ports//net/tacshell/work/tacshell-0.91/tacplus.h

/*
 * Copyright (c) 1995-1998 by Cisco systems, Inc.
 * Copyright 2002,2003 Christopher SEKIYA <wileyc@rezrov.net>
 * Portions copyright 1997-2000 by Pawel Krawczyk <kravietz@ceti.pl>
 * 
 * Permission to use, copy, modify, and distribute this software for any purpose
 * and without fee is hereby granted, provided that this copyright and
 * permission notice appear on all copies of the software and supporting
 * documentation, the name of Cisco Systems, Inc. not be used in advertising
 * or publicity pertaining to distribution of the program without specific
 * prior permission, and notice be given in supporting documentation that
 * modification, copying and distribution is by permission of Cisco Systems,
 * Inc.
 * 
 * Cisco Systems, Inc. makes no representations about the suitability of this
 * software for any purpose.  THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 * PURPOSE.
 */

#if !defined( _TACPLUS_H)
#define _TACPLUS_H

#include <sys/types.h>

struct tac_attrib {
	char           *attr;
	u_int8_t          attr_len;
	struct tac_attrib *next;
};

struct areply {
	struct tac_attrib *attr;
	char           *msg;
	int             status;
};

#if !defined(TAC_PLUS_MAXSERVERS)
#define TAC_PLUS_MAXSERVERS		4
#endif

#if !defined(TAC_PLUS_PORT)
#define	TAC_PLUS_PORT			49
#endif

#define TAC_PLUS_READ_TIMEOUT		180	/* seconds */
#define TAC_PLUS_WRITE_TIMEOUT		180	/* seconds */

/* All tacacs+ packets have the same header format */

#define TAC_PLUS_MAJOR_VER_MASK 0xf0
#define TAC_PLUS_MAJOR_VER      0xc0
#define TAC_PLUS_MINOR_VER_0    0x0
#define TAC_PLUS_VER_0  (TAC_PLUS_MAJOR_VER | TAC_PLUS_MINOR_VER_0)
#define TAC_PLUS_MINOR_VER_1    0x01
#define TAC_PLUS_VER_1  (TAC_PLUS_MAJOR_VER | TAC_PLUS_MINOR_VER_1)
#define TAC_PLUS_AUTHEN			1
#define TAC_PLUS_AUTHOR			2
#define TAC_PLUS_ACCT			3
#define TAC_PLUS_ENCRYPTED 0x0	/* packet is encrypted */
#define TAC_PLUS_CLEAR     0x1	/* packet is not encrypted */

struct tacacs_header {
	u_int8_t        version;
	u_int8_t        type;
	u_int8_t        seq_no;	/* packet sequence number */
	u_int8_t        encryption;	/* packet is encrypted or cleartext */
	u_int32_t       session_id;	/* session identifier FIXME: Is this
					 * needed? */
	u_int32_t       datalength;	/* length of encrypted data following
					 * this header */
};

#define TAC_PLUS_HDR_SIZE 12

/* Authentication packet NAS sends to us */


#define TAC_PLUS_AUTHEN_LOGIN    0x1
#define TAC_PLUS_AUTHEN_CHPASS   0x2
#define TAC_PLUS_AUTHEN_SENDPASS 0x3	/* deprecated */
#define TAC_PLUS_AUTHEN_SENDAUTH 0x4
#define TAC_PLUS_PRIV_LVL_MIN 0x0
#define TAC_PLUS_PRIV_LVL_MAX 0xf
#define TAC_PLUS_AUTHEN_TYPE_ASCII  1
#define TAC_PLUS_AUTHEN_TYPE_PAP    2
#define TAC_PLUS_AUTHEN_TYPE_CHAP   3
#define TAC_PLUS_AUTHEN_TYPE_ARAP   4
#define TAC_PLUS_AUTHEN_SVC_LOGIN  1
#define TAC_PLUS_AUTHEN_SVC_ENABLE 2
#define TAC_PLUS_AUTHEN_SVC_PPP    3
#define TAC_PLUS_AUTHEN_SVC_ARAP   4
#define TAC_PLUS_AUTHEN_SVC_PT     5
#define TAC_PLUS_AUTHEN_SVC_RCMD   6
#define TAC_PLUS_AUTHEN_SVC_X25    7
#define TAC_PLUS_AUTHEN_SVC_NASI   8

struct authen_start {
	u_int8_t        action;
	u_int8_t        priv_lvl;
	u_int8_t        authen_type;
	u_int8_t        service;
	u_int8_t        user_len;	/* <user_len bytes of char data> */
	u_int8_t        port_len;	/* <port_len bytes of char data> */
	u_int8_t        rem_addr_len;	/* <rem_addr_len bytes of u_int8_t
					 * data> */
	u_int8_t        data_len;	/* <data_len bytes of u_int8_t data> */
};

