RadiusManager.idl

/* SPDX-License-Identifier: BSD-3-Clause */
/*
 * Copyright 2012 Raritan Inc. All rights reserved.
 */
 
/** Local and Remote Authentication Management */
module auth {
 
    /** RADIUS server configuration interface */
    interface RadiusManager {
 
        /** RADIUS auth type */
        enumeration AuthType {
            PAP,            ///< PAP authentication
            CHAP,           ///< CHAP authentication
            MSCHAPv2        ///< MSCHAPv2 authentication
        };
 
        /** Server settings */
        structure ServerSettings {
            string          id;            ///< This field is unused; empty on read, ignored on write
            string          server;        ///< IP or name of the radius servers
            string          sharedSecret;  ///< Shared secret between the Xerus device and the RADIUS server
            int             udpAuthPort;   ///< UDP port for RADIUS Authenticating service
            int             udpAccountPort;///< UDP port for RADIUS Accounting service
            int             timeout;       ///< Timeout in seconds
            int             retries;       ///< Number of retries
            AuthType        authType;      ///< Authentication type
            boolean         disableAccounting;///< \c true to disable accounting, \c false to enable accounting
            boolean         messageAuthenticatorOptional; ///< \c true if not requiring Message-Authenticator attribute in reply to Access-Request
        };
 
        constant int ERR_INVALID_CFG            = 1; ///< The server configuration is invalid
        constant int ERR_SERVER_UNSPECIFIED     = 2; ///< Unspecified error
        constant int ERR_INVALID_SHARED_SECRET  = 3; ///< The shared secret is invalid
        constant int ERR_SERVER_UNREACHABLE     = 4; ///< RADIUS server could not be contacted
        constant int ERR_AUTHENTICATION_FAILED  = 5; ///< User could not be authenticated
        constant int ERR_NO_ROLES               = 6; ///< No roles are defined for the user
        constant int ERR_NO_KNOWN_ROLES         = 7; ///< No known rules are defined for the user
        constant int ERR_MSG_AUTH_ATTR_MISSING  = 8; ///< Message-Authenticator attribute missing in Access-Request reply
 
        /**
         * Get a list of RADIUS server settings
         *
         * @return list of ServerSettings
         */
        vector<ServerSettings> getRadiusServers();
 
        /**
         * Sets a list of RADIUS servers.
         * Any existing RADIUS Server configuration will be cleared / overwritten.
         *
         * @return 0                            on success
         * @return \c ERR_INVALID_CFG           in case of invalid configuration
         */
        int setRadiusServers(in vector<ServerSettings> serverList);
 
        /**
         * Tests an RADIUS server configuration.
         *
         * @return 0                                    on success
         * @return \c ERR_SERVER_UNSPECIFIED            an unspecified error occurred
         * @return \c ERR_INVALID_CFG                   RADIUS server configuration is invalid (reused from setRadiusServers)
         * @return \c ERR_INVALID_SHARED_SECRET         the shared secret is invalid
         * @return \c ERR_SERVER_UNREACHABLE            RADIUS server could not be contacted
         * @return \c ERR_AUTHENTICATION_FAILED         user could not be authenticated
         * @return \c ERR_NO_ROLES                      no roles are defined for the user
         * @return \c ERR_NO_KNOWN_ROLES                no known roles are defined for the user
         * @return \c ERR_MSG_AUTH_ATTR_MISSING         Message-Authenticator attribute missing in Access-Request reply
         */
        int testRadiusServer(in string username, in string password, in ServerSettings settings);
 
    };
}