*
* RFC 2865, RFC 2866, RFC 2867, RFC 2868, RFC 2869
*
- * $Id: packet-radius.c,v 1.96 2004/03/07 02:57:54 guy Exp $
+ * $Id$
*
* Ethereal - Network traffic analyzer
* By Gerald Combs <gerald@ethereal.com>
#include <ctype.h>
#include <glib.h>
#include <time.h>
+
+#include "isprint.h"
+
#include <epan/packet.h>
#include <epan/resolv.h>
enum {
RADIUS_STRING,
RADIUS_BINSTRING,
+ RADIUS_USERPASSWORD,
RADIUS_INTEGER4,
RADIUS_IP_ADDRESS,
RADIUS_IP6_ADDRESS,
#define VENDOR_CISCO 9
#define VENDOR_MERIT 61
#define VENDOR_SHIVA 166
+#define VENDOR_CISCO_VPN5000 255
#define VENDOR_LIVINGSTON 307
#define VENDOR_MICROSOFT 311
#define VENDOR_3COM 429
#define VENDOR_REDBACK 2352
#define VENDOR_JUNIPER 2636
#define VENDOR_APTIS 2637
+#define VENDOR_CISCO_VPN3000 3076
#define VENDOR_COSINE 3085
#define VENDOR_SHASTA 3199
#define VENDOR_NOMADIX 3309
#define VENDOR_SIEMENS 4329
#define VENDOR_UNISPHERE 4874
+#define VENDOR_CISCO_BBSM 5263
#define VENDOR_ISSANNI 5948
#define VENDOR_QUINTUM 6618
#define VENDOR_INTERLINK 6728
{VENDOR_CISCO, "Cisco"},
{VENDOR_MERIT, "Merit"},
{VENDOR_SHIVA, "Shiva"},
+ {VENDOR_CISCO_VPN5000, "Cisco VPN 5000"},
{VENDOR_MICROSOFT, "Microsoft"},
{VENDOR_LIVINGSTON, "Livingston"},
{VENDOR_3COM, "3Com"},
{VENDOR_REDBACK, "Redback"},
{VENDOR_JUNIPER, "Juniper Networks"},
{VENDOR_APTIS, "Aptis"},
+ {VENDOR_CISCO_VPN3000, "Cisco VPN 3000"},
{VENDOR_COSINE, "CoSine Communications"},
{VENDOR_SHASTA, "Shasta"},
{VENDOR_NOMADIX, "Nomadix"},
{VENDOR_SIEMENS, "SIEMENS"},
{VENDOR_UNISPHERE, "Unisphere Networks"},
+ {VENDOR_CISCO_BBSM, "Cisco BBSM"},
{VENDOR_ISSANNI, "Issanni Communications"},
{VENDOR_QUINTUM, "Quintum"},
{VENDOR_INTERLINK, "Interlink"},
{19, "Wireless IEEE 802.11"},
{0, NULL}
};
+/*
+ *Values for RADIUS Attribute 101, Error-Cause Attribute [RFC3576]:
+ */
+static const value_string radius_error_cause_attribute_vals[]= {
+ {201,"Residual Session Context Removed"},
+ {202,"Invalid EAP Packet (Ignored)"},
+ {401,"Unsupported Attribute"},
+ {402,"Missing Attribute"},
+ {403,"NAS Identification Mismatch"},
+ {404,"Invalid Request"},
+ {405,"Unsupported Service"},
+ {406,"Unsupported Extension"},
+ {501,"Administratively Prohibited"},
+ {502,"Request Not Routable (Proxy)"},
+ {503,"Session Context Not Found"},
+ {504,"Session Context Not Removable"},
+ {505,"Other Proxy Processing Error"},
+ {506,"Resources Unavailable"},
+ {507,"Request Initiated"},
+ {0,NULL}
+};
static const radius_attr_info radius_attrib[] =
{
{1, RADIUS_STRING, "User Name", NULL},
- {2, RADIUS_STRING, "User Password", NULL},
+ {2, RADIUS_USERPASSWORD, "User Password", NULL},
{3, RADIUS_BINSTRING, "CHAP Password", NULL},
{4, RADIUS_IP_ADDRESS, "NAS IP Address", NULL},
{5, RADIUS_INTEGER4, "NAS Port", NULL},
{98, RADIUS_IP6_ADDRESS, "Login IPv6 Host", NULL},
{99, RADIUS_STRING, "Framed IPV6 Route", NULL},
{100, RADIUS_STRING, "Framed IPV6 Pool", NULL},
+ {101, RADIUS_INTEGER4, "Error-Cause Attribute",radius_error_cause_attribute_vals},/*[RFC3576]*/
{120, RADIUS_INTEGER4, "Ascend Modem Port No", NULL},
{121, RADIUS_INTEGER4, "Ascend Modem Slot No", NULL},
{187, RADIUS_INTEGER4, "Ascend Multilink ID", NULL},
{39, RADIUS_STRING, "Acc Dialout Auth Password", NULL},
{40, RADIUS_STRING, "Acc Dialout Auth Username", NULL},
{42, RADIUS_INTEGER4, "Acc Access Community", radius_vendor_acc_access_community_vals},
