xref: /freebsd/lib/libtacplus/taclib_private.h (revision 4fbb9c43aa44d9145151bb5f77d302ba01fb7551)
1 /*-
2  * SPDX-License-Identifier: BSD-2-Clause
3  *
4  * Copyright (c) 1998, 2001, Juniper Networks, Inc.
5  * All rights reserved.
6  *
7  * Redistribution and use in source and binary forms, with or without
8  * modification, are permitted provided that the following conditions
9  * are met:
10  * 1. Redistributions of source code must retain the above copyright
11  *    notice, this list of conditions and the following disclaimer.
12  * 2. Redistributions in binary form must reproduce the above copyright
13  *    notice, this list of conditions and the following disclaimer in the
14  *    documentation and/or other materials provided with the distribution.
15  *
16  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
17  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
20  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
21  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
22  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
23  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
24  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
25  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
26  * SUCH DAMAGE.
27  */
28 
29 #ifndef TACLIB_PRIVATE_H
30 #define TACLIB_PRIVATE_H
31 
32 #include "taclib.h"
33 
34 /* Defaults */
35 #define PATH_TACPLUS_CONF	"/etc/tacplus.conf"
36 #define TACPLUS_PORT		49
37 #define TIMEOUT			3	/* In seconds */
38 
39 /* Limits */
40 #define BODYSIZE	8150		/* Maximum message body size */
41 #define ERRSIZE		128		/* Maximum error message length */
42 #define MAXCONFLINE	1024		/* Maximum config file line length */
43 #define MAXSERVERS	10		/* Maximum number of servers to try */
44 #define MAXAVPAIRS      255             /* Maximum number of AV pairs */
45 
46 /* Protocol constants. */
47 #define HDRSIZE		12		/* Size of message header */
48 
49 /* Protocol version number */
50 #define TAC_VER_MAJOR		0xc		/* Major version number */
51 
52 /* Protocol packet types */
53 #define TAC_AUTHEN		0x01		/* Authentication */
54 #define TAC_AUTHOR		0x02		/* Authorization */
55 #define TAC_ACCT		0x03		/* Accouting */
56 
57 /* Protocol header flags */
58 #define TAC_UNENCRYPTED		0x01
59 #define TAC_SINGLE_CONNECT	0x04
60 
61 struct tac_str {
62 	char		*data;
63 	size_t		 len;
64 };
65 
66 struct tac_authen_start {
67 	u_int8_t	action;
68 	u_int8_t	priv_lvl;
69 	u_int8_t	authen_type;
70 	u_int8_t	service;
71 	u_int8_t	user_len;
72 	u_int8_t	port_len;
73 	u_int8_t	rem_addr_len;
74 	u_int8_t	data_len;
75 	unsigned char	rest[1];
76 };
77 
78 struct tac_authen_reply {
79 	u_int8_t	status;
80 	u_int8_t	flags;
81 	u_int16_t	msg_len;
82 	u_int16_t	data_len;
83 	unsigned char	rest[1];
84 };
85 
86 struct tac_authen_cont {
87 	u_int16_t	user_msg_len;
88 	u_int16_t	data_len;
89 	u_int8_t	flags;
90 	unsigned char	rest[1];
91 };
92 
93 struct tac_author_request {
94 	u_int8_t	authen_meth;
95 	u_int8_t	priv_lvl;
96 	u_int8_t	authen_type;
97 	u_int8_t	service;
98 	u_int8_t	user_len;
99 	u_int8_t	port_len;
100 	u_int8_t	rem_addr_len;
101 	u_int8_t	av_cnt;
102 	unsigned char	rest[1];
103 };
104 
105 struct tac_author_response {
106 	u_int8_t	status;
107 	u_int8_t	av_cnt;
108 	u_int16_t	msg_len;
109 	u_int16_t	data_len;
110 	unsigned char	rest[1];
111 };
112 
113 struct tac_acct_start {
114 	u_int8_t	action;
115 	u_int8_t	authen_action;
116 	u_int8_t	priv_lvl;
117 	u_int8_t	authen_type;
118 	u_int8_t	authen_service;
119 	u_int8_t	user_len;
120 	u_int8_t	port_len;
121 	u_int8_t	rem_addr_len;
122 	u_int8_t	av_cnt;
123 	unsigned char	rest[1];
124 };
125 
126 struct tac_acct_reply {
127 	u_int16_t	msg_len;
128 	u_int16_t	data_len;
129 	u_int8_t	status;
130 	unsigned char	rest[1];
131 };
132 
133 struct tac_msg {
134 	u_int8_t	version;
135 	u_int8_t	type;
136 	u_int8_t	seq_no;
137 	u_int8_t	flags;
138 	u_int8_t	session_id[4];
139 	u_int32_t	length;
140 	union {
141 		struct tac_authen_start authen_start;
142 		struct tac_authen_reply authen_reply;
143 		struct tac_authen_cont authen_cont;
144 		struct tac_author_request author_request;
145 		struct tac_author_response author_response;
146 		struct tac_acct_start acct_start;
147 		struct tac_acct_reply acct_reply;
148 		unsigned char body[BODYSIZE];
149 	} u;
150 };
151 
152 struct tac_server {
153 	struct sockaddr_in addr;	/* Address of server */
154 	char		*secret;	/* Shared secret */
155 	int		 timeout;	/* Timeout in seconds */
156 	int		 flags;
157 	unsigned int	 navs;
158 	struct tac_str	 avs[MAXAVPAIRS];
159 };
160 
161 struct tac_handle {
162 	int		 fd;		/* Socket file descriptor */
163 	struct tac_server servers[MAXSERVERS];	/* Servers to contact */
164 	int		 num_servers;	/* Number of valid server entries */
165 	int		 cur_server;	/* Server we are currently using */
166 	int		 single_connect;	/* Use a single connection */
167 	int		 last_seq_no;
168 	char		 errmsg[ERRSIZE];	/* Most recent error message */
169 
170 	struct tac_str	 user;
171 	struct tac_str	 port;
172 	struct tac_str	 rem_addr;
173 	struct tac_str	 data;
174 	struct tac_str	 user_msg;
175 	struct tac_str	 avs[MAXAVPAIRS];
176 
177 	struct tac_msg	 request;
178 	struct tac_msg	 response;
179 
180 	int		 srvr_pos;	/* Scan position in response body */
181 	unsigned int	 srvr_navs;
182 	struct tac_str	 srvr_msg;
183 	struct tac_str	 srvr_data;
184 	struct tac_str	 srvr_avs[MAXAVPAIRS];
185 };
186 
187 #define is_alpha(ch) /* alphabetical */					\
188 	(((ch) >= 'A' && (ch) <= 'Z') || ((ch) >= 'a' && (ch) <= 'z'))
189 #define is_num(ch) /* numerical */					\
190 	((ch) >= '0' && (ch) <= '9')
191 #define is_alnum(ch) /* alphanumerical */				\
192 	(is_alpha(ch) || is_num(ch))
193 #define is_arg(ch) /* valid in an argument name */			\
194 	(is_alnum(ch) || (ch) == '_' || (ch) == '-')
195 
196 #endif
197