Initial import of libpam-tacplus (1.4.3-cl3u4)

3 files changed, 466 insertions, 0 deletions

diff --git a/libtac/include/cdefs.h b/libtac/include/cdefs.h
new file mode 100644
index 0000000..13d4ad5
--- /dev/null
+++ b/libtac/include/cdefs.h
@@ -0,0 +1,62 @@
+/* cdefs.h
+ *
+ * Copyright (C) 2010, Pawel Krawczyk <pawel.krawczyk@hush.com> and
+ * Jeroen Nijhof <jeroen@jeroennijhof.nl>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program - see the file COPYING.
+ *
+ * See `CHANGES' file for revision history.
+ */
+
+#ifndef _CDEFS_H
+#define _CDEFS_H
+
+#undef __P
+#if defined(__STDC__) || defined(__cplusplus)
+#define __P(p) p
+#else
+#define __P(p)
+#endif
+#define	_PTR      void *
+#define	_ANDi     ,
+#define	_NOARGS   void
+#define	_CONST    const
+#define	_VOLATILE volatile
+#define	_SIGNED   signed
+#define	_DOTS     , ...
+#define	_VOID     void
+#define	_EXFUN(name, proto) name proto
+#define	_DEFUN(name, arglist, args) name(args)
+#define	_DEFUN_VOID(name) name(_NOARGS)
+#define	_CAST_VOID (void)
+#ifndef	_LONG_DOUBLE
+#define	_LONG_DOUBLE long double
+#endif
+#ifndef	_PARAMS
+#define	_PARAMS(paramlist)		paramlist
+#endif
+
+/* Support gcc's __attribute__ facility.  */
+
+#define _ATTRIBUTE(attrs) __attribute__ ((attrs))
+
+#if defined(__cplusplus)
+#define __BEGIN_DECLS extern "C" {
+#define __END_DECLS }
+#else
+#define __BEGIN_DECLS
+#define __END_DECLS
+#endif
+
+#endif
diff --git a/libtac/include/libtac.h b/libtac/include/libtac.h
new file mode 100644
index 0000000..9573fe4
--- /dev/null
+++ b/libtac/include/libtac.h
@@ -0,0 +1,173 @@
+/* libtac.h
+ *
+ * Copyright (C) 2010, Pawel Krawczyk <pawel.krawczyk@hush.com> and
+ * Jeroen Nijhof <jeroen@jeroennijhof.nl>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program - see the file COPYING.
+ *
+ * See `CHANGES' file for revision history.
+ */
+
+#ifndef _LIB_TAC_H
+#define _LIB_TAC_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#include <stdarg.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <syslog.h>
+#include <string.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <arpa/inet.h>
+#include <netdb.h>
+#include <unistd.h>
+#include <sys/types.h>
+#ifdef __linux__
+#include <sys/cdefs.h>
+#else
+#include "cdefs.h"
+#endif
+#include "tacplus.h"
+
+#if defined(DEBUGTAC) && !defined(TACDEBUG)
+#define TACDEBUG(x) syslog x;
+#else
+//#define TACDEBUG(x) syslog x;
+#define TACDEBUG(x)
+#endif
+
+#define TACSYSLOG(x) syslog x;
+
+#if defined(TACDEBUG_AT_RUNTIME)
+#undef TACDEBUG
+#undef TACSYSLOG
+#define TACDEBUG(x) if (tac_debug_enable) (void)logmsg x;
+#define TACSYSLOG(x) (void)logmsg x;
+extern int logmsg __P((int, const char*, ...));
+#endif
+
+/* u_int32_t support for sun */
+#ifdef sun
+typedef unsigned int u_int32_t;
+#endif
+
+struct tac_attrib {
+    char *attr;
+    u_char attr_len;
+    struct tac_attrib *next;
+};
+
+struct areply {
+    struct tac_attrib *attr;
+    char *msg;
+    int status : 8;
+    int flags : 8;
+    int seq_no : 8;
+};
+
+#ifndef TAC_PLUS_MAXSERVERS
