11590Srgrimes/*-
21590Srgrimes * Copyright (c) 1998, 2001, Juniper Networks, Inc.
31590Srgrimes * All rights reserved.
41590Srgrimes *
51590Srgrimes * Redistribution and use in source and binary forms, with or without
61590Srgrimes * modification, are permitted provided that the following conditions
71590Srgrimes * are met:
81590Srgrimes * 1. Redistributions of source code must retain the above copyright
91590Srgrimes *    notice, this list of conditions and the following disclaimer.
101590Srgrimes * 2. Redistributions in binary form must reproduce the above copyright
111590Srgrimes *    notice, this list of conditions and the following disclaimer in the
121590Srgrimes *    documentation and/or other materials provided with the distribution.
131590Srgrimes *
141590Srgrimes * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
151590Srgrimes * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
161590Srgrimes * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
171590Srgrimes * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
181590Srgrimes * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
191590Srgrimes * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
201590Srgrimes * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
211590Srgrimes * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
221590Srgrimes * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
231590Srgrimes * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
241590Srgrimes * SUCH DAMAGE.
251590Srgrimes *
261590Srgrimes *	$FreeBSD$
271590Srgrimes */
281590Srgrimes
291590Srgrimes#ifndef _TACLIB_H_
30105243Scharnier#define _TACLIB_H_
311590Srgrimes
321590Srgrimes#include <sys/types.h>
33105243Scharnier
3427313Scharnierstruct tac_handle;
35105243Scharnier
3699112Sobrien/* Flags for tac_add_server(). */
3799112Sobrien#define TAC_SRVR_SINGLE_CONNECT	0x04	/* Keep connection open for multiple
381590Srgrimes					   sessions. */
3927313Scharnier
40129657Sstefanf/* Disassembly of tac_send_authen() return value. */
41129657Sstefanf#define	TAC_AUTHEN_STATUS(s)	((s) & 0xff)
421590Srgrimes#define TAC_AUTHEN_NOECHO(s)	((s) & (1<<8))
431590Srgrimes
441590Srgrimes/* Disassembly of tac_send_author() return value. */
451590Srgrimes#define	TAC_AUTHOR_STATUS(s)	((s) & 0xff)
461590Srgrimes#define TAC_AUTHEN_AV_COUNT(s)	(((s)>>8) & 0xff)
471590Srgrimes
481590Srgrimes/* Privilege levels */
491590Srgrimes#define TAC_PRIV_LVL_MIN	0x00
501590Srgrimes#define TAC_PRIV_LVL_USER	0x01
511590Srgrimes#define TAC_PRIV_LVL_ROOT	0x0f
521590Srgrimes#define TAC_PRIV_LVL_MAX	0x0f
531590Srgrimes
541590Srgrimes/* Authentication actions */
551590Srgrimes#define TAC_AUTHEN_LOGIN	0x01
561590Srgrimes#define TAC_AUTHEN_CHPASS	0x02
571590Srgrimes#define TAC_AUTHEN_SENDPASS	0x03
581590Srgrimes#define TAC_AUTHEN_SENDAUTH	0x04
591590Srgrimes
601590Srgrimes/* Authentication types */
611590Srgrimes#define TAC_AUTHEN_TYPE_ASCII	0x01
621590Srgrimes#define TAC_AUTHEN_TYPE_PAP	0x02
63105243Scharnier#define TAC_AUTHEN_TYPE_CHAP	0x03
64246783Scharnier#define TAC_AUTHEN_TYPE_ARAP	0x04
651590Srgrimes#define TAC_AUTHEN_TYPE_MSCHAP	0x05
661590Srgrimes
671590Srgrimes/* Authentication services */
681590Srgrimes#define TAC_AUTHEN_SVC_NONE	0x00
69105243Scharnier#define TAC_AUTHEN_SVC_LOGIN	0x01
70105243Scharnier#define TAC_AUTHEN_SVC_ENABLE	0x02
