xref: /freebsd/lib/libtacplus/taclib_private.h (revision a1a4f1a0d87b594d3f17a97dc0127eec1417e6f6)
1 /*-
2  * Copyright 1998 Juniper Networks, Inc.
3  * All rights reserved.
4  *
5  * Redistribution and use in source and binary forms, with or without
6  * modification, are permitted provided that the following conditions
7  * are met:
8  * 1. Redistributions of source code must retain the above copyright
9  *    notice, this list of conditions and the following disclaimer.
10  * 2. Redistributions in binary form must reproduce the above copyright
11  *    notice, this list of conditions and the following disclaimer in the
12  *    documentation and/or other materials provided with the distribution.
13  *
14  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
15  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
16  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
17  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
18  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
19  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
20  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
21  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
22  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
23  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
24  * SUCH DAMAGE.
25  *
26  *	$FreeBSD$
27  */
28 
29 #ifndef TACLIB_PRIVATE_H
30 #define TACLIB_PRIVATE_H
31 
32 #include "taclib.h"
33 
34 /* Defaults */
35 #define PATH_TACPLUS_CONF	"/etc/tacplus.conf"
36 #define TACPLUS_PORT		49
37 #define TIMEOUT			3	/* In seconds */
38 
39 /* Limits */
40 #define BODYSIZE	8150		/* Maximum message body size */
41 #define ERRSIZE		128		/* Maximum error message length */
42 #define MAXCONFLINE	1024		/* Maximum config file line length */
43 #define MAXSERVERS	10		/* Maximum number of servers to try */
44 
45 /* Protocol constants. */
46 #define HDRSIZE		12		/* Size of message header */
47 
48 /* Protocol version number */
49 #define TAC_VER_MAJOR		0xc		/* Major version number */
50 
51 /* Protocol packet types */
52 #define TAC_AUTHEN		0x01		/* Authentication */
53 #define TAC_AUTHOR		0x02		/* Authorization */
54 #define TAC_ACCT		0x03		/* Accouting */
55 
56 /* Protocol header flags */
57 #define TAC_UNENCRYPTED		0x01
58 #define TAC_SINGLE_CONNECT	0x04
59 
60 struct tac_server {
61 	struct sockaddr_in addr;	/* Address of server */
62 	char		*secret;	/* Shared secret */
63 	int		 timeout;	/* Timeout in seconds */
64 	int		 flags;
65 };
66 
67 /*
68  * An optional string of bytes specified by the client for inclusion in
69  * a request.  The data is always a dynamically allocated copy that
70  * belongs to the library.  It is copied into the request packet just
71  * before sending the request.
72  */
73 struct clnt_str {
74 	void		*data;
75 	size_t		 len;
76 };
77 
78 /*
79  * An optional string of bytes from a server response.  The data resides
80  * in the response packet itself, and must not be freed.
81  */
82 struct srvr_str {
83 	const void	*data;
84 	size_t		 len;
85 };
86 
87 struct tac_authen_start {
88 	u_int8_t	action;
89 	u_int8_t	priv_lvl;
90 	u_int8_t	authen_type;
91 	u_int8_t	service;
92 	u_int8_t	user_len;
93 	u_int8_t	port_len;
94 	u_int8_t	rem_addr_len;
95 	u_int8_t	data_len;
96 	unsigned char	rest[1];
97 };
98 
99 struct tac_authen_reply {
100 	u_int8_t	status;
101 	u_int8_t	flags;
102 	u_int16_t	msg_len;
103 	u_int16_t	data_len;
104 	unsigned char	rest[1];
105 };
106 
107 struct tac_authen_cont {
108 	u_int16_t	user_msg_len;
109 	u_int16_t	data_len;
110 	u_int8_t	flags;
111 	unsigned char	rest[1];
112 };
113 
114 struct tac_msg {
115 	u_int8_t	version;
116 	u_int8_t	type;
117 	u_int8_t	seq_no;
118 	u_int8_t	flags;
119 	u_int8_t	session_id[4];
120 	u_int32_t	length;
121 	union {
122 		struct tac_authen_start authen_start;
123 		struct tac_authen_reply authen_reply;
124 		struct tac_authen_cont authen_cont;
125 		unsigned char body[BODYSIZE];
126 	} u;
127 };
128 
129 struct tac_handle {
130 	int		 fd;		/* Socket file descriptor */
131 	struct tac_server servers[MAXSERVERS];	/* Servers to contact */
132 	int		 num_servers;	/* Number of valid server entries */
133 	int		 cur_server;	/* Server we are currently using */
134 	int		 single_connect;	/* Use a single connection */
135 	int		 last_seq_no;
136 	char		 errmsg[ERRSIZE];	/* Most recent error message */
137 
138 	struct clnt_str	 user;
139 	struct clnt_str	 port;
140 	struct clnt_str	 rem_addr;
141 	struct clnt_str	 data;
142 	struct clnt_str	 user_msg;
143 
144 	struct tac_msg	 request;
145 	struct tac_msg	 response;
146 
147 	int		 srvr_pos;	/* Scan position in response body */
148 	struct srvr_str	 srvr_msg;
149 	struct srvr_str	 srvr_data;
150 };
151 
152 #endif
153