2 * Routines for cisco tacplus packet dissection
3 * Copyright 2000, Emanuele Caratti <wiz@iol.it>
5 * $Id: packet-tacacs.h,v 1.6 2003/12/21 04:31:57 jmayer Exp $
7 * Ethereal - Network traffic analyzer
8 * By Gerald Combs <gerald@ethereal.com>
9 * Copyright 1998 Gerald Combs
11 * This program is free software; you can redistribute it and/or
12 * modify it under the terms of the GNU General Public License
13 * as published by the Free Software Foundation; either version 2
14 * of the License, or (at your option) any later version.
16 * This program is distributed in the hope that it will be useful,
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 * GNU General Public License for more details.
21 * You should have received a copy of the GNU General Public License
22 * along with this program; if not, write to the Free Software
23 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
26 #ifndef __PACKET_TACACS_H__
27 #define __PACKET_TACACS_H__
29 #define TAC_PLUS_HDR_SIZE 12
32 #define MSCHAP_DIGEST_LEN 49
35 FLAGS_UNENCRYPTED = 0x01,
39 /* Tacacs+ packet type */
42 TAC_PLUS_AUTHEN = 0x01, /* Authentication */
43 TAC_PLUS_AUTHOR = 0x02, /* Authorization */
44 TAC_PLUS_ACCT = 0x03 /* Accounting */
48 #define TAC_PLUS_ENCRYPTED 0x0
49 #define TAC_PLUS_CLEAR 0x1
51 /* Authentication action to perform */
54 TAC_PLUS_AUTHEN_LOGIN = 0x01,
55 TAC_PLUS_AUTHEN_CHPASS = 0x02,
56 TAC_PLUS_AUTHEN_SENDPASS = 0x03, /* deprecated */
57 TAC_PLUS_AUTHEN_SENDAUTH = 0x04
60 /* Authentication priv_levels */
63 TAC_PLUS_PRIV_LVL_MAX = 0x0f,
64 TAC_PLUS_PRIV_LVL_ROOT = 0x0f,
65 TAC_PLUS_PRIV_LVL_USER = 0x01,
66 TAC_PLUS_PRIV_LVL_MIN = 0x00
72 TAC_PLUS_AUTHEN_TYPE_ASCII = 0x01, /* ascii */
73 TAC_PLUS_AUTHEN_TYPE_PAP = 0x02, /* pap */
74 TAC_PLUS_AUTHEN_TYPE_CHAP = 0x03, /* chap */
75 TAC_PLUS_AUTHEN_TYPE_ARAP = 0x04, /* arap */
76 TAC_PLUS_AUTHEN_TYPE_MSCHAP = 0x05 /* mschap */
82 TAC_PLUS_AUTHEN_SVC_NONE = 0x00,
83 TAC_PLUS_AUTHEN_SVC_LOGIN = 0x01,
84 TAC_PLUS_AUTHEN_SVC_ENABLE = 0x02,
85 TAC_PLUS_AUTHEN_SVC_PPP = 0x03,
86 TAC_PLUS_AUTHEN_SVC_ARAP = 0x04,
87 TAC_PLUS_AUTHEN_SVC_PT = 0x05,
88 TAC_PLUS_AUTHEN_SVC_RCMD = 0x06,
89 TAC_PLUS_AUTHEN_SVC_X25 = 0x07,
90 TAC_PLUS_AUTHEN_SVC_NASI = 0x08,
91 TAC_PLUS_AUTHEN_SVC_FWPROXY = 0x09
