taclib_private.h revision 41120
141120Sjdp/*- 241120Sjdp * Copyright 1998 Juniper Networks, Inc. 341120Sjdp * All rights reserved. 441120Sjdp * 541120Sjdp * Redistribution and use in source and binary forms, with or without 641120Sjdp * modification, are permitted provided that the following conditions 741120Sjdp * are met: 841120Sjdp * 1. Redistributions of source code must retain the above copyright 941120Sjdp * notice, this list of conditions and the following disclaimer. 1041120Sjdp * 2. Redistributions in binary form must reproduce the above copyright 1141120Sjdp * notice, this list of conditions and the following disclaimer in the 1241120Sjdp * documentation and/or other materials provided with the distribution. 1341120Sjdp * 1441120Sjdp * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 1541120Sjdp * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 1641120Sjdp * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 1741120Sjdp * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 1841120Sjdp * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 1941120Sjdp * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 2041120Sjdp * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 2141120Sjdp * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 2241120Sjdp * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 2341120Sjdp * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 2441120Sjdp * SUCH DAMAGE. 2541120Sjdp * 2641120Sjdp * $FreeBSD: cvs2svn/branches/JUNIPER/lib/libtacplus/taclib_private.h 41120 1998-11-13 00:54:26Z jdp $ 2741120Sjdp */ 2841120Sjdp 2941120Sjdp#ifndef TACLIB_PRIVATE_H 3041120Sjdp#define TACLIB_PRIVATE_H 3141120Sjdp 3241120Sjdp#include "taclib.h" 3341120Sjdp 3441120Sjdp/* Defaults */ 3541120Sjdp#define PATH_TACPLUS_CONF "/etc/tacplus.conf" 3641120Sjdp#define TACPLUS_PORT 49 3741120Sjdp#define TIMEOUT 3 /* In seconds */ 3841120Sjdp 3941120Sjdp/* Limits */ 4041120Sjdp#define BODYSIZE 8150 /* Maximum message body size */ 4141120Sjdp#define ERRSIZE 128 /* Maximum error message length */ 4241120Sjdp#define MAXCONFLINE 1024 /* Maximum config file line length */ 4341120Sjdp#define MAXSERVERS 10 /* Maximum number of servers to try */ 4441120Sjdp 4541120Sjdp/* Protocol constants. */ 4641120Sjdp#define HDRSIZE 12 /* Size of message header */ 4741120Sjdp 4841120Sjdp/* Protocol version number */ 4941120Sjdp#define TAC_VER_MAJOR 0xc /* Major version number */ 5041120Sjdp 5141120Sjdp/* Protocol packet types */ 5241120Sjdp#define TAC_AUTHEN 0x01 /* Authentication */ 5341120Sjdp#define TAC_AUTHOR 0x02 /* Authorization */ 5441120Sjdp#define TAC_ACCT 0x03 /* Accouting */ 5541120Sjdp 5641120Sjdp/* Protocol header flags */ 5741120Sjdp#define TAC_UNENCRYPTED 0x01 5841120Sjdp#define TAC_SINGLE_CONNECT 0x04 5941120Sjdp 6041120Sjdpstruct tac_server { 6141120Sjdp struct sockaddr_in addr; /* Address of server */ 6241120Sjdp char *secret; /* Shared secret */ 6341120Sjdp int timeout; /* Timeout in seconds */ 6441120Sjdp int flags; 6541120Sjdp}; 6641120Sjdp 6741120Sjdp/* 6841120Sjdp * An optional string of bytes specified by the client for inclusion in 6941120Sjdp * a request. The data is always a dynamically allocated copy that 7041120Sjdp * belongs to the library. It is copied into the request packet just 7141120Sjdp * before sending the request. 7241120Sjdp */ 7341120Sjdpstruct clnt_str { 7441120Sjdp void *data; 7541120Sjdp size_t len; 7641120Sjdp}; 7741120Sjdp 7841120Sjdp/* 7941120Sjdp * An optional string of bytes from a server response. The data resides 8041120Sjdp * in the response packet itself, and must not be freed. 8141120Sjdp */ 8241120Sjdpstruct srvr_str { 8341120Sjdp const void *data; 8441120Sjdp size_t len; 8541120Sjdp}; 8641120Sjdp 8741120Sjdpstruct tac_authen_start { 8841120Sjdp u_int8_t action; 8941120Sjdp u_int8_t priv_lvl; 9041120Sjdp u_int8_t authen_type; 9141120Sjdp u_int8_t service; 9241120Sjdp u_int8_t user_len; 9341120Sjdp u_int8_t port_len; 9441120Sjdp u_int8_t rem_addr_len; 9541120Sjdp u_int8_t data_len; 9641120Sjdp unsigned char rest[1]; 9741120Sjdp}; 9841120Sjdp 9941120Sjdpstruct tac_authen_reply { 10041120Sjdp u_int8_t status; 10141120Sjdp u_int8_t flags; 10241120Sjdp u_int16_t msg_len; 10341120Sjdp u_int16_t data_len; 10441120Sjdp unsigned char rest[1]; 10541120Sjdp}; 10641120Sjdp 10741120Sjdpstruct tac_authen_cont { 10841120Sjdp u_int16_t user_msg_len; 10941120Sjdp u_int16_t data_len; 11041120Sjdp u_int8_t flags; 11141120Sjdp unsigned char rest[1]; 11241120Sjdp}; 11341120Sjdp 11441120Sjdpstruct tac_msg { 11541120Sjdp u_int8_t version; 11641120Sjdp u_int8_t type; 11741120Sjdp u_int8_t seq_no; 11841120Sjdp u_int8_t flags; 11941120Sjdp u_int8_t session_id[4]; 12041120Sjdp u_int32_t length; 12141120Sjdp union { 12241120Sjdp struct tac_authen_start authen_start; 12341120Sjdp struct tac_authen_reply authen_reply; 12441120Sjdp struct tac_authen_cont authen_cont; 12541120Sjdp unsigned char body[BODYSIZE]; 12641120Sjdp } u; 12741120Sjdp}; 12841120Sjdp 12941120Sjdpstruct tac_handle { 13041120Sjdp int fd; /* Socket file descriptor */ 13141120Sjdp struct tac_server servers[MAXSERVERS]; /* Servers to contact */ 13241120Sjdp int num_servers; /* Number of valid server entries */ 13341120Sjdp int cur_server; /* Server we are currently using */ 13441120Sjdp int single_connect; /* Use a single connection */ 13541120Sjdp int last_seq_no; 13641120Sjdp char errmsg[ERRSIZE]; /* Most recent error message */ 13741120Sjdp 13841120Sjdp struct clnt_str user; 13941120Sjdp struct clnt_str port; 14041120Sjdp struct clnt_str rem_addr; 14141120Sjdp struct clnt_str data; 14241120Sjdp struct clnt_str user_msg; 14341120Sjdp 14441120Sjdp struct tac_msg request; 14541120Sjdp struct tac_msg response; 14641120Sjdp 14741120Sjdp int srvr_pos; /* Scan position in response body */ 14841120Sjdp struct srvr_str srvr_msg; 14941120Sjdp struct srvr_str srvr_data; 15041120Sjdp}; 15141120Sjdp 15241120Sjdp#endif 153