epan/dissectors/packet-tacacs.h

   1 /* packet-tacacs.h
   2  * Routines for cisco tacplus packet dissection
   3  * Copyright 2000, Emanuele Caratti <wiz@iol.it>
   4  *
   5  * Wireshark - Network traffic analyzer
   6  * By Gerald Combs <gerald@wireshark.org>
   7  * Copyright 1998 Gerald Combs
   8  *
   9  * SPDX-License-Identifier: GPL-2.0-or-later
  10  */
  11
  12 #ifndef __PACKET_TACACS_H__
  13 #define __PACKET_TACACS_H__
  14
  15 #define TAC_PLUS_HDR_SIZE 12
  16
  17 #define MD5_LEN           16
  18 #define MSCHAP_DIGEST_LEN 49
  19 enum
  20 {
  21         FLAGS_UNENCRYPTED = 0x01,
  22         FLAGS_SINGLE = 0x04
  23 };
  24
  25 /* Tacacs+ packet type */
  26 enum
  27 {
  28         TAC_PLUS_AUTHEN = 0x01,         /* Authentication */
  29         TAC_PLUS_AUTHOR = 0x02,         /* Authorization  */
  30         TAC_PLUS_ACCT = 0x03            /* Accounting     */
  31 };
  32
  33 /* Flags */
  34 #define TAC_PLUS_ENCRYPTED 0x0
  35 #define TAC_PLUS_CLEAR     0x1
  36
  37 /* Authentication action to perform */
  38 enum
  39 {
  40         TAC_PLUS_AUTHEN_LOGIN = 0x01,
  41         TAC_PLUS_AUTHEN_CHPASS = 0x02,
  42         TAC_PLUS_AUTHEN_SENDPASS = 0x03,        /* deprecated */
  43         TAC_PLUS_AUTHEN_SENDAUTH = 0x04
  44 };
  45
  46 /* Authentication priv_levels */
  47 enum
  48 {
  49         TAC_PLUS_PRIV_LVL_MAX   = 0x0f,
  50         TAC_PLUS_PRIV_LVL_ROOT  = 0x0f,
  51         TAC_PLUS_PRIV_LVL_USER  = 0x01,
  52         TAC_PLUS_PRIV_LVL_MIN   = 0x00
  53 };
  54
  55 /* authen types */
  56 enum
  57 {
  58         TAC_PLUS_AUTHEN_TYPE_ASCII              = 0x01, /*  ascii  */
  59         TAC_PLUS_AUTHEN_TYPE_PAP                = 0x02, /*  pap    */
  60         TAC_PLUS_AUTHEN_TYPE_CHAP               = 0x03, /*  chap   */
  61         TAC_PLUS_AUTHEN_TYPE_ARAP               = 0x04, /*  arap   */
  62         TAC_PLUS_AUTHEN_TYPE_MSCHAP     = 0x05  /*  mschap */
  63 };
  64
  65 /* authen services */
  66 enum
  67 {
  68         TAC_PLUS_AUTHEN_SVC_NONE        = 0x00,
  69         TAC_PLUS_AUTHEN_SVC_LOGIN       = 0x01,
  70         TAC_PLUS_AUTHEN_SVC_ENABLE      = 0x02,
  71         TAC_PLUS_AUTHEN_SVC_PPP         = 0x03,
  72         TAC_PLUS_AUTHEN_SVC_ARAP        = 0x04,
  73         TAC_PLUS_AUTHEN_SVC_PT          = 0x05,
  74         TAC_PLUS_AUTHEN_SVC_RCMD        = 0x06,
  75         TAC_PLUS_AUTHEN_SVC_X25         = 0x07,
  76         TAC_PLUS_AUTHEN_SVC_NASI        = 0x08,
  77         TAC_PLUS_AUTHEN_SVC_FWPROXY     = 0x09
  78 };
  79
  80 /* status of reply packet, that client get from server in authen */
  81 enum
  82 {
  83         TAC_PLUS_AUTHEN_STATUS_PASS             = 0x01,
