1 /*- 2 * SPDX-License-Identifier: BSD-2-Clause 3 * 4 * Copyright (c) 1998, 2001, Juniper Networks, Inc. 5 * All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 17 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 18 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 19 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 20 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 21 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 22 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 23 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 24 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 25 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 26 * SUCH DAMAGE. 27 */ 28 29 #ifndef TACLIB_PRIVATE_H 30 #define TACLIB_PRIVATE_H 31 32 #include "taclib.h" 33 34 /* Defaults */ 35 #define PATH_TACPLUS_CONF "/etc/tacplus.conf" 36 #define TACPLUS_PORT 49 37 #define TIMEOUT 3 /* In seconds */ 38 39 /* Limits */ 40 #define BODYSIZE 8150 /* Maximum message body size */ 41 #define ERRSIZE 128 /* Maximum error message length */ 42 #define MAXCONFLINE 1024 /* Maximum config file line length */ 43 #define MAXSERVERS 10 /* Maximum number of servers to try */ 44 #define MAXAVPAIRS 255 /* Maximum number of AV pairs */ 45 46 /* Protocol constants. */ 47 #define HDRSIZE 12 /* Size of message header */ 48 49 /* Protocol version number */ 50 #define TAC_VER_MAJOR 0xc /* Major version number */ 51 52 /* Protocol packet types */ 53 #define TAC_AUTHEN 0x01 /* Authentication */ 54 #define TAC_AUTHOR 0x02 /* Authorization */ 55 #define TAC_ACCT 0x03 /* Accouting */ 56 57 /* Protocol header flags */ 58 #define TAC_UNENCRYPTED 0x01 59 #define TAC_SINGLE_CONNECT 0x04 60 61 struct tac_str { 62 char *data; 63 size_t len; 64 }; 65 66 struct tac_authen_start { 67 u_int8_t action; 68 u_int8_t priv_lvl; 69 u_int8_t authen_type; 70 u_int8_t service; 71 u_int8_t user_len; 72 u_int8_t port_len; 73 u_int8_t rem_addr_len; 74 u_int8_t data_len; 75 unsigned char rest[1]; 76 }; 77 78 struct tac_authen_reply { 79 u_int8_t status; 80 u_int8_t flags; 81 u_int16_t msg_len; 82 u_int16_t data_len; 83 unsigned char rest[1]; 84 }; 85 86 struct tac_authen_cont { 87 u_int16_t user_msg_len; 88 u_int16_t data_len; 89 u_int8_t flags; 90 unsigned char rest[1]; 91 }; 92 93 struct tac_author_request { 94 u_int8_t authen_meth; 95 u_int8_t priv_lvl; 96 u_int8_t authen_type; 97 u_int8_t service; 98 u_int8_t user_len; 99 u_int8_t port_len; 100 u_int8_t rem_addr_len; 101 u_int8_t av_cnt; 102 unsigned char rest[1]; 103 }; 104 105 struct tac_author_response { 106 u_int8_t status; 107 u_int8_t av_cnt; 108 u_int16_t msg_len; 109 u_int16_t data_len; 110 unsigned char rest[1]; 111 }; 112 113 struct tac_acct_start { 114 u_int8_t action; 115 u_int8_t authen_action; 116 u_int8_t priv_lvl; 117 u_int8_t authen_type; 118 u_int8_t authen_service; 119 u_int8_t user_len; 120 u_int8_t port_len; 121 u_int8_t rem_addr_len; 122 u_int8_t av_cnt; 123 unsigned char rest[1]; 124 }; 125 126 struct tac_acct_reply { 127 u_int16_t msg_len; 128 u_int16_t data_len; 129 u_int8_t status; 130 unsigned char rest[1]; 131 }; 132 133 struct tac_msg { 134 u_int8_t version; 135 u_int8_t type; 136 u_int8_t seq_no; 137 u_int8_t flags; 138 u_int8_t session_id[4]; 139 u_int32_t length; 140 union { 141 struct tac_authen_start authen_start; 142 struct tac_authen_reply authen_reply; 143 struct tac_authen_cont authen_cont; 144 struct tac_author_request author_request; 145 struct tac_author_response author_response; 146 struct tac_acct_start acct_start; 147 struct tac_acct_reply acct_reply; 148 unsigned char body[BODYSIZE]; 149 } u; 150 }; 151 152 struct tac_server { 153 struct sockaddr_in addr; /* Address of server */ 154 char *secret; /* Shared secret */ 155 int timeout; /* Timeout in seconds */ 156 int flags; 157 unsigned int navs; 158 struct tac_str avs[MAXAVPAIRS]; 159 }; 160 161 struct tac_handle { 162 int fd; /* Socket file descriptor */ 163 struct tac_server servers[MAXSERVERS]; /* Servers to contact */ 164 int num_servers; /* Number of valid server entries */ 165 int cur_server; /* Server we are currently using */ 166 int single_connect; /* Use a single connection */ 167 int last_seq_no; 168 char errmsg[ERRSIZE]; /* Most recent error message */ 169 170 struct tac_str user; 171 struct tac_str port; 172 struct tac_str rem_addr; 173 struct tac_str data; 174 struct tac_str user_msg; 175 struct tac_str avs[MAXAVPAIRS]; 176 177 struct tac_msg request; 178 struct tac_msg response; 179 180 int srvr_pos; /* Scan position in response body */ 181 unsigned int srvr_navs; 182 struct tac_str srvr_msg; 183 struct tac_str srvr_data; 184 struct tac_str srvr_avs[MAXAVPAIRS]; 185 }; 186 187 #define is_alpha(ch) /* alphabetical */ \ 188 (((ch) >= 'A' && (ch) <= 'Z') || ((ch) >= 'a' && (ch) <= 'z')) 189 #define is_num(ch) /* numerical */ \ 190 ((ch) >= '0' && (ch) <= '9') 191 #define is_alnum(ch) /* alphanumerical */ \ 192 (is_alpha(ch) || is_num(ch)) 193 #define is_arg(ch) /* valid in an argument name */ \ 194 (is_alnum(ch) || (ch) == '_' || (ch) == '-') 195 196 #endif 197