2 Copyright (c) 1995-1998 by Cisco systems, Inc.
4 Permission to use, copy, modify, and distribute this software for
5 any purpose and without fee is hereby granted, provided that this
6 copyright and permission notice appear on all copies of the
7 software and supporting documentation, the name of Cisco Systems,
8 Inc. not be used in advertising or publicity pertaining to
9 distribution of the program without specific prior permission, and
10 notice be given in supporting documentation that modification,
11 copying and distribution is by permission of Cisco Systems, Inc.
13 Cisco Systems, Inc. makes no representations about the suitability
14 of this software for any purpose. THIS SOFTWARE IS PROVIDED ``AS
15 IS'' AND WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING,
16 WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND
17 FITNESS FOR A PARTICULAR PURPOSE.
23 #include <netinet/in.h> /* for ntohl() */
29 #include "do_author.h"
33 char *summarise_outgoing_packet_type TAC_ARGS((u_char *pak));
35 /* Routines for dumping packets to stderr */
37 summarise_outgoing_packet_type(pak)
41 struct authen_reply *authen;
42 struct author_reply *author;
49 authen = (struct authen_reply *) (pak + TAC_PLUS_HDR_SIZE);
51 switch (authen->status) {
52 case TAC_PLUS_AUTHEN_STATUS_PASS:
55 case TAC_PLUS_AUTHEN_STATUS_FAIL:
58 case TAC_PLUS_AUTHEN_STATUS_GETDATA:
61 case TAC_PLUS_AUTHEN_STATUS_GETUSER:
64 case TAC_PLUS_AUTHEN_STATUS_GETPASS:
67 case TAC_PLUS_AUTHEN_STATUS_ERROR:
77 author = (struct author_reply *) (pak + TAC_PLUS_HDR_SIZE);
78 switch (author->status) {
79 case AUTHOR_STATUS_PASS_ADD:
80 p = "AUTHOR/PASS_ADD";
82 case AUTHOR_STATUS_FAIL:
85 case AUTHOR_STATUS_PASS_REPL:
86 p = "AUTHOR/PASS_REPL";
88 case AUTHOR_STATUS_ERROR:
106 static void dump_header TAC_ARGS((u_char *pak));
117 report(LOG_DEBUG, "PACKET: key=%s", session.key ? session.key : "<NULL>");
118 report(LOG_DEBUG, "version %d (0x%x), type %d, seq no %d, encryption %d",
119 hdr->version, hdr->version,
120 hdr->type, hdr->seq_no, hdr->encryption);
121 report(LOG_DEBUG, "session_id %u (0x%x), Data length %d (0x%x)",
122 ntohl(hdr->session_id), ntohl(hdr->session_id),
123 ntohl(hdr->datalength), ntohl(hdr->datalength));
125 report(LOG_DEBUG, "End header");
127 if (debug & DEBUG_HEX_FLAG) {
128 report(LOG_DEBUG, "Packet body hex dump:");
129 data = (u_char *) (pak + TAC_PLUS_HDR_SIZE);
130 report_hex(LOG_DEBUG, data, ntohl(hdr->datalength));
135 void dump_nas_pak TAC_ARGS((u_char *pak));
137 /* Dump packets originated by a NAS */
142 struct authen_start *start;
143 struct authen_cont *cont;
144 struct author *author;
148 u_char *p, *argsizep;
157 report(LOG_DEBUG, "nas packets should be odd numbered seq=%d",
163 case TAC_PLUS_AUTHEN:
