port/iscsit/iscsit_authclient.c

a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap/*
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap * CDDL HEADER START
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap *
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap * The contents of this file are subject to the terms of the
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap * Common Development and Distribution License (the "License").
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap * You may not use this file except in compliance with the License.
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap *
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap * or http://www.opensolaris.org/os/licensing.
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap * See the License for the specific language governing permissions
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap * and limitations under the License.
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap *
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap * When distributing Covered Code, include this CDDL HEADER in each
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap * If applicable, add the following below this CDDL HEADER, with the
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap * fields enclosed by brackets "[]" replaced with your own identifying
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap * information: Portions Copyright [yyyy] [name of copyright owner]
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap *
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap * CDDL HEADER END
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap */
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap/*
4558d122136f151d62acbbc02ddb42df89a5ef66Viswanathan Kannappan * Copyright (c) 2008, 2010, Oracle and/or its affiliates. All rights reserved.
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap */
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap#include <sys/types.h>
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap#include <sys/random.h>
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap#include <sys/conf.h>
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap#include <sys/ddi.h>
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap#include <sys/sunddi.h>
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap#include <sys/socket.h>
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap#include <inet/tcp.h>
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap#include <sys/stmf.h>
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap#include <sys/stmf_ioctl.h>
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap#include <sys/portif.h>
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap#include <sys/idm/idm.h>
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap#include <sys/iscsit/chap.h>
4558d122136f151d62acbbc02ddb42df89a5ef66Viswanathan Kannappan
4558d122136f151d62acbbc02ddb42df89a5ef66Viswanathan Kannappan#include "iscsit.h"
4558d122136f151d62acbbc02ddb42df89a5ef66Viswanathan Kannappan#include "radius_auth.h"
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlapvoid
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlapclient_set_numeric_data(auth_key_block_t *keyBlock,
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap    int key_type,
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap    uint32_t numeric)
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap{
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap    auth_key_t *p;
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap    ASSERT(key_type < AUTH_KEY_TYPE_MAX);
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap    p = &keyBlock->key[key_type];
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap    p->value.numeric = numeric;
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap    p->present = 1;
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap}
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlapvoid
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlapclient_set_string_data(auth_key_block_t *keyBlock,
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap    int key_type,
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap    char *string)
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap{
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap    auth_key_t *p;
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap    ASSERT(key_type < AUTH_KEY_TYPE_MAX);
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap    p = &keyBlock->key[key_type];
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap    p->value.string = string;
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap    p->present = 1;
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap}
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlapvoid
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlapclient_set_binary_data(auth_key_block_t *keyBlock,
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap    int key_type,
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap    unsigned char *binary, unsigned int len)
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap{
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap    auth_key_t *p;
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap    ASSERT(key_type < AUTH_KEY_TYPE_MAX);
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap    p = &keyBlock->key[key_type];
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap    p->value.binary = binary;
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap    p->len = len;
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap    p->present = 1;
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap}
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlapvoid
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlapclient_get_numeric_data(auth_key_block_t *keyBlock,
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap    int key_type,
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap    uint32_t *numeric)
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap{
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap    auth_key_t *p;
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap    ASSERT(key_type < AUTH_KEY_TYPE_MAX);
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap    p = &keyBlock->key[key_type];
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap    *numeric = p->value.numeric;
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap}
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlapvoid
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlapclient_get_string_data(auth_key_block_t *keyBlock,
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap    int key_type,
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap    char **string)
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap{
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap    auth_key_t *p;
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap    ASSERT(key_type < AUTH_KEY_TYPE_MAX);
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap    p = &keyBlock->key[key_type];
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap    *string = p->value.string;
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap}
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlapvoid
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlapclient_get_binary_data(auth_key_block_t *keyBlock,
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap    int key_type,
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap    unsigned char **binary, unsigned int *len)
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap{
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap    auth_key_t *p;
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap    ASSERT(key_type < AUTH_KEY_TYPE_MAX);
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap    p = &keyBlock->key[key_type];
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap    *binary = p->value.binary;
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap    *len = p->len;
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap}
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlapint
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlapclient_auth_key_present(auth_key_block_t *keyBlock,
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap    int key_type)
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap{
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap    auth_key_t *p;
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap    ASSERT(key_type < AUTH_KEY_TYPE_MAX);
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap    p = &keyBlock->key[key_type];
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap    return (p->present != 0 ? 1 : 0);
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap}
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap/*ARGSUSED*/
