#include <freeradius-devel/util/dbuff.h>
#include <freeradius-devel/protocol/tacacs/freeradius.internal.h>
#include <freeradius-devel/protocol/tacacs/dictionary.h>

Include dependency graph for tacacs.h:

This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Data Structures
struct	fr_tacacs_ctx_t
	Used as the decoder ctx. More...

struct	fr_tacacs_packet_acct_reply_hdr_t

struct	fr_tacacs_packet_acct_req_hdr_t

struct	fr_tacacs_packet_authen_cont_hdr_t

struct	fr_tacacs_packet_authen_reply_hdr_t

struct	fr_tacacs_packet_authen_start_hdr_t

struct	fr_tacacs_packet_author_reply_hdr_t

struct	fr_tacacs_packet_author_req_hdr_t

struct	fr_tacacs_packet_hdr_t

union	fr_tacacs_packet_hdr_t.__unnamed186__

struct	fr_tacacs_packet_hdr_t.__unnamed186__.ver

struct	fr_tacacs_packet_t

union	fr_tacacs_packet_t.__unnamed189__

Macros
#define	FR_HEADER_LENGTH sizeof(fr_tacacs_packet_hdr_t)

#define	FR_MAX_ATTRIBUTES 255

#define	FR_MAX_PACKET_SIZE 4096

#define	FR_TAC_PLUS_MAJOR_VER 12

#define	FR_TAC_PLUS_MINOR_VER_DEFAULT 0

#define	FR_TAC_PLUS_MINOR_VER_ONE 1

#define	FR_TACACS_PACKET_CODE_VALID(_code) (((_code) > 0) && ((_code) < FR_TACACS_CODE_MAX))

#define	fr_tacacs_packet_log_hex(_log, _packet, _size) _fr_tacacs_packet_log_hex(_log, _packet, _size, __FILE__, __LINE__)

#define	packet_has_valid_seq_no(p) ((p)->hdr.seq_no != 0)

#define	packet_is_acct_reply(p) (((p)->hdr.type == FR_TAC_PLUS_ACCT) && (((p)->hdr.seq_no % 2) == 0))

#define	packet_is_acct_request(p) (((p)->hdr.type == FR_TAC_PLUS_ACCT) && (((p)->hdr.seq_no % 2) == 1))

#define	packet_is_authen_continue(p) (((p)->hdr.type == FR_TAC_PLUS_AUTHEN) && ((p)->hdr.seq_no > 1) && (((p)->hdr.seq_no % 2) == 1))

#define	packet_is_authen_reply(p) (((p)->hdr.type == FR_TAC_PLUS_AUTHEN) && (((p)->hdr.seq_no % 2) == 0))

#define	packet_is_authen_start_request(p) (((p)->hdr.type == FR_TAC_PLUS_AUTHEN) && ((p)->hdr.seq_no == 1))
	3.4. More...

#define	packet_is_author_reply(p) (((p)->hdr.type == FR_TAC_PLUS_AUTHOR) && (((p)->hdr.seq_no % 2) == 0))

#define	packet_is_author_request(p) (((p)->hdr.type == FR_TAC_PLUS_AUTHOR) && (((p)->hdr.seq_no % 2) == 1))

#define	packet_is_encrypted(p) (((p)->hdr.flags & FR_TAC_PLUS_UNENCRYPTED_FLAG) == 0)

Enumerations
enum	fr_tacacs_acct_reply_status_t { FR_TAC_PLUS_ACCT_STATUS_SUCCESS = 0x01 , FR_TAC_PLUS_ACCT_STATUS_ERROR = 0x02 , FR_TAC_PLUS_ACCT_STATUS_FOLLOW = 0x21 }

enum	fr_tacacs_acct_req_flags_t { FR_TAC_PLUS_ACCT_FLAG_START = 0x02 , FR_TAC_PLUS_ACCT_FLAG_STOP = 0x04 , FR_TAC_PLUS_ACCT_FLAG_WATCHDOG = 0x08 }

enum	fr_tacacs_action_t { FR_TAC_PLUS_AUTHEN_LOGIN = 0x01 , FR_TAC_PLUS_AUTHEN_CHPASS = 0x02 , FR_TAC_PLUS_AUTHEN_SENDAUTH = 0x04 }

enum	fr_tacacs_authen_cont_flags_t { FR_TAC_PLUS_CONTINUE_FLAG_UNSET = 0x00 , FR_TAC_PLUS_CONTINUE_FLAG_ABORT = 0x01 }

enum	fr_tacacs_authen_reply_flags_t { FR_TAC_PLUS_REPLY_FLAG_UNSET = 0x00 , FR_TAC_PLUS_REPLY_FLAG_NOECHO = 0x01 }