164 start = (struct authen_start *) (pak + TAC_PLUS_HDR_SIZE);
166 switch (hdr->seq_no) {
169 report(LOG_DEBUG, "type=AUTHEN/START, priv_lvl = %d",
172 switch (start->action) {
173 case TAC_PLUS_AUTHEN_LOGIN:
174 report(LOG_DEBUG, "action=login");
176 case TAC_PLUS_AUTHEN_CHPASS:
177 report(LOG_DEBUG, "action=chpass");
179 case TAC_PLUS_AUTHEN_SENDPASS:
180 report(LOG_DEBUG, "action=sendpass");
182 case TAC_PLUS_AUTHEN_SENDAUTH:
183 report(LOG_DEBUG, "action=sendauth");
186 report(LOG_DEBUG, "action=UNKNOWN %d", start->action);
190 switch(start->authen_type) {
191 case TAC_PLUS_AUTHEN_TYPE_ASCII:
192 report(LOG_DEBUG, "authen_type=ascii");
194 case TAC_PLUS_AUTHEN_TYPE_PAP:
195 report(LOG_DEBUG, "authen_type=pap");
197 case TAC_PLUS_AUTHEN_TYPE_CHAP:
198 report(LOG_DEBUG, "authen_type=chap");
200 case TAC_PLUS_AUTHEN_TYPE_ARAP:
201 report(LOG_DEBUG, "authen_type=arap");
204 report(LOG_DEBUG, "authen_type=unknown %d", start->authen_type);
208 switch(start->service) {
210 case TAC_PLUS_AUTHEN_SVC_LOGIN:
211 report(LOG_DEBUG, "service=login");
213 case TAC_PLUS_AUTHEN_SVC_ENABLE:
214 report(LOG_DEBUG, "service=enable");
216 case TAC_PLUS_AUTHEN_SVC_PPP:
217 report(LOG_DEBUG, "service=ppp");
219 case TAC_PLUS_AUTHEN_SVC_ARAP:
220 report(LOG_DEBUG, "service=arap");
222 case TAC_PLUS_AUTHEN_SVC_PT:
223 report(LOG_DEBUG, "service=pt");
225 case TAC_PLUS_AUTHEN_SVC_RCMD:
226 report(LOG_DEBUG, "service=rcmd");
228 case TAC_PLUS_AUTHEN_SVC_X25:
229 report(LOG_DEBUG, "service=x25");
231 case TAC_PLUS_AUTHEN_SVC_NASI:
232 report(LOG_DEBUG, "service=nasi");
235 report(LOG_DEBUG, "service=unknown %d", start->service);
240 "user_len=%d port_len=%d (0x%x), rem_addr_len=%d (0x%x)",
241 start->user_len, start->port_len, start->port_len,
242 start->rem_addr_len, start->rem_addr_len);
244 report(LOG_DEBUG, "data_len=%d", start->data_len);
246 /* start of variable length data is here */
247 p = pak + TAC_PLUS_HDR_SIZE + TAC_AUTHEN_START_FIXED_FIELDS_SIZE;
249 report(LOG_DEBUG, "User: ");
250 report_string(LOG_DEBUG, p, start->user_len);
251 p += start->user_len;
253 report(LOG_DEBUG, "port: ");
254 report_string(LOG_DEBUG, p, start->port_len);
255 p += start->port_len;
257 report(LOG_DEBUG, "rem_addr: ");
258 report_string(LOG_DEBUG, p, start->rem_addr_len);
259 p += start->rem_addr_len;
261 report(LOG_DEBUG, "data: ");
262 report_string(LOG_DEBUG, p, start->data_len);
264 report(LOG_DEBUG, "End packet");
268 cont = (struct authen_cont *) (pak + TAC_PLUS_HDR_SIZE);
269 report(LOG_DEBUG, "type=AUTHEN/CONT");
270 report(LOG_DEBUG, "user_msg_len %d (0x%x), user_data_len %d (0x%x)",
271 cont->user_msg_len, cont->user_msg_len,
272 cont->user_data_len, cont->user_data_len);
273 report(LOG_DEBUG, "flags=0x%x", cont->flags);
275 /* start of variable length data is here */