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlapvoid
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlapclient_compute_chap_resp(uchar_t *resp,
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap    unsigned int chap_i,
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap    uint8_t *password, int password_len,
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap    uchar_t *chap_c, unsigned int challenge_len)
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap{
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap    MD5_CTX     context;
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap    MD5Init(&context);
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap    /*
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap     * id byte
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap     */
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap    resp[0] = (uchar_t)chap_i;
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap    MD5Update(&context, resp, 1);
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap    /*
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap     * shared secret
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap     */
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap    MD5Update(&context, (uchar_t *)password, password_len);
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap    /*
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap     * challenge value
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap     */
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap    MD5Update(&context, chap_c, challenge_len);
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap    MD5Final(resp, &context);
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap}
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlapint
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlapiscsit_verify_chap_resp(iscsit_conn_login_t *lsm,
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap    unsigned int chap_i,
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap    uchar_t *chap_c, unsigned int challenge_len,
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap    uchar_t *chap_r, unsigned int resp_len)
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap{
30e7468f8f41aa30ada067b2c1d5d284046514daPeter Dunlap    uchar_t     verifyData[iscsitAuthChapResponseLength];
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap    conn_auth_t *auth = &lsm->icl_auth;
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap    /* Check if RADIUS access is enabled */
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap    if (auth->ca_use_radius == B_TRUE) {
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap        chap_validation_status_type chap_valid_status;
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap        RADIUS_CONFIG       radius_cfg;
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap        struct sockaddr_storage *sa = &auth->ca_radius_server;
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap        struct sockaddr_in  *sin;
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap        struct sockaddr_in6 *sin6;
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap        /* Use RADIUS server to authentication target */
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap        sin = (struct sockaddr_in *)sa;
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap        radius_cfg.rad_svr_port = ntohs(sin->sin_port);
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap        if (sa->ss_family == AF_INET) {
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap            /* IPv4 */
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap            radius_cfg.rad_svr_addr.i_addr.in4.s_addr =
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap                sin->sin_addr.s_addr;
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap            radius_cfg.rad_svr_addr.i_insize = sizeof (in_addr_t);
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap        } else if (sa->ss_family == AF_INET6) {
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap            /* IPv6 */
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap            sin6 = (struct sockaddr_in6 *)sa;
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap            bcopy(sin6->sin6_addr.s6_addr,
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap                radius_cfg.rad_svr_addr.i_addr.in6.s6_addr,
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap                sizeof (struct in6_addr));
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap            radius_cfg.rad_svr_addr.i_insize = sizeof (in6_addr_t);
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap        } else {
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap            return (ISCSI_AUTH_FAILED);
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap        }
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap        bcopy(auth->ca_radius_secret,
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap            radius_cfg.rad_svr_shared_secret,
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap            MAX_RAD_SHARED_SECRET_LEN);
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap        radius_cfg.rad_svr_shared_secret_len =
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap            auth->ca_radius_secretlen;
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap        chap_valid_status = iscsit_radius_chap_validate(
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap            auth->ca_ini_chapuser,
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap            auth->ca_tgt_chapuser,
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap            chap_c,
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap            challenge_len,
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap            chap_r,
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap            resp_len,
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap            chap_i,
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap            radius_cfg.rad_svr_addr,
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap            radius_cfg.rad_svr_port,
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap            radius_cfg.rad_svr_shared_secret,
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap            radius_cfg.rad_svr_shared_secret_len);
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap        if (chap_valid_status == CHAP_VALIDATION_PASSED) {
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap            return (ISCSI_AUTH_PASSED);
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap        }
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap        return (ISCSI_AUTH_FAILED);
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap    }
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap    /* Empty chap secret is not allowed */
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap    if (auth->ca_ini_chapsecretlen == 0) {
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap        return (ISCSI_AUTH_FAILED);
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap    }
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap    /* only MD5 is supported */
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap    if (resp_len != sizeof (verifyData)) {
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap        return (ISCSI_AUTH_FAILED);
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap    }
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap    client_compute_chap_resp(
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap        &verifyData[0],
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap        chap_i,
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap        auth->ca_ini_chapsecret, auth->ca_ini_chapsecretlen,
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap        chap_c, challenge_len);
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap    if (bcmp(chap_r, verifyData,
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap        sizeof (verifyData)) != 0) {
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap        return (ISCSI_AUTH_FAILED);
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap    }
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap    /* chap response OK */
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap    return (ISCSI_AUTH_PASSED);
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap}
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlapvoid
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlapauth_random_set_data(uchar_t *data, unsigned int length)
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap{
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap    (void) random_get_pseudo_bytes(data, length);
a6d42e7d71324c5193c3b94d57d96ba2925d52e1Peter Dunlap}