711590Srgrimes#define TAC_AUTHEN_SVC_PPP	0x03
721590Srgrimes#define TAC_AUTHEN_SVC_ARAP	0x04
731590Srgrimes#define TAC_AUTHEN_SVC_PT	0x05
741590Srgrimes#define TAC_AUTHEN_SVC_RCMD	0x06
751590Srgrimes#define TAC_AUTHEN_SVC_X25	0x07
761590Srgrimes#define TAC_AUTHEN_SVC_NASI	0x08
77246783Scharnier#define TAC_AUTHEN_SVC_FWPROXY	0x09
781590Srgrimes
791590Srgrimes/* Authentication reply status codes */
801590Srgrimes#define TAC_AUTHEN_STATUS_PASS		0x01
811590Srgrimes#define TAC_AUTHEN_STATUS_FAIL		0x02
821590Srgrimes#define TAC_AUTHEN_STATUS_GETDATA	0x03
831590Srgrimes#define TAC_AUTHEN_STATUS_GETUSER	0x04
841590Srgrimes#define TAC_AUTHEN_STATUS_GETPASS	0x05
851590Srgrimes#define TAC_AUTHEN_STATUS_RESTART	0x06
861590Srgrimes#define TAC_AUTHEN_STATUS_ERROR		0x07
871590Srgrimes#define TAC_AUTHEN_STATUS_FOLLOW	0x21
881590Srgrimes
891590Srgrimes/* Authorization authenticatication methods */
901590Srgrimes#define TAC_AUTHEN_METH_NOT_SET         0x00
91#define TAC_AUTHEN_METH_NONE            0x01
92#define TAC_AUTHEN_METH_KRB5            0x02
93#define TAC_AUTHEN_METH_LINE            0x03
94#define TAC_AUTHEN_METH_ENABLE          0x04
95#define TAC_AUTHEN_METH_LOCAL           0x05
96#define TAC_AUTHEN_METH_TACACSPLUS      0x06
97#define TAC_AUTHEN_METH_RCMD            0x20
98/* If adding more, see comments in protocol_version() in taclib.c */
99
100/* Authorization status */
101#define TAC_AUTHOR_STATUS_PASS_ADD      0x01
102#define TAC_AUTHOR_STATUS_PASS_REPL     0x02
103#define TAC_AUTHOR_STATUS_FAIL          0x10
104#define TAC_AUTHOR_STATUS_ERROR         0x11
105
106/* Accounting actions */
107#define TAC_ACCT_MORE			0x1
108#define TAC_ACCT_START			0x2
109#define TAC_ACCT_STOP			0x4
110#define TAC_ACCT_WATCHDOG		0x8
111
112/* Accounting status */
113#define TAC_ACCT_STATUS_SUCCESS		0x1
114#define TAC_ACCT_STATUS_ERROR		0x2
115#define TAC_ACCT_STATUS_FOLLOW		0x21
116
117__BEGIN_DECLS
118int			 tac_add_server(struct tac_handle *,
119			    const char *, int, const char *, int, int);
120void			 tac_close(struct tac_handle *);
121int			 tac_config(struct tac_handle *, const char *);
122int			 tac_create_authen(struct tac_handle *, int, int, int);
123void			*tac_get_data(struct tac_handle *, size_t *);
124char			*tac_get_msg(struct tac_handle *);
125struct tac_handle	*tac_open(void);
126int			 tac_send_authen(struct tac_handle *);
127int			 tac_set_data(struct tac_handle *,
128			    const void *, size_t);
129int			 tac_set_msg(struct tac_handle *, const char *);
130int			 tac_set_port(struct tac_handle *, const char *);
131int			 tac_set_priv(struct tac_handle *, int);
132int			 tac_set_rem_addr(struct tac_handle *, const char *);
133int			 tac_set_user(struct tac_handle *, const char *);
134const char		*tac_strerror(struct tac_handle *);
135int			 tac_send_author(struct tac_handle *);
136int			 tac_create_author(struct tac_handle *, int, int, int);
137int			 tac_set_av(struct tac_handle *, u_int, const char *);
138char			*tac_get_av(struct tac_handle *, u_int);
139char			*tac_get_av_value(struct tac_handle *, const char *);
140void			 tac_clear_avs(struct tac_handle *);
141int			 tac_create_acct(struct tac_handle *, int, int, int, int);
142int			 tac_send_acct(struct tac_handle *);
143__END_DECLS
144
145#endif /* _TACLIB_H_ */
146