94 /* status of reply packet, that client get from server in authen */
97 TAC_PLUS_AUTHEN_STATUS_PASS = 0x01,
98 TAC_PLUS_AUTHEN_STATUS_FAIL = 0x02,
99 TAC_PLUS_AUTHEN_STATUS_GETDATA = 0x03,
100 TAC_PLUS_AUTHEN_STATUS_GETUSER = 0x04,
101 TAC_PLUS_AUTHEN_STATUS_GETPASS = 0x05,
102 TAC_PLUS_AUTHEN_STATUS_RESTART = 0x06,
103 TAC_PLUS_AUTHEN_STATUS_ERROR = 0x07,
104 TAC_PLUS_AUTHEN_STATUS_FOLLOW = 0x21
107 /* Authen reply Flags */
108 #define TAC_PLUS_REPLY_FLAG_NOECHO 0x01
109 /* Authen continue Flags */
110 #define TAC_PLUS_CONTINUE_FLAG_ABORT 0x01
112 /* methods of authentication */
114 TAC_PLUS_AUTHEN_METH_NOT_SET = 0x00,
115 TAC_PLUS_AUTHEN_METH_NONE = 0x01,
116 TAC_PLUS_AUTHEN_METH_KRB5 = 0x03,
117 TAC_PLUS_AUTHEN_METH_LINE = 0x03,
118 TAC_PLUS_AUTHEN_METH_ENABLE = 0x04,
119 TAC_PLUS_AUTHEN_METH_LOCAL = 0x05,
120 TAC_PLUS_AUTHEN_METH_TACACSPLUS = 0x06,
121 TAC_PLUS_AUTHEN_METH_GUEST = 0x08,
122 TAC_PLUS_AUTHEN_METH_RADIUS = 0x10,
123 TAC_PLUS_AUTHEN_METH_KRB4 = 0x11,
124 TAC_PLUS_AUTHEN_METH_RCMD = 0x20
127 /* authorization status */
130 TAC_PLUS_AUTHOR_STATUS_PASS_ADD = 0x01,
131 TAC_PLUS_AUTHOR_STATUS_PASS_REPL = 0x02,
132 TAC_PLUS_AUTHOR_STATUS_FAIL = 0x10,
133 TAC_PLUS_AUTHOR_STATUS_ERROR = 0x11,
134 TAC_PLUS_AUTHOR_STATUS_FOLLOW = 0x21
137 /* accounting flag */
141 TAC_PLUS_ACCT_FLAG_MORE = 0x1, /* deprecated */
142 TAC_PLUS_ACCT_FLAG_START = 0x2,
143 TAC_PLUS_ACCT_FLAG_STOP = 0x4,
144 TAC_PLUS_ACCT_FLAG_WATCHDOG = 0x8
146 /* accounting status */
148 TAC_PLUS_ACCT_STATUS_SUCCESS = 0x01,
149 TAC_PLUS_ACCT_STATUS_ERROR = 0x02,
150 TAC_PLUS_ACCT_STATUS_FOLLOW = 0x21
154 #define H_VER_OFF (0)
155 #define H_TYPE_OFF (H_VER_OFF+1)
156 #define H_SEQ_NO_OFF (H_TYPE_OFF+1)
157 #define H_FLAGS_OFF (H_SEQ_NO_OFF+1)
158 #define H_SESSION_ID_OFF (H_FLAGS_OFF+1)
159 #define H_LENGTH_OFF (H_SESSION_ID_OFF+4)
161 #define TACPLUS_BODY_OFF 0
162 /* authen START offsets */
163 #define AUTHEN_S_ACTION_OFF (TACPLUS_BODY_OFF)
164 #define AUTHEN_S_PRIV_LVL_OFF (AUTHEN_S_ACTION_OFF+1)
165 #define AUTHEN_S_AUTHEN_TYPE_OFF (AUTHEN_S_PRIV_LVL_OFF+1)
166 #define AUTHEN_S_SERVICE_OFF (AUTHEN_S_AUTHEN_TYPE_OFF+1)
167 #define AUTHEN_S_USER_LEN_OFF (AUTHEN_S_SERVICE_OFF+1)
168 #define AUTHEN_S_PORT_LEN_OFF (AUTHEN_S_USER_LEN_OFF+1)
169 #define AUTHEN_S_REM_ADDR_LEN_OFF (AUTHEN_S_PORT_LEN_OFF+1)
