141120Sjdp/*- 2103976Spst * Copyright (c) 1998, 2001, Juniper Networks, Inc. 341120Sjdp * All rights reserved. 441120Sjdp * 541120Sjdp * Redistribution and use in source and binary forms, with or without 641120Sjdp * modification, are permitted provided that the following conditions 741120Sjdp * are met: 841120Sjdp * 1. Redistributions of source code must retain the above copyright 941120Sjdp * notice, this list of conditions and the following disclaimer. 1041120Sjdp * 2. Redistributions in binary form must reproduce the above copyright 1141120Sjdp * notice, this list of conditions and the following disclaimer in the 1241120Sjdp * documentation and/or other materials provided with the distribution. 1341120Sjdp * 1441120Sjdp * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 1541120Sjdp * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 1641120Sjdp * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 1741120Sjdp * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 1841120Sjdp * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 1941120Sjdp * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 2041120Sjdp * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 2141120Sjdp * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 2241120Sjdp * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 2341120Sjdp * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 2441120Sjdp * SUCH DAMAGE. 2541120Sjdp * 2641120Sjdp * $FreeBSD: releng/10.3/lib/libtacplus/taclib_private.h 200399 2009-12-11 07:53:44Z syrinx $ 2741120Sjdp */ 2841120Sjdp 2941120Sjdp#ifndef TACLIB_PRIVATE_H 3041120Sjdp#define TACLIB_PRIVATE_H 3141120Sjdp 3241120Sjdp#include "taclib.h" 3341120Sjdp 3441120Sjdp/* Defaults */ 3541120Sjdp#define PATH_TACPLUS_CONF "/etc/tacplus.conf" 3641120Sjdp#define TACPLUS_PORT 49 3741120Sjdp#define TIMEOUT 3 /* In seconds */ 3841120Sjdp 3941120Sjdp/* Limits */ 4041120Sjdp#define BODYSIZE 8150 /* Maximum message body size */ 4141120Sjdp#define ERRSIZE 128 /* Maximum error message length */ 4241120Sjdp#define MAXCONFLINE 1024 /* Maximum config file line length */ 4341120Sjdp#define MAXSERVERS 10 /* Maximum number of servers to try */ 44103976Spst#define MAXAVPAIRS 255 /* Maximum number of AV pairs */ 4541120Sjdp 4641120Sjdp/* Protocol constants. */ 4741120Sjdp#define HDRSIZE 12 /* Size of message header */ 4841120Sjdp 4941120Sjdp/* Protocol version number */ 5041120Sjdp#define TAC_VER_MAJOR 0xc /* Major version number */ 5141120Sjdp 5241120Sjdp/* Protocol packet types */ 5341120Sjdp#define TAC_AUTHEN 0x01 /* Authentication */ 5441120Sjdp#define TAC_AUTHOR 0x02 /* Authorization */ 5541120Sjdp#define TAC_ACCT 0x03 /* Accouting */ 5641120Sjdp 5741120Sjdp/* Protocol header flags */ 5841120Sjdp#define TAC_UNENCRYPTED 0x01 5941120Sjdp#define TAC_SINGLE_CONNECT 0x04 6041120Sjdp 6141120Sjdpstruct tac_server { 6241120Sjdp struct sockaddr_in addr; /* Address of server */ 6341120Sjdp char *secret; /* Shared secret */ 6441120Sjdp int timeout; /* Timeout in seconds */ 6541120Sjdp int flags; 6641120Sjdp}; 6741120Sjdp 6841120Sjdp/* 6941120Sjdp * An optional string of bytes specified by the client for inclusion in 7041120Sjdp * a request. The data is always a dynamically allocated copy that 7141120Sjdp * belongs to the library. It is copied into the request packet just 7241120Sjdp * before sending the request. 7341120Sjdp */ 7441120Sjdpstruct clnt_str { 7541120Sjdp void *data; 7641120Sjdp size_t len; 7741120Sjdp}; 7841120Sjdp 7941120Sjdp/* 8041120Sjdp * An optional string of bytes from a server response. The data resides 8141120Sjdp * in the response packet itself, and must not be freed. 