enum	fr_tacacs_authen_reply_status_t { FR_TAC_PLUS_AUTHEN_STATUS_PASS = 0x01 , FR_TAC_PLUS_AUTHEN_STATUS_FAIL = 0x02 , FR_TAC_PLUS_AUTHEN_STATUS_GETDATA = 0x03 , FR_TAC_PLUS_AUTHEN_STATUS_GETUSER = 0x04 , FR_TAC_PLUS_AUTHEN_STATUS_GETPASS = 0x05 , FR_TAC_PLUS_AUTHEN_STATUS_RESTART = 0x06 , FR_TAC_PLUS_AUTHEN_STATUS_ERROR = 0x07 , FR_TAC_PLUS_AUTHEN_STATUS_FOLLOW = 0x21 }

enum	fr_tacacs_authenservice_t { FR_TAC_PLUS_AUTHEN_SVC_NONE = 0x00 , FR_TAC_PLUS_AUTHEN_SVC_LOGIN = 0x01 , FR_TAC_PLUS_AUTHEN_SVC_ENABLE = 0x02 , FR_TAC_PLUS_AUTHEN_SVC_PPP = 0x03 , FR_TAC_PLUS_AUTHEN_SVC_ARAP = 0x04 , FR_TAC_PLUS_AUTHEN_SVC_PT = 0x05 , FR_TAC_PLUS_AUTHEN_SVC_RCMD = 0x06 , FR_TAC_PLUS_AUTHEN_SVC_X25 = 0x07 , FR_TAC_PLUS_AUTHEN_SVC_NASI = 0x08 , FR_TAC_PLUS_AUTHEN_SVC_FWPROXY = 0x09 }

enum	fr_tacacs_authentype_t { FR_TAC_PLUS_AUTHEN_TYPE_ASCII = 0x01 , FR_TAC_PLUS_AUTHEN_TYPE_PAP = 0x02 , FR_TAC_PLUS_AUTHEN_TYPE_CHAP = 0x03 , FR_TAC_PLUS_AUTHEN_TYPE_ARAP = 0x04 , FR_TAC_PLUS_AUTHEN_TYPE_MSCHAP = 0x05 , FR_TAC_PLUS_AUTHEN_TYPE_MSCHAPV2 = 0x06 }

enum	fr_tacacs_author_authen_method_t { FR_TAC_PLUS_AUTHEN_METH_NOT_SET = 0x00 , FR_TAC_PLUS_AUTHEN_METH_NONE = 0x01 , FR_TAC_PLUS_AUTHEN_METH_KRB5 = 0x02 , FR_TAC_PLUS_AUTHEN_METH_LINE = 0x03 , FR_TAC_PLUS_AUTHEN_METH_ENABLE = 0x04 , FR_TAC_PLUS_AUTHEN_METH_LOCAL = 0x05 , FR_TAC_PLUS_AUTHEN_METH_TACACSPLUS = 0x06 , FR_TAC_PLUS_AUTHEN_METH_GUEST = 0x08 , FR_TAC_PLUS_AUTHEN_METH_RADIUS = 0x10 , FR_TAC_PLUS_AUTHEN_METH_KRB4 = 0x11 , FR_TAC_PLUS_AUTHEN_METH_RCMD = 0x20 }

enum	fr_tacacs_author_reply_status_t { FR_TAC_PLUS_AUTHOR_STATUS_PASS_ADD = 0x01 , FR_TAC_PLUS_AUTHOR_STATUS_PASS_REPL = 0x02 , FR_TAC_PLUS_AUTHOR_STATUS_FAIL = 0x10 , FR_TAC_PLUS_AUTHOR_STATUS_ERROR = 0x11 , FR_TAC_PLUS_AUTHOR_STATUS_FOLLOW = 0x21 }

enum	fr_tacacs_flags_t { FR_TAC_PLUS_FLAGS_NONE = 0x00 , FR_TAC_PLUS_UNENCRYPTED_FLAG = 0x01 , FR_TAC_PLUS_SINGLE_CONNECT_FLAG = 0x04 }

enum	fr_tacacs_packet_body_type_t { FR_PACKET_BODY_TYPE_UNKNOWN = 0 , FR_PACKET_BODY_TYPE_START = 1 , FR_PACKET_BODY_TYPE_REPLY = 2 , FR_PACKET_BODY_TYPE_CONTINUE = 3 , FR_PACKET_BODY_TYPE_REQUEST = 4 , FR_PACKET_BODY_TYPE_RESPONSE = 5 }