+#define TAC_PLUS_MAXSERVERS 8
+#endif
+
+#ifndef TAC_PLUS_MAX_PACKET_SIZE
+#define TAC_PLUS_MAX_PACKET_SIZE 128000 /* bytes */
+#endif
+
+#ifndef TAC_PLUS_PORT
+#define	TAC_PLUS_PORT 49
+#endif
+
+#define TAC_PLUS_READ_TIMEOUT  180    /* seconds */
+#define TAC_PLUS_WRITE_TIMEOUT 180    /* seconds */
+
+/* Internal status codes
+ *   all negative, tacplus status codes are >= 0
+ */
+
+#define LIBTAC_STATUS_ASSEMBLY_ERR  -1
+#define LIBTAC_STATUS_PROTOCOL_ERR  -2
+#define LIBTAC_STATUS_READ_TIMEOUT  -3
+#define LIBTAC_STATUS_WRITE_TIMEOUT -4
+#define LIBTAC_STATUS_WRITE_ERR     -5
+#define LIBTAC_STATUS_SHORT_HDR     -6
+#define LIBTAC_STATUS_SHORT_BODY    -7
+#define LIBTAC_STATUS_CONN_TIMEOUT  -8
+#define LIBTAC_STATUS_CONN_ERR      -9
+#define LIBTAC_STATUS_CONN_CLOSED   -10
+
+/* Runtime flags */
+
+/* version.c */
+extern int tac_ver_major;
+extern int tac_ver_minor;
+extern int tac_ver_patch;
+
+/* header.c */
+extern int session_id;
+extern int tac_encryption;
+extern const char *tac_secret;
+extern char tac_login[64];
+extern int tac_priv_lvl;
+extern int tac_authen_method;
+extern int tac_authen_service;
+
+extern int tac_debug_enable;
+extern int tac_readtimeout_enable;
+
+/* connect.c */
+extern int tac_timeout;
+
+int tac_connect(struct addrinfo **, char **, int, char *iface);
+int tac_connect_single(struct addrinfo *, const char *, struct addrinfo *,
+    char *iface);
+char *tac_ntop(const struct sockaddr *);
+
+int tac_authen_send(int, const char *, char *, char *,
+    char *, u_char);
+int tac_authen_read(int, struct areply *);
+int tac_cont_send_seq(int, char *, int);
+#define tac_cont_send(fd, pass) tac_cont_send_seq((fd), (pass), 3)
+HDR *_tac_req_header(u_char, int);
+void _tac_crypt(u_char *, HDR *, int);
+u_char *_tac_md5_pad(int, HDR *);
+void tac_add_attrib(struct tac_attrib **, char *, char *);
+void tac_free_attrib(struct tac_attrib **);
+char *tac_acct_flag2str(int);
+int tac_acct_send(int, int, const char *, char *, char *,
+    struct tac_attrib *);
+int tac_acct_read(int, struct areply *);
+void *tac_xcalloc(size_t, size_t);
+void *tac_xrealloc(void *, size_t);
+char *tac_xstrcpy(char *, const char *, size_t);
+char *tac_xstrdup(const char *);
+char *_tac_check_header(HDR *, int);
+int tac_author_send(int, const char *, char *, char *,
+    struct tac_attrib *);
+int tac_author_read(int, struct areply *);
+void tac_add_attrib_pair(struct tac_attrib **, char *, char,
+    char *);
+int tac_read_wait(int, int, int, int *);
+
+/* magic.c */
+u_int32_t tac_magic(void);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/libtac/include/tacplus.h b/libtac/include/tacplus.h
new file mode 100644
index 0000000..fcee849
--- /dev/null
+++ b/libtac/include/tacplus.h
@@ -0,0 +1,231 @@
+/* tacplus.h
+ *
+ * Copyright (C) 2010, Pawel Krawczyk <pawel.krawczyk@hush.com> and
+ * Jeroen Nijhof <jeroen@jeroennijhof.nl>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program - see the file COPYING.
+ *
+ * See `CHANGES' file for revision history.
