1/*- 2 * SPDX-License-Identifier: BSD-2-Clause-FreeBSD 3 * 4 * Copyright (c) 1998, 2001, Juniper Networks, Inc. 5 * All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 17 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 18 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 19 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 20 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 21 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 22 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 23 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 24 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 25 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 26 * SUCH DAMAGE. 27 * 28 * $FreeBSD$ 29 */ 30 31#ifndef TACLIB_PRIVATE_H 32#define TACLIB_PRIVATE_H 33 34#include "taclib.h" 35 36/* Defaults */ 37#define PATH_TACPLUS_CONF "/etc/tacplus.conf" 38#define TACPLUS_PORT 49 39#define TIMEOUT 3 /* In seconds */ 40 41/* Limits */ 42#define BODYSIZE 8150 /* Maximum message body size */ 43#define ERRSIZE 128 /* Maximum error message length */ 44#define MAXCONFLINE 1024 /* Maximum config file line length */ 45#define MAXSERVERS 10 /* Maximum number of servers to try */ 46#define MAXAVPAIRS 255 /* Maximum number of AV pairs */ 47 48/* Protocol constants. */ 49#define HDRSIZE 12 /* Size of message header */ 50 51/* Protocol version number */ 52#define TAC_VER_MAJOR 0xc /* Major version number */ 53 54/* Protocol packet types */ 55#define TAC_AUTHEN 0x01 /* Authentication */ 56#define TAC_AUTHOR 0x02 /* Authorization */ 57#define TAC_ACCT 0x03 /* Accouting */ 58 59/* Protocol header flags */ 60#define TAC_UNENCRYPTED 0x01 61#define TAC_SINGLE_CONNECT 0x04 62 63struct tac_server { 64 struct sockaddr_in addr; /* Address of server */ 65 char *secret; /* Shared secret */ 66 int timeout; /* Timeout in seconds */ 67 int flags; 68}; 69 70/* 71 * An optional string of bytes specified by the client for inclusion in 72 * a request. The data is always a dynamically allocated copy that 73 * belongs to the library. It is copied into the request packet just 74 * before sending the request. 75 */ 76struct clnt_str { 77 void *data; 78 size_t len; 79}; 80 81/* 82 * An optional string of bytes from a server response. The data resides 83 * in the response packet itself, and must not be freed. 84 */ 85struct srvr_str { 86 const void *data; 87 size_t len; 88}; 89 90struct tac_authen_start { 91 u_int8_t action; 92 u_int8_t priv_lvl; 93 u_int8_t authen_type; 94 u_int8_t service; 95 u_int8_t user_len; 96 u_int8_t port_len; 97 u_int8_t rem_addr_len; 98 u_int8_t data_len; 99 unsigned char rest[1]; 100}; 101 102struct tac_authen_reply { 103 u_int8_t status; 104 u_int8_t flags; 105 u_int16_t msg_len; 106 u_int16_t data_len; 107 unsigned char rest[1]; 108}; 109 110struct tac_authen_cont { 111 u_int16_t user_msg_len; 112 u_int16_t data_len; 113 u_int8_t flags; 114 unsigned char rest[1]; 115}; 116 117struct tac_author_request { 118 u_int8_t authen_meth; 119 u_int8_t priv_lvl; 120 u_int8_t authen_type; 121 u_int8_t service; 122 u_int8_t user_len; 123 u_int8_t port_len; 124 u_int8_t rem_addr_len; 125 u_int8_t av_cnt; 126 unsigned char rest[1]; 127}; 128 129struct tac_author_response { 130 u_int8_t status; 131 u_int8_t av_cnt; 132 u_int16_t msg_len; 133 u_int16_t data_len; 134 unsigned char rest[1]; 135}; 136 137struct tac_acct_start { 138 u_int8_t action; 139 u_int8_t authen_action; 140 u_int8_t priv_lvl; 141 u_int8_t authen_type; 142 u_int8_t authen_service; 143 u_int8_t user_len; 144 u_int8_t port_len; 145 u_int8_t rem_addr_len; 146 u_int8_t av_cnt; 147 unsigned char rest[1]; 148}; 149 150struct tac_acct_reply { 151 u_int16_t msg_len; 152 u_int16_t data_len; 153 u_int8_t status; 154 unsigned char rest[1]; 155}; 156 157struct tac_msg { 158 u_int8_t version; 159 u_int8_t type; 160 u_int8_t seq_no; 161 u_int8_t flags; 162 u_int8_t session_id[4]; 163 u_int32_t length; 164 union { 165 struct tac_authen_start authen_start; 166 struct tac_authen_reply authen_reply; 167 struct tac_authen_cont authen_cont; 168 struct tac_author_request author_request; 169 struct tac_author_response author_response; 170 struct tac_acct_start acct_start; 171 struct tac_acct_reply acct_reply; 172 unsigned char body[BODYSIZE]; 173 } u; 174}; 175 176struct tac_handle { 177 int fd; /* Socket file descriptor */ 178 struct tac_server servers[MAXSERVERS]; /* Servers to contact */ 179 int num_servers; /* Number of valid server entries */ 180 int cur_server; /* Server we are currently using */ 181 int single_connect; /* Use a single connection */ 182 int last_seq_no; 183 char errmsg[ERRSIZE]; /* Most recent error message */ 184 185 struct clnt_str user; 186 struct clnt_str port; 187 struct clnt_str rem_addr; 188 struct clnt_str data; 189 struct clnt_str user_msg; 190 struct clnt_str avs[MAXAVPAIRS]; 191 192 struct tac_msg request; 193 struct tac_msg response; 194 195 int srvr_pos; /* Scan position in response body */ 196 struct srvr_str srvr_msg; 197 struct srvr_str srvr_data; 198 struct srvr_str srvr_avs[MAXAVPAIRS]; 199}; 200 201#endif 202