blob: 4852ac7b0ebf651e0cfe8d19aed8d055eddea28f (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
|
/* header.c - Create pre-filled header for TACACS+ request.
*
* Copyright (C) 2010, Pawel Krawczyk <pawel.krawczyk@hush.com> and
* Jeroen Nijhof <jeroen@jeroennijhof.nl>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program - see the file COPYING.
*
* See `CHANGES' file for revision history.
*/
#include "libtac.h"
#include "xalloc.h"
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
#if defined(HAVE_OPENSSL_RAND_H) && defined(HAVE_LIBCRYPTO)
# include <openssl/rand.h>
#elif defined(HAVE_GETRANDOM)
# if defined(HAVE_LINUX_RANDOM_H)
# include <linux/random.h>
# elif defined(HAVE_SYS_RANDOM_H)
# include <sys/random.h>
# endif
#else
# include "magic.h"
#endif
/* Miscellaneous variables that are global, because we need
* store their values between different functions and connections.
*/
/* Session identifier. */
int session_id;
/* Encryption flag. */
int tac_encryption = 0;
/* Pointer to TACACS+ shared secret string. */
/* note: tac_secret will point to tacplus_server[i].key */
const char *tac_secret = NULL;
/* TACACS+ shared login string. */
char tac_login[64]; /* default is PAP */
/* priv_lvl */
int tac_priv_lvl = TAC_PLUS_PRIV_LVL_MIN;
/* Authentication Method */
int tac_authen_method = TAC_PLUS_AUTHEN_METH_TACACSPLUS;
/* Service requesting authentication */
int tac_authen_service = TAC_PLUS_AUTHEN_SVC_PPP;
/* additional runtime flags */
int tac_debug_enable = 0;
int tac_readtimeout_enable = 0;
/* Returns pre-filled TACACS+ packet header of given type.
* 1. you MUST fill th->datalength and th->version
* 2. you MAY fill th->encryption
* 3. you are responsible for freeing allocated header
* By default packet encryption is enabled. The version
* field depends on the TACACS+ request type and thus it
* cannot be predefined.
*/
HDR *_tac_req_header(u_char type, int cont_session) {
HDR *th;
th=(HDR *) xcalloc(1, TAC_PLUS_HDR_SIZE);
/* preset some packet options in header */
th->type=type;
th->seq_no=1; /* always 1 for request */
th->encryption=TAC_PLUS_ENCRYPTED_FLAG;
/* make session_id from pseudo-random number */
if (!cont_session) {
#if defined(HAVE_OPENSSL_RAND_H) && defined(HAVE_LIBCRYPTO)
// the preferred way is to use OpenSSL abstraction as we are linking it anyway for MD5
RAND_pseudo_bytes((unsigned char *) &session_id, sizeof(session_id));
#elif defined(HAVE_GETRANDOM)
// experimental
getrandom((void *) &session_id, sizeof(session_id), GRND_NONBLOCK);
#else
// if everything fails use the legacy code
session_id = magic();
#endif
}
th->session_id = htonl(session_id);
return th;
}
|