276 p = pak + TAC_PLUS_HDR_SIZE +
277 TAC_AUTHEN_CONT_FIXED_FIELDS_SIZE;
279 report(LOG_DEBUG, "User msg: ");
280 report_string(LOG_DEBUG, p, cont->user_msg_len);
281 p += cont->user_msg_len;
283 report(LOG_DEBUG, "User data: ");
284 report_string(LOG_DEBUG, p, cont->user_data_len);
286 report(LOG_DEBUG, "End packet");
290 case TAC_PLUS_AUTHOR:
291 author = (struct author *) (pak + TAC_PLUS_HDR_SIZE);
293 report(LOG_DEBUG, "type=AUTHOR, priv_lvl=%d, authen=%d",
295 author->authen_type);
297 switch(author->authen_method) {
298 case AUTHEN_METH_NONE:
299 report(LOG_DEBUG, "method=none");
301 case AUTHEN_METH_KRB5:
302 report(LOG_DEBUG, "method=krb5");
304 case AUTHEN_METH_LINE:
305 report(LOG_DEBUG, "method=line");
307 case AUTHEN_METH_ENABLE:
308 report(LOG_DEBUG, "method=enable");
310 case AUTHEN_METH_LOCAL:
311 report(LOG_DEBUG, "method=local");
313 case AUTHEN_METH_TACACSPLUS:
314 report(LOG_DEBUG, "method=tacacs+");
316 case AUTHEN_METH_RCMD:
317 report(LOG_DEBUG, "method=rcmd");
320 report(LOG_DEBUG, "method=unknown %d", author->authen_method);
324 report(LOG_DEBUG, "svc=%d user_len=%d port_len=%d rem_addr_len=%d",
325 author->service, author->user_len,
326 author->port_len, author->rem_addr_len);
328 report(LOG_DEBUG, "arg_cnt=%d", author->arg_cnt);
330 /* variable length data start here */
331 p = pak + TAC_PLUS_HDR_SIZE + TAC_AUTHOR_REQ_FIXED_FIELDS_SIZE;
333 p += author->arg_cnt;
335 report(LOG_DEBUG, "User: ");
336 report_string(LOG_DEBUG, p, author->user_len);
337 p += author->user_len;
339 report(LOG_DEBUG, "port: ");
340 report_string(LOG_DEBUG, p, author->port_len);
341 p += author->port_len;
343 report(LOG_DEBUG, "rem_addr: ");
344 report_string(LOG_DEBUG, p, author->rem_addr_len);
345 p += author->rem_addr_len;
347 for (i = 0; i < (int) author->arg_cnt; i++) {
348 report(LOG_DEBUG, "arg[%d]: size=%d ", i, *argsizep);
349 report_string(LOG_DEBUG, p, *argsizep);
356 acct = (struct acct *) (pak + TAC_PLUS_HDR_SIZE);
357 report(LOG_DEBUG, "ACCT, flags=0x%x method=%d priv_lvl=%d",
358 acct->flags, acct->authen_method, acct->priv_lvl);
359 report(LOG_DEBUG, "type=%d svc=%d",
360 acct->authen_type, acct->authen_service);
361 report(LOG_DEBUG, "user_len=%d port_len=%d rem_addr_len=%d",
362 acct->user_len, acct->port_len, acct->rem_addr_len);
363 report(LOG_DEBUG, "arg_cnt=%d", acct->arg_cnt);
365 p = pak + TAC_PLUS_HDR_SIZE + TAC_ACCT_REQ_FIXED_FIELDS_SIZE;
369 report(LOG_DEBUG, "User: ");
370 report_string(LOG_DEBUG, p, acct->user_len);
373 report(LOG_DEBUG, "port: ");
374 report_string(LOG_DEBUG, p, acct->port_len);
377 report(LOG_DEBUG, "rem_addr: ");
378 report_string(LOG_DEBUG, p, acct->rem_addr_len);
379 p += acct->rem_addr_len;
381 for (i = 0; i < (int) acct->arg_cnt; i++) {
382 report(LOG_DEBUG, "arg[%d]: size=%d ", i, *argsizep);