170 #define AUTHEN_S_DATA_LEN_OFF (AUTHEN_S_REM_ADDR_LEN_OFF+1)
171 #define AUTHEN_S_VARDATA_OFF (AUTHEN_S_DATA_LEN_OFF+1) /* variable data offset (user, port, etc ) */
173 /* authen REPLY fields offset */
174 #define AUTHEN_R_STATUS_OFF (TACPLUS_BODY_OFF)
175 #define AUTHEN_R_FLAGS_OFF (AUTHEN_R_STATUS_OFF+1)
176 #define AUTHEN_R_SRV_MSG_LEN_OFF (AUTHEN_R_FLAGS_OFF+1)
177 #define AUTHEN_R_DATA_LEN_OFF (AUTHEN_R_SRV_MSG_LEN_OFF+2)
178 #define AUTHEN_R_VARDATA_OFF (AUTHEN_R_DATA_LEN_OFF+2)
180 /* authen CONTINUE fields offset */
181 #define AUTHEN_C_USER_LEN_OFF (TACPLUS_BODY_OFF)
182 #define AUTHEN_C_DATA_LEN_OFF (AUTHEN_C_USER_LEN_OFF+2)
183 #define AUTHEN_C_FLAGS_OFF (AUTHEN_C_DATA_LEN_OFF+2)
184 #define AUTHEN_C_VARDATA_OFF (AUTHEN_C_FLAGS_OFF+1)
186 /* acct REQUEST fields offsets */
187 #define ACCT_Q_FLAGS_OFF (TACPLUS_BODY_OFF)
188 #define ACCT_Q_METHOD_OFF (ACCT_Q_FLAGS_OFF+1)
189 #define ACCT_Q_PRIV_LVL_OFF (ACCT_Q_METHOD_OFF+1)
190 #define ACCT_Q_AUTHEN_TYPE_OFF (ACCT_Q_PRIV_LVL_OFF+1)
191 #define ACCT_Q_SERVICE_OFF (ACCT_Q_AUTHEN_TYPE_OFF+1)
192 #define ACCT_Q_USER_LEN_OFF (ACCT_Q_SERVICE_OFF+1)
193 #define ACCT_Q_PORT_LEN_OFF (ACCT_Q_USER_LEN_OFF+1)
194 #define ACCT_Q_REM_ADDR_LEN_OFF (ACCT_Q_PORT_LEN_OFF+1)
195 #define ACCT_Q_ARG_CNT_OFF (ACCT_Q_REM_ADDR_LEN_OFF+1)
196 #define ACCT_Q_VARDATA_OFF (ACCT_Q_ARG_CNT_OFF+1)
198 /* acct REPLY fields offsets */
199 #define ACCT_R_SRV_MSG_LEN_OFF (TACPLUS_BODY_OFF)
200 #define ACCT_R_DATA_LEN_OFF (ACCT_R_SRV_MSG_LEN_OFF+2)
201 #define ACCT_R_STATUS_OFF (ACCT_R_DATA_LEN_OFF+2)
202 #define ACCT_R_VARDATA_OFF (ACCT_R_STATUS_OFF+1)
206 #define AUTHOR_Q_AUTH_METH_OFF (TACPLUS_BODY_OFF)
207 #define AUTHOR_Q_PRIV_LVL_OFF (AUTHOR_Q_AUTH_METH_OFF+1)
208 #define AUTHOR_Q_AUTHEN_TYPE_OFF (AUTHOR_Q_PRIV_LVL_OFF+1)
209 #define AUTHOR_Q_SERVICE_OFF (AUTHOR_Q_AUTHEN_TYPE_OFF+1)
210 #define AUTHOR_Q_USER_LEN_OFF (AUTHOR_Q_SERVICE_OFF+1)
211 #define AUTHOR_Q_PORT_LEN_OFF (AUTHOR_Q_USER_LEN_OFF+1)
212 #define AUTHOR_Q_REM_ADDR_LEN_OFF (AUTHOR_Q_PORT_LEN_OFF+1)
213 #define AUTHOR_Q_ARGC_OFF (AUTHOR_Q_REM_ADDR_LEN_OFF+1)
214 #define AUTHOR_Q_VARDATA_OFF (AUTHOR_Q_ARGC_OFF+1)
217 #define AUTHOR_R_STATUS_OFF (TACPLUS_BODY_OFF)
218 #define AUTHOR_R_ARGC_OFF (AUTHOR_R_STATUS_OFF+1)