#define TAC_AUTHEN_START_FIXED_FIELDS_SIZE 8

/* Authentication continue packet NAS sends to us */
#define TAC_PLUS_CONTINUE_FLAG_ABORT 0x1

struct authen_cont {
	u_int16_t       user_msg_len;	/* <user_msg_len bytes of u_int8_t
					 * data> */
	u_int16_t       user_data_len;	/* <user_data_len bytes of u_int8_t
					 * data> */
	u_int8_t        flags;
};

#define TAC_AUTHEN_CONT_FIXED_FIELDS_SIZE 5

/* Authentication reply packet we send to NAS */

#define TAC_PLUS_AUTHEN_STATUS_PASS     1
#define TAC_PLUS_AUTHEN_STATUS_FAIL     2
#define TAC_PLUS_AUTHEN_STATUS_GETDATA  3
#define TAC_PLUS_AUTHEN_STATUS_GETUSER  4
#define TAC_PLUS_AUTHEN_STATUS_GETPASS  5
#define TAC_PLUS_AUTHEN_STATUS_RESTART  6
#define TAC_PLUS_AUTHEN_STATUS_ERROR    7
#define TAC_PLUS_AUTHEN_STATUS_FOLLOW   0x21


#define TAC_PLUS_AUTHEN_FLAG_NOECHO     0x1

struct authen_reply {
	u_int8_t        status;
	u_int8_t        flags;
	u_int16_t       msg_len;/* <msg_len bytes of char data> */
	u_int16_t       data_len;	/* <data_len bytes of u_int8_t data> */
};

#define TAC_AUTHEN_REPLY_FIXED_FIELDS_SIZE 6

#define AUTHEN_METH_NONE             0x01
#define AUTHEN_METH_KRB5             0x02
#define AUTHEN_METH_LINE             0x03
#define AUTHEN_METH_ENABLE           0x04
#define AUTHEN_METH_LOCAL            0x05
#define AUTHEN_METH_TACACSPLUS       0x06
#define AUTHEN_METH_RCMD             0x20

struct acct {
	u_int8_t          flags;

#define TAC_PLUS_ACCT_FLAG_MORE     0x1
#define TAC_PLUS_ACCT_FLAG_START    0x2
#define TAC_PLUS_ACCT_FLAG_STOP     0x4
#define TAC_PLUS_ACCT_FLAG_WATCHDOG 0x8

	u_int8_t          authen_method;
	u_int8_t          priv_lvl;
	u_int8_t          authen_type;
	u_int8_t          authen_service;
	u_int8_t          user_len;
	u_int8_t          port_len;
	u_int8_t          rem_addr_len;
	u_int8_t          arg_cnt;/* the number of cmd args */
	/* one u_int8_t containing size for each arg */
	/* <user_len bytes of char data> */
	/* <port_len bytes of char data> */
	/* <rem_addr_len bytes of u_int8_t data> */
	/* char data for args 1 ... n */
};

#define TAC_ACCT_REQ_FIXED_FIELDS_SIZE 9

struct acct_reply {
	u_short         msg_len;
	u_short         data_len;
	u_int8_t          status;

#define TAC_PLUS_ACCT_STATUS_SUCCESS 0x1
#define TAC_PLUS_ACCT_STATUS_ERROR   0x2
#define TAC_PLUS_ACCT_STATUS_FOLLOW  0x21

};

#define TAC_ACCT_REPLY_FIXED_FIELDS_SIZE 5

/* An authorization request packet */
struct author {
	u_int8_t          authen_method;
	u_int8_t          priv_lvl;
	u_int8_t          authen_type;
	u_int8_t          service;

	u_int8_t          user_len;
	u_int8_t          port_len;
	u_int8_t          rem_addr_len;
	u_int8_t          arg_cnt;/* the number of args */

	/* <arg_cnt u_int8_ts containing the lengths of args 1 to arg n> */
	/* <user_len bytes of char data> */
	/* <port_len bytes of char data> */
	/* <rem_addr_len bytes of u_int8_t data> */
	/* <char data for each arg> */
};

#define TAC_AUTHOR_REQ_FIXED_FIELDS_SIZE 8

/* An authorization reply packet */
struct author_reply {
	u_int8_t          status;
	u_int8_t          arg_cnt;
	u_short         msg_len;
	u_short         data_len;

#define AUTHOR_STATUS_PASS_ADD       0x01
#define AUTHOR_STATUS_PASS_REPL      0x02
#define AUTHOR_STATUS_FAIL           0x10
#define AUTHOR_STATUS_ERROR          0x11
#define AUTHOR_STATUS_FOLLOW	     0x21

	/* <arg_cnt u_int8_ts containing the lengths of arg 1 to arg n> */
	/* <msg_len bytes of char data> */
	/* <data_len bytes of char data> */
	/* <char data for each arg> */
};

#define TAC_AUTHOR_REPLY_FIXED_FIELDS_SIZE 6


#endif
syntax highlighted by Code2HTML, v. 0.9.1