  84         TAC_PLUS_AUTHEN_STATUS_FAIL             = 0x02,
  85         TAC_PLUS_AUTHEN_STATUS_GETDATA  = 0x03,
  86         TAC_PLUS_AUTHEN_STATUS_GETUSER  = 0x04,
  87         TAC_PLUS_AUTHEN_STATUS_GETPASS  = 0x05,
  88         TAC_PLUS_AUTHEN_STATUS_RESTART  = 0x06,
  89         TAC_PLUS_AUTHEN_STATUS_ERROR    = 0x07,
  90         TAC_PLUS_AUTHEN_STATUS_FOLLOW   = 0x21
  91 };
  92
  93 /* Authen reply Flags */
  94 #define TAC_PLUS_REPLY_FLAG_NOECHO              0x01
  95 /* Authen continue Flags */
  96 #define TAC_PLUS_CONTINUE_FLAG_ABORT    0x01
  97
  98 /* methods of authentication */
  99 enum {
 100         TAC_PLUS_AUTHEN_METH_NOT_SET    = 0x00,
 101         TAC_PLUS_AUTHEN_METH_NONE               = 0x01,
 102         TAC_PLUS_AUTHEN_METH_KRB5               = 0x02,
 103         TAC_PLUS_AUTHEN_METH_LINE               = 0x03,
 104         TAC_PLUS_AUTHEN_METH_ENABLE             = 0x04,
 105         TAC_PLUS_AUTHEN_METH_LOCAL              = 0x05,
 106         TAC_PLUS_AUTHEN_METH_TACACSPLUS = 0x06,
 107         TAC_PLUS_AUTHEN_METH_GUEST              = 0x08,
 108         TAC_PLUS_AUTHEN_METH_RADIUS             = 0x10,
 109         TAC_PLUS_AUTHEN_METH_KRB4               = 0x11,
 110         TAC_PLUS_AUTHEN_METH_RCMD               = 0x20
 111 };
 112
 113 /* authorization status */
 114 enum
 115 {
 116         TAC_PLUS_AUTHOR_STATUS_PASS_ADD         = 0x01,
 117         TAC_PLUS_AUTHOR_STATUS_PASS_REPL        = 0x02,
 118         TAC_PLUS_AUTHOR_STATUS_FAIL                     = 0x10,
 119         TAC_PLUS_AUTHOR_STATUS_ERROR            = 0x11,
 120         TAC_PLUS_AUTHOR_STATUS_FOLLOW           = 0x21
 121 };
 122
 123 /* accounting flag */
 124
 125 enum
 126 {
 127         TAC_PLUS_ACCT_FLAG_MORE         = 0x1, /* deprecated */
 128         TAC_PLUS_ACCT_FLAG_START        = 0x2,
 129         TAC_PLUS_ACCT_FLAG_STOP         = 0x4,
 130         TAC_PLUS_ACCT_FLAG_WATCHDOG     = 0x8
 131 };
 132 /* accounting status */
 133 enum {
 134         TAC_PLUS_ACCT_STATUS_SUCCESS    = 0x01,
 135         TAC_PLUS_ACCT_STATUS_ERROR              = 0x02,
 136         TAC_PLUS_ACCT_STATUS_FOLLOW             = 0x21
 137 };
 138
 139 /* Header offsets */
 140 #define H_VER_OFF                       (0)
 141 #define H_TYPE_OFF                      (H_VER_OFF+1)
 142 #define H_SEQ_NO_OFF            (H_TYPE_OFF+1)
 143 #define H_FLAGS_OFF                     (H_SEQ_NO_OFF+1)
 144 #define H_SESSION_ID_OFF        (H_FLAGS_OFF+1)
 145 #define H_LENGTH_OFF            (H_SESSION_ID_OFF+4)
 146
 147 #define TACPLUS_BODY_OFF                0
 148 /* authen START offsets */
 149 #define AUTHEN_S_ACTION_OFF                     (TACPLUS_BODY_OFF)
