packet-tacacs.h

   1 /* packet-tacacs.h
   2  * Routines for cisco tacplus packet dissection
   3  * Copyright 2000, Emanuele Caratti <wiz@iol.it>
   4  *
   5  * $Id: packet-tacacs.h,v 1.6 2003/12/21 04:31:57 jmayer Exp $
   6  *
   7  * Ethereal - Network traffic analyzer
   8  * By Gerald Combs <gerald@ethereal.com>
   9  * Copyright 1998 Gerald Combs
  10  *
  11  * This program is free software; you can redistribute it and/or
  12  * modify it under the terms of the GNU General Public License
  13  * as published by the Free Software Foundation; either version 2
  14  * of the License, or (at your option) any later version.
  15  *
  16  * This program is distributed in the hope that it will be useful,
  17  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  18  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  19  * GNU General Public License for more details.
  20  *
  21  * You should have received a copy of the GNU General Public License
  22  * along with this program; if not, write to the Free Software
  23  * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
  24  */
  25
  26 #ifndef __PACKET_TACACS_H__
  27 #define __PACKET_TACACS_H__
  28
  29 #define TAC_PLUS_HDR_SIZE 12
  30
  31 #define MD5_LEN           16
  32 #define MSCHAP_DIGEST_LEN 49
  33 enum
  34 {
  35         FLAGS_UNENCRYPTED = 0x01,
  36         FLAGS_SINGLE = 0x04
  37 };
  38
  39 /* Tacacs+ packet type */
  40 enum
  41 {
  42         TAC_PLUS_AUTHEN = 0x01,         /* Authentication */
  43         TAC_PLUS_AUTHOR = 0x02,         /* Authorization  */
  44         TAC_PLUS_ACCT = 0x03            /* Accounting     */
  45 };
  46
  47 /* Flags */
  48 #define TAC_PLUS_ENCRYPTED 0x0
  49 #define TAC_PLUS_CLEAR     0x1
  50
  51 /* Authentication action to perform */
  52 enum
  53 {
  54         TAC_PLUS_AUTHEN_LOGIN = 0x01,
  55         TAC_PLUS_AUTHEN_CHPASS = 0x02,
  56         TAC_PLUS_AUTHEN_SENDPASS = 0x03,        /* deprecated */
  57         TAC_PLUS_AUTHEN_SENDAUTH = 0x04
  58 };
  59
  60 /* Authentication priv_levels */
  61 enum
  62 {
  63         TAC_PLUS_PRIV_LVL_MAX   = 0x0f,
  64         TAC_PLUS_PRIV_LVL_ROOT  = 0x0f,
  65         TAC_PLUS_PRIV_LVL_USER  = 0x01,
  66         TAC_PLUS_PRIV_LVL_MIN   = 0x00
  67 };
  68
  69 /* authen types */
  70 enum
  71 {
  72         TAC_PLUS_AUTHEN_TYPE_ASCII              = 0x01, /*  ascii  */
  73         TAC_PLUS_AUTHEN_TYPE_PAP                = 0x02, /*  pap    */
  74         TAC_PLUS_AUTHEN_TYPE_CHAP               = 0x03, /*  chap   */
  75         TAC_PLUS_AUTHEN_TYPE_ARAP               = 0x04, /*  arap   */
  76         TAC_PLUS_AUTHEN_TYPE_MSCHAP     = 0x05  /*  mschap */
  77 };
  78
  79 /* authen services */
  80 enum
  81 {
  82         TAC_PLUS_AUTHEN_SVC_NONE        = 0x00,
  83         TAC_PLUS_AUTHEN_SVC_LOGIN       = 0x01,
  84         TAC_PLUS_AUTHEN_SVC_ENABLE      = 0x02,
  85         TAC_PLUS_AUTHEN_SVC_PPP         = 0x03,
