xref: /freebsd/lib/libtacplus/taclib_private.h (revision 63d1fd5970ec814904aa0f4580b10a0d302d08b2)
1 /*-
2  * Copyright (c) 1998, 2001, Juniper Networks, Inc.
3  * All rights reserved.
4  *
5  * Redistribution and use in source and binary forms, with or without
6  * modification, are permitted provided that the following conditions
7  * are met:
8  * 1. Redistributions of source code must retain the above copyright
9  *    notice, this list of conditions and the following disclaimer.
10  * 2. Redistributions in binary form must reproduce the above copyright
11  *    notice, this list of conditions and the following disclaimer in the
12  *    documentation and/or other materials provided with the distribution.
13  *
14  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
15  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
16  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
17  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
18  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
19  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
20  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
21  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
22  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
23  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
24  * SUCH DAMAGE.
25  *
26  *	$FreeBSD$
27  */
28 
29 #ifndef TACLIB_PRIVATE_H
30 #define TACLIB_PRIVATE_H
31 
32 #include "taclib.h"
33 
34 /* Defaults */
35 #define PATH_TACPLUS_CONF	"/etc/tacplus.conf"
36 #define TACPLUS_PORT		49
37 #define TIMEOUT			3	/* In seconds */
38 
39 /* Limits */
40 #define BODYSIZE	8150		/* Maximum message body size */
41 #define ERRSIZE		128		/* Maximum error message length */
42 #define MAXCONFLINE	1024		/* Maximum config file line length */
43 #define MAXSERVERS	10		/* Maximum number of servers to try */
44 #define MAXAVPAIRS      255             /* Maximum number of AV pairs */
45 
46 /* Protocol constants. */
47 #define HDRSIZE		12		/* Size of message header */
48 
49 /* Protocol version number */
50 #define TAC_VER_MAJOR		0xc		/* Major version number */
51 
52 /* Protocol packet types */
53 #define TAC_AUTHEN		0x01		/* Authentication */
54 #define TAC_AUTHOR		0x02		/* Authorization */
55 #define TAC_ACCT		0x03		/* Accouting */
56 
57 /* Protocol header flags */
58 #define TAC_UNENCRYPTED		0x01
59 #define TAC_SINGLE_CONNECT	0x04
60 
61 struct tac_server {
62 	struct sockaddr_in addr;	/* Address of server */
63 	char		*secret;	/* Shared secret */
64 	int		 timeout;	/* Timeout in seconds */
65 	int		 flags;
66 };
67 
68 /*
69  * An optional string of bytes specified by the client for inclusion in
70  * a request.  The data is always a dynamically allocated copy that
71  * belongs to the library.  It is copied into the request packet just
72  * before sending the request.
73  */
74 struct clnt_str {
75 	void		*data;
76 	size_t		 len;
77 };
78 
79 /*
80  * An optional string of bytes from a server response.  The data resides
81  * in the response packet itself, and must not be freed.
82  */
83 struct srvr_str {
84 	const void	*data;
85 	size_t		 len;
86 };
87 
88 struct tac_authen_start {
89 	u_int8_t	action;
90 	u_int8_t	priv_lvl;
91 	u_int8_t	authen_type;
92 	u_int8_t	service;
93 	u_int8_t	user_len;
94 	u_int8_t	port_len;
95 	u_int8_t	rem_addr_len;
96 	u_int8_t	data_len;
97 	unsigned char	rest[1];
98 };
99 
100 struct tac_authen_reply {
101 	u_int8_t	status;
102 	u_int8_t	flags;
103 	u_int16_t	msg_len;
104 	u_int16_t	data_len;
105 	unsigned char	rest[1];
106 };
107 
108 struct tac_authen_cont {
109 	u_int16_t	user_msg_len;
110 	u_int16_t	data_len;
111 	u_int8_t	flags;
112 	unsigned char	rest[1];
113 };
114 
115 struct tac_author_request {
116 	u_int8_t	authen_meth;
117 	u_int8_t	priv_lvl;
118 	u_int8_t	authen_type;
119 	u_int8_t	service;
120 	u_int8_t	user_len;
121 	u_int8_t	port_len;
122 	u_int8_t	rem_addr_len;
123 	u_int8_t	av_cnt;
124 	unsigned char	rest[1];
125 };
126 
127 struct tac_author_response {
128 	u_int8_t	status;
129 	u_int8_t	av_cnt;
130 	u_int16_t	msg_len;
131 	u_int16_t	data_len;
132 	unsigned char	rest[1];
133 };
134 
135 struct tac_acct_start {
136 	u_int8_t	action;
137 	u_int8_t	authen_action;
138 	u_int8_t	priv_lvl;
139 	u_int8_t	authen_type;
140 	u_int8_t	authen_service;
141 	u_int8_t	user_len;
142 	u_int8_t	port_len;
143 	u_int8_t	rem_addr_len;
144 	u_int8_t	av_cnt;
145 	unsigned char	rest[1];
146 };
147 
148 struct tac_acct_reply {
149 	u_int16_t	msg_len;
150 	u_int16_t	data_len;
151 	u_int8_t	status;
152 	unsigned char	rest[1];
153 };
154 
155 struct tac_msg {
156 	u_int8_t	version;
157 	u_int8_t	type;
158 	u_int8_t	seq_no;
159 	u_int8_t	flags;
160 	u_int8_t	session_id[4];
161 	u_int32_t	length;
162 	union {
163 		struct tac_authen_start authen_start;
164 		struct tac_authen_reply authen_reply;
165 		struct tac_authen_cont authen_cont;
166 		struct tac_author_request author_request;
167 		struct tac_author_response author_response;
168 		struct tac_acct_start acct_start;
169 		struct tac_acct_reply acct_reply;
170 		unsigned char body[BODYSIZE];
171 	} u;
172 };
173 
174 struct tac_handle {
175 	int		 fd;		/* Socket file descriptor */
176 	struct tac_server servers[MAXSERVERS];	/* Servers to contact */
177 	int		 num_servers;	/* Number of valid server entries */
178 	int		 cur_server;	/* Server we are currently using */
179 	int		 single_connect;	/* Use a single connection */
180 	int		 last_seq_no;
181 	char		 errmsg[ERRSIZE];	/* Most recent error message */
182 
183 	struct clnt_str	 user;
184 	struct clnt_str	 port;
185 	struct clnt_str	 rem_addr;
186 	struct clnt_str	 data;
187 	struct clnt_str	 user_msg;
188 	struct clnt_str  avs[MAXAVPAIRS];
189 
190 	struct tac_msg	 request;
191 	struct tac_msg	 response;
192 
193 	int		 srvr_pos;	/* Scan position in response body */
194 	struct srvr_str	 srvr_msg;
195 	struct srvr_str	 srvr_data;
196 	struct srvr_str  srvr_avs[MAXAVPAIRS];
197 };
198 
199 #endif
200