/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License (the "License").
* You may not use this file except in compliance with the License.
*
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information: Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*/
/*
* Copyright 2009 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
#include "iscsi.h"
#include "radius_packet.h"
#include "radius_protocol.h"
#include <sys/int_types.h>
/*
* See radius_packet.h.
*/
int
{
int i; /* Loop counter. */
int data_len;
int len;
/* packet. */
union {
/*
* Create a RADIUS packet with minimal length for now.
*/
/* Loop over all attributes of the request. */
for (i = 0; i < req_data->num_of_attrs; i++) {
if (total_length > MAX_RAD_PACKET_LEN) {
/* The packet has exceed its maximum size. */
return (-1);
}
length_ptr = ptr;
/* Length is 2 octets - RFC 2865 section 3 */
*ptr++ = 2;
total_length += 2;
/* If the attribute is CHAP-Password, encode it. */
/*
* Identifier plus CHAP response. RFC 2865
* section 5.3.
*/
RAD_IDENTIFIER_LEN + 1];
}
*length_ptr += len;
total_length += len;
} /* Done looping over all attributes */
/*
* Send the packet to the RADIUS server.
*/
int recv_len;
/* IPv4 */
/* No IPv6 support for now. */
return (-1);
} else {
/* Invalid IP address for RADIUS server. */
return (-1);
}
}
/*
* See radius_packet.h.
*/
int
{
int rcv_len = 0;
msg.msg_namelen = 0;
msg.msg_controllen = 0;
if (rcv_len == 0) {
return (RAD_RSP_RCVD_NO_DATA);
}
/*
* Check if the received packet length is within allowable range.
* RFC 2865 section 3.
*/
if (rcv_len < MIN_RAD_PACKET_LEN) {
return (RAD_RSP_RCVD_PROTOCOL_ERR);
} else if (rcv_len > MAX_RAD_PACKET_LEN) {
return (RAD_RSP_RCVD_PROTOCOL_ERR);
}
/*
* Check if the declared packet length is within allowable range.
* RFC 2865 section 3.
*/
if (declared_len < MIN_RAD_PACKET_LEN) {
return (RAD_RSP_RCVD_PROTOCOL_ERR);
} else if (declared_len > MAX_RAD_PACKET_LEN) {
return (RAD_RSP_RCVD_PROTOCOL_ERR);
}
/*
* Discard packet with received length shorter than declared
* length. RFC 2865 section 3.
*/
if (rcv_len < declared_len) {
return (RAD_RSP_RCVD_PROTOCOL_ERR);
}
/*
* Authenticate the incoming packet, using the following algorithm
* (RFC 2865 section 3):
*
* MD5(Code+ID+Length+RequestAuth+Attributes+Secret)
*
* Code = RADIUS packet code
* ID = RADIUS packet identifier
* Length = Declared length of the packet
* RequestAuth = The request authenticator
* Attributes = The response attributes
* Secret = The shared secret
*/
/* Include response attributes only if there is a payload */
if (declared_len > RAD_PACKET_HDR_LEN) {
/* Response Attributes */
}
!= 0) {
return (RAD_RSP_RCVD_AUTH_FAILED);
}
/*
* If the received length is greater than the declared length,
* trust the declared length and shorten the packet (i.e., to
* treat the octets outside the range of the Length field as
* padding - RFC 2865 section 3).
*/
if (rcv_len > declared_len) {
/* Clear the padding data. */
}
/*
* Annotate the RADIUS packet data with the data we received from
* the server.
*/
return (RAD_RSP_RCVD_SUCCESS);
}
/*
* encode_chap_password -
*
* Encode a CHAP-Password attribute. This function basically prepends
* the identifier in front of chap_passwd and copy the results to
* *result.
*/
static void
{
int i;
uint8_t *p;
RAD_IDENTIFIER_LEN + 1];
p = tmp_result;
*p = identifier; /* Identifier is 1 octet */
p++;
for (i = 0; i < chap_passwd_len; i++) {
*p = chap_passwd[i];
p++;
}
}