  86         TAC_PLUS_AUTHEN_SVC_ARAP        = 0x04,
  87         TAC_PLUS_AUTHEN_SVC_PT          = 0x05,
  88         TAC_PLUS_AUTHEN_SVC_RCMD        = 0x06,
  89         TAC_PLUS_AUTHEN_SVC_X25         = 0x07,
  90         TAC_PLUS_AUTHEN_SVC_NASI        = 0x08,
  91         TAC_PLUS_AUTHEN_SVC_FWPROXY     = 0x09
  92 };
  93
  94 /* status of reply packet, that client get from server in authen */
  95 enum
  96 {
  97         TAC_PLUS_AUTHEN_STATUS_PASS             = 0x01,
  98         TAC_PLUS_AUTHEN_STATUS_FAIL             = 0x02,
  99         TAC_PLUS_AUTHEN_STATUS_GETDATA  = 0x03,
 100         TAC_PLUS_AUTHEN_STATUS_GETUSER  = 0x04,
 101         TAC_PLUS_AUTHEN_STATUS_GETPASS  = 0x05,
 102         TAC_PLUS_AUTHEN_STATUS_RESTART  = 0x06,
 103         TAC_PLUS_AUTHEN_STATUS_ERROR    = 0x07,
 104         TAC_PLUS_AUTHEN_STATUS_FOLLOW   = 0x21
 105 };
 106
 107 /* Authen reply Flags */
 108 #define TAC_PLUS_REPLY_FLAG_NOECHO              0x01
 109 /* Authen continue Flags */
 110 #define TAC_PLUS_CONTINUE_FLAG_ABORT    0x01
 111
 112 /* methods of authentication */
 113 enum {
 114         TAC_PLUS_AUTHEN_METH_NOT_SET    = 0x00,
 115         TAC_PLUS_AUTHEN_METH_NONE               = 0x01,
 116         TAC_PLUS_AUTHEN_METH_KRB5               = 0x03,
 117         TAC_PLUS_AUTHEN_METH_LINE               = 0x03,
 118         TAC_PLUS_AUTHEN_METH_ENABLE             = 0x04,
 119         TAC_PLUS_AUTHEN_METH_LOCAL              = 0x05,
 120         TAC_PLUS_AUTHEN_METH_TACACSPLUS = 0x06,
 121         TAC_PLUS_AUTHEN_METH_GUEST              = 0x08,
 122         TAC_PLUS_AUTHEN_METH_RADIUS             = 0x10,
 123         TAC_PLUS_AUTHEN_METH_KRB4               = 0x11,
 124         TAC_PLUS_AUTHEN_METH_RCMD               = 0x20
 125 };
 126
 127 /* authorization status */
 128 enum
 129 {
 130         TAC_PLUS_AUTHOR_STATUS_PASS_ADD         = 0x01,
 131         TAC_PLUS_AUTHOR_STATUS_PASS_REPL        = 0x02,
 132         TAC_PLUS_AUTHOR_STATUS_FAIL                     = 0x10,
 133         TAC_PLUS_AUTHOR_STATUS_ERROR            = 0x11,
 134         TAC_PLUS_AUTHOR_STATUS_FOLLOW           = 0x21
 135 };
 136
 137 /* accounting flag */
 138
 139 enum
 140 {
 141         TAC_PLUS_ACCT_FLAG_MORE         = 0x1, /* deprecated */
 142         TAC_PLUS_ACCT_FLAG_START        = 0x2,
 143         TAC_PLUS_ACCT_FLAG_STOP         = 0x4,
 144         TAC_PLUS_ACCT_FLAG_WATCHDOG     = 0x8
 145 };
 146 /* accounting status */
 147 enum {
 148         TAC_PLUS_ACCT_STATUS_SUCCESS    = 0x01,
 149         TAC_PLUS_ACCT_STATUS_ERROR              = 0x02,
 150         TAC_PLUS_ACCT_STATUS_FOLLOW             = 0x21
 151 };
 152
 153 /* Header offsets */
 154 #define H_VER_OFF                       (0)
 155 #define H_TYPE_OFF                      (H_VER_OFF+1)
 156 #define H_SEQ_NO_OFF            (H_TYPE_OFF+1)
 157 #define H_FLAGS_OFF                     (H_SEQ_NO_OFF+1)
 158 #define H_SESSION_ID_OFF        (H_FLAGS_OFF+1)
