit |
eace71 |
* See the file COPYING included with this distribution for more details.
|
|
Packit |
eace71 |
*/
|
|
Packit |
eace71 |
#ifndef AUTH_CLIENT_H
|
|
Packit |
eace71 |
#define AUTH_CLIENT_H
|
|
Packit |
eace71 |
|
|
Packit |
eace71 |
struct iscsi_session;
|
|
Packit |
eace71 |
|
|
Packit |
eace71 |
enum {
|
|
Packit |
eace71 |
AUTH_STR_MAX_LEN = 256,
|
|
Packit |
eace71 |
AUTH_STR_BLOCK_MAX_LEN = 1024,
|
|
Packit |
eace71 |
AUTH_LARGE_BINARY_MAX_LEN = 1024,
|
|
Packit |
eace71 |
AUTH_RECV_END_MAX_COUNT = 10,
|
|
Packit |
eace71 |
ACL_SIGNATURE = 0x5984B2E3,
|
|
Packit |
eace71 |
AUTH_CHAP_MD5_RSP_LEN = 16,
|
|
Packit |
eace71 |
AUTH_CHAP_SHA1_RSP_LEN = 20,
|
|
Packit |
eace71 |
AUTH_CHAP_SHA256_RSP_LEN = 32,
|
|
Packit |
eace71 |
AUTH_CHAP_SHA3_256_RSP_LEN = 32,
|
|
Packit |
eace71 |
AUTH_CHAP_RSP_MAX = 32,
|
|
Packit |
eace71 |
};
|
|
Packit |
eace71 |
|
|
Packit |
eace71 |
/*
|
|
Packit |
eace71 |
* Note: The ordering of these values are chosen to match
|
|
Packit |
eace71 |
* the ordering of the keys as shown in the iSCSI spec.
|
|
Packit |
eace71 |
* The order of table key_names in acl_get_key_name()
|
|
Packit |
eace71 |
* must match the order defined by enum auth_key_type.
|
|
Packit |
eace71 |
*/
|
|
Packit |
eace71 |
enum auth_key_type {
|
|
Packit |
eace71 |
AUTH_KEY_TYPE_NONE = -1,
|
|
Packit |
eace71 |
AUTH_KEY_TYPE_FIRST = 0,
|
|
Packit |
eace71 |
AUTH_KEY_TYPE_AUTH_METHOD = AUTH_KEY_TYPE_FIRST,
|
|
Packit |
eace71 |
AUTH_KEY_TYPE_CHAP_ALG,
|
|
Packit |
eace71 |
AUTH_KEY_TYPE_CHAP_USERNAME,
|
|
Packit |
eace71 |
AUTH_KEY_TYPE_CHAP_RSP,
|
|
Packit |
eace71 |
AUTH_KEY_TYPE_CHAP_IDENTIFIER,
|
|
Packit |
eace71 |
AUTH_KEY_TYPE_CHAP_CHALLENGE,
|
|
Packit |
eace71 |
AUTH_KEY_TYPE_MAX_COUNT,
|
|
Packit |
eace71 |
AUTH_KEY_TYPE_LAST = AUTH_KEY_TYPE_MAX_COUNT - 1
|
|
Packit |
eace71 |
};
|
|
Packit |
eace71 |
|
|
Packit |
eace71 |
enum {
|
|
Packit |
eace71 |
/* Common options for all keys. */
|
|
Packit |
eace71 |
AUTH_OPTION_REJECT = -2,
|
|
Packit |
eace71 |
AUTH_OPTION_NOT_PRESENT = -1,
|
|
Packit |
eace71 |
AUTH_OPTION_NONE = 1,
|
|
Packit |
eace71 |
|
|
Packit |
eace71 |
AUTH_METHOD_CHAP = 2,
|
|
Packit |
eace71 |
AUTH_METHOD_MAX_COUNT = 2,
|
|
Packit |
eace71 |
|
|
Packit |
eace71 |
AUTH_CHAP_ALG_MD5 = 5,
|
|
Packit |
eace71 |
AUTH_CHAP_ALG_SHA1 = 6,
|
|
Packit |
eace71 |
AUTH_CHAP_ALG_SHA256 = 7,
|
|
Packit |
eace71 |
AUTH_CHAP_ALG_SHA3_256 = 8,
|
|
Packit |
eace71 |
AUTH_CHAP_ALG_MAX_COUNT = 5
|
|
Packit |
eace71 |
};
|
|
Packit |
eace71 |
|
|
Packit |
eace71 |
enum auth_neg_role {
|
|
Packit |
eace71 |
AUTH_NEG_ROLE_ORIGINATOR = 1,
|
|
Packit |
eace71 |
AUTH_NEG_ROLE_RESPONDER = 2
|
|
Packit |
eace71 |
};
|
|
Packit |
eace71 |
|
|
Packit |
eace71 |
enum auth_status {
|
|
Packit |
eace71 |
AUTH_STATUS_NO_ERROR = 0,
|
|
Packit |
eace71 |
AUTH_STATUS_ERROR,
|
|
Packit |
eace71 |
AUTH_STATUS_PASS,
|
|
Packit |
eace71 |
AUTH_STATUS_FAIL,
|
|
Packit |
eace71 |
AUTH_STATUS_CONTINUE,
|
|
Packit |
eace71 |
};
|
|
Packit |
eace71 |
|
|
Packit |
eace71 |
/*
|
|
Packit |
eace71 |
* Note: The order of table dbg_text in acl_dbg_status_to_text()
|
|
Packit |
eace71 |
* must match the ordered defined by enum auth_dbg_status.