+ {43, RADIUS_INTEGER4, "Acc Vpsm Reject Cause", NULL},
+ {44, RADIUS_STRING, "Acc Ace Token", NULL},
+ {45, RADIUS_INTEGER4, "Acc Ace Token-Ttl", NULL},
+ {46, RADIUS_STRING, "Acc Ip Pool Name", NULL},
+ {47, RADIUS_INTEGER4, "Acc Igmp Admin State", NULL},
+ {48, RADIUS_INTEGER4, "Acc Igmp Version", NULL},
+
+
{0, 0, NULL, NULL},
};
{0, 0, NULL, NULL},
};
+/*
+reference:
+ Cisco ACS 3.2 User Guide - Appendix D
+ http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacs4nt/acs32/user02/ad.htm#wp473517
+*/
+
+
+static const radius_attr_info radius_vendor_cisco_vpn5000_attrib[] =
+{
+ {1, RADIUS_INTEGER4, "CVPN5000-Tunnel-Throughput", NULL},
+ {2, RADIUS_IP_ADDRESS, "CVPN5000-Client-Assigned-IP", NULL},
+ {3, RADIUS_IP_ADDRESS, "CVPN5000-Client-Real-IP", NULL},
+ {4, RADIUS_STRING, "CVPN5000-VPN-GroupInfo", NULL},
+ {5, RADIUS_STRING, "CVPN5000-VPN-Password", NULL},
+ {6, RADIUS_INTEGER4, "CVPN5000-Echo", NULL},
+ {7, RADIUS_INTEGER4, "CVPN5000-Client-Assigned-IPX", NULL},
+ {0, 0, NULL, NULL},
+};
+
/*
reference:
'dictionary.livingston' file from FreeRADIUS
/*
reference:
- http://www.juniper.net/techpubs/software/junos53/swconfig53-getting-started/html/sys-mgmt-authentication2.html
+ http://www.juniper.net/techpubs/software/junos/junos62/swconfig62-system-basics/frameset.htm
*/
static const radius_attr_info radius_vendor_juniper_attrib[] =
{
{1, RADIUS_STRING, "Juniper Local User Name", NULL},
{2, RADIUS_STRING, "Juniper Allow Commands", NULL},
{3, RADIUS_STRING, "Juniper Deny Commands", NULL},
+ {4, RADIUS_STRING, "Juniper Allow Configuration", NULL},
+ {5, RADIUS_STRING, "Juniper Deny Configuration", NULL},
{0, 0, NULL, NULL}
};
{0, 0, NULL, NULL},
};
+/*
+reference:
+ Dictonary of Cisco ACS 3.1
+ http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_user_guide_chapter09186a0080102172.html#984410
+*/
+
+
+static const value_string radius_vendor_cisco_vpn3000_sep_card_assignment_vals[] =
+{
+ {1, "SEP 1"},
+ {2, "SEP 2"},
+ {3, "SEP 1 + SEP 2"},
+ {4, "SEP 3"},
+ {5, "SEP 1 + SEP 3"},
+ {6, "SEP 2 + SEP 3"},
+ {7, "SEP 1 + SEP 2 + SEP 3"},
+ {8, "SEP 4"},
+ {9, "SEP 1 + SEP 4"},
+ {10, "SEP 2 + SEP 4"},
+ {11, "SEP 1 + SEP 2 + SEP 4"},
+ {12, "SEP 3 + SEP 4"},
+ {13, "SEP 1 + SEP 3 + SEP 4"},
+ {14, "SEP 2 + SEP 3 + SEP 4"},
+ {15, "Any SEP"},
+ {0, NULL}
+};
+
+static const value_string radius_vendor_cisco_vpn3000_tunneling_protocols_vals[] =
+{
+ {1, "PPTP"},
+ {2, "L2TP"},
+ {3, "PPTP and L2TP"},
+ {4, "IPSec"},
+ {5, "PPTP and IPSec"},
+ {6, "L2TP and IPSec"},
+ {7, "PPTP - L2TP - IPSec"},
+ {8, "L2TP/IPSec"},
+ {9, "PPTP and L2TP/IPSec"},
+ {10, "L2TP and L2TP/IPSec"},
+ {11, "PPTP - L2TP - L2TP/IPSec"},
+ {0, NULL}
+};
+
+static const value_string radius_vendor_cisco_vpn3000_ipsec_authentication_vals[] =
+{
+ {0, "None"},
+ {1, "RADIUS"},
+ {3, "NT Domain"},
+ {4, "SDI"},
+ {5, "Internal"},
+ {6, "Radius with Expiry"},
+ {7, "KERBEROS / Active Directory"},
+ {0, NULL}
+};
+
+static const value_string radius_vendor_cisco_vpn3000_allow_pw_store_vals[] =
+{
+ {0, "False"},
+ {1, "True"},
+ {0, NULL}
+};
+
+static const value_string radius_vendor_cisco_vpn3000_use_client_address_vals[] =
+{
+ {0, "False"},
+ {1, "True"},
+ {0, NULL}
+};
+
+static const value_string radius_vendor_cisco_vpn3000_pptp_encryption_vals[] =
+{