 159 #define H_LENGTH_OFF            (H_SESSION_ID_OFF+4)
 160
 161 #define TACPLUS_BODY_OFF                0
 162 /* authen START offsets */
 163 #define AUTHEN_S_ACTION_OFF                     (TACPLUS_BODY_OFF)
 164 #define AUTHEN_S_PRIV_LVL_OFF           (AUTHEN_S_ACTION_OFF+1)
 165 #define AUTHEN_S_AUTHEN_TYPE_OFF        (AUTHEN_S_PRIV_LVL_OFF+1)
 166 #define AUTHEN_S_SERVICE_OFF            (AUTHEN_S_AUTHEN_TYPE_OFF+1)
 167 #define AUTHEN_S_USER_LEN_OFF           (AUTHEN_S_SERVICE_OFF+1)
 168 #define AUTHEN_S_PORT_LEN_OFF           (AUTHEN_S_USER_LEN_OFF+1)
 169 #define AUTHEN_S_REM_ADDR_LEN_OFF       (AUTHEN_S_PORT_LEN_OFF+1)
 170 #define AUTHEN_S_DATA_LEN_OFF           (AUTHEN_S_REM_ADDR_LEN_OFF+1)
 171 #define AUTHEN_S_VARDATA_OFF            (AUTHEN_S_DATA_LEN_OFF+1) /* variable data offset (user, port, etc ) */
 172
 173 /* authen REPLY fields offset */
 174 #define AUTHEN_R_STATUS_OFF                     (TACPLUS_BODY_OFF)
 175 #define AUTHEN_R_FLAGS_OFF                      (AUTHEN_R_STATUS_OFF+1)
 176 #define AUTHEN_R_SRV_MSG_LEN_OFF        (AUTHEN_R_FLAGS_OFF+1)
 177 #define AUTHEN_R_DATA_LEN_OFF           (AUTHEN_R_SRV_MSG_LEN_OFF+2)
 178 #define AUTHEN_R_VARDATA_OFF            (AUTHEN_R_DATA_LEN_OFF+2)
 179
 180 /* authen CONTINUE fields offset */
 181 #define AUTHEN_C_USER_LEN_OFF           (TACPLUS_BODY_OFF)
 182 #define AUTHEN_C_DATA_LEN_OFF           (AUTHEN_C_USER_LEN_OFF+2)
 183 #define AUTHEN_C_FLAGS_OFF                      (AUTHEN_C_DATA_LEN_OFF+2)
 184 #define AUTHEN_C_VARDATA_OFF            (AUTHEN_C_FLAGS_OFF+1)
 185
 186 /* acct REQUEST fields offsets */
 187 #define ACCT_Q_FLAGS_OFF                        (TACPLUS_BODY_OFF)
 188 #define ACCT_Q_METHOD_OFF                       (ACCT_Q_FLAGS_OFF+1)
 189 #define ACCT_Q_PRIV_LVL_OFF                     (ACCT_Q_METHOD_OFF+1)
 190 #define ACCT_Q_AUTHEN_TYPE_OFF          (ACCT_Q_PRIV_LVL_OFF+1)
 191 #define ACCT_Q_SERVICE_OFF                      (ACCT_Q_AUTHEN_TYPE_OFF+1)
 192 #define ACCT_Q_USER_LEN_OFF                     (ACCT_Q_SERVICE_OFF+1)
 193 #define ACCT_Q_PORT_LEN_OFF                     (ACCT_Q_USER_LEN_OFF+1)
 194 #define ACCT_Q_REM_ADDR_LEN_OFF         (ACCT_Q_PORT_LEN_OFF+1)
 195 #define ACCT_Q_ARG_CNT_OFF                      (ACCT_Q_REM_ADDR_LEN_OFF+1)
 196 #define ACCT_Q_VARDATA_OFF                      (ACCT_Q_ARG_CNT_OFF+1)
 197
 198 /* acct REPLY fields offsets */
 199 #define ACCT_R_SRV_MSG_LEN_OFF          (TACPLUS_BODY_OFF)
 200 #define ACCT_R_DATA_LEN_OFF                     (ACCT_R_SRV_MSG_LEN_OFF+2)
 201 #define ACCT_R_STATUS_OFF                       (ACCT_R_DATA_LEN_OFF+2)
 202 #define ACCT_R_VARDATA_OFF                      (ACCT_R_STATUS_OFF+1)
 203
 204 /* AUTHORIZATION */
 205 /* Request */
 206 #define AUTHOR_Q_AUTH_METH_OFF          (TACPLUS_BODY_OFF)
 207 #define AUTHOR_Q_PRIV_LVL_OFF           (AUTHOR_Q_AUTH_METH_OFF+1)
 208 #define AUTHOR_Q_AUTHEN_TYPE_OFF        (AUTHOR_Q_PRIV_LVL_OFF+1)
