diff options
author | John Polstra <jdp@FreeBSD.org> | 1998-11-13 00:54:26 +0000 |
---|---|---|
committer | John Polstra <jdp@FreeBSD.org> | 1998-11-13 00:54:26 +0000 |
commit | 2c195535b57fe50629086ad3613aded9e735ee48 (patch) | |
tree | b8440889ce9753413f17bb9c91df029573c33053 /lib/libtacplus/taclib_private.h | |
parent | 082bfe6741360907d0bfad91e4e836e02c361395 (diff) |
Initial import of TACACS+ client library donated by Juniper Networks, Inc.
Notes
Notes:
svn path=/cvs2svn/branches/JUNIPER/; revision=41120
Diffstat (limited to 'lib/libtacplus/taclib_private.h')
-rw-r--r-- | lib/libtacplus/taclib_private.h | 152 |
1 files changed, 152 insertions, 0 deletions
diff --git a/lib/libtacplus/taclib_private.h b/lib/libtacplus/taclib_private.h new file mode 100644 index 000000000000..830fc921fbf3 --- /dev/null +++ b/lib/libtacplus/taclib_private.h @@ -0,0 +1,152 @@ +/*- + * Copyright 1998 Juniper Networks, Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD$ + */ + +#ifndef TACLIB_PRIVATE_H +#define TACLIB_PRIVATE_H + +#include "taclib.h" + +/* Defaults */ +#define PATH_TACPLUS_CONF "/etc/tacplus.conf" +#define TACPLUS_PORT 49 +#define TIMEOUT 3 /* In seconds */ + +/* Limits */ +#define BODYSIZE 8150 /* Maximum message body size */ +#define ERRSIZE 128 /* Maximum error message length */ +#define MAXCONFLINE 1024 /* Maximum config file line length */ +#define MAXSERVERS 10 /* Maximum number of servers to try */ + +/* Protocol constants. */ +#define HDRSIZE 12 /* Size of message header */ + +/* Protocol version number */ +#define TAC_VER_MAJOR 0xc /* Major version number */ + +/* Protocol packet types */ +#define TAC_AUTHEN 0x01 /* Authentication */ +#define TAC_AUTHOR 0x02 /* Authorization */ +#define TAC_ACCT 0x03 /* Accouting */ + +/* Protocol header flags */ +#define TAC_UNENCRYPTED 0x01 +#define TAC_SINGLE_CONNECT 0x04 + +struct tac_server { + struct sockaddr_in addr; /* Address of server */ + char *secret; /* Shared secret */ + int timeout; /* Timeout in seconds */ + int flags; +}; + +/* + * An optional string of bytes specified by the client for inclusion in + * a request. The data is always a dynamically allocated copy that + * belongs to the library. It is copied into the request packet just + * before sending the request. + */ +struct clnt_str { + void *data; + size_t len; +}; + +/* + * An optional string of bytes from a server response. The data resides + * in the response packet itself, and must not be freed. + */ +struct srvr_str { + const void *data; + size_t len; +}; + +struct tac_authen_start { + u_int8_t action; + u_int8_t priv_lvl; + u_int8_t authen_type; + u_int8_t service; + u_int8_t user_len; + u_int8_t port_len; + u_int8_t rem_addr_len; + u_int8_t data_len; + unsigned char rest[1]; +}; + +struct tac_authen_reply { + u_int8_t status; + u_int8_t flags; + u_int16_t msg_len; + u_int16_t data_len; + unsigned char rest[1]; +}; + +struct tac_authen_cont { + u_int16_t user_msg_len; + u_int16_t data_len; + u_int8_t flags; + unsigned char rest[1]; +}; + +struct tac_msg { + u_int8_t version; + u_int8_t type; + u_int8_t seq_no; + u_int8_t flags; + u_int8_t session_id[4]; + u_int32_t length; + union { + struct tac_authen_start authen_start; + struct tac_authen_reply authen_reply; + struct tac_authen_cont authen_cont; + unsigned char body[BODYSIZE]; + } u; +}; + +struct tac_handle { + int fd; /* Socket file descriptor */ + struct tac_server servers[MAXSERVERS]; /* Servers to contact */ + int num_servers; /* Number of valid server entries */ + int cur_server; /* Server we are currently using */ + int single_connect; /* Use a single connection */ + int last_seq_no; + char errmsg[ERRSIZE]; /* Most recent error message */ + + struct clnt_str user; + struct clnt_str port; + struct clnt_str rem_addr; + struct clnt_str data; + struct clnt_str user_msg; + + struct tac_msg request; + struct tac_msg response; + + int srvr_pos; /* Scan position in response body */ + struct srvr_str srvr_msg; + struct srvr_str srvr_data; +}; + +#endif |