219 #define AUTHOR_R_SRV_MSG_LEN_OFF (AUTHOR_R_ARGC_OFF+1)
220 #define AUTHOR_R_DATA_LEN_OFF (AUTHOR_R_SRV_MSG_LEN_OFF+2)
221 #define AUTHOR_R_VARDATA_OFF (AUTHOR_R_DATA_LEN_OFF+2)
225 /* Packet structures */
235 /* Authentication START packet */
246 } tacplus_authen_start ;
248 /* Authentication CONTINUE packet */
254 } tacplus_authen_continue ;
256 /* Authentication REPLY packet */
263 } tacplus_authen_reply;
266 /* Authentication sub-PACKET */
268 tacplus_authen_start s; /* start */
269 tacplus_authen_continue c; /* continue */
270 tacplus_authen_reply r; /* reply (from srv) */
271 } tacplus_authen_pkt;
273 /* AUTHORIZATION request */
276 u_char authen_method;
279 u_char authen_service;
285 } tacplus_author_request;
293 } tacplus_author_reply;
296 tacplus_author_request q;
297 tacplus_author_reply r;
298 } tacplus_author_pkt;
300 /* ACCOUNTING request */
303 u_char authen_method;
306 u_char authen_service;
312 } tacplus_account_request;
319 } tacplus_account_reply;
322 tacplus_account_request q; /* Request */
323 tacplus_account_reply r; /* Reply */
324 } tacplus_account_pkt;
330 tacplus_authen_pkt authen;
331 tacplus_author_pkt author;
332 tacplus_account_pkt acct;
338 /* From my old tacacs dissector */
339 static value_string tacplus_type_vals[] = {
340 {TAC_PLUS_AUTHEN, "Authentication"},
341 {TAC_PLUS_AUTHOR, "Authorization" },
342 {TAC_PLUS_ACCT, "Accounting" },
345 static value_string tacplus_authen_action_vals[] = {
346 {TAC_PLUS_AUTHEN_LOGIN, "Inbound Login"},
347 {TAC_PLUS_AUTHEN_CHPASS, "Change password request"},
348 {TAC_PLUS_AUTHEN_SENDPASS, "Send password request"},
349 {TAC_PLUS_AUTHEN_SENDAUTH, "Outbound Request (SENDAUTH)"},
353 static value_string tacplus_authen_priv_lvl_vals[] = {
354 {TAC_PLUS_PRIV_LVL_MAX, "LVL_MAX"},
355 {TAC_PLUS_PRIV_LVL_ROOT, "LVL_ROOT"},
356 {TAC_PLUS_PRIV_LVL_USER, "LVL_USER"},
357 {TAC_PLUS_PRIV_LVL_MIN, "LVL_MIN"},
361 static value_string tacplus_authen_type_vals[] = {
362 {TAC_PLUS_AUTHEN_TYPE_ASCII, "ASCII"},
363 {TAC_PLUS_AUTHEN_TYPE_PAP, "PAP"},
364 {TAC_PLUS_AUTHEN_TYPE_CHAP, "CHAP"},
365 {TAC_PLUS_AUTHEN_TYPE_ARAP, "ARAP"},
366 {TAC_PLUS_AUTHEN_TYPE_MSCHAP, "MS-CHAP"},
369 static value_string tacplus_authen_service_vals[] = {
370 {TAC_PLUS_AUTHEN_SVC_NONE, "TAC_PLUS_AUTHEN_SVC_NONE"},