+ */
+
+#ifndef _TACPLUS_H
+#define _TACPLUS_H
+
+/* All tacacs+ packets have the same header format */
+struct tac_plus_pak_hdr {
+    u_char version;
+
+#define TAC_PLUS_MAJOR_VER_MASK 0xf0
+#define TAC_PLUS_MAJOR_VER      0xc0
+
+#define TAC_PLUS_MINOR_VER_0 0x00
+#define TAC_PLUS_VER_0  (TAC_PLUS_MAJOR_VER | TAC_PLUS_MINOR_VER_0)
+
+#define TAC_PLUS_MINOR_VER_1 0x01
+#define TAC_PLUS_VER_1  (TAC_PLUS_MAJOR_VER | TAC_PLUS_MINOR_VER_1)
+
+    u_char type;
+
+#define TAC_PLUS_AUTHEN 0x01
+#define TAC_PLUS_AUTHOR	0x02
+#define TAC_PLUS_ACCT   0x03
+
+    u_char seq_no;        /* packet sequence number */
+    u_char encryption;    /* packet is encrypted or cleartext */
+
+#define TAC_PLUS_ENCRYPTED_FLAG      0x00    /* packet is encrypted */
+#define TAC_PLUS_UNENCRYPTED_FLAG    0x01    /* packet is unencrypted */
+#define TAC_PLUS_SINGLE_CONNECT_FLAG 0x04    /* multiplexing supported */
+
+    int session_id;    /* session identifier FIXME: Is this needed? */
+    int datalength;    /* length of encrypted data following this
+                          header datalength bytes of encrypted data */
+};
+
+#define TAC_PLUS_HDR_SIZE 12
+
+typedef struct tac_plus_pak_hdr HDR;
+
+/* Authentication packet NAS sends to us */
+struct authen_start {
+    u_char action;
+
+#define TAC_PLUS_AUTHEN_LOGIN    0x01
+#define TAC_PLUS_AUTHEN_CHPASS   0x02
+#define TAC_PLUS_AUTHEN_SENDPASS 0x03 /* deprecated */
+#define TAC_PLUS_AUTHEN_SENDAUTH 0x04
+
+    u_char priv_lvl;
+
+#define TAC_PLUS_PRIV_LVL_MIN  0x00
+#define TAC_PLUS_PRIV_LVL_MAX  0x0f
+#define TAC_PLUS_PRIV_LVL_USER 0x01
+#define TAC_PLUS_PRIV_LVL_ROOT 0x0f
+
+    u_char authen_type;
+
+#define TAC_PLUS_AUTHEN_TYPE_ASCII  0x01
+#define TAC_PLUS_AUTHEN_TYPE_PAP    0x02
+#define TAC_PLUS_AUTHEN_TYPE_CHAP   0x03
+#define TAC_PLUS_AUTHEN_TYPE_ARAP   0x04
+#define TAC_PLUS_AUTHEN_TYPE_MSCHAP 0x05
+
+    u_char service;
+
+#define TAC_PLUS_AUTHEN_SVC_NONE    0x00
+#define TAC_PLUS_AUTHEN_SVC_LOGIN   0x01
+#define TAC_PLUS_AUTHEN_SVC_ENABLE  0x02
+#define TAC_PLUS_AUTHEN_SVC_PPP     0x03
+#define TAC_PLUS_AUTHEN_SVC_ARAP    0x04
+#define TAC_PLUS_AUTHEN_SVC_PT      0x05
+#define TAC_PLUS_AUTHEN_SVC_RCMD    0x06
+#define TAC_PLUS_AUTHEN_SVC_X25     0x07
+#define TAC_PLUS_AUTHEN_SVC_NASI    0x08
+#define TAC_PLUS_AUTHEN_SVC_FWPROXY 0x09
+
+    u_char user_len;
+    u_char port_len;
+    u_char r_addr_len;
+    u_char data_len;
+};
+
+#define TAC_AUTHEN_START_FIXED_FIELDS_SIZE 8
+
+/* Authentication continue packet NAS sends to us */
+struct authen_cont {
+    u_short user_msg_len;
+    u_short user_data_len;
+    u_char flags;
+
+#define TAC_PLUS_CONTINUE_FLAG_ABORT 0x01
+
+};
+
+#define TAC_AUTHEN_CONT_FIXED_FIELDS_SIZE 5
+
+/* Authentication reply packet we send to NAS */
+struct authen_reply {
+    u_char status;
+
+#define TAC_PLUS_AUTHEN_STATUS_PASS    0x01
+#define TAC_PLUS_AUTHEN_STATUS_FAIL    0x02
+#define TAC_PLUS_AUTHEN_STATUS_GETDATA 0x03
+#define TAC_PLUS_AUTHEN_STATUS_GETUSER 0x04
+#define TAC_PLUS_AUTHEN_STATUS_GETPASS 0x05
+#define TAC_PLUS_AUTHEN_STATUS_RESTART 0x06