enum	fr_tacacs_packet_code_t { FR_TACACS_CODE_INVALID = 0 , FR_TACACS_CODE_AUTH_START = FR_PACKET_TYPE_VALUE_AUTHENTICATION_START , FR_TACACS_CODE_AUTH_PASS = FR_PACKET_TYPE_VALUE_AUTHENTICATION_PASS , FR_TACACS_CODE_AUTH_FAIL = FR_PACKET_TYPE_VALUE_AUTHENTICATION_FAIL , FR_TACACS_CODE_AUTH_GETDATA = FR_PACKET_TYPE_VALUE_AUTHENTICATION_GETDATA , FR_TACACS_CODE_AUTH_GETUSER = FR_PACKET_TYPE_VALUE_AUTHENTICATION_GETUSER , FR_TACACS_CODE_AUTH_GETPASS = FR_PACKET_TYPE_VALUE_AUTHENTICATION_GETPASS , FR_TACACS_CODE_AUTH_RESTART = FR_PACKET_TYPE_VALUE_AUTHENTICATION_RESTART , FR_TACACS_CODE_AUTH_ERROR = FR_PACKET_TYPE_VALUE_AUTHENTICATION_ERROR , FR_TACACS_CODE_AUTH_CONT = FR_PACKET_TYPE_VALUE_AUTHENTICATION_CONTINUE , FR_TACACS_CODE_AUTH_CONT_ABORT = FR_PACKET_TYPE_VALUE_AUTHENTICATION_CONTINUE_ABORT , FR_TACACS_CODE_AUTZ_REQUEST = FR_PACKET_TYPE_VALUE_AUTHORIZATION_REQUEST , FR_TACACS_CODE_AUTZ_PASS_ADD = FR_PACKET_TYPE_VALUE_AUTHORIZATION_PASS_ADD , FR_TACACS_CODE_AUTZ_PASS_REPLACE = FR_PACKET_TYPE_VALUE_AUTHORIZATION_PASS_REPLACE , FR_TACACS_CODE_AUTZ_FAIL = FR_PACKET_TYPE_VALUE_AUTHORIZATION_FAIL , FR_TACACS_CODE_AUTZ_ERROR = FR_PACKET_TYPE_VALUE_AUTHORIZATION_ERROR , FR_TACACS_CODE_ACCT_REQUEST = FR_PACKET_TYPE_VALUE_ACCOUNTING_REQUEST , FR_TACACS_CODE_ACCT_SUCCESS = FR_PACKET_TYPE_VALUE_ACCOUNTING_SUCCESS , FR_TACACS_CODE_ACCT_ERROR = FR_PACKET_TYPE_VALUE_ACCOUNTING_ERROR , FR_TACACS_CODE_MAX = 19 }

enum	fr_tacacs_privlvl_t { FR_TAC_PLUS_PRIV_LVL_MAX = 0x0f , FR_TAC_PLUS_PRIV_LVL_ROOT = 0x0f , FR_TAC_PLUS_PRIV_LVL_USER = 0x01 , FR_TAC_PLUS_PRIV_LVL_MIN = 0x00 }

enum	fr_tacacs_type_t { FR_TAC_PLUS_INVALID = 0x00 , FR_TAC_PLUS_AUTHEN = 0x01 , FR_TAC_PLUS_AUTHOR = 0x02 , FR_TAC_PLUS_ACCT = 0x03 , FR_TAC_PLUS_MAX = 0x04 }

Functions
void	_fr_tacacs_packet_log_hex (fr_log_t const log, fr_tacacs_packet_t const packet, size_t packet_len, char const *file, int line)

int	fr_tacacs_body_xor (fr_tacacs_packet_t const pkt, uint8_t body, size_t body_len, char const *secret, size_t secret_len))
	XOR the body based on the secret key. More...

int	fr_tacacs_code_to_packet (fr_tacacs_packet_t *pkt, uint32_t code)

ssize_t	fr_tacacs_decode (TALLOC_CTX ctx, fr_pair_list_t out, fr_dict_attr_t const vendor, uint8_t const buffer, size_t buffer_len, UNUSED const uint8_t original, char const const secret, size_t secret_len, int *code)

ssize_t	fr_tacacs_encode (fr_dbuff_t dbuff, uint8_t const original, char const const secret, size_t secret_len, unsigned int code, fr_pair_list_t vps)
	Encode VPS into a raw TACACS packet. More...

void	fr_tacacs_global_free (void)

int	fr_tacacs_global_init (void)

ssize_t	fr_tacacs_length (uint8_t const *buffer, size_t buffer_len)

int	fr_tacacs_packet_to_code (fr_tacacs_packet_t const *pkt)

Variables
char const *	fr_tacacs_packet_names [FR_TACACS_CODE_MAX]

Data Structure Documentation

◆ fr_tacacs_ctx_t

struct fr_tacacs_ctx_t

Used as the decoder ctx.

Definition at line 328 of file tacacs.h.

Collaboration diagram for fr_tacacs_ctx_t:

Data Fields
fr_dict_attr_t const *	root
char const *	secret

◆ fr_tacacs_packet_acct_reply_hdr_t

struct fr_tacacs_packet_acct_reply_hdr_t

Definition at line 260 of file tacacs.h.