383 report_string(LOG_DEBUG, p, *argsizep);
390 report(LOG_DEBUG, "dump_nas_pak: unrecognized header type %d", hdr->type);
392 report(LOG_DEBUG, "End packet");
395 /* Dump packets originated by Tacacsd */
397 void dump_tacacs_pak TAC_ARGS((u_char *pak));
403 struct authen_reply *authen;
404 struct author_reply *author;
405 struct acct_reply *acct;
407 u_char *p, *argsizep;
417 report(LOG_ERR, "%s: Bad sequence number %d should be even",
423 case TAC_PLUS_AUTHEN:
424 authen = (struct authen_reply *) (pak + TAC_PLUS_HDR_SIZE);
426 report(LOG_DEBUG, "type=AUTHEN status=%d (%s) flags=0x%x",
427 authen->status, summarise_outgoing_packet_type(pak),
430 report(LOG_DEBUG, "msg_len=%d, data_len=%d",
431 authen->msg_len, authen->data_len);
433 /* start of variable length data is here */
434 p = pak + TAC_PLUS_HDR_SIZE + TAC_AUTHEN_REPLY_FIXED_FIELDS_SIZE;
436 report(LOG_DEBUG, "msg: ");
437 report_string(LOG_DEBUG, p, authen->msg_len);
438 p += authen->msg_len;
440 report(LOG_DEBUG, "data: ");
441 report_string(LOG_DEBUG, p, authen->data_len);
443 report(LOG_DEBUG, "End packet");
446 case TAC_PLUS_AUTHOR:
447 author = (struct author_reply *) (pak + TAC_PLUS_HDR_SIZE);
449 report(LOG_DEBUG, "type=AUTHOR/REPLY status=%d (%s) ",
450 author->status, summarise_outgoing_packet_type(pak));
451 report(LOG_DEBUG, "msg_len=%d, data_len=%d arg_cnt=%d",
452 author->msg_len, author->data_len, author->arg_cnt);
454 /* start of variable length data is here */
455 p = pak + TAC_PLUS_HDR_SIZE + TAC_AUTHOR_REPLY_FIXED_FIELDS_SIZE;
457 /* arg sizes come next */
460 p += author->arg_cnt;
462 report(LOG_DEBUG, "msg: ");
463 report_string(LOG_DEBUG, p, author->msg_len);
464 p += author->msg_len;
466 report(LOG_DEBUG, "data: ");
467 report_string(LOG_DEBUG, p, author->data_len);
468 p += author->data_len;
471 for (i = 0; i < (int) author->arg_cnt; i++) {
472 int size = argsizep[i];
474 report(LOG_DEBUG, "arg[%d] size=%d ", i, size);
475 report_string(LOG_DEBUG, p, size);
481 acct = (struct acct_reply *) (pak + TAC_PLUS_HDR_SIZE);
482 report(LOG_DEBUG, "ACCT/REPLY status=%d", acct->status);
484 report(LOG_DEBUG, "msg_len=%d data_len=%d",
485 acct->msg_len, acct->data_len);
487 p = pak + TAC_PLUS_HDR_SIZE + TAC_ACCT_REPLY_FIXED_FIELDS_SIZE;
489 report(LOG_DEBUG, "msg: ");
491 report_string(LOG_DEBUG, p, acct->msg_len);
494 report(LOG_DEBUG, "data: ");
495 report_string(LOG_DEBUG, p, acct->data_len);
500 report(LOG_DEBUG, "dump_tacacs_pak: unrecognized header type %d",
503 report(LOG_DEBUG, "End packet");
506 char *summarise_incoming_packet_type TAC_ARGS((u_char *pak));
508 /* summarise packet types for logging routines. */
510 summarise_incoming_packet_type(pak)
519 case TAC_PLUS_AUTHEN:
520 switch (hdr->seq_no) {
530 case TAC_PLUS_AUTHOR: