Wireshark  4.3.0
The Wireshark network protocol analyzer
packet-tacacs.h
1 /* packet-tacacs.h
2  * Routines for cisco tacplus packet dissection
3  * Copyright 2000, Emanuele Caratti <wiz@iol.it>
4  *
5  * Wireshark - Network traffic analyzer
6  * By Gerald Combs <gerald@wireshark.org>
7  * Copyright 1998 Gerald Combs
8  *
9  * SPDX-License-Identifier: GPL-2.0-or-later
10  */
11 
12 #ifndef __PACKET_TACACS_H__
13 #define __PACKET_TACACS_H__
14 
15 #define TAC_PLUS_HDR_SIZE 12
16 
17 #define MD5_LEN 16
18 #define MSCHAP_DIGEST_LEN 49
19 enum
20 {
21  FLAGS_UNENCRYPTED = 0x01,
22  FLAGS_SINGLE = 0x04
23 };
24 
25 /* Tacacs+ packet type */
26 enum
27 {
28  TAC_PLUS_AUTHEN = 0x01, /* Authentication */
29  TAC_PLUS_AUTHOR = 0x02, /* Authorization */
30  TAC_PLUS_ACCT = 0x03 /* Accounting */
31 };
32 
33 /* Flags */
34 #define TAC_PLUS_ENCRYPTED 0x0
35 #define TAC_PLUS_CLEAR 0x1
36 
37 /* Authentication action to perform */
38 enum
39 {
40  TAC_PLUS_AUTHEN_LOGIN = 0x01,
41  TAC_PLUS_AUTHEN_CHPASS = 0x02,
42  TAC_PLUS_AUTHEN_SENDPASS = 0x03, /* deprecated */
43  TAC_PLUS_AUTHEN_SENDAUTH = 0x04
44 };
45 
46 /* Authentication priv_levels */
47 enum
48 {
49  TAC_PLUS_PRIV_LVL_MAX = 0x0f,
50  TAC_PLUS_PRIV_LVL_ROOT = 0x0f,
51  TAC_PLUS_PRIV_LVL_USER = 0x01,
52  TAC_PLUS_PRIV_LVL_MIN = 0x00
53 };
54 
55 /* authen types */
56 enum
57 {
58  TAC_PLUS_AUTHEN_TYPE_ASCII = 0x01, /* ascii */
59  TAC_PLUS_AUTHEN_TYPE_PAP = 0x02, /* pap */
60  TAC_PLUS_AUTHEN_TYPE_CHAP = 0x03, /* chap */
61  TAC_PLUS_AUTHEN_TYPE_ARAP = 0x04, /* arap */
62  TAC_PLUS_AUTHEN_TYPE_MSCHAP = 0x05 /* mschap */
63 };
64 
65 /* authen services */
66 enum
67 {
68  TAC_PLUS_AUTHEN_SVC_NONE = 0x00,
69  TAC_PLUS_AUTHEN_SVC_LOGIN = 0x01,
70  TAC_PLUS_AUTHEN_SVC_ENABLE = 0x02,
71  TAC_PLUS_AUTHEN_SVC_PPP = 0x03,
72  TAC_PLUS_AUTHEN_SVC_ARAP = 0x04,
73  TAC_PLUS_AUTHEN_SVC_PT = 0x05,
74  TAC_PLUS_AUTHEN_SVC_RCMD = 0x06,
75  TAC_PLUS_AUTHEN_SVC_X25 = 0x07,
76  TAC_PLUS_AUTHEN_SVC_NASI = 0x08,
77  TAC_PLUS_AUTHEN_SVC_FWPROXY = 0x09
78 };
79 
80 /* status of reply packet, that client get from server in authen */
81 enum
82 {
83  TAC_PLUS_AUTHEN_STATUS_PASS = 0x01,
84  TAC_PLUS_AUTHEN_STATUS_FAIL = 0x02,
85  TAC_PLUS_AUTHEN_STATUS_GETDATA = 0x03,
86  TAC_PLUS_AUTHEN_STATUS_GETUSER = 0x04,
87  TAC_PLUS_AUTHEN_STATUS_GETPASS = 0x05,
88  TAC_PLUS_AUTHEN_STATUS_RESTART = 0x06,
89  TAC_PLUS_AUTHEN_STATUS_ERROR = 0x07,
90  TAC_PLUS_AUTHEN_STATUS_FOLLOW = 0x21
91 };
92 
93 /* Authen reply Flags */
94 #define TAC_PLUS_REPLY_FLAG_NOECHO 0x01
95 /* Authen continue Flags */
96 #define TAC_PLUS_CONTINUE_FLAG_ABORT 0x01
97 
98 /* methods of authentication */
99 enum {
100  TAC_PLUS_AUTHEN_METH_NOT_SET = 0x00,
101  TAC_PLUS_AUTHEN_METH_NONE = 0x01,
102  TAC_PLUS_AUTHEN_METH_KRB5 = 0x02,
103  TAC_PLUS_AUTHEN_METH_LINE = 0x03,
104  TAC_PLUS_AUTHEN_METH_ENABLE = 0x04,
105  TAC_PLUS_AUTHEN_METH_LOCAL = 0x05,
106  TAC_PLUS_AUTHEN_METH_TACACSPLUS = 0x06,
107  TAC_PLUS_AUTHEN_METH_GUEST = 0x08,
108  TAC_PLUS_AUTHEN_METH_RADIUS = 0x10,
109  TAC_PLUS_AUTHEN_METH_KRB4 = 0x11,
110  TAC_PLUS_AUTHEN_METH_RCMD = 0x20
111 };
112 
113 /* authorization status */
114 enum
115 {
116  TAC_PLUS_AUTHOR_STATUS_PASS_ADD = 0x01,
117  TAC_PLUS_AUTHOR_STATUS_PASS_REPL = 0x02,
118  TAC_PLUS_AUTHOR_STATUS_FAIL = 0x10,
119  TAC_PLUS_AUTHOR_STATUS_ERROR = 0x11,
120  TAC_PLUS_AUTHOR_STATUS_FOLLOW = 0x21
121 };
122 
123 /* accounting flag */
124 
125 enum
126 {
127  TAC_PLUS_ACCT_FLAG_MORE = 0x1, /* deprecated */
128  TAC_PLUS_ACCT_FLAG_START = 0x2,
129  TAC_PLUS_ACCT_FLAG_STOP = 0x4,
130  TAC_PLUS_ACCT_FLAG_WATCHDOG = 0x8
131 };
132 /* accounting status */
133 enum {
134  TAC_PLUS_ACCT_STATUS_SUCCESS = 0x01,
135  TAC_PLUS_ACCT_STATUS_ERROR = 0x02,
136  TAC_PLUS_ACCT_STATUS_FOLLOW = 0x21
137 };
138 
139 /* Header offsets */
140 #define H_VER_OFF (0)
141 #define H_TYPE_OFF (H_VER_OFF+1)
142 #define H_SEQ_NO_OFF (H_TYPE_OFF+1)
143 #define H_FLAGS_OFF (H_SEQ_NO_OFF+1)
144 #define H_SESSION_ID_OFF (H_FLAGS_OFF+1)
145 #define H_LENGTH_OFF (H_SESSION_ID_OFF+4)
146 
147 #define TACPLUS_BODY_OFF 0
148 /* authen START offsets */
149 #define AUTHEN_S_ACTION_OFF (TACPLUS_BODY_OFF)
150 #define AUTHEN_S_PRIV_LVL_OFF (AUTHEN_S_ACTION_OFF+1)
151 #define AUTHEN_S_AUTHEN_TYPE_OFF (AUTHEN_S_PRIV_LVL_OFF+1)
152 #define AUTHEN_S_SERVICE_OFF (AUTHEN_S_AUTHEN_TYPE_OFF+1)
153 #define AUTHEN_S_USER_LEN_OFF (AUTHEN_S_SERVICE_OFF+1)
154 #define AUTHEN_S_PORT_LEN_OFF (AUTHEN_S_USER_LEN_OFF+1)
155 #define AUTHEN_S_REM_ADDR_LEN_OFF (AUTHEN_S_PORT_LEN_OFF+1)