Data Fields
uint16_t	data_len
uint16_t	server_msg_len
fr_tacacs_acct_reply_status_t	status:8

◆ fr_tacacs_packet_acct_req_hdr_t

struct fr_tacacs_packet_acct_req_hdr_t

Definition at line 232 of file tacacs.h.

Data Fields
uint8_t	arg_cnt
uint8_t	arg_len[]
fr_tacacs_author_authen_method_t	authen_method:8
fr_tacacs_authenservice_t	authen_service:8
fr_tacacs_authentype_t	authen_type:8
fr_tacacs_acct_req_flags_t	flags:8
uint8_t	port_len
fr_tacacs_privlvl_t	priv_lvl:8
uint8_t	rem_addr_len
uint8_t	user_len

◆ fr_tacacs_packet_authen_cont_hdr_t

struct fr_tacacs_packet_authen_cont_hdr_t

Definition at line 178 of file tacacs.h.

Data Fields
uint16_t	data_len
fr_tacacs_authen_cont_flags_t	flags:8
uint16_t	user_msg_len

◆ fr_tacacs_packet_authen_reply_hdr_t

struct fr_tacacs_packet_authen_reply_hdr_t

Definition at line 166 of file tacacs.h.

Data Fields
uint16_t	data_len
fr_tacacs_authen_reply_flags_t	flags:8
uint16_t	server_msg_len
fr_tacacs_authen_reply_status_t	status:8

◆ fr_tacacs_packet_authen_start_hdr_t

struct fr_tacacs_packet_authen_start_hdr_t

Definition at line 139 of file tacacs.h.

Data Fields
fr_tacacs_action_t	action:8
fr_tacacs_authenservice_t	authen_service:8
fr_tacacs_authentype_t	authen_type:8
uint8_t	data_len
uint8_t	port_len
fr_tacacs_privlvl_t	priv_lvl:8
uint8_t	rem_addr_len
uint8_t	user_len

◆ fr_tacacs_packet_author_reply_hdr_t

struct fr_tacacs_packet_author_reply_hdr_t

Definition at line 218 of file tacacs.h.

Data Fields
uint8_t	arg_cnt
uint8_t	arg_len[]
uint16_t	data_len
uint16_t	server_msg_len
fr_tacacs_author_reply_status_t	status:8

◆ fr_tacacs_packet_author_req_hdr_t

struct fr_tacacs_packet_author_req_hdr_t

Definition at line 198 of file tacacs.h.

Data Fields
uint8_t	arg_cnt
uint8_t	arg_len[]
fr_tacacs_author_authen_method_t	authen_method:8
fr_tacacs_authenservice_t	authen_service:8
fr_tacacs_authentype_t	authen_type:8
uint8_t	port_len
fr_tacacs_privlvl_t	priv_lvl:8
uint8_t	rem_addr_len
uint8_t	user_len

◆ fr_tacacs_packet_hdr_t

struct fr_tacacs_packet_hdr_t

Definition at line 84 of file tacacs.h.

Data Fields
union fr_tacacs_packet_hdr_t	__unnamed__
fr_tacacs_flags_t	flags:8
uint32_t	length
uint8_t	seq_no
uint32_t	session_id
fr_tacacs_type_t	type:8

◆ fr_tacacs_packet_hdr_t.unnamed186

union fr_tacacs_packet_hdr_t.__unnamed186__

Definition at line 85 of file tacacs.h.

Data Fields
__unnamed186__	ver
uint8_t	version

◆ fr_tacacs_packet_hdr_t.unnamed186.ver

struct fr_tacacs_packet_hdr_t.__unnamed186__.ver

Definition at line 87 of file tacacs.h.

Data Fields
unsigned int	major:4
unsigned int	minor:4

◆ fr_tacacs_packet_t

struct fr_tacacs_packet_t

Definition at line 276 of file tacacs.h.

Collaboration diagram for fr_tacacs_packet_t:

Data Fields
union fr_tacacs_packet_t	__unnamed__
fr_tacacs_packet_hdr_t	hdr

◆ fr_tacacs_packet_t.unnamed189

union fr_tacacs_packet_t.__unnamed189__

Definition at line 278 of file tacacs.h.

Data Fields
fr_tacacs_packet_acct_reply_hdr_t	acct_reply
fr_tacacs_packet_acct_req_hdr_t	acct_req
fr_tacacs_packet_authen_cont_hdr_t	authen_cont
fr_tacacs_packet_authen_reply_hdr_t	authen_reply
fr_tacacs_packet_authen_start_hdr_t	authen_start
fr_tacacs_packet_author_reply_hdr_t	author_reply
fr_tacacs_packet_author_req_hdr_t	author_req

Macro Definition Documentation

◆ FR_HEADER_LENGTH

#define FR_HEADER_LENGTH sizeof(fr_tacacs_packet_hdr_t)

Definition at line 26 of file tacacs.h.