371 {TAC_PLUS_AUTHEN_SVC_LOGIN, "Login" },
372 {TAC_PLUS_AUTHEN_SVC_ENABLE, "ENABLE"},
373 {TAC_PLUS_AUTHEN_SVC_PPP, "PPP" },
374 {TAC_PLUS_AUTHEN_SVC_ARAP, "ARAP" },
375 {TAC_PLUS_AUTHEN_SVC_PT, "TAC_PLUS_AUTHEN_SVC_PT"},
376 {TAC_PLUS_AUTHEN_SVC_RCMD, "TAC_PLUS_AUTHEN_SVC_RCMD"},
377 {TAC_PLUS_AUTHEN_SVC_X25, "TAC_PLUS_AUTHEN_SVC_X25"},
378 {TAC_PLUS_AUTHEN_SVC_NASI, "TAC_PLUS_AUTHEN_SVC_NASI"},
379 {TAC_PLUS_AUTHEN_SVC_FWPROXY, "TAC_PLUS_AUTHEN_SVC_FWPROXY"},
382 static value_string tacplus_reply_status_vals[] = {
383 {TAC_PLUS_AUTHEN_STATUS_PASS, "Authentication Passed"},
384 {TAC_PLUS_AUTHEN_STATUS_FAIL, "Authentication Failed"},
385 {TAC_PLUS_AUTHEN_STATUS_GETDATA, "Send Data"},
386 {TAC_PLUS_AUTHEN_STATUS_GETUSER, "Send Username"},
387 {TAC_PLUS_AUTHEN_STATUS_GETPASS, "Send Password"},
388 {TAC_PLUS_AUTHEN_STATUS_RESTART, "Restart Authentication Sequence"},
389 {TAC_PLUS_AUTHEN_STATUS_ERROR, "Unrecoverable Error"},
390 {TAC_PLUS_AUTHEN_STATUS_FOLLOW, "Use Alternate Server"},
394 static value_string tacplus_authen_method[] = {
395 {TAC_PLUS_AUTHEN_METH_NOT_SET, "NOT_SET"},
396 {TAC_PLUS_AUTHEN_METH_NONE, "NONE"},
397 {TAC_PLUS_AUTHEN_METH_KRB5, "KRB5"},
398 {TAC_PLUS_AUTHEN_METH_LINE, "LINE"},
399 {TAC_PLUS_AUTHEN_METH_ENABLE, "ENABLE"},
400 {TAC_PLUS_AUTHEN_METH_LOCAL, "LOCAL"},
401 {TAC_PLUS_AUTHEN_METH_TACACSPLUS, "TACACSPLUS"},
402 {TAC_PLUS_AUTHEN_METH_GUEST, "GUEST"},
403 {TAC_PLUS_AUTHEN_METH_RADIUS, "RADIUS"},
404 {TAC_PLUS_AUTHEN_METH_KRB4, "KRB4"},
405 {TAC_PLUS_AUTHEN_METH_RCMD, "RCMD"},
408 static value_string tacplus_author_status[] = {
409 {TAC_PLUS_AUTHOR_STATUS_PASS_ADD, "PASS_ADD"},
410 {TAC_PLUS_AUTHOR_STATUS_PASS_REPL, "PASS_REPL"},
411 {TAC_PLUS_AUTHOR_STATUS_FAIL, "FAIL"},
412 {TAC_PLUS_AUTHOR_STATUS_ERROR, "ERROR"},
413 {TAC_PLUS_AUTHOR_STATUS_FOLLOW, "FOLLOW"},
416 static value_string tacplus_acct_status[] = {
417 {TAC_PLUS_ACCT_STATUS_SUCCESS, "Success"},
418 {TAC_PLUS_ACCT_STATUS_ERROR, "Error"},
419 {TAC_PLUS_ACCT_STATUS_FOLLOW, "Follow"},
422 #ifdef __TAC_ACCOUNTING__
423 static value_string tacplus_acct_flags[] = {
424 {TAC_PLUS_ACCT_FLAG_MORE, "More (deprecated)"},
425 {TAC_PLUS_ACCT_FLAG_START, "Start"},
426 {TAC_PLUS_ACCT_FLAG_STOP, "Stop"},
427 {TAC_PLUS_ACCT_FLAG_WATCHDOG,"Update"},
431 #endif /* __PACKET_TACACS_H__ */