+ {1, "Encryption required"},
+ {2, "40 Bits"},
+ {3, "40 Bits - Encryption required"},
+ {4, "128 Bits"},
+ {5, "128 Bits - Encryption required"},
+ {6, "40 or 128 Bits"},
+ {7, "40 or 128 Bits - Encryption required"},
+ {8, "Stateless Required"},
+ {9, "Encryption / Stateless required"},
+ {10, "40 Bits - Stateless required"},
+ {11, "40 Bits Encryption / Stateless required"},
+ {12, "128 Bits - Stateless required"},
+ {13, "128 Bits - Encryption / Stateless required"},
+ {14, "40/128 Bits - Stateless required"},
+ {15, "40/128 Bits - Encryption / Stateless required"},
+ {0, NULL}
+};
+
+
+static const value_string radius_vendor_cisco_vpn3000_l2tp_encryption_vals[] =
+{
+ {1, "Encryption required"},
+ {2, "40 Bits"},
+ {3, "40 Bits - Encryption required"},
+ {4, "128 Bits"},
+ {5, "128 Bits - Encryption required"},
+ {6, "40 or 128 Bits"},
+ {7, "40 or 128 Bits - Encryption required"},
+ {8, "Stateless Required"},
+ {9, "Encryption / Stateless required"},
+ {10, "40 Bits - Stateless required"},
+ {11, "40 Bits Encryption / Stateless required"},
+ {12, "128 Bits - Stateless required"},
+ {13, "128 Bits - Encryption / Stateless required"},
+ {14, "40/128 Bits - Stateless required"},
+ {15, "40/128 Bits - Encryption / Stateless required"},
+ {0, NULL}
+};
+
+static const value_string radius_vendor_cisco_vpn3000_tunnel_type_vals[] =
+{
+ {1, "LAN-to-LAN"},
+ {2, "Remote Access"},
+ {0, NULL}
+};
+
+static const value_string radius_vendor_cisco_vpn3000_mode_config_vals[] =
+{
+ {0, "OFF"},
+ {1, "ON"},
+ {0, NULL}
+};
+
+static const value_string radius_vendor_cisco_vpn3000_user_group_lock_vals[] =
+{
+ {0, "OFF"},
+ {1, "ON"},
+ {0, NULL}
+};
+
+static const value_string radius_vendor_cisco_vpn3000_ipsec_over_udp_vals[] =
+{
+ {0, "OFF"},
+ {1, "ON"},
+ {0, NULL}
+};
+
+static const value_string radius_vendor_cisco_vpn3000_pptp_mppc_compression_vals[] =
+{
+ {1, "ON"},
+ {2, "OFF"},
+ {0, NULL}
+};
+
+static const value_string radius_vendor_cisco_vpn3000_l2tp_mppc_compression_vals[] =
+{
+ {0, "ON"},
+ {1, "OFF"},
+ {0, NULL}
+};
+
+static const value_string radius_vendor_cisco_vpn3000_ipsec_ip_compression_vals[] =
+{
+ {0, "None"},
+ {1, "LZS"},
+ {0, NULL}
+};
+
+static const value_string radius_vendor_cisco_vpn3000_ipsec_ike_peer_idcheck_vals[] =
+{
+ {1, "Required"},
+ {2, "If supported by certifiate"},
+ {3, "Do not check"},
+ {0, NULL}
+};
+
+static const value_string radius_vendor_cisco_vpn3000_ike_keep_alives_vals[] =
+{
+ {0, "OFF"},
+ {1, "ON"},
+ {0, NULL}
+};
+
+
+static const value_string radius_vendor_cisco_vpn3000_auth_on_rekey_vals[] =
+{
+ {0, "OFF"},
+ {1, "ON"},
+ {0, NULL}
+};
+
+static const value_string radius_vendor_cisco_vpn3000_required_client_fw_vendor_code_vals[] =
+{
+ {1, "Cisco Systems (with CIC) "},
+ {2, "Zone Labs"},
+ {3, "Network ICE"},
+ {4, "Sygate"},
+ {5, "Cisco Systems (with CSA) "},
+ {0, NULL}
+};
+
+static const value_string radius_vendor_cisco_vpn3000_hw_client_auth_vals[] =
+{
+ {0, "OFF"},
+ {1, "ON"},
+ {0, NULL}
+};
+
+static const value_string radius_vendor_cisco_vpn_req_user_auth_vals[] =
+{
+ {0, "No"},
+ {1, "Yes"},
+ {0, NULL}
+};
+
+static const value_string radius_vendor_cisco_vpn3000_ip_phone_bypass_vals[] =
+{
+ {0, "No"},
+ {1, "Yes"},
+ {0, NULL}
+};
+
+static const value_string radius_vendor_cisco_vpn3000_ipsec_split_tunneling_policy_vals[] =