 150 #define AUTHEN_S_PRIV_LVL_OFF           (AUTHEN_S_ACTION_OFF+1)
 151 #define AUTHEN_S_AUTHEN_TYPE_OFF        (AUTHEN_S_PRIV_LVL_OFF+1)
 152 #define AUTHEN_S_SERVICE_OFF            (AUTHEN_S_AUTHEN_TYPE_OFF+1)
 153 #define AUTHEN_S_USER_LEN_OFF           (AUTHEN_S_SERVICE_OFF+1)
 154 #define AUTHEN_S_PORT_LEN_OFF           (AUTHEN_S_USER_LEN_OFF+1)
 155 #define AUTHEN_S_REM_ADDR_LEN_OFF       (AUTHEN_S_PORT_LEN_OFF+1)
 156 #define AUTHEN_S_DATA_LEN_OFF           (AUTHEN_S_REM_ADDR_LEN_OFF+1)
 157 #define AUTHEN_S_VARDATA_OFF            (AUTHEN_S_DATA_LEN_OFF+1) /* variable data offset (user, port, etc ) */
 158
 159 /* authen REPLY fields offset */
 160 #define AUTHEN_R_STATUS_OFF                     (TACPLUS_BODY_OFF)
 161 #define AUTHEN_R_FLAGS_OFF                      (AUTHEN_R_STATUS_OFF+1)
 162 #define AUTHEN_R_SRV_MSG_LEN_OFF        (AUTHEN_R_FLAGS_OFF+1)
 163 #define AUTHEN_R_DATA_LEN_OFF           (AUTHEN_R_SRV_MSG_LEN_OFF+2)
 164 #define AUTHEN_R_VARDATA_OFF            (AUTHEN_R_DATA_LEN_OFF+2)
 165
 166 /* authen CONTINUE fields offset */
 167 #define AUTHEN_C_USER_LEN_OFF           (TACPLUS_BODY_OFF)
 168 #define AUTHEN_C_DATA_LEN_OFF           (AUTHEN_C_USER_LEN_OFF+2)
 169 #define AUTHEN_C_FLAGS_OFF                      (AUTHEN_C_DATA_LEN_OFF+2)
 170 #define AUTHEN_C_VARDATA_OFF            (AUTHEN_C_FLAGS_OFF+1)
 171
 172 /* acct REQUEST fields offsets */
 173 #define ACCT_Q_FLAGS_OFF                        (TACPLUS_BODY_OFF)
 174 #define ACCT_Q_METHOD_OFF                       (ACCT_Q_FLAGS_OFF+1)
 175 #define ACCT_Q_PRIV_LVL_OFF                     (ACCT_Q_METHOD_OFF+1)
 176 #define ACCT_Q_AUTHEN_TYPE_OFF          (ACCT_Q_PRIV_LVL_OFF+1)
 177 #define ACCT_Q_SERVICE_OFF                      (ACCT_Q_AUTHEN_TYPE_OFF+1)
 178 #define ACCT_Q_USER_LEN_OFF                     (ACCT_Q_SERVICE_OFF+1)
 179 #define ACCT_Q_PORT_LEN_OFF                     (ACCT_Q_USER_LEN_OFF+1)
 180 #define ACCT_Q_REM_ADDR_LEN_OFF         (ACCT_Q_PORT_LEN_OFF+1)
 181 #define ACCT_Q_ARG_CNT_OFF                      (ACCT_Q_REM_ADDR_LEN_OFF+1)
 182 #define ACCT_Q_VARDATA_OFF                      (ACCT_Q_ARG_CNT_OFF+1)
 183
 184 /* acct REPLY fields offsets */
 185 #define ACCT_R_SRV_MSG_LEN_OFF          (TACPLUS_BODY_OFF)
 186 #define ACCT_R_DATA_LEN_OFF                     (ACCT_R_SRV_MSG_LEN_OFF+2)
 187 #define ACCT_R_STATUS_OFF                       (ACCT_R_DATA_LEN_OFF+2)
 188 #define ACCT_R_VARDATA_OFF                      (ACCT_R_STATUS_OFF+1)
 189
 190 /* AUTHORIZATION */
 191 /* Request */
 192 #define AUTHOR_Q_AUTH_METH_OFF          (TACPLUS_BODY_OFF)
 193 #define AUTHOR_Q_PRIV_LVL_OFF           (AUTHOR_Q_AUTH_METH_OFF+1)