 209 #define AUTHOR_Q_SERVICE_OFF            (AUTHOR_Q_AUTHEN_TYPE_OFF+1)
 210 #define AUTHOR_Q_USER_LEN_OFF           (AUTHOR_Q_SERVICE_OFF+1)
 211 #define AUTHOR_Q_PORT_LEN_OFF           (AUTHOR_Q_USER_LEN_OFF+1)
 212 #define AUTHOR_Q_REM_ADDR_LEN_OFF       (AUTHOR_Q_PORT_LEN_OFF+1)
 213 #define AUTHOR_Q_ARGC_OFF                       (AUTHOR_Q_REM_ADDR_LEN_OFF+1)
 214 #define AUTHOR_Q_VARDATA_OFF            (AUTHOR_Q_ARGC_OFF+1)
 215
 216 /* Reply */
 217 #define AUTHOR_R_STATUS_OFF                     (TACPLUS_BODY_OFF)
 218 #define AUTHOR_R_ARGC_OFF                       (AUTHOR_R_STATUS_OFF+1)
 219 #define AUTHOR_R_SRV_MSG_LEN_OFF        (AUTHOR_R_ARGC_OFF+1)
 220 #define AUTHOR_R_DATA_LEN_OFF           (AUTHOR_R_SRV_MSG_LEN_OFF+2)
 221 #define AUTHOR_R_VARDATA_OFF            (AUTHOR_R_DATA_LEN_OFF+2)
 222
 223
 224 #if 0
 225 /* Packet structures */
 226 typedef struct  {
 227         u_char version;
 228         u_char type;
 229         u_char seq_no;
 230         u_char flags;
 231         guint32 session_id;
 232         guint32 length;
 233 } tacplus_pkt_hdr;
 234
 235 /* Authentication START packet */
 236 typedef struct {
 237         u_char  action;
 238         u_char  priv_lvl;
 239         u_char  authen_type;
 240         u_char  service;
 241         u_char  user_len;
 242         u_char  port_len;
 243         u_char  rem_addr_len;
 244         u_char  data_len;
 245         u_char  vardata[1];
 246 } tacplus_authen_start ;
 247
 248 /* Authentication CONTINUE packet */
 249 typedef struct {
 250         guint16 user_len;
 251         guint16 data_len;
 252         u_char  flags;
 253         u_char  vardata[1];
 254 } tacplus_authen_continue ;
 255
 256 /* Authentication REPLY packet */
 257 typedef struct {
 258         u_char  status;
 259         u_char  flags;
 260         guint16 srv_msg_len;
 261         guint16 data_len;
 262         u_char  vardata[1];
 263 } tacplus_authen_reply;
 264
 265
 266 /* Authentication sub-PACKET */
 267 typedef union {
 268         tacplus_authen_start    s; /* start */
 269         tacplus_authen_continue c; /* continue */
 270         tacplus_authen_reply    r; /* reply (from srv) */
 271 } tacplus_authen_pkt;
 272
 273 /* AUTHORIZATION request */
 274
 275 typedef struct {
 276         u_char  authen_method;
 277         u_char  priv_lvl;
 278         u_char  authen_type;
 279         u_char  authen_service;
 280         u_char  user_len;
 281         u_char  port_len;
 282         u_char  rem_addr_len;
 283         u_char  arg_cnt;
 284         u_char  vardata[1];
 285 } tacplus_author_request;
 286
 287 typedef struct {
 288         u_char  status;
 289         u_char  arg_cnt;
 290         guint16 srv_msg_len;
 291         guint16 data_len;
 292         u_char  vardata[1];
 293 } tacplus_author_reply;
 294
 295 typedef union {
 296         tacplus_author_request  q;
 297         tacplus_author_reply    r;
 298 } tacplus_author_pkt;
 299