◆ FR_MAX_ATTRIBUTES

#define FR_MAX_ATTRIBUTES 255

Definition at line 28 of file tacacs.h.

◆ FR_MAX_PACKET_SIZE

#define FR_MAX_PACKET_SIZE 4096

Definition at line 27 of file tacacs.h.

◆ FR_TAC_PLUS_MAJOR_VER

#define FR_TAC_PLUS_MAJOR_VER 12

Definition at line 31 of file tacacs.h.

◆ FR_TAC_PLUS_MINOR_VER_DEFAULT

#define FR_TAC_PLUS_MINOR_VER_DEFAULT 0

Definition at line 32 of file tacacs.h.

◆ FR_TAC_PLUS_MINOR_VER_ONE

#define FR_TAC_PLUS_MINOR_VER_ONE 1

Definition at line 33 of file tacacs.h.

◆ FR_TACACS_PACKET_CODE_VALID

#define FR_TACACS_PACKET_CODE_VALID ( _code ) (((_code) > 0) && ((_code) < FR_TACACS_CODE_MAX))

Definition at line 321 of file tacacs.h.

◆ fr_tacacs_packet_log_hex

#define fr_tacacs_packet_log_hex	(	_log,
		_packet,
		_size
	)	_fr_tacacs_packet_log_hex(_log, _packet, _size, __FILE__, __LINE__)

Definition at line 354 of file tacacs.h.

◆ packet_has_valid_seq_no

#define packet_has_valid_seq_no ( p ) ((p)->hdr.seq_no != 0)

Definition at line 59 of file tacacs.h.

◆ packet_is_acct_reply

#define packet_is_acct_reply ( p ) (((p)->hdr.type == FR_TAC_PLUS_ACCT) && (((p)->hdr.seq_no % 2) == 0))

Definition at line 57 of file tacacs.h.

◆ packet_is_acct_request

#define packet_is_acct_request ( p ) (((p)->hdr.type == FR_TAC_PLUS_ACCT) && (((p)->hdr.seq_no % 2) == 1))

Definition at line 56 of file tacacs.h.

◆ packet_is_authen_continue

#define packet_is_authen_continue ( p ) (((p)->hdr.type == FR_TAC_PLUS_AUTHEN) && ((p)->hdr.seq_no > 1) && (((p)->hdr.seq_no % 2) == 1))

Definition at line 50 of file tacacs.h.

◆ packet_is_authen_reply

#define packet_is_authen_reply ( p ) (((p)->hdr.type == FR_TAC_PLUS_AUTHEN) && (((p)->hdr.seq_no % 2) == 0))

Definition at line 51 of file tacacs.h.

◆ packet_is_authen_start_request

#define packet_is_authen_start_request ( p ) (((p)->hdr.type == FR_TAC_PLUS_AUTHEN) && ((p)->hdr.seq_no == 1))

3.4.

The TACACS+ Packet Header

seq_no

This is the sequence number of the current packet for the current session. The first packet in a session MUST have the sequence number 1 and each subsequent packet will increment the sequence number by one. Thus clients only send packets containing odd sequence numbers, and TACACS+ servers only send packets containing even sequence numbers.

The sequence number must never wrap i.e. if the sequence number 2^8-1 is ever reached, that session must terminate and be restarted with a sequence number of 1.

Definition at line 49 of file tacacs.h.

◆ packet_is_author_reply

#define packet_is_author_reply ( p ) (((p)->hdr.type == FR_TAC_PLUS_AUTHOR) && (((p)->hdr.seq_no % 2) == 0))

Definition at line 54 of file tacacs.h.

◆ packet_is_author_request

#define packet_is_author_request ( p ) (((p)->hdr.type == FR_TAC_PLUS_AUTHOR) && (((p)->hdr.seq_no % 2) == 1))

Definition at line 53 of file tacacs.h.

◆ packet_is_encrypted

#define packet_is_encrypted ( p ) (((p)->hdr.flags & FR_TAC_PLUS_UNENCRYPTED_FLAG) == 0)

Definition at line 61 of file tacacs.h.

Enumeration Type Documentation

◆ fr_tacacs_acct_reply_status_t

enum fr_tacacs_acct_reply_status_t

Enumerator
FR_TAC_PLUS_ACCT_STATUS_SUCCESS
FR_TAC_PLUS_ACCT_STATUS_ERROR
FR_TAC_PLUS_ACCT_STATUS_FOLLOW

Definition at line 254 of file tacacs.h.

◆ fr_tacacs_acct_req_flags_t

enum fr_tacacs_acct_req_flags_t

Enumerator
FR_TAC_PLUS_ACCT_FLAG_START
FR_TAC_PLUS_ACCT_FLAG_STOP
FR_TAC_PLUS_ACCT_FLAG_WATCHDOG

Definition at line 226 of file tacacs.h.