+{
+ {0, "Tunnel everything"},
+ {1, "Only tunnel networks in list"},
+ {0, NULL}
+};
+
+static const value_string radius_vendor_cisco_vpn3000_ipsec_required_client_fw_capability_vals[] =
+{
+ {0, "None"},
+ {1, "Policy defined by remote FW AYT"},
+ {2, "Policy pushed CPP"},
+ {4, "Policy from Server"},
+ {0, NULL}
+};
+
+static const value_string radius_vendor_cisco_vpn3000_ipsec_client_fw_filter_optional_vals[] =
+{
+ {0, "Required"},
+ {1, "Optional"},
+ {0, NULL}
+};
+
+static const value_string radius_vendor_cisco_vpn3000_ipsec_backup_servers_vals[] =
+{
+ {1, "User Client-configured list"},
+ {2, "Disable and clear client list"},
+ {3, "Use Backup server list"},
+ {0, NULL}
+};
+
+static const value_string radius_vendor_cisco_vpn3000_ms_client_intercept_dhcp_configure_message_vals[] =
+{
+ {0, "No"},
+ {1, "Yes"},
+ {0, NULL}
+};
+
+static const value_string radius_vendor_cisco_vpn3000_allow_network_extension_mode_vals[] =
+{
+ {0, "No"},
+ {1, "Yes"},
+ {0, NULL}
+};
+
+static const value_string radius_vendor_cisco_vpn3000_webvpn_content_filter_parameters_vals[] =
+{
+ {1, "Java & ActiveX"},
+ {2, "JavaScript"},
+ {3, "Java & ActiveX - JavaScript"},
+ {4, "Images"},
+ {5, "Java & ActiveX - Images"},
+ {6, "JavaScript - Images"},
+ {7, "Java & ActiveX - JavaScript - Images"},
+ {8, "Cookies"},
+ {9, "Cookies - Java & ActiveX"},
+ {10, "Cookies - Javascript"},
+ {11, "Cookies - Java & ActiveX - JavaScript"},
+ {12, "Cookies - Images"},
+ {13, "Cookies - Images - Java &ActiveX"},
+ {14, "Cookies - Images - JavaScript"},
+ {15, "Cookies - Images - Java &ActiveX - JavaScript"},
+ {0, NULL}
+};
+
+static const value_string radius_vendor_cisco_vpn3000_strip_realm_vals[] =
+{
+ {0, "No"},
+ {1, "Yes"},
+ {0, NULL}
+};
+
+static const radius_attr_info radius_vendor_cisco_vpn3000_attrib[] =
+{
+ {1, RADIUS_STRING, "CVPN3000-Access-Hours", NULL},
+ {2, RADIUS_INTEGER4, "CVPN3000-Simultaneous-Logins", NULL},
+ {5, RADIUS_IP_ADDRESS, "CVPN3000-Primary-DNS", NULL},
+ {6, RADIUS_IP_ADDRESS, "CVPN3000-Secondary-DNS", NULL},
+ {7, RADIUS_IP_ADDRESS, "CVPN3000-Primary-WINS", NULL},
+ {8, RADIUS_IP_ADDRESS, "CVPN3000-Secondary-WINS", NULL},
+ {9, RADIUS_INTEGER4, "CVPN3000-SEP-Card-Assignment", radius_vendor_cisco_vpn3000_sep_card_assignment_vals},
+ {11, RADIUS_INTEGER4, "CVPN3000-Tunneling-Protocols", radius_vendor_cisco_vpn3000_tunneling_protocols_vals},
+ {12, RADIUS_STRING, "CVPN3000-IPSec-Sec-Association", NULL},
+ {13, RADIUS_INTEGER4, "CVPN3000-IPSec-Authentication", radius_vendor_cisco_vpn3000_ipsec_authentication_vals},
+ {15, RADIUS_STRING, "CVPN3000-IPSec-Banner1", NULL},
+ {16, RADIUS_INTEGER4, "CVPN3000-IPSec-Allow-Passwd-Store", radius_vendor_cisco_vpn3000_allow_pw_store_vals},
+ {17, RADIUS_INTEGER4, "CVPN3000-Use-Client-Address", radius_vendor_cisco_vpn3000_use_client_address_vals},
+ {20, RADIUS_INTEGER4, "CVPN3000-PPTP-Encryption", radius_vendor_cisco_vpn3000_pptp_encryption_vals},
+ {21, RADIUS_INTEGER4, "CVPN3000-L2TP-Encryption", radius_vendor_cisco_vpn3000_l2tp_encryption_vals},
+ {27, RADIUS_STRING, "CVPN3000-IPSec-Split-Tunnel-List", NULL},
+ {28, RADIUS_STRING, "CVPN3000-IPSec-Default-Domain", NULL},
+ {29, RADIUS_STRING, "CVPN3000-IPSec-Split-DNS-Names", NULL},
+ {30, RADIUS_INTEGER4, "CVPN3000-IPSec-Tunnel-Type", radius_vendor_cisco_vpn3000_tunnel_type_vals},