+#define TAC_PLUS_AUTHEN_STATUS_ERROR   0x07
+#define TAC_PLUS_AUTHEN_STATUS_FOLLOW  0x21
+
+    u_char flags;
+
+#define TAC_PLUS_AUTHEN_FLAG_NOECHO 0x01
+
+    u_short msg_len;
+    u_short data_len;
+};
+
+#define TAC_AUTHEN_REPLY_FIXED_FIELDS_SIZE 6
+
+#define TAC_PLUS_AUTHEN_METH_NOT_SET    0x00
+#define TAC_PLUS_AUTHEN_METH_NONE       0x01
+#define TAC_PLUS_AUTHEN_METH_KRB5       0x02
+#define TAC_PLUS_AUTHEN_METH_LINE       0x03
+#define TAC_PLUS_AUTHEN_METH_ENABLE     0x04
+#define TAC_PLUS_AUTHEN_METH_LOCAL      0x05
+#define TAC_PLUS_AUTHEN_METH_TACACSPLUS 0x06
+#define TAC_PLUS_AUTHEN_METH_GUEST      0x08
+#define TAC_PLUS_AUTHEN_METH_RADIUS     0x10
+#define TAC_PLUS_AUTHEN_METH_KRB4       0x11
+#define TAC_PLUS_AUTHEN_METH_RCMD       0x20
+
+#define AUTHEN_METH_NONE       TAC_PLUS_AUTHEN_METH_NONE
+#define AUTHEN_METH_KRB5       TAC_PLUS_AUTHEN_METH_KRB5
+#define AUTHEN_METH_LINE       TAC_PLUS_AUTHEN_METH_LINE
+#define AUTHEN_METH_ENABLE     TAC_PLUS_AUTHEN_METH_ENABLE
+#define AUTHEN_METH_LOCAL      TAC_PLUS_AUTHEN_METH_LOCAL
+#define AUTHEN_METH_TACACSPLUS TAC_PLUS_AUTHEN_METH_TACACSPLUS
+#define AUTHEN_METH_RCMD       TAC_PLUS_AUTHEN_METH_RCMD
+
+struct acct {
+    u_char flags;
+
+#define TAC_PLUS_ACCT_FLAG_MORE     0x01
+#define TAC_PLUS_ACCT_FLAG_START    0x02
+#define TAC_PLUS_ACCT_FLAG_STOP     0x04
+#define TAC_PLUS_ACCT_FLAG_WATCHDOG 0x08
+
+    u_char authen_method;
+    u_char priv_lvl;
+    u_char authen_type;
+    u_char authen_service;
+    u_char user_len;
+    u_char port_len;
+    u_char r_addr_len;
+    u_char arg_cnt;    /* the number of cmd args */
+};
+
+#define TAC_ACCT_REQ_FIXED_FIELDS_SIZE 9
+
+struct acct_reply {
+    u_short msg_len;
+    u_short data_len;
+    u_char status;
+
+#define TAC_PLUS_ACCT_STATUS_SUCCESS 0x1
+#define TAC_PLUS_ACCT_STATUS_ERROR   0x2
+#define TAC_PLUS_ACCT_STATUS_FOLLOW  0x21
+
+};
+
+#define TAC_ACCT_REPLY_FIXED_FIELDS_SIZE 5
+
+/* An authorization request packet */
+struct author {
+    u_char authen_method;
+    u_char priv_lvl;
+    u_char authen_type;
+    u_char service;
+
+    u_char user_len;
+    u_char port_len;
+    u_char r_addr_len;
+    u_char arg_cnt;    /* the number of args */
+};
+
+#define TAC_AUTHOR_REQ_FIXED_FIELDS_SIZE 8
+
+/* An authorization reply packet */
+struct author_reply {
+    u_char status;
+    u_char arg_cnt;
+    u_short msg_len;
+    u_short data_len;
+
+#define TAC_PLUS_AUTHOR_STATUS_PASS_ADD  0x01
+#define TAC_PLUS_AUTHOR_STATUS_PASS_REPL 0x02
+#define TAC_PLUS_AUTHOR_STATUS_FAIL      0x10
+#define TAC_PLUS_AUTHOR_STATUS_ERROR     0x11
+#define TAC_PLUS_AUTHOR_STATUS_FOLLOW    0x21
+
+#define AUTHOR_STATUS_PASS_ADD       TAC_PLUS_AUTHOR_STATUS_PASS_ADD
+#define AUTHOR_STATUS_PASS_REPL      TAC_PLUS_AUTHOR_STATUS_PASS_REPL
+#define AUTHOR_STATUS_FAIL           TAC_PLUS_AUTHOR_STATUS_FAIL
+#define AUTHOR_STATUS_ERROR          TAC_PLUS_AUTHOR_STATUS_ERROR
+#define AUTHOR_STATUS_FOLLOW         TAC_PLUS_AUTHOR_STATUS_FOLLOW
+
+};
+
+#define TAC_AUTHOR_REPLY_FIXED_FIELDS_SIZE 6
+
+#endif