1/*-
2 * SPDX-License-Identifier: BSD-2-Clause-FreeBSD
3 *
4 * Copyright (c) 1998, 2001, Juniper Networks, Inc.
5 * All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 * 1. Redistributions of source code must retain the above copyright
11 *    notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 *    notice, this list of conditions and the following disclaimer in the
14 *    documentation and/or other materials provided with the distribution.
15 *
16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
17 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
20 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
21 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
22 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
23 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
24 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
25 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
26 * SUCH DAMAGE.
27 *
28 *	$FreeBSD$
29 */
30
31#ifndef TACLIB_PRIVATE_H
32#define TACLIB_PRIVATE_H
33
34#include "taclib.h"
35
36/* Defaults */
37#define PATH_TACPLUS_CONF	"/etc/tacplus.conf"
38#define TACPLUS_PORT		49
39#define TIMEOUT			3	/* In seconds */
40
41/* Limits */
42#define BODYSIZE	8150		/* Maximum message body size */
43#define ERRSIZE		128		/* Maximum error message length */
44#define MAXCONFLINE	1024		/* Maximum config file line length */
45#define MAXSERVERS	10		/* Maximum number of servers to try */
46#define MAXAVPAIRS      255             /* Maximum number of AV pairs */
47
48/* Protocol constants. */
49#define HDRSIZE		12		/* Size of message header */
50
51/* Protocol version number */
52#define TAC_VER_MAJOR		0xc		/* Major version number */
53
54/* Protocol packet types */
55#define TAC_AUTHEN		0x01		/* Authentication */
56#define TAC_AUTHOR		0x02		/* Authorization */
57#define TAC_ACCT		0x03		/* Accouting */
58
59/* Protocol header flags */
60#define TAC_UNENCRYPTED		0x01
61#define TAC_SINGLE_CONNECT	0x04
62
63struct tac_server {
64	struct sockaddr_in addr;	/* Address of server */
65	char		*secret;	/* Shared secret */
66	int		 timeout;	/* Timeout in seconds */
67	int		 flags;
68};
69
70/*
71 * An optional string of bytes specified by the client for inclusion in
72 * a request.  The data is always a dynamically allocated copy that
73 * belongs to the library.  It is copied into the request packet just
74 * before sending the request.
75 */
76struct clnt_str {
77	void		*data;
78	size_t		 len;
79};
80
81/*
82 * An optional string of bytes from a server response.  The data resides
83 * in the response packet itself, and must not be freed.
84 */
85struct srvr_str {
86	const void	*data;
87	size_t		 len;
88};
89
90struct tac_authen_start {
91	u_int8_t	action;
92	u_int8_t	priv_lvl;
93	u_int8_t	authen_type;
94	u_int8_t	service;
95	u_int8_t	user_len;
96	u_int8_t	port_len;
97	u_int8_t	rem_addr_len;
98	u_int8_t	data_len;
99	unsigned char	rest[1];
100};
101
102struct tac_authen_reply {
103	u_int8_t	status;
104	u_int8_t	flags;
105	u_int16_t	msg_len;
106	u_int16_t	data_len;
107	unsigned char	rest[1];
108};
109
110struct tac_authen_cont {
111	u_int16_t	user_msg_len;
112	u_int16_t	data_len;
113	u_int8_t	flags;
114	unsigned char	rest[1];
115};
116
117struct tac_author_request {
118	u_int8_t	authen_meth;
119	u_int8_t	priv_lvl;
120	u_int8_t	authen_type;
121	u_int8_t	service;
122	u_int8_t	user_len;
123	u_int8_t	port_len;
124	u_int8_t	rem_addr_len;
125	u_int8_t	av_cnt;
126	unsigned char	rest[1];
127};
128
129struct tac_author_response {
130	u_int8_t	status;
131	u_int8_t	av_cnt;
132	u_int16_t	msg_len;
133	u_int16_t	data_len;
134	unsigned char	rest[1];
135};
136
137struct tac_acct_start {
138	u_int8_t	action;
139	u_int8_t	authen_action;
140	u_int8_t	priv_lvl;
141	u_int8_t	authen_type;
142	u_int8_t	authen_service;
143	u_int8_t	user_len;
144	u_int8_t	port_len;
145	u_int8_t	rem_addr_len;
146	u_int8_t	av_cnt;
147	unsigned char	rest[1];
148};
149
150struct tac_acct_reply {
151	u_int16_t	msg_len;
152	u_int16_t	data_len;
153	u_int8_t	status;
154	unsigned char	rest[1];
155};
156
157struct tac_msg {
158	u_int8_t	version;
159	u_int8_t	type;
160	u_int8_t	seq_no;
161	u_int8_t	flags;
162	u_int8_t	session_id[4];
163	u_int32_t	length;
164	union {
165		struct tac_authen_start authen_start;
166		struct tac_authen_reply authen_reply;
167		struct tac_authen_cont authen_cont;
168		struct tac_author_request author_request;
169		struct tac_author_response author_response;
170		struct tac_acct_start acct_start;
171		struct tac_acct_reply acct_reply;
172		unsigned char body[BODYSIZE];
173	} u;
174};
175
176struct tac_handle {
177	int		 fd;		/* Socket file descriptor */
178	struct tac_server servers[MAXSERVERS];	/* Servers to contact */
179	int		 num_servers;	/* Number of valid server entries */
180	int		 cur_server;	/* Server we are currently using */
181	int		 single_connect;	/* Use a single connection */
182	int		 last_seq_no;
183	char		 errmsg[ERRSIZE];	/* Most recent error message */
184
185	struct clnt_str	 user;
186	struct clnt_str	 port;
187	struct clnt_str	 rem_addr;
188	struct clnt_str	 data;
189	struct clnt_str	 user_msg;
190	struct clnt_str  avs[MAXAVPAIRS];
191
192	struct tac_msg	 request;
193	struct tac_msg	 response;
194
195	int		 srvr_pos;	/* Scan position in response body */
196	struct srvr_str	 srvr_msg;
197	struct srvr_str	 srvr_data;
198	struct srvr_str  srvr_avs[MAXAVPAIRS];
199};
200
201#endif
202