+ {31, RADIUS_INTEGER4, "CVPN3000-IPSec-Mode-Config", radius_vendor_cisco_vpn3000_mode_config_vals},
+ {33, RADIUS_INTEGER4, "CVPN3000-IPSec-User-Group-Lock", radius_vendor_cisco_vpn3000_user_group_lock_vals},
+ {34, RADIUS_INTEGER4, "CVPN3000-IPSec-Over-UDP", radius_vendor_cisco_vpn3000_ipsec_over_udp_vals},
+ {35, RADIUS_INTEGER4, "CVPN3000-IPSec-Over-UDP-Port", NULL},
+ {36, RADIUS_STRING, "CVPN3000-IPSec-Banner2", NULL},
+ {37, RADIUS_INTEGER4, "CVPN3000-PPTP-MPPC-Compression", radius_vendor_cisco_vpn3000_pptp_mppc_compression_vals},
+ {38, RADIUS_INTEGER4, "CVPN3000-L2TP-MPPC-Compression", radius_vendor_cisco_vpn3000_l2tp_mppc_compression_vals},
+ {39, RADIUS_INTEGER4, "CVPN3000-IPSec-IP-Compression", radius_vendor_cisco_vpn3000_ipsec_ip_compression_vals},
+ {40, RADIUS_INTEGER4, "CVPN3000-IPSec-IKE-Peer-IDCheck", radius_vendor_cisco_vpn3000_ipsec_ike_peer_idcheck_vals},
+ {41, RADIUS_INTEGER4, "CVPN3000-IKE-Keep-Alives", radius_vendor_cisco_vpn3000_ike_keep_alives_vals},
+ {42, RADIUS_INTEGER4, "CVPN3000-IPSec-Auth-On-Rekey", radius_vendor_cisco_vpn3000_auth_on_rekey_vals},
+ {45, RADIUS_INTEGER4, "CVPN3000-Required-Client-Firewall-Vendor-Code", radius_vendor_cisco_vpn3000_required_client_fw_vendor_code_vals},
+ {46, RADIUS_INTEGER4, "CVPN3000-Required-Client-Firewall-Product-Code", NULL},
+ {47, RADIUS_STRING, "CVPN3000-Required-Client-Firewall-Description", NULL},
+ {48, RADIUS_INTEGER4, "CVPN3000-Require-HW-Client-Auth", radius_vendor_cisco_vpn3000_hw_client_auth_vals},
+ {49, RADIUS_INTEGER4, "CVPN3000-Required-Individual-User-Auth", radius_vendor_cisco_vpn_req_user_auth_vals},
+ {50, RADIUS_INTEGER4, "CVPN3000-Authenticated-User-Idle-Timeout", NULL},
+ {51, RADIUS_INTEGER4, "CVPN3000-Cisco-IP-Phone-Bypass", radius_vendor_cisco_vpn3000_ip_phone_bypass_vals},
+ {52, RADIUS_STRING, "CVPN3000-User-Auth-Server-Name", NULL},
+ {53, RADIUS_INTEGER4, "CVPN3000-User-Auth-Server-Port", NULL},
+ {54, RADIUS_STRING, "CVPN3000-User-Auth-Server-Secret", NULL},
+ {55, RADIUS_INTEGER4, "CVPN3000-IPSec-Split-Tunneling-Policy", radius_vendor_cisco_vpn3000_ipsec_split_tunneling_policy_vals},
+ {56, RADIUS_INTEGER4, "CVPN3000-IPSec-Required-Client-Firewall-Capability", radius_vendor_cisco_vpn3000_ipsec_required_client_fw_capability_vals},
+ {57, RADIUS_STRING, "CVPN3000-IPSec-Client-Firewall-Filter-Name", NULL},
+ {58, RADIUS_INTEGER4, "CVPN3000-IPSec-Client-Firewall-Filter-Optional", radius_vendor_cisco_vpn3000_ipsec_client_fw_filter_optional_vals},
+ {59, RADIUS_INTEGER4, "CVPN3000-IPSec-Backup-Servers", radius_vendor_cisco_vpn3000_ipsec_backup_servers_vals},
+ {60, RADIUS_STRING, "CVPN3000-IPSec-Backup-Server-List", NULL},
+ {62, RADIUS_INTEGER4, "CVPN3000-MS-Client-Intercept-DHCP-Configure-Message", radius_vendor_cisco_vpn3000_ms_client_intercept_dhcp_configure_message_vals},
+ {63, RADIUS_IP_ADDRESS, "CVPN3000-MS-Client-Subnet-Mask", NULL},
+ {64, RADIUS_INTEGER4, "CVPN3000-Allow-Network-Extension-Mode", radius_vendor_cisco_vpn3000_allow_network_extension_mode_vals},
+ {68, RADIUS_INTEGER4, "CVPN3000-Confidence-Interval", NULL},
+ {69, RADIUS_INTEGER4, "CVPN3000-WebVPN-Content-Filter-Parameters", radius_vendor_cisco_vpn3000_webvpn_content_filter_parameters_vals},
+ {70, RADIUS_INTEGER4, "CVPN3000-WebVPN-Enable-functions", NULL},
