TacPlusManager.idl

/* SPDX-License-Identifier: BSD-3-Clause */
/*
 * Copyright 2020 Raritan Inc. All rights reserved.
 */
 
/** Local and Remote Authentication Management */
module auth {
 
    /** TACACS+ server configuration interface */
    interface TacPlusManager {
 
        /** TACACS+ authentication type */
        enumeration AuthenType {
            ASCII,   ///< Plain text authentication
            PAP,     ///< PAP authentication
            CHAP,    ///< CHAP authentication
            MSCHAP   ///< MSCHAP authentication
        };
 
        /** Server settings */
        structure ServerSettings {
            string          server;         ///< TACACS+ server name or IP address
            int             port;           ///< TACACS+ server TCP port
            int             timeoutSeconds; ///< max time from connecting until session completion
            int             retries;        ///< max number of allowed retries
            string          sharedSecret;   ///< Shared secret between Xerus device and TACACs+ server
            AuthenType      authenType;     ///< Authentication type
            boolean         disableAccounting;///< \c true to disable accounting, \c false to enable accounting
        };
 
        constant int ERR_INVALID_CFG            = 1; ///< The server configuration is invalid
        constant int ERR_SERVER_UNSPECIFIED     = 2; ///< Unspecified error
        constant int ERR_INVALID_SHARED_SECRET  = 3; ///< The shared secret is invalid
        constant int ERR_SERVER_UNREACHABLE     = 4; ///< TACACS+ server could not be contacted
        constant int ERR_AUTHENTICATION_FAILED  = 5; ///< User could not be authenticated
        constant int ERR_NO_ROLES               = 6; ///< No roles are defined for the user
        constant int ERR_NO_KNOWN_ROLES         = 7; ///< No known rules are defined for the user
 
        /**
         * Get a list of TACACS+ server settings
         *
         * @return list of ServerSettings
         */
        vector<ServerSettings> getTacPlusServers();
 
        /**
         * Sets a list of TACACS+ servers.
         * Any existing TACACS+ Server configuration will be cleared / overwritten.
         *
         * @return 0                            on success
         * @return \c ERR_INVALID_CFG           in case of invalid configuration
         */
        int setTacPlusServers(in vector<ServerSettings> serverList);
 
        /**
         * Tests an TACACS+ server configuration.
         *
         * @return 0                                    on success
         * @return \c ERR_SERVER_UNSPECIFIED            an unspecified error occurred
         * @return \c ERR_INVALID_CFG                   server configuration is invalid (reused from setTacPlusServers)
         * @return \c ERR_INVALID_SHARED_SECRET         the shared secret is invalid
         * @return \c ERR_SERVER_UNREACHABLE            TACACS+ server could not be contacted
         * @return \c ERR_AUTHENTICATION_FAILED         user could not be authenticated
         * @return \c ERR_NO_ROLES                      no roles are defined for the user
         * @return \c ERR_NO_KNOWN_ROLES                no known roles are defined for the user
         */
        int testTacPlusServer(in string username, in string password, in ServerSettings settings);
 
    };
}