◆ fr_tacacs_action_t

enum fr_tacacs_action_t

Enumerator
FR_TAC_PLUS_AUTHEN_LOGIN
FR_TAC_PLUS_AUTHEN_CHPASS
FR_TAC_PLUS_AUTHEN_SENDAUTH

Definition at line 104 of file tacacs.h.

◆ fr_tacacs_authen_cont_flags_t

enum fr_tacacs_authen_cont_flags_t

Enumerator
FR_TAC_PLUS_CONTINUE_FLAG_UNSET
FR_TAC_PLUS_CONTINUE_FLAG_ABORT

Definition at line 173 of file tacacs.h.

◆ fr_tacacs_authen_reply_flags_t

enum fr_tacacs_authen_reply_flags_t

Enumerator
FR_TAC_PLUS_REPLY_FLAG_UNSET
FR_TAC_PLUS_REPLY_FLAG_NOECHO

Definition at line 161 of file tacacs.h.

◆ fr_tacacs_authen_reply_status_t

enum fr_tacacs_authen_reply_status_t

Enumerator
FR_TAC_PLUS_AUTHEN_STATUS_PASS
FR_TAC_PLUS_AUTHEN_STATUS_FAIL
FR_TAC_PLUS_AUTHEN_STATUS_GETDATA
FR_TAC_PLUS_AUTHEN_STATUS_GETUSER
FR_TAC_PLUS_AUTHEN_STATUS_GETPASS
FR_TAC_PLUS_AUTHEN_STATUS_RESTART
FR_TAC_PLUS_AUTHEN_STATUS_ERROR
FR_TAC_PLUS_AUTHEN_STATUS_FOLLOW

Definition at line 150 of file tacacs.h.

◆ fr_tacacs_authenservice_t

enum fr_tacacs_authenservice_t

Enumerator
FR_TAC_PLUS_AUTHEN_SVC_NONE
FR_TAC_PLUS_AUTHEN_SVC_LOGIN
FR_TAC_PLUS_AUTHEN_SVC_ENABLE
FR_TAC_PLUS_AUTHEN_SVC_PPP
FR_TAC_PLUS_AUTHEN_SVC_ARAP
FR_TAC_PLUS_AUTHEN_SVC_PT
FR_TAC_PLUS_AUTHEN_SVC_RCMD
FR_TAC_PLUS_AUTHEN_SVC_X25
FR_TAC_PLUS_AUTHEN_SVC_NASI
FR_TAC_PLUS_AUTHEN_SVC_FWPROXY

Definition at line 126 of file tacacs.h.

◆ fr_tacacs_authentype_t

enum fr_tacacs_authentype_t

Enumerator
FR_TAC_PLUS_AUTHEN_TYPE_ASCII
FR_TAC_PLUS_AUTHEN_TYPE_PAP
FR_TAC_PLUS_AUTHEN_TYPE_CHAP
FR_TAC_PLUS_AUTHEN_TYPE_ARAP
FR_TAC_PLUS_AUTHEN_TYPE_MSCHAP
FR_TAC_PLUS_AUTHEN_TYPE_MSCHAPV2

Definition at line 110 of file tacacs.h.

◆ fr_tacacs_author_authen_method_t

enum fr_tacacs_author_authen_method_t

Enumerator
FR_TAC_PLUS_AUTHEN_METH_NOT_SET
FR_TAC_PLUS_AUTHEN_METH_NONE
FR_TAC_PLUS_AUTHEN_METH_KRB5
FR_TAC_PLUS_AUTHEN_METH_LINE
FR_TAC_PLUS_AUTHEN_METH_ENABLE
FR_TAC_PLUS_AUTHEN_METH_LOCAL
FR_TAC_PLUS_AUTHEN_METH_TACACSPLUS
FR_TAC_PLUS_AUTHEN_METH_GUEST
FR_TAC_PLUS_AUTHEN_METH_RADIUS
FR_TAC_PLUS_AUTHEN_METH_KRB4
FR_TAC_PLUS_AUTHEN_METH_RCMD

Definition at line 184 of file tacacs.h.

◆ fr_tacacs_author_reply_status_t

enum fr_tacacs_author_reply_status_t

Enumerator
FR_TAC_PLUS_AUTHOR_STATUS_PASS_ADD
FR_TAC_PLUS_AUTHOR_STATUS_PASS_REPL
FR_TAC_PLUS_AUTHOR_STATUS_FAIL
FR_TAC_PLUS_AUTHOR_STATUS_ERROR
FR_TAC_PLUS_AUTHOR_STATUS_FOLLOW

Definition at line 210 of file tacacs.h.