+ {74, RADIUS_STRING, "CVPN3000-WebVPN-Exchange-Server-Address", NULL},
+ {75, RADIUS_INTEGER4, "CVPN3000-Cisco-LEAP-Bypass", NULL},
+ {77, RADIUS_STRING, "CVPN3000-Client-Type-Version-Limiting", NULL},
+ {78, RADIUS_STRING, "CVPN3000-WebVPN-ExchangeServer-NETBIOS-Name", NULL},
+ {79, RADIUS_STRING, "CVPN3000-Port-Forwarding-Name", NULL},
+ {135, RADIUS_INTEGER4, "CVPN3000-Strip-Realm", radius_vendor_cisco_vpn3000_strip_realm_vals},
+ {0, 0, NULL, NULL}
+};
+
static const radius_attr_info radius_vendor_cosine_attrib[] =
{
{1, RADIUS_STRING, "Connection Profile Name", NULL},
/*
reference:
- 'dictionary.erx' file from FreeRADIUS
- http://www.freeradius.org/radiusd/raddb/dictionary.erx
+ 'unisphere5-2.dct' file from Juniper Networks
+ http://www.juniper.net/techpubs/software/erx/junose52/unisphere5-2.dct
*/
+
+static const value_string radius_vendor_unisphere_ingress_statistics_vals[] =
+{
+ {0, "Disable"},
+ {1, "Enable"}
+};
+
+static const value_string radius_vendor_unisphere_egress_statistics_vals[] =
+{
+ {0, "Disable"},
+ {1, "Enable"}
+};
+
+static const value_string radius_vendor_unisphere_atm_service_category_vals[] =
+{
+ {1, "UBR"},
+ {2, "UBRPCR"},
+ {3, "nrtVBR"},
+ {4, "CBR"},
+ {0, "NULL"}
+};
+
+static const value_string radius_vendor_unisphere_cli_allow_all_vr_access_vals[] =
+{
+ {0, "Disable"},
+ {1, "Enable"},
+};
+
+static const value_string radius_vendor_unisphere_sa_validate_vals[] =
+{
+ {0, "Disable"},
+ {1, "Enable"},
+};
+
+static const value_string radius_vendor_unisphere_igmp_enable_vals[] =
+{
+ {0, "Disable"},
+ {1, "Enable"},
+};
+
+static const value_string radius_vendor_unisphere_ppp_protocol_vals[] =
+{
+ {0, "none"},
+ {1, "pap"},
+ {2, "chap"},
+ {3, "pap-chap"},
+ {4, "chap-pap"}
+};
+
+static const value_string radius_vendor_unisphere_tunnel_bearer_type_vals[] =
+{
+ {0, "none"},
+ {1, "analog"},
+ {2, "digital"},
+};
+
+
static const radius_attr_info radius_vendor_unisphere_attrib[] =
{
{1, RADIUS_STRING, "ERX Virtual Router Name", NULL},
{9, RADIUS_STRING, "ERX Tunnel Password", NULL},
{10, RADIUS_STRING, "ERX Ingress Policy Name", NULL},
{11, RADIUS_STRING, "ERX Egress Policy Name", NULL},
- {12, RADIUS_STRING, "ERX Ingress Statistics", NULL},
- {13, RADIUS_STRING, "ERX Egress Statistics", NULL},
- {14, RADIUS_STRING, "ERX Atm Service Category", NULL},
+ {12, RADIUS_STRING, "ERX Ingress Statistics", radius_vendor_unisphere_ingress_statistics_vals},
+ {13, RADIUS_STRING, "ERX Egress Statistics", radius_vendor_unisphere_egress_statistics_vals},
+ {14, RADIUS_STRING, "ERX Atm Service Category", radius_vendor_unisphere_atm_service_category_vals},
{15, RADIUS_STRING, "ERX Atm PCR", NULL},
{16, RADIUS_STRING, "ERX Atm SCR", NULL},
{17, RADIUS_STRING, "ERX Atm MBS", NULL},
{18, RADIUS_STRING, "ERX Cli Initial Access Level", NULL},
- {19, RADIUS_INTEGER4, "ERX Cli Allow All VR Access", NULL},
+ {19, RADIUS_INTEGER4, "ERX Cli Allow All VR Access", radius_vendor_unisphere_cli_allow_all_vr_access_vals},
{20, RADIUS_STRING, "ERX Alternate Cli Access Level", NULL},
{21, RADIUS_STRING, "ERX Alternate Cli Vrouter Name", NULL},
- {22, RADIUS_INTEGER4, "ERX Sa Validate", NULL},
- {23, RADIUS_INTEGER4, "ERX Igmp Enable", NULL},
+ {22, RADIUS_INTEGER4, "ERX Sa Validate", radius_vendor_unisphere_sa_validate_vals},