 194 #define AUTHOR_Q_AUTHEN_TYPE_OFF        (AUTHOR_Q_PRIV_LVL_OFF+1)
 195 #define AUTHOR_Q_SERVICE_OFF            (AUTHOR_Q_AUTHEN_TYPE_OFF+1)
 196 #define AUTHOR_Q_USER_LEN_OFF           (AUTHOR_Q_SERVICE_OFF+1)
 197 #define AUTHOR_Q_PORT_LEN_OFF           (AUTHOR_Q_USER_LEN_OFF+1)
 198 #define AUTHOR_Q_REM_ADDR_LEN_OFF       (AUTHOR_Q_PORT_LEN_OFF+1)
 199 #define AUTHOR_Q_ARGC_OFF                       (AUTHOR_Q_REM_ADDR_LEN_OFF+1)
 200 #define AUTHOR_Q_VARDATA_OFF            (AUTHOR_Q_ARGC_OFF+1)
 201
 202 /* Reply */
 203 #define AUTHOR_R_STATUS_OFF                     (TACPLUS_BODY_OFF)
 204 #define AUTHOR_R_ARGC_OFF                       (AUTHOR_R_STATUS_OFF+1)
 205 #define AUTHOR_R_SRV_MSG_LEN_OFF        (AUTHOR_R_ARGC_OFF+1)
 206 #define AUTHOR_R_DATA_LEN_OFF           (AUTHOR_R_SRV_MSG_LEN_OFF+2)
 207 #define AUTHOR_R_VARDATA_OFF            (AUTHOR_R_DATA_LEN_OFF+2)
 208
 209 static const value_string tacplus_type_vals[] = {
 210         {TAC_PLUS_AUTHEN,       "Authentication"},
 211         {TAC_PLUS_AUTHOR,       "Authorization" },
 212         {TAC_PLUS_ACCT,         "Accounting"    },
 213         {0, NULL}};
 214
 215 static const value_string tacplus_authen_action_vals[] = {
 216         {TAC_PLUS_AUTHEN_LOGIN,                 "Inbound Login"},
 217         {TAC_PLUS_AUTHEN_CHPASS,                "Change password request"},
 218         {TAC_PLUS_AUTHEN_SENDPASS,              "Send password request"},
 219         {TAC_PLUS_AUTHEN_SENDAUTH,              "Outbound Request (SENDAUTH)"},
 220         {0, NULL}};
 221
 222 static const value_string tacplus_authen_type_vals[] = {
 223         {TAC_PLUS_AUTHEN_TYPE_ASCII,    "ASCII"},
 224         {TAC_PLUS_AUTHEN_TYPE_PAP,              "PAP"},
 225         {TAC_PLUS_AUTHEN_TYPE_CHAP,             "CHAP"},
 226         {TAC_PLUS_AUTHEN_TYPE_ARAP,             "ARAP"},
 227         {TAC_PLUS_AUTHEN_TYPE_MSCHAP,   "MS-CHAP"},
 228         {0, NULL}};
 229
 230 static const value_string tacplus_authen_service_vals[] = {
 231         {TAC_PLUS_AUTHEN_SVC_NONE,              "TAC_PLUS_AUTHEN_SVC_NONE"},
 232         {TAC_PLUS_AUTHEN_SVC_LOGIN,             "Login" },
 233         {TAC_PLUS_AUTHEN_SVC_ENABLE,    "ENABLE"},
 234         {TAC_PLUS_AUTHEN_SVC_PPP,               "PPP"   },
 235         {TAC_PLUS_AUTHEN_SVC_ARAP,              "ARAP"  },
 236         {TAC_PLUS_AUTHEN_SVC_PT,                "TAC_PLUS_AUTHEN_SVC_PT"},
 237         {TAC_PLUS_AUTHEN_SVC_RCMD,              "TAC_PLUS_AUTHEN_SVC_RCMD"},
 238         {TAC_PLUS_AUTHEN_SVC_X25,               "TAC_PLUS_AUTHEN_SVC_X25"},
 239         {TAC_PLUS_AUTHEN_SVC_NASI,              "TAC_PLUS_AUTHEN_SVC_NASI"},
