6 #include <sys/types.h> /* for u_* */
9 /* All tacacs+ packets have the same header format */
11 struct tac_plus_pak_hdr {
14 #define TAC_PLUS_MAJOR_VER_MASK 0xf0
15 #define TAC_PLUS_MAJOR_VER 0xc0
17 #define TAC_PLUS_MINOR_VER_0 0x0
18 #define TAC_PLUS_VER_0 (TAC_PLUS_MAJOR_VER | TAC_PLUS_MINOR_VER_0)
20 #define TAC_PLUS_MINOR_VER_1 0x01
21 #define TAC_PLUS_VER_1 (TAC_PLUS_MAJOR_VER | TAC_PLUS_MINOR_VER_1)
25 #define TAC_PLUS_AUTHEN 1
26 #define TAC_PLUS_AUTHOR 2
27 #define TAC_PLUS_ACCT 3
29 u_char seq_no; /* packet sequence number */
30 u_char encryption; /* packet is encrypted or cleartext */
32 #define TAC_PLUS_ENCRYPTED 0x0 /* packet is encrypted */
33 #define TAC_PLUS_CLEAR 0x1 /* packet is not encrypted */
35 int session_id; /* session identifier FIXME: Is this needed? */
36 int datalength; /* length of encrypted data following this
38 /* datalength bytes of encrypted data */
41 #define TAC_PLUS_HDR_SIZE 12
43 typedef struct tac_plus_pak_hdr HDR;
45 /* Authentication packet NAS sends to us */
50 #define TAC_PLUS_AUTHEN_LOGIN 0x1
51 #define TAC_PLUS_AUTHEN_CHPASS 0x2
52 #define TAC_PLUS_AUTHEN_SENDPASS 0x3 /* deprecated */
53 #define TAC_PLUS_AUTHEN_SENDAUTH 0x4
57 #define TAC_PLUS_PRIV_LVL_MIN 0x0
58 #define TAC_PLUS_PRIV_LVL_MAX 0xf
62 #define TAC_PLUS_AUTHEN_TYPE_ASCII 1
63 #define TAC_PLUS_AUTHEN_TYPE_PAP 2
64 #define TAC_PLUS_AUTHEN_TYPE_CHAP 3
65 #define TAC_PLUS_AUTHEN_TYPE_ARAP 4
67 #define TAC_PLUS_AUTHEN_TYPE_MSCHAP 5
72 #define TAC_PLUS_AUTHEN_SVC_LOGIN 1
73 #define TAC_PLUS_AUTHEN_SVC_ENABLE 2
74 #define TAC_PLUS_AUTHEN_SVC_PPP 3
75 #define TAC_PLUS_AUTHEN_SVC_ARAP 4
76 #define TAC_PLUS_AUTHEN_SVC_PT 5
77 #define TAC_PLUS_AUTHEN_SVC_RCMD 6
78 #define TAC_PLUS_AUTHEN_SVC_X25 7
79 #define TAC_PLUS_AUTHEN_SVC_NASI 8
85 /* <user_len bytes of char data> */
86 /* <port_len bytes of char data> */
87 /* <rem_addr_len bytes of u_char data> */
88 /* <data_len bytes of u_char data> */
91 #define TAC_AUTHEN_START_FIXED_FIELDS_SIZE 8
93 /* Authentication continue packet NAS sends to us */
96 u_short user_data_len;
99 #define TAC_PLUS_CONTINUE_FLAG_ABORT 0x1
101 /* <user_msg_len bytes of u_char data> */
102 /* <user_data_len bytes of u_char data> */
105 #define TAC_AUTHEN_CONT_FIXED_FIELDS_SIZE 5
107 /* Authentication reply packet we send to NAS */
108 struct authen_reply {
111 #define TAC_PLUS_AUTHEN_STATUS_PASS 1
112 #define TAC_PLUS_AUTHEN_STATUS_FAIL 2
113 #define TAC_PLUS_AUTHEN_STATUS_GETDATA 3
114 #define TAC_PLUS_AUTHEN_STATUS_GETUSER 4
115 #define TAC_PLUS_AUTHEN_STATUS_GETPASS 5
116 #define TAC_PLUS_AUTHEN_STATUS_RESTART 6
117 #define TAC_PLUS_AUTHEN_STATUS_ERROR 7
118 #define TAC_PLUS_AUTHEN_STATUS_FOLLOW 0x21
122 #define TAC_PLUS_AUTHEN_FLAG_NOECHO 0x1
127 /* <msg_len bytes of char data> */
128 /* <data_len bytes of u_char data> */
131 #define TAC_AUTHEN_REPLY_FIXED_FIELDS_SIZE 6
133 /* An authorization request packet */
135 u_char authen_method;
143 u_char arg_cnt; /* the number of args */
145 /* <arg_cnt u_chars containing the lengths of args 1 to arg n> */
146 /* <user_len bytes of char data> */
147 /* <port_len bytes of char data> */
148 /* <rem_addr_len bytes of u_char data> */
149 /* <char data for each arg> */
152 #define TAC_AUTHOR_REQ_FIXED_FIELDS_SIZE 8
154 /* An authorization reply packet */
155 struct author_reply {
161 /* <arg_cnt u_chars containing the lengths of arg 1 to arg n> */
162 /* <msg_len bytes of char data> */
163 /* <data_len bytes of char data> */
164 /* <char data for each arg> */
167 #define TAC_AUTHOR_REPLY_FIXED_FIELDS_SIZE 6
172 #define TAC_PLUS_ACCT_FLAG_MORE 0x1
173 #define TAC_PLUS_ACCT_FLAG_START 0x2
174 #define TAC_PLUS_ACCT_FLAG_STOP 0x4
175 #define TAC_PLUS_ACCT_FLAG_WATCHDOG 0x8
177 u_char authen_method;
180 u_char authen_service;
184 u_char arg_cnt; /* the number of cmd args */
185 /* one u_char containing size for each arg */
186 /* <user_len bytes of char data> */
187 /* <port_len bytes of char data> */
188 /* <rem_addr_len bytes of u_char data> */
189 /* char data for args 1 ... n */
192 #define TAC_ACCT_REQ_FIXED_FIELDS_SIZE 9
199 #define TAC_PLUS_ACCT_STATUS_SUCCESS 0x1
200 #define TAC_PLUS_ACCT_STATUS_ERROR 0x2
201 #define TAC_PLUS_ACCT_STATUS_FOLLOW 0x21
205 #define TAC_ACCT_REPLY_FIXED_FIELDS_SIZE 5
208 extern void send_acct_reply TAC_ARGS((unsigned status, const char *msg, const char *data));
209 extern void send_author_reply TAC_ARGS((unsigned status, const char *msg, const char *data, int arg_cnt, /* const */ char **args));
210 extern void send_authen_error TAC_ARGS((const char *msg));
211 extern void send_authen_reply TAC_ARGS((int status, const char *msg, unsigned msg_len, const unsigned char *data, unsigned data_len, unsigned flags));
212 extern u_char *get_authen_continue TAC_ARGS((void));
213 extern u_char *read_packet TAC_ARGS((void));
214 extern void send_error_reply TAC_ARGS((int type, char *msg));
217 #endif /* PACKET_H */