|
|
Packit |
eace71 |
*/
|
|
Packit |
eace71 |
enum auth_dbg_status {
|
|
Packit |
eace71 |
AUTH_DBG_STATUS_NOT_SET = 0,
|
|
Packit |
eace71 |
|
|
Packit |
eace71 |
AUTH_DBG_STATUS_AUTH_PASS,
|
|
Packit |
eace71 |
AUTH_DBG_STATUS_AUTH_RMT_FALSE,
|
|
Packit |
eace71 |
|
|
Packit |
eace71 |
AUTH_DBG_STATUS_AUTH_FAIL,
|
|
Packit |
eace71 |
|
|
Packit |
eace71 |
AUTH_DBG_STATUS_AUTH_METHOD_BAD,
|
|
Packit |
eace71 |
AUTH_DBG_STATUS_CHAP_ALG_BAD,
|
|
Packit |
eace71 |
AUTH_DBG_STATUS_PASSWD_DECRYPT_FAILED,
|
|
Packit |
eace71 |
AUTH_DBG_STATUS_PASSWD_TOO_SHORT_WITH_NO_IPSEC,
|
|
Packit |
eace71 |
AUTH_DBG_STATUS_AUTH_SERVER_ERROR,
|
|
Packit |
eace71 |
AUTH_DBG_STATUS_AUTH_STATUS_BAD,
|
|
Packit |
eace71 |
AUTH_DBG_STATUS_AUTHPASS_NOT_VALID,
|
|
Packit |
eace71 |
AUTH_DBG_STATUS_SEND_DUP_SET_KEY_VALUE,
|
|
Packit |
eace71 |
AUTH_DBG_STATUS_SEND_STR_TOO_LONG,
|
|
Packit |
eace71 |
AUTH_DBG_STATUS_SEND_TOO_MUCH_DATA,
|
|
Packit |
eace71 |
|
|
Packit |
eace71 |
AUTH_DBG_STATUS_AUTH_METHOD_EXPECTED,
|
|
Packit |
eace71 |
AUTH_DBG_STATUS_CHAP_ALG_EXPECTED,
|
|
Packit |
eace71 |
AUTH_DBG_STATUS_CHAP_IDENTIFIER_EXPECTED,
|
|
Packit |
eace71 |
AUTH_DBG_STATUS_CHAP_CHALLENGE_EXPECTED,
|
|
Packit |
eace71 |
AUTH_DBG_STATUS_CHAP_RSP_EXPECTED,
|
|
Packit |
eace71 |
AUTH_DBG_STATUS_CHAP_USERNAME_EXPECTED,
|
|
Packit |
eace71 |
|
|
Packit |
eace71 |
AUTH_DBG_STATUS_AUTH_METHOD_NOT_PRESENT,
|
|
Packit |
eace71 |
AUTH_DBG_STATUS_AUTH_METHOD_REJECT,
|
|
Packit |
eace71 |
AUTH_DBG_STATUS_AUTH_METHOD_NONE,
|
|
Packit |
eace71 |
AUTH_DBG_STATUS_CHAP_ALG_REJECT,
|
|
Packit |
eace71 |
AUTH_DBG_STATUS_CHAP_CHALLENGE_REFLECTED,
|
|
Packit |
eace71 |
AUTH_DBG_STATUS_PASSWD_IDENTICAL,
|
|
Packit |
eace71 |
|
|
Packit |
eace71 |
AUTH_DBG_STATUS_LOCAL_PASSWD_NOT_SET,
|
|
Packit |
eace71 |
|
|
Packit |
eace71 |
AUTH_DBG_STATUS_CHAP_IDENTIFIER_BAD,
|
|
Packit |
eace71 |
AUTH_DBG_STATUS_CHALLENGE_BAD,
|
|
Packit |
eace71 |
AUTH_DBG_STATUS_CHAP_RSP_BAD,
|
|
Packit |
eace71 |
AUTH_DBG_STATUS_UNEXPECTED_KEY_PRESENT,
|
|
Packit |
eace71 |
AUTH_DBG_STATUS_T_BIT_SET_ILLEGAL,
|
|
Packit |
eace71 |
AUTH_DBG_STATUS_T_BIT_SET_PREMATURE,
|
|
Packit |
eace71 |
|
|
Packit |
eace71 |
AUTH_DBG_STATUS_RECV_MSG_COUNT_LIMIT,
|
|
Packit |
eace71 |
AUTH_DBG_STATUS_RECV_DUP_SET_KEY_VALUE,
|
|
Packit |
eace71 |
AUTH_DBG_STATUS_RECV_STR_TOO_LONG,
|
|
Packit |
eace71 |
AUTH_DBG_STATUS_RECV_TOO_MUCH_DATA,
|
|
Packit |
eace71 |
AUTH_DBG_STATUS_MAX_COUNT
|
|
Packit |
eace71 |
};
|
|
Packit |
eace71 |
|
|
Packit |
eace71 |
enum auth_node_type {
|
|
Packit |
eace71 |
TYPE_INITIATOR = 1,
|
|
Packit |
eace71 |
TYPE_TARGET = 2
|
|
Packit |
eace71 |
};
|
|
Packit |
eace71 |
|
|
Packit |
eace71 |
enum auth_phase {
|
|
Packit |
eace71 |
AUTH_PHASE_CONFIGURE = 1,
|
|
Packit |
eace71 |
AUTH_PHASE_NEGOTIATE,
|
|
Packit |
eace71 |
AUTH_PHASE_AUTHENTICATE,
|
|
Packit |
eace71 |
AUTH_PHASE_DONE,
|
|
Packit |
eace71 |
AUTH_PHASE_ERROR
|
|
Packit |
eace71 |
};
|
|
Packit |
eace71 |
|
|
Packit |
eace71 |
enum auth_local_state {
|
|
Packit |
eace71 |
AUTH_LOCAL_STATE_SEND_ALG = 1,
|
|
Packit |
eace71 |
AUTH_LOCAL_STATE_RECV_ALG,
|
|
Packit |
eace71 |
AUTH_LOCAL_STATE_RECV_CHALLENGE,
|
|
Packit |
eace71 |
AUTH_LOCAL_STATE_DONE,
|
|
Packit |
eace71 |
AUTH_LOCAL_STATE_ERROR
|
|
Packit |
eace71 |
};
|
|
Packit |
eace71 |
|
|
Packit |
eace71 |
enum auth_rmt_state {
|
|
Packit |
eace71 |
AUTH_RMT_STATE_SEND_ALG = 1,
|
|
Packit |
eace71 |
AUTH_RMT_STATE_SEND_CHALLENGE,
|
|
Packit |
eace71 |
AUTH_RMT_STATE_RECV_RSP,
|
|
Packit |
eace71 |
AUTH_RMT_STATE_DONE,
|
|
Packit |
eace71 |
AUTH_RMT_STATE_ERROR
|
|
Packit |
eace71 |
};
|
|
Packit |
eace71 |
|
|
Packit |
eace71 |
struct auth_buffer_desc {
|
|
Packit |
eace71 |
unsigned int length;
|
|
Packit |
eace71 |
void *address;
|
|
Packit |
eace71 |
};
|
|
Packit |
eace71 |
|
|
Packit |
eace71 |
struct auth_key {
|
|
Packit |
eace71 |
unsigned int present:1;
|
|
Packit |
eace71 |
unsigned int processed:1;
|
|
Packit |
eace71 |
unsigned int value_set:1;
|
|
Packit |
eace71 |
char *string;
|
|
Packit |
eace71 |
};
|
|
Packit |
eace71 |
|
|
Packit |
eace71 |
struct auth_large_binary_key {
|
|
Packit |
eace71 |
unsigned int length;
|
|
Packit |
eace71 |
unsigned char *large_binary;
|
|
Packit |
eace71 |
};
|
|
Packit |
eace71 |
|
|
Packit |
eace71 |
struct auth_key_block {
|
|
Packit |
eace71 |
unsigned int transit_bit:1;
|
|
Packit |
eace71 |
unsigned int dup_set:1;
|
|
Packit |
eace71 |
unsigned int str_too_long:1;
|
|
Packit |
eace71 |
unsigned int too_much_data:1;
|
|
Packit |
eace71 |
unsigned int blk_length:16;
|
|
Packit |
eace71 |
char *str_block;
|
|
Packit |
eace71 |
struct auth_key key[AUTH_KEY_TYPE_MAX_COUNT];
|
|
Packit |
eace71 |
};
|
|
Packit |
eace71 |
|
|
Packit |
eace71 |
struct auth_str_block {
|
|
Packit |
eace71 |
char str_block[AUTH_STR_BLOCK_MAX_LEN];
|
|
Packit |
eace71 |
};
|
|
Packit |
eace71 |
|
|
Packit |
eace71 |
struct auth_large_binary {
|
|
Packit |
eace71 |
unsigned char large_binary[AUTH_LARGE_BINARY_MAX_LEN];
|
|
Packit |
eace71 |
};
|
|
Packit |
eace71 |
|
|
Packit |
eace71 |
struct iscsi_acl {
|
|
Packit |
eace71 |
unsigned long signature;
|
|
Packit |
eace71 |
|
|
Packit |
eace71 |
enum auth_node_type node_type;
|
|
Packit |
eace71 |
unsigned int auth_method_count;
|
|
Packit |
eace71 |
int auth_method_list[AUTH_METHOD_MAX_COUNT];
|
|
Packit |
eace71 |
enum auth_neg_role auth_method_neg_role;
|
|
Packit |
eace71 |
unsigned int chap_alg_count;
|
|
Packit |
eace71 |
int chap_alg_list[AUTH_CHAP_ALG_MAX_COUNT];
|
|
Packit |
eace71 |
int auth_rmt;
|
|
Packit |
eace71 |
char username[AUTH_STR_MAX_LEN];
|
|
Packit |
eace71 |
int passwd_present;
|
|
Packit |
eace71 |
unsigned int passwd_length;
|
|
Packit |
eace71 |
unsigned char passwd_data[AUTH_STR_MAX_LEN];
|
|
Packit |
eace71 |
unsigned int chap_challenge_len;
|
|
Packit |
eace71 |
int ip_sec;
|
|
Packit |
eace71 |
|
|
Packit |
eace71 |
unsigned int auth_method_valid_count;
|
|
Packit |
eace71 |
int auth_method_valid_list[AUTH_METHOD_MAX_COUNT];
|
|
Packit |
eace71 |
int auth_method_valid_neg_role;
|
|
Packit |
eace71 |
|
|
Packit |
eace71 |
int recv_in_progress_flag;
|
|
Packit |
eace71 |
int recv_end_count;
|
|
Packit |
eace71 |
struct iscsi_session *session_handle; /*
|
|
Packit |
eace71 |
* session_handle can only be
|
|
Packit |
eace71 |
* used by acl_chap_auth_request
|
|
Packit |
eace71 |
*/
|
|
Packit |
eace71 |
enum auth_phase phase;
|
|
Packit |
eace71 |
enum auth_local_state local_state;
|
|
Packit |
eace71 |
enum auth_rmt_state rmt_state;
|
|
Packit |
eace71 |
enum auth_status rmt_auth_status;
|
|
Packit |
eace71 |
enum auth_dbg_status dbg_status;
|
|
Packit |
eace71 |
int negotiated_auth_method;
|
|
Packit |
eace71 |
int negotiated_chap_alg;
|
|
Packit |
eace71 |
int auth_rsp_flag;
|
|
Packit |
eace71 |
int auth_server_error_flag;
|
|
Packit |
eace71 |
int transit_bit_sent_flag;
|
|
Packit |
eace71 |
|
|
Packit |
eace71 |
unsigned int send_chap_identifier;
|
|
Packit |
eace71 |
struct auth_large_binary_key send_chap_challenge;
|
|
Packit |
eace71 |
char chap_username[AUTH_STR_MAX_LEN];
|
|
Packit |
eace71 |
|
|
Packit |
eace71 |
int recv_chap_challenge_status;
|
|
Packit |
eace71 |
struct auth_large_binary_key recv_chap_challenge;
|
|
Packit |
eace71 |
|
|
Packit |
eace71 |
char scratch_key_value[AUTH_STR_MAX_LEN];
|
|
Packit |
eace71 |
|
|
Packit |
eace71 |
struct auth_key_block recv_key_block;
|
|
Packit |
eace71 |
struct auth_key_block send_key_block;
|
|
Packit |
eace71 |
};
|
|
Packit |
eace71 |
|
|
Packit |
eace71 |
extern int acl_init(int node_type, int buf_desc_count,