◆ fr_tacacs_flags_t

enum fr_tacacs_flags_t

Enumerator
FR_TAC_PLUS_FLAGS_NONE
FR_TAC_PLUS_UNENCRYPTED_FLAG
FR_TAC_PLUS_SINGLE_CONNECT_FLAG

Definition at line 77 of file tacacs.h.

◆ fr_tacacs_packet_body_type_t

enum fr_tacacs_packet_body_type_t

Enumerator
FR_PACKET_BODY_TYPE_UNKNOWN
FR_PACKET_BODY_TYPE_START
FR_PACKET_BODY_TYPE_REPLY
FR_PACKET_BODY_TYPE_CONTINUE
FR_PACKET_BODY_TYPE_REQUEST
FR_PACKET_BODY_TYPE_RESPONSE

Definition at line 245 of file tacacs.h.

◆ fr_tacacs_packet_code_t

enum fr_tacacs_packet_code_t

Enumerator
FR_TACACS_CODE_INVALID
FR_TACACS_CODE_AUTH_START
FR_TACACS_CODE_AUTH_PASS
FR_TACACS_CODE_AUTH_FAIL
FR_TACACS_CODE_AUTH_GETDATA
FR_TACACS_CODE_AUTH_GETUSER
FR_TACACS_CODE_AUTH_GETPASS
FR_TACACS_CODE_AUTH_RESTART
FR_TACACS_CODE_AUTH_ERROR
FR_TACACS_CODE_AUTH_CONT
FR_TACACS_CODE_AUTH_CONT_ABORT
FR_TACACS_CODE_AUTZ_REQUEST
FR_TACACS_CODE_AUTZ_PASS_ADD
FR_TACACS_CODE_AUTZ_PASS_REPLACE
FR_TACACS_CODE_AUTZ_FAIL
FR_TACACS_CODE_AUTZ_ERROR
FR_TACACS_CODE_ACCT_REQUEST
FR_TACACS_CODE_ACCT_SUCCESS
FR_TACACS_CODE_ACCT_ERROR
FR_TACACS_CODE_MAX

Definition at line 292 of file tacacs.h.

◆ fr_tacacs_privlvl_t

enum fr_tacacs_privlvl_t

Enumerator
FR_TAC_PLUS_PRIV_LVL_MAX
FR_TAC_PLUS_PRIV_LVL_ROOT
FR_TAC_PLUS_PRIV_LVL_USER
FR_TAC_PLUS_PRIV_LVL_MIN

Definition at line 119 of file tacacs.h.

◆ fr_tacacs_type_t

enum fr_tacacs_type_t

Enumerator
FR_TAC_PLUS_INVALID
FR_TAC_PLUS_AUTHEN
FR_TAC_PLUS_AUTHOR
FR_TAC_PLUS_ACCT
FR_TAC_PLUS_MAX

Definition at line 63 of file tacacs.h.

Function Documentation

◆ _fr_tacacs_packet_log_hex()

void _fr_tacacs_packet_log_hex	(	fr_log_t const *	log,
		fr_tacacs_packet_t const *	packet,
		size_t	packet_len,
		char const *	file,
		int	line
	)

Definition at line 420 of file base.c.

Here is the call graph for this function:

◆ fr_tacacs_body_xor()

int fr_tacacs_body_xor	(	fr_tacacs_packet_t const *	pkt,
		uint8_t *	body,
		size_t	body_len,
		char const *	secret,
		size_t	secret_len
	)

XOR the body based on the secret key.

This function encrypts (or decrypts) TACACS+ packets, and sets the "encrypted" flag.

Definition at line 180 of file base.c.

Here is the call graph for this function:

Here is the caller graph for this function:

◆ fr_tacacs_code_to_packet()

int fr_tacacs_code_to_packet	(	fr_tacacs_packet_t *	pkt,
		uint32_t	code
	)

Definition at line 36 of file encode.c.

Here is the caller graph for this function:

◆ fr_tacacs_decode()

ssize_t fr_tacacs_decode	(	TALLOC_CTX *	ctx,
		fr_pair_list_t *	out,
		fr_dict_attr_t const *	vendor,
		uint8_t const *	buffer,
		size_t	buffer_len,
		UNUSED const uint8_t *	original,
		char const *const	secret,
		size_t	secret_len,
		int *	code
	)

◆ fr_tacacs_encode()

ssize_t fr_tacacs_encode	(	fr_dbuff_t *	dbuff,
		uint8_t const *	original,
		char const *const	secret,
		size_t	secret_len,
		unsigned int	code,
		fr_pair_list_t *	vps
	)

Encode VPS into a raw TACACS packet.

4.1. The Authentication START Packet Body

6.1. The Account REQUEST Packet Body

6.2. The Accounting REPLY Packet Body

1 2 3 4 5 6 7 8 1 2 3 4 5 6 7 8 1 2 3 4 5 6 7 8 1 2 3 4 5 6 7 8 +-------------—+-------------—+-------------—+-------------—+ | server_msg len | data_len | +-------------—+-------------—+-------------—+-------------—+ | status | server_msg ... +-------------—+-------------—+-------------—+-------------—+ | data ... +-------------—+

Definition at line 363 of file encode.c.

