fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte * CDDL HEADER START
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte * The contents of this file are subject to the terms of the
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte * Common Development and Distribution License (the "License").
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte * You may not use this file except in compliance with the License.
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte * See the License for the specific language governing permissions
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte * and limitations under the License.
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte * When distributing Covered Code, include this CDDL HEADER in each
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte * If applicable, add the following below this CDDL HEADER, with the
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte * fields enclosed by brackets "[]" replaced with your own identifying
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte * information: Portions Copyright [yyyy] [name of copyright owner]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte * CDDL HEADER END
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte * Copyright 2000 by Cisco Systems, Inc. All rights reserved.
1a1a84a324206b6b1f5f704ab166c4ebf78aed76Peter Dunlap * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte * Use is subject to license terms.
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte * iSCSI Pseudo HBA Driver
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte * Authenticate a target's CHAP response.
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte * username - Incoming username from the the target.
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte * responseData - Incoming response data from the target.
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn ForteiscsiAuthClientChapAuthRequest(IscsiAuthClient *client,
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte char *username, unsigned int id, uchar_t *challengeData,
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte unsigned int challengeLength, uchar_t *responseData,
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte iscsi_sess_t *isp = (iscsi_sess_t *)client->userHandle;
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte * the expected credentials are in the session
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte cmn_err(CE_WARN, "iscsi session(%u) failed authentication, "
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte "no incoming username configured to authenticate target",
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte if (strcmp(username, isp->sess_auth.username_in) != 0) {
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte cmn_err(CE_WARN, "iscsi session(%u) failed authentication, "
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte "received incorrect username from target",
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte /* Check if RADIUS access is enabled */
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte if (persistent_radius_get(&p_radius_cfg) == ISCSI_NVFILE_SUCCESS &&
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte if (p_radius_cfg.r_radius_config_valid == B_FALSE) {
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte * Radius enabled but configuration invalid -
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte * invalid condition
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte /* Use RADIUS server to authentication target */
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte if (p_radius_cfg.r_insize == sizeof (in_addr_t)) {
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte } else if (p_radius_cfg.r_insize == sizeof (in6_addr_t)) {
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte radius_cfg.rad_svr_addr.i_insize = sizeof (in6_addr_t);
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte /* Entry point to the CHAP authentication module. */
5df5713f81d69c1a0797f99b13e95e220da00ef9bing zhao - Sun Microsystems - Beijing China chap_valid_status = chap_validate_tgt(
5df5713f81d69c1a0797f99b13e95e220da00ef9bing zhao - Sun Microsystems - Beijing China isp->sess_auth.username_in,
5df5713f81d69c1a0797f99b13e95e220da00ef9bing zhao - Sun Microsystems - Beijing China isp->sess_auth.username,
5df5713f81d69c1a0797f99b13e95e220da00ef9bing zhao - Sun Microsystems - Beijing China challengeLength,
5df5713f81d69c1a0797f99b13e95e220da00ef9bing zhao - Sun Microsystems - Beijing China responseLength,
5df5713f81d69c1a0797f99b13e95e220da00ef9bing zhao - Sun Microsystems - Beijing China RADIUS_AUTHENTICATION,
5df5713f81d69c1a0797f99b13e95e220da00ef9bing zhao - Sun Microsystems - Beijing China (void *)&radius_cfg);
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte /* Use target secret (if defined) to authenticate target */
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte /* No target secret defined - invalid condition */
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte * challenge length is I->T, and shouldn't need to
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte * be checked
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte "authentication, received incorrect CHAP response "
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte * shared secret
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte * challenge value
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte sizeof (verifyData)) == 0) {
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte cmn_err(CE_WARN, "iscsi session(%u) failed authentication, "
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte "received incorrect CHAP response from target",
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte/* ARGSUSED */
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn ForteiscsiAuthClientChapAuthCancel(IscsiAuthClient * client)
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn ForteiscsiAuthClientTextToNumber(const char *text, unsigned long *pNumber)
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte if (text[0] == '0' && (text[1] == 'x' || text[1] == 'X')) {
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte if (ddi_strtoul(text + 2, &pEnd, 16, &number) != 0) {
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte if (ddi_strtoul(text, &pEnd, 10, &number) != 0) {
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte return (0); /* No error */
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte/* ARGSUSED */
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn ForteiscsiAuthClientNumberToText(unsigned long number, char *text,
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte unsigned int length)
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn ForteiscsiAuthRandomSetData(uchar_t *data, unsigned int length)
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn ForteiscsiAuthMd5Update(IscsiAuthMd5Context *context, uchar_t *data,
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte unsigned int length)
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn ForteiscsiAuthMd5Final(uchar_t *hash, IscsiAuthMd5Context *context)
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn ForteiscsiAuthClientData(uchar_t *outData, unsigned int *outLength,
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte return (0); /* no error */