8241120Sjdp */ 8341120Sjdpstruct srvr_str { 8441120Sjdp const void *data; 8541120Sjdp size_t len; 8641120Sjdp}; 8741120Sjdp 8841120Sjdpstruct tac_authen_start { 8941120Sjdp u_int8_t action; 9041120Sjdp u_int8_t priv_lvl; 9141120Sjdp u_int8_t authen_type; 9241120Sjdp u_int8_t service; 9341120Sjdp u_int8_t user_len; 9441120Sjdp u_int8_t port_len; 9541120Sjdp u_int8_t rem_addr_len; 9641120Sjdp u_int8_t data_len; 9741120Sjdp unsigned char rest[1]; 9841120Sjdp}; 9941120Sjdp 10041120Sjdpstruct tac_authen_reply { 10141120Sjdp u_int8_t status; 10241120Sjdp u_int8_t flags; 10341120Sjdp u_int16_t msg_len; 10441120Sjdp u_int16_t data_len; 10541120Sjdp unsigned char rest[1]; 10641120Sjdp}; 10741120Sjdp 10841120Sjdpstruct tac_authen_cont { 10941120Sjdp u_int16_t user_msg_len; 11041120Sjdp u_int16_t data_len; 11141120Sjdp u_int8_t flags; 11241120Sjdp unsigned char rest[1]; 11341120Sjdp}; 11441120Sjdp 115103976Spststruct tac_author_request { 116103976Spst u_int8_t authen_meth; 117103976Spst u_int8_t priv_lvl; 118103976Spst u_int8_t authen_type; 119103976Spst u_int8_t service; 120103976Spst u_int8_t user_len; 121103976Spst u_int8_t port_len; 122103976Spst u_int8_t rem_addr_len; 123103976Spst u_int8_t av_cnt; 124103976Spst unsigned char rest[1]; 125103976Spst}; 126103976Spst 127103976Spststruct tac_author_response { 128103976Spst u_int8_t status; 129103976Spst u_int8_t av_cnt; 130103976Spst u_int16_t msg_len; 131103976Spst u_int16_t data_len; 132103976Spst unsigned char rest[1]; 133103976Spst}; 134103976Spst 135200399Ssyrinxstruct tac_acct_start { 136200399Ssyrinx u_int8_t action; 137200399Ssyrinx u_int8_t authen_action; 138200399Ssyrinx u_int8_t priv_lvl; 139200399Ssyrinx u_int8_t authen_type; 140200399Ssyrinx u_int8_t authen_service; 141200399Ssyrinx u_int8_t user_len; 142200399Ssyrinx u_int8_t port_len; 143200399Ssyrinx u_int8_t rem_addr_len; 144200399Ssyrinx u_int8_t av_cnt; 145200399Ssyrinx unsigned char rest[1]; 146200399Ssyrinx}; 147200399Ssyrinx 148200399Ssyrinxstruct tac_acct_reply { 149200399Ssyrinx u_int16_t msg_len; 150200399Ssyrinx u_int16_t data_len; 151200399Ssyrinx u_int8_t status; 152200399Ssyrinx unsigned char rest[1]; 153200399Ssyrinx}; 154200399Ssyrinx 15541120Sjdpstruct tac_msg { 15641120Sjdp u_int8_t version; 15741120Sjdp u_int8_t type; 15841120Sjdp u_int8_t seq_no; 15941120Sjdp u_int8_t flags; 16041120Sjdp u_int8_t session_id[4]; 16141120Sjdp u_int32_t length; 16241120Sjdp union { 16341120Sjdp struct tac_authen_start authen_start; 16441120Sjdp struct tac_authen_reply authen_reply; 16541120Sjdp struct tac_authen_cont authen_cont; 166103976Spst struct tac_author_request author_request; 167103976Spst struct tac_author_response author_response; 168200399Ssyrinx struct tac_acct_start acct_start; 169200399Ssyrinx struct tac_acct_reply acct_reply; 17041120Sjdp unsigned char body[BODYSIZE]; 17141120Sjdp } u; 17241120Sjdp}; 17341120Sjdp 17441120Sjdpstruct tac_handle { 17541120Sjdp int fd; /* Socket file descriptor */ 17641120Sjdp struct tac_server servers[MAXSERVERS]; /* Servers to contact */ 17741120Sjdp int num_servers; /* Number of valid server entries */ 17841120Sjdp int cur_server; /* Server we are currently using */ 17941120Sjdp int single_connect; /* Use a single connection */ 18041120Sjdp int last_seq_no; 18141120Sjdp char errmsg[ERRSIZE]; /* Most recent error message */ 18241120Sjdp 18341120Sjdp struct clnt_str user; 18441120Sjdp struct clnt_str port; 18541120Sjdp struct clnt_str rem_addr; 18641120Sjdp struct clnt_str data; 18741120Sjdp struct clnt_str user_msg; 188103976Spst struct clnt_str avs[MAXAVPAIRS]; 18941120Sjdp 19041120Sjdp struct tac_msg request; 19141120Sjdp struct tac_msg response; 19241120Sjdp 19341120Sjdp int srvr_pos; /* Scan position in response body */ 19441120Sjdp struct srvr_str srvr_msg; 19541120Sjdp struct srvr_str srvr_data; 196103976Spst struct srvr_str srvr_avs[MAXAVPAIRS]; 19741120Sjdp}; 19841120Sjdp 19941120Sjdp#endif 200