+ {23, RADIUS_INTEGER4, "ERX Igmp Enable", radius_vendor_unisphere_igmp_enable_vals},
+ {24, RADIUS_STRING, "ERX PPPoE Description", NULL},
+ {25, RADIUS_STRING, "ERX Redirect Virtual Router Name", NULL},
+ {26, RADIUS_STRING, "ERX Qos Profile Name", NULL},
+ /* 27 Unused */
+ {28, RADIUS_STRING, "ERX PPPoE URL", NULL},
+ /* 29,30 Unused */
+ {31, RADIUS_STRING, "ERX Service Bundle", NULL},
+ /* 32 Unused */
+ {33, RADIUS_INTEGER4, "ERX Tunnel Max Sessions", NULL},
+ {34, RADIUS_INTEGER4, "ERX Framed IP Route Tag", NULL},
+ {35, RADIUS_STRING, "ERX Tunnel Dialout Number", NULL},
+ {36, RADIUS_STRING, "ERX PPP Username", NULL},
+ {37, RADIUS_STRING, "ERX PPP Password", NULL},
+ {38, RADIUS_INTEGER4, "ERX PPP Protocol", radius_vendor_unisphere_ppp_protocol_vals},
+ {39, RADIUS_INTEGER4, "ERX Tunnel Min Bps", NULL},
+ {40, RADIUS_INTEGER4, "ERX Tunnel Max Bps", NULL},
+ {41, RADIUS_INTEGER4, "ERX Tunnel Bearer Type", radius_vendor_unisphere_tunnel_bearer_type_vals},
+ {42, RADIUS_INTEGER4, "ERX Input Gigapackets", NULL},
+ {43, RADIUS_INTEGER4, "ERX Output Gigapackets", NULL},
+ {44, RADIUS_STRING, "ERX Tunnel Interface Id", NULL},
+ {45, RADIUS_STRING, "ERX IPV6 Virtual Router", NULL},
+ {46, RADIUS_STRING, "ERX IPV6 Local Interface", NULL},
+ {47, RADIUS_IP6_ADDRESS, "ERX IPV6 Primary Dns", NULL},
+ {48, RADIUS_IP6_ADDRESS, "ERX IPV6 Secondary Dns", NULL},
+ {0, 0, NULL, NULL},
+};
+
+/*
+reference:
+ Cisco ACS 3.2 User Guide - Appendix D
+ http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacs4nt/acs32/user02/ad.htm#wp473531
+*/
+
+static const radius_attr_info radius_vendor_cisco_bbsm_attrib[] =
+{
+ {1, RADIUS_INTEGER4, "CBBSM-Bandwidth", NULL},
{0, 0, NULL, NULL},
};
{VENDOR_ACC, radius_vendor_acc_attrib},
{VENDOR_CISCO, radius_vendor_cisco_attrib},
{VENDOR_SHIVA, radius_vendor_shiva_attrib},
+ {VENDOR_CISCO_VPN5000, radius_vendor_cisco_vpn5000_attrib},
{VENDOR_LIVINGSTON, radius_vendor_livingston_attrib},
{VENDOR_MICROSOFT, radius_vendor_microsoft_attrib},
{VENDOR_ASCEND, radius_vendor_ascend_attrib},
{VENDOR_VERSANET, radius_vendor_versanet_attrib},
{VENDOR_REDBACK, radius_vendor_redback_attrib},
{VENDOR_JUNIPER, radius_vendor_juniper_attrib},
+ {VENDOR_CISCO_VPN3000, radius_vendor_cisco_vpn3000_attrib},
{VENDOR_APTIS, radius_vendor_aptis_attrib},
{VENDOR_COSINE, radius_vendor_cosine_attrib},
{VENDOR_SHASTA, radius_vendor_shasta_attrib},
{VENDOR_NOMADIX, radius_vendor_nomadix_attrib},
{VENDOR_UNISPHERE, radius_vendor_unisphere_attrib},
+ {VENDOR_CISCO_BBSM, radius_vendor_cisco_bbsm_attrib},
{VENDOR_ISSANNI, radius_vendor_issanni_attrib},
{VENDOR_QUINTUM, radius_vendor_quintum_attrib},
{VENDOR_COLUBRIS, radius_vendor_colubris_attrib},
totlen=1;
for (i=0; i < (guint32)length; i++)
{
- if( isalnum((int)pd[i])||ispunct((int)pd[i])
- ||((int)pd[i]==' ')) {
+ if( isprint((int)pd[i])) {
dest[totlen]=(gchar)pd[i];
totlen++;
}
dest[totlen+1]=0;
}
-#if GLIB_MAJOR_VERSION >= 2
-/*
- * XXX - "isprint()" can return "true" for non-ASCII characters, but
- * those don't work with GTK+ 1.3 or later, as they take UTF-8 strings
- * as input. Until we fix up Ethereal to properly handle non-ASCII
- * characters in all output (both GUI displays and text printouts)
- * in those versions of GTK+, we work around the problem by escaping
- * all characters that aren't printable ASCII.