 300 /* ACCOUNTING request */
 301 typedef struct {
 302         u_char  flags;
 303         u_char  authen_method;
 304         u_char  priv_lvl;
 305         u_char  authen_type;
 306         u_char  authen_service;
 307         u_char  user_len;
 308         u_char  port_len;
 309         u_char  rem_addr_len;
 310         u_char  arg_cnt;
 311         u_char  vardata[1];
 312 } tacplus_account_request;
 313
 314 typedef struct {
 315         guint16 srv_msg_len;
 316         guint16 data_len;
 317         u_char  status;
 318         u_char  vardata[1];
 319 } tacplus_account_reply;
 320
 321 typedef union {
 322         tacplus_account_request q; /* Request */
 323         tacplus_account_reply   r; /* Reply */
 324 } tacplus_account_pkt;
 325
 326 /* TACACS+ Packet */
 327 typedef struct {
 328         tacplus_pkt_hdr hdr;
 329         union {
 330                 tacplus_authen_pkt authen;
 331                 tacplus_author_pkt author;
 332                 tacplus_account_pkt acct;
 333         } body;
 334 } tacplus_pkt;
 335
 336 #endif
 337
 338 /* From my old tacacs dissector */
 339 static value_string tacplus_type_vals[] = {
 340         {TAC_PLUS_AUTHEN,       "Authentication"},
 341         {TAC_PLUS_AUTHOR,       "Authorization" },
 342         {TAC_PLUS_ACCT,         "Accounting"    },
 343         {0, NULL}};
 344
 345 static value_string tacplus_authen_action_vals[] = {
 346         {TAC_PLUS_AUTHEN_LOGIN,                 "Inbound Login"},
 347         {TAC_PLUS_AUTHEN_CHPASS,                "Change password request"},
 348         {TAC_PLUS_AUTHEN_SENDPASS,              "Send password request"},
 349         {TAC_PLUS_AUTHEN_SENDAUTH,              "Outbound Request (SENDAUTH)"},
 350         {0, NULL}};
 351
 352 #if 0
 353 static value_string tacplus_authen_priv_lvl_vals[] = {
 354         {TAC_PLUS_PRIV_LVL_MAX,                 "LVL_MAX"},
 355         {TAC_PLUS_PRIV_LVL_ROOT,                "LVL_ROOT"},
 356         {TAC_PLUS_PRIV_LVL_USER,                "LVL_USER"},
 357         {TAC_PLUS_PRIV_LVL_MIN,                 "LVL_MIN"},
 358         {0, NULL}};
 359 #endif
 360
 361 static value_string tacplus_authen_type_vals[] = {
 362         {TAC_PLUS_AUTHEN_TYPE_ASCII,    "ASCII"},
 363         {TAC_PLUS_AUTHEN_TYPE_PAP,              "PAP"},
 364         {TAC_PLUS_AUTHEN_TYPE_CHAP,             "CHAP"},
 365         {TAC_PLUS_AUTHEN_TYPE_ARAP,             "ARAP"},
 366         {TAC_PLUS_AUTHEN_TYPE_MSCHAP,   "MS-CHAP"},
 367         {0, NULL}};
 368
 369 static value_string tacplus_authen_service_vals[] = {
 370         {TAC_PLUS_AUTHEN_SVC_NONE,              "TAC_PLUS_AUTHEN_SVC_NONE"},
 371         {TAC_PLUS_AUTHEN_SVC_LOGIN,             "Login" },
 372         {TAC_PLUS_AUTHEN_SVC_ENABLE,    "ENABLE"},
 373         {TAC_PLUS_AUTHEN_SVC_PPP,               "PPP"   },
 374         {TAC_PLUS_AUTHEN_SVC_ARAP,              "ARAP"  },
 375         {TAC_PLUS_AUTHEN_SVC_PT,                "TAC_PLUS_AUTHEN_SVC_PT"},