Here is the call graph for this function:

Here is the caller graph for this function:

◆ fr_tacacs_global_free()

void fr_tacacs_global_free ( void )

Definition at line 167 of file base.c.

Here is the call graph for this function:

Here is the caller graph for this function:

◆ fr_tacacs_global_init()

int fr_tacacs_global_init ( void )

Definition at line 144 of file base.c.

Here is the call graph for this function:

Here is the caller graph for this function:

◆ fr_tacacs_length()

ssize_t fr_tacacs_length	(	uint8_t const *	buffer,
		size_t	buffer_len
	)

 Return how long a TACACS+ packet is

 Note that we only look at the 12 byte packet header.  We don't
 (yet) do validation on authentication / authorization /
 accounting headers.  The packet may still be determined later
 to be invalid.

Parameters

buffer	to check
buffer_len	length of the buffer

Returns: >0 size of the TACACS+ packet. We want. MAY be larger than "buffer_len" <=0 error, packet should be discarded.

Definition at line 242 of file base.c.

Here is the call graph for this function:

Here is the caller graph for this function:

◆ fr_tacacs_packet_to_code()

int fr_tacacs_packet_to_code ( fr_tacacs_packet_t const * pkt )

Definition at line 36 of file decode.c.

Here is the caller graph for this function:

Variable Documentation

◆ fr_tacacs_packet_names

char const* fr_tacacs_packet_names[FR_TACACS_CODE_MAX]

extern

Definition at line 119 of file base.c.

Data Structures

Macros

Enumerations

Functions

Variables

Data Structure Documentation

◆ fr_tacacs_ctx_t

◆ fr_tacacs_packet_acct_reply_hdr_t

◆ fr_tacacs_packet_acct_req_hdr_t

◆ fr_tacacs_packet_authen_cont_hdr_t

◆ fr_tacacs_packet_authen_reply_hdr_t

◆ fr_tacacs_packet_authen_start_hdr_t

◆ fr_tacacs_packet_author_reply_hdr_t

◆ fr_tacacs_packet_author_req_hdr_t

◆ fr_tacacs_packet_hdr_t

◆ fr_tacacs_packet_hdr_t.__unnamed186__

◆ fr_tacacs_packet_hdr_t.__unnamed186__.ver

◆ fr_tacacs_packet_t

◆ fr_tacacs_packet_t.__unnamed189__

Macro Definition Documentation

◆ FR_HEADER_LENGTH

◆ FR_MAX_ATTRIBUTES

◆ FR_MAX_PACKET_SIZE

◆ FR_TAC_PLUS_MAJOR_VER

◆ FR_TAC_PLUS_MINOR_VER_DEFAULT

◆ FR_TAC_PLUS_MINOR_VER_ONE

◆ FR_TACACS_PACKET_CODE_VALID

◆ fr_tacacs_packet_log_hex

◆ packet_has_valid_seq_no

◆ packet_is_acct_reply

◆ packet_is_acct_request

◆ packet_is_authen_continue

◆ packet_is_authen_reply

◆ packet_is_authen_start_request

◆ packet_is_author_reply

◆ packet_is_author_request

◆ packet_is_encrypted

Enumeration Type Documentation

◆ fr_tacacs_acct_reply_status_t

◆ fr_tacacs_acct_req_flags_t

◆ fr_tacacs_action_t

◆ fr_tacacs_authen_cont_flags_t

◆ fr_tacacs_authen_reply_flags_t

◆ fr_tacacs_authen_reply_status_t

◆ fr_tacacs_authenservice_t

◆ fr_tacacs_authentype_t

◆ fr_tacacs_author_authen_method_t

◆ fr_tacacs_author_reply_status_t

◆ fr_tacacs_flags_t

◆ fr_tacacs_packet_body_type_t

◆ fr_tacacs_packet_code_t

◆ fr_tacacs_privlvl_t

◆ fr_tacacs_type_t

Function Documentation

◆ _fr_tacacs_packet_log_hex()

◆ fr_tacacs_body_xor()

◆ fr_tacacs_code_to_packet()

◆ fr_tacacs_decode()

◆ fr_tacacs_encode()

◆ fr_tacacs_global_free()

◆ fr_tacacs_global_init()

◆ fr_tacacs_length()

◆ fr_tacacs_packet_to_code()

Variable Documentation

◆ fr_tacacs_packet_names

◆ fr_tacacs_packet_hdr_t.unnamed186

◆ fr_tacacs_packet_hdr_t.unnamed186.ver

◆ fr_tacacs_packet_t.unnamed189