- *
- * We don't know what version of GTK+ we're using, as dissectors don't
- * use any GTK+ stuff; we use GLib as a proxy for that, with GLib 2.x
- * implying GTK+ 1.3 or later (we don't support GLib 1.3[.x]).
- */
-#undef isprint
-#define isprint(c) (c >= 0x20 && c < 0x7f)
-#endif
+static void
+rdconvertbufftobinstr(gchar *dest, tvbuff_t *tvb, int offset, int length)
+{
+/*converts the raw buffer into printable hex display */
+ guint32 i;
+ guint32 totlen=0;
+ const guint8 *pd = tvb_get_ptr(tvb, offset, length);
+ static const char hex[16] = { '0', '1', '2', '3', '4', '5', '6', '7',
+ '8', '9', 'A', 'B', 'C', 'D', 'E', 'F' };
+
+ for (i=0; i < (guint32)length; i++)
+ {
+ dest[totlen] = hex[pd[i] >> 4];
+ totlen++;
+ dest[totlen] = hex[pd[i] & 0xF];
+ totlen++;
+ }
+ dest[totlen]='\0';
+}
static void
rddecryptpass(gchar *dest,tvbuff_t *tvb,int offset,int length)
guchar c;
if (shared_secret[0] == '\0' || !authenticator ) {
- rdconvertbufftostr(dest,tvb,offset,length);
+ rdconvertbufftobinstr(dest,tvb,offset,length);
return;
}
dest[totlen+1] = '\0';
}
-static void
-rdconvertbufftobinstr(gchar *dest, tvbuff_t *tvb, int offset, int length)
-{
-/*converts the raw buffer into printable text */
- guint32 i;
- guint32 totlen=0;
- const guint8 *pd = tvb_get_ptr(tvb, offset, length);
- static const char hex[16] = { '0', '1', '2', '3', '4', '5', '6', '7',
- '8', '9', 'A', 'B', 'C', 'D', 'E', 'F' };
-
- for (i=0; i < (guint32)length; i++)
- {
- dest[totlen] = hex[pd[i] >> 4];
- totlen++;
- dest[totlen] = hex[pd[i] & 0xF];
- totlen++;
- }
- dest[totlen]='\0';
-}
-
static gchar *rd_match_strval(guint32 val, const value_string *vs) {
return val_to_str(val, vs, "Undefined");
}
switch(attr_info->value_type)
{
case( RADIUS_STRING ):
- /* User Password, but only, if not inside vsa */
- if ( avph->avp_type == 2 && (*vsabuffer)[0].str == 0 ) {
- rddecryptpass(cont,tvb,offset+2,avph->avp_length-2);
- } else {
- rdconvertbufftostr(cont,tvb,offset+2,avph->avp_length-2);
- }
+ rdconvertbufftostr(cont,tvb,offset+2,avph->avp_length-2);
break;
case( RADIUS_BINSTRING ):
rdconvertbufftobinstr(cont,tvb,offset+2,avph->avp_length-2);
break;
+ case( RADIUS_USERPASSWORD ):
+ rddecryptpass(cont,tvb,offset+2,avph->avp_length-2);
+ break;
+
case( RADIUS_INTEGER4 ):
intval = tvb_get_ntohl(tvb,offset+2);
if (attr_info->vs != NULL)
case( RADIUS_IP6_INTF_ID ):
ipv6_prefix_length = tvb_get_guint8(tvb,offset+1);
- bzero(ipv6_addr_temp, 16);
+ memset(ipv6_addr_temp, 0, 16);
if (ipv6_prefix_length > 16) ipv6_prefix_length = 16;
tvb_memcpy(tvb, ipv6_addr_temp, offset+2, ipv6_prefix_length);
ip6_to_str_buf((const struct e_in6_addr *)ipv6_addr_temp, cont);
guint8 *reassembled_data = NULL;
int reassembled_data_len = 0;
int data_needed = 0;
+ char *attr_info_str = "(Invalid)";
if (avplength==0)
{
* fields, so it must be >= 2.
*/
if (tree) {
+ if (attr_info) {
+ attr_info_str = attr_info->str;
+ }
proto_tree_add_text(tree, tvb, offset, avph.avp_length,
"t:%s(%u) l:%u (length not >= 2)",
- attr_info->str, avph.avp_type, avph.avp_length);
+ attr_info_str, avph.avp_type, avph.avp_length);
}
break;
}
git.samba.org / obnox / wireshark / wip.git / blobdiff