 376         {TAC_PLUS_AUTHEN_SVC_RCMD,              "TAC_PLUS_AUTHEN_SVC_RCMD"},
 377         {TAC_PLUS_AUTHEN_SVC_X25,               "TAC_PLUS_AUTHEN_SVC_X25"},
 378         {TAC_PLUS_AUTHEN_SVC_NASI,              "TAC_PLUS_AUTHEN_SVC_NASI"},
 379         {TAC_PLUS_AUTHEN_SVC_FWPROXY,   "TAC_PLUS_AUTHEN_SVC_FWPROXY"},
 380         {0, NULL}};
 381
 382 static value_string tacplus_reply_status_vals[] = {
 383         {TAC_PLUS_AUTHEN_STATUS_PASS,           "Authentication Passed"},
 384         {TAC_PLUS_AUTHEN_STATUS_FAIL,           "Authentication Failed"},
 385         {TAC_PLUS_AUTHEN_STATUS_GETDATA,        "Send Data"},
 386         {TAC_PLUS_AUTHEN_STATUS_GETUSER,        "Send Username"},
 387         {TAC_PLUS_AUTHEN_STATUS_GETPASS,        "Send Password"},
 388         {TAC_PLUS_AUTHEN_STATUS_RESTART,        "Restart Authentication Sequence"},
 389         {TAC_PLUS_AUTHEN_STATUS_ERROR,          "Unrecoverable Error"},
 390         {TAC_PLUS_AUTHEN_STATUS_FOLLOW,         "Use Alternate Server"},
 391         {0, NULL}};
 392
 393
 394 static value_string tacplus_authen_method[] = {
 395         {TAC_PLUS_AUTHEN_METH_NOT_SET,          "NOT_SET"},
 396         {TAC_PLUS_AUTHEN_METH_NONE,                     "NONE"},
 397         {TAC_PLUS_AUTHEN_METH_KRB5,                     "KRB5"},
 398         {TAC_PLUS_AUTHEN_METH_LINE,                     "LINE"},
 399         {TAC_PLUS_AUTHEN_METH_ENABLE,           "ENABLE"},
 400         {TAC_PLUS_AUTHEN_METH_LOCAL,            "LOCAL"},
 401         {TAC_PLUS_AUTHEN_METH_TACACSPLUS,       "TACACSPLUS"},
 402         {TAC_PLUS_AUTHEN_METH_GUEST,            "GUEST"},
 403         {TAC_PLUS_AUTHEN_METH_RADIUS,           "RADIUS"},
 404         {TAC_PLUS_AUTHEN_METH_KRB4,                     "KRB4"},
 405         {TAC_PLUS_AUTHEN_METH_RCMD,                     "RCMD"},
 406         {0, NULL}};
 407
 408 static value_string tacplus_author_status[] = {
 409         {TAC_PLUS_AUTHOR_STATUS_PASS_ADD,               "PASS_ADD"},
 410         {TAC_PLUS_AUTHOR_STATUS_PASS_REPL,              "PASS_REPL"},
 411         {TAC_PLUS_AUTHOR_STATUS_FAIL,           "FAIL"},
 412         {TAC_PLUS_AUTHOR_STATUS_ERROR,          "ERROR"},
 413         {TAC_PLUS_AUTHOR_STATUS_FOLLOW,         "FOLLOW"},
 414         {0, NULL}};
 415
 416 static value_string tacplus_acct_status[] = {
 417         {TAC_PLUS_ACCT_STATUS_SUCCESS,  "Success"},
 418         {TAC_PLUS_ACCT_STATUS_ERROR,    "Error"},
 419         {TAC_PLUS_ACCT_STATUS_FOLLOW,   "Follow"},
 420         {0, NULL}};
 421
 422 #ifdef __TAC_ACCOUNTING__
 423 static value_string tacplus_acct_flags[] = {
 424         {TAC_PLUS_ACCT_FLAG_MORE,       "More (deprecated)"},
 425         {TAC_PLUS_ACCT_FLAG_START,      "Start"},
 426         {TAC_PLUS_ACCT_FLAG_STOP,       "Stop"},
 427         {TAC_PLUS_ACCT_FLAG_WATCHDOG,"Update"},
 428         {0, NULL}};
 429 #endif
 430
 431 #endif   /* __PACKET_TACACS_H__ */