1 /*- 2 * Copyright (c) 1998, 2001, Juniper Networks, Inc. 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 15 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 17 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 18 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 20 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 21 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 22 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 23 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 24 * SUCH DAMAGE. 25 * 26 * $FreeBSD$ 27 */ 28 29 #ifndef TACLIB_PRIVATE_H 30 #define TACLIB_PRIVATE_H 31 32 #include "taclib.h" 33 34 /* Defaults */ 35 #define PATH_TACPLUS_CONF "/etc/tacplus.conf" 36 #define TACPLUS_PORT 49 37 #define TIMEOUT 3 /* In seconds */ 38 39 /* Limits */ 40 #define BODYSIZE 8150 /* Maximum message body size */ 41 #define ERRSIZE 128 /* Maximum error message length */ 42 #define MAXCONFLINE 1024 /* Maximum config file line length */ 43 #define MAXSERVERS 10 /* Maximum number of servers to try */ 44 #define MAXAVPAIRS 255 /* Maximum number of AV pairs */ 45 46 /* Protocol constants. */ 47 #define HDRSIZE 12 /* Size of message header */ 48 49 /* Protocol version number */ 50 #define TAC_VER_MAJOR 0xc /* Major version number */ 51 52 /* Protocol packet types */ 53 #define TAC_AUTHEN 0x01 /* Authentication */ 54 #define TAC_AUTHOR 0x02 /* Authorization */ 55 #define TAC_ACCT 0x03 /* Accouting */ 56 57 /* Protocol header flags */ 58 #define TAC_UNENCRYPTED 0x01 59 #define TAC_SINGLE_CONNECT 0x04 60 61 struct tac_server { 62 struct sockaddr_in addr; /* Address of server */ 63 char *secret; /* Shared secret */ 64 int timeout; /* Timeout in seconds */ 65 int flags; 66 }; 67 68 /* 69 * An optional string of bytes specified by the client for inclusion in 70 * a request. The data is always a dynamically allocated copy that 71 * belongs to the library. It is copied into the request packet just 72 * before sending the request. 73 */ 74 struct clnt_str { 75 void *data; 76 size_t len; 77 }; 78 79 /* 80 * An optional string of bytes from a server response. The data resides 81 * in the response packet itself, and must not be freed. 82 */ 83 struct srvr_str { 84 const void *data; 85 size_t len; 86 }; 87 88 struct tac_authen_start { 89 u_int8_t action; 90 u_int8_t priv_lvl; 91 u_int8_t authen_type; 92 u_int8_t service; 93 u_int8_t user_len; 94 u_int8_t port_len; 95 u_int8_t rem_addr_len; 96 u_int8_t data_len; 97 unsigned char rest[1]; 98 }; 99 100 struct tac_authen_reply { 101 u_int8_t status; 102 u_int8_t flags; 103 u_int16_t msg_len; 104 u_int16_t data_len; 105 unsigned char rest[1]; 106 }; 107 108 struct tac_authen_cont { 109 u_int16_t user_msg_len; 110 u_int16_t data_len; 111 u_int8_t flags; 112 unsigned char rest[1]; 113 }; 114 115 struct tac_author_request { 116 u_int8_t authen_meth; 117 u_int8_t priv_lvl; 118 u_int8_t authen_type; 119 u_int8_t service; 120 u_int8_t user_len; 121 u_int8_t port_len; 122 u_int8_t rem_addr_len; 123 u_int8_t av_cnt; 124 unsigned char rest[1]; 125 }; 126 127 struct tac_author_response { 128 u_int8_t status; 129 u_int8_t av_cnt; 130 u_int16_t msg_len; 131 u_int16_t data_len; 132 unsigned char rest[1]; 133 }; 134 135 struct tac_acct_start { 136 u_int8_t action; 137 u_int8_t authen_action; 138 u_int8_t priv_lvl; 139 u_int8_t authen_type; 140 u_int8_t authen_service; 141 u_int8_t user_len; 142 u_int8_t port_len; 143 u_int8_t rem_addr_len; 144 u_int8_t av_cnt; 145 unsigned char rest[1]; 146 }; 147 148 struct tac_acct_reply { 149 u_int16_t msg_len; 150 u_int16_t data_len; 151 u_int8_t status; 152 unsigned char rest[1]; 153 }; 154 155 struct tac_msg { 156 u_int8_t version; 157 u_int8_t type; 158 u_int8_t seq_no; 159 u_int8_t flags; 160 u_int8_t session_id[4]; 161 u_int32_t length; 162 union { 163 struct tac_authen_start authen_start; 164 struct tac_authen_reply authen_reply; 165 struct tac_authen_cont authen_cont; 166 struct tac_author_request author_request; 167 struct tac_author_response author_response; 168 struct tac_acct_start acct_start; 169 struct tac_acct_reply acct_reply; 170 unsigned char body[BODYSIZE]; 171 } u; 172 }; 173 174 struct tac_handle { 175 int fd; /* Socket file descriptor */ 176 struct tac_server servers[MAXSERVERS]; /* Servers to contact */ 177 int num_servers; /* Number of valid server entries */ 178 int cur_server; /* Server we are currently using */ 179 int single_connect; /* Use a single connection */ 180 int last_seq_no; 181 char errmsg[ERRSIZE]; /* Most recent error message */ 182 183 struct clnt_str user; 184 struct clnt_str port; 185 struct clnt_str rem_addr; 186 struct clnt_str data; 187 struct clnt_str user_msg; 188 struct clnt_str avs[MAXAVPAIRS]; 189 190 struct tac_msg request; 191 struct tac_msg response; 192 193 int srvr_pos; /* Scan position in response body */ 194 struct srvr_str srvr_msg; 195 struct srvr_str srvr_data; 196 struct srvr_str srvr_avs[MAXAVPAIRS]; 197 }; 198 199 #endif 200