|
|
Packit |
eace71 |
struct auth_buffer_desc *buff_desc);
|
|
Packit |
eace71 |
extern int acl_finish(struct iscsi_acl *client);
|
|
Packit |
eace71 |
|
|
Packit |
eace71 |
extern int acl_recv_begin(struct iscsi_acl *client);
|
|
Packit |
eace71 |
extern int acl_recv_end(struct iscsi_acl *client,
|
|
Packit |
eace71 |
struct iscsi_session *session_handle);
|
|
Packit |
eace71 |
extern const char *acl_get_key_name(int key_type);
|
|
Packit |
eace71 |
extern int acl_get_next_key_type(int *key_type);
|
|
Packit |
eace71 |
extern int acl_recv_key_value(struct iscsi_acl *client, int key_type,
|
|
Packit |
eace71 |
const char *user_key_val);
|
|
Packit |
eace71 |
extern int acl_send_key_val(struct iscsi_acl *client, int key_type,
|
|
Packit |
eace71 |
int *key_present, char *user_key_val,
|
|
Packit |
eace71 |
unsigned int max_length);
|
|
Packit |
eace71 |
extern int acl_recv_transit_bit(struct iscsi_acl *client, int value);
|
|
Packit |
eace71 |
extern int acl_send_transit_bit(struct iscsi_acl *client, int *value);
|
|
Packit |
eace71 |
extern int acl_set_user_name(struct iscsi_acl *client, const char *username);
|
|
Packit |
eace71 |
extern int acl_set_passwd(struct iscsi_acl *client,
|
|
Packit |
eace71 |
const unsigned char *pw_data, unsigned int pw_len);
|
|
Packit |
eace71 |
extern int acl_set_auth_rmt(struct iscsi_acl *client, int auth_rmt);
|
|
Packit |
eace71 |
extern int acl_set_ip_sec(struct iscsi_acl *client, int ip_sec);
|
|
Packit |
eace71 |
extern int acl_get_dbg_status(struct iscsi_acl *client, int *value);
|
|
Packit |
eace71 |
extern const char *acl_dbg_status_to_text(int dbg_status);
|
|
Packit |
eace71 |
extern enum auth_dbg_status acl_chap_compute_rsp(struct iscsi_acl *client,
|
|
Packit |
eace71 |
int rmt_auth,
|
|
Packit |
eace71 |
unsigned int id,
|
|
Packit |
eace71 |
unsigned char *challenge_data,
|
|
Packit |
eace71 |
unsigned int challenge_len,
|
|
Packit |
eace71 |
unsigned char *response_data);
|
|
Packit |
eace71 |
extern int acl_chap_auth_request(struct iscsi_acl *client, char *username,
|
|
Packit |
eace71 |
unsigned int id,
|
|
Packit |
eace71 |
unsigned char *challenge_data,
|
|
Packit |
eace71 |
unsigned int challenge_length,
|
|
Packit |
eace71 |
unsigned char *response_data,
|
|
Packit |
eace71 |
unsigned int rsp_length);
|
|
Packit |
eace71 |
extern int acl_data(unsigned char *out_data, unsigned int *out_length,
|
|
Packit |
eace71 |
unsigned char *in_data, unsigned int in_length);
|
|
Packit |
eace71 |
#endif /* #ifndef ISCSIAUTHCLIENT_H */
|