 240         {TAC_PLUS_AUTHEN_SVC_FWPROXY,   "TAC_PLUS_AUTHEN_SVC_FWPROXY"},
 241         {0, NULL}};
 242
 243 static const value_string tacplus_reply_status_vals[] = {
 244         {TAC_PLUS_AUTHEN_STATUS_PASS,           "Authentication Passed"},
 245         {TAC_PLUS_AUTHEN_STATUS_FAIL,           "Authentication Failed"},
 246         {TAC_PLUS_AUTHEN_STATUS_GETDATA,        "Send Data"},
 247         {TAC_PLUS_AUTHEN_STATUS_GETUSER,        "Send Username"},
 248         {TAC_PLUS_AUTHEN_STATUS_GETPASS,        "Send Password"},
 249         {TAC_PLUS_AUTHEN_STATUS_RESTART,        "Restart Authentication Sequence"},
 250         {TAC_PLUS_AUTHEN_STATUS_ERROR,          "Unrecoverable Error"},
 251         {TAC_PLUS_AUTHEN_STATUS_FOLLOW,         "Use Alternate Server"},
 252         {0, NULL}};
 253
 254
 255 static const value_string tacplus_authen_method[] = {
 256         {TAC_PLUS_AUTHEN_METH_NOT_SET,          "NOT_SET"},
 257         {TAC_PLUS_AUTHEN_METH_NONE,                     "NONE"},
 258         {TAC_PLUS_AUTHEN_METH_KRB5,                     "KRB5"},
 259         {TAC_PLUS_AUTHEN_METH_LINE,                     "LINE"},
 260         {TAC_PLUS_AUTHEN_METH_ENABLE,           "ENABLE"},
 261         {TAC_PLUS_AUTHEN_METH_LOCAL,            "LOCAL"},
 262         {TAC_PLUS_AUTHEN_METH_TACACSPLUS,       "TACACSPLUS"},
 263         {TAC_PLUS_AUTHEN_METH_GUEST,            "GUEST"},
 264         {TAC_PLUS_AUTHEN_METH_RADIUS,           "RADIUS"},
 265         {TAC_PLUS_AUTHEN_METH_KRB4,                     "KRB4"},
 266         {TAC_PLUS_AUTHEN_METH_RCMD,                     "RCMD"},
 267         {0, NULL}};
 268
 269 static const value_string tacplus_author_status[] = {
 270         {TAC_PLUS_AUTHOR_STATUS_PASS_ADD,               "PASS_ADD"},
 271         {TAC_PLUS_AUTHOR_STATUS_PASS_REPL,              "PASS_REPL"},
 272         {TAC_PLUS_AUTHOR_STATUS_FAIL,           "FAIL"},
 273         {TAC_PLUS_AUTHOR_STATUS_ERROR,          "ERROR"},
 274         {TAC_PLUS_AUTHOR_STATUS_FOLLOW,         "FOLLOW"},
 275         {0, NULL}};
 276
 277 static const value_string tacplus_acct_status[] = {
 278         {TAC_PLUS_ACCT_STATUS_SUCCESS,  "Success"},
 279         {TAC_PLUS_ACCT_STATUS_ERROR,    "Error"},
 280         {TAC_PLUS_ACCT_STATUS_FOLLOW,   "Follow"},
 281         {0, NULL}};
 282
 283 #endif   /* __PACKET_TACACS_H__ */
 284
 285 /*
 286  * Editor modelines  -  https://www.wireshark.org/tools/modelines.html
 287  *
 288  * Local variables:
 289  * c-basic-offset: 8
 290  * tab-width: 8
 291  * indent-tabs-mode: t
 292  * End:
 293  *
 294  * vi: set shiftwidth=8 tabstop=8 noexpandtab:
 295  * :indentSize=8:tabSize=8:noTabs=false:
 296  */