156 #define AUTHEN_S_DATA_LEN_OFF (AUTHEN_S_REM_ADDR_LEN_OFF+1)
157 #define AUTHEN_S_VARDATA_OFF (AUTHEN_S_DATA_LEN_OFF+1) /* variable data offset (user, port, etc ) */
158 
159 /* authen REPLY fields offset */
160 #define AUTHEN_R_STATUS_OFF (TACPLUS_BODY_OFF)
161 #define AUTHEN_R_FLAGS_OFF (AUTHEN_R_STATUS_OFF+1)
162 #define AUTHEN_R_SRV_MSG_LEN_OFF (AUTHEN_R_FLAGS_OFF+1)
163 #define AUTHEN_R_DATA_LEN_OFF (AUTHEN_R_SRV_MSG_LEN_OFF+2)
164 #define AUTHEN_R_VARDATA_OFF (AUTHEN_R_DATA_LEN_OFF+2)
165 
166 /* authen CONTINUE fields offset */
167 #define AUTHEN_C_USER_LEN_OFF (TACPLUS_BODY_OFF)
168 #define AUTHEN_C_DATA_LEN_OFF (AUTHEN_C_USER_LEN_OFF+2)
169 #define AUTHEN_C_FLAGS_OFF (AUTHEN_C_DATA_LEN_OFF+2)
170 #define AUTHEN_C_VARDATA_OFF (AUTHEN_C_FLAGS_OFF+1)
171 
172 /* acct REQUEST fields offsets */
173 #define ACCT_Q_FLAGS_OFF (TACPLUS_BODY_OFF)
174 #define ACCT_Q_METHOD_OFF (ACCT_Q_FLAGS_OFF+1)
175 #define ACCT_Q_PRIV_LVL_OFF (ACCT_Q_METHOD_OFF+1)
176 #define ACCT_Q_AUTHEN_TYPE_OFF (ACCT_Q_PRIV_LVL_OFF+1)
177 #define ACCT_Q_SERVICE_OFF (ACCT_Q_AUTHEN_TYPE_OFF+1)
178 #define ACCT_Q_USER_LEN_OFF (ACCT_Q_SERVICE_OFF+1)
179 #define ACCT_Q_PORT_LEN_OFF (ACCT_Q_USER_LEN_OFF+1)
180 #define ACCT_Q_REM_ADDR_LEN_OFF (ACCT_Q_PORT_LEN_OFF+1)
181 #define ACCT_Q_ARG_CNT_OFF (ACCT_Q_REM_ADDR_LEN_OFF+1)
182 #define ACCT_Q_VARDATA_OFF (ACCT_Q_ARG_CNT_OFF+1)
183 
184 /* acct REPLY fields offsets */
185 #define ACCT_R_SRV_MSG_LEN_OFF (TACPLUS_BODY_OFF)
186 #define ACCT_R_DATA_LEN_OFF (ACCT_R_SRV_MSG_LEN_OFF+2)
187 #define ACCT_R_STATUS_OFF (ACCT_R_DATA_LEN_OFF+2)
188 #define ACCT_R_VARDATA_OFF (ACCT_R_STATUS_OFF+1)
189 
190 /* AUTHORIZATION */
191 /* Request */
192 #define AUTHOR_Q_AUTH_METH_OFF (TACPLUS_BODY_OFF)
193 #define AUTHOR_Q_PRIV_LVL_OFF (AUTHOR_Q_AUTH_METH_OFF+1)
194 #define AUTHOR_Q_AUTHEN_TYPE_OFF (AUTHOR_Q_PRIV_LVL_OFF+1)
195 #define AUTHOR_Q_SERVICE_OFF (AUTHOR_Q_AUTHEN_TYPE_OFF+1)
196 #define AUTHOR_Q_USER_LEN_OFF (AUTHOR_Q_SERVICE_OFF+1)
197 #define AUTHOR_Q_PORT_LEN_OFF (AUTHOR_Q_USER_LEN_OFF+1)
198 #define AUTHOR_Q_REM_ADDR_LEN_OFF (AUTHOR_Q_PORT_LEN_OFF+1)
199 #define AUTHOR_Q_ARGC_OFF (AUTHOR_Q_REM_ADDR_LEN_OFF+1)
200 #define AUTHOR_Q_VARDATA_OFF (AUTHOR_Q_ARGC_OFF+1)
201 
202 /* Reply */
203 #define AUTHOR_R_STATUS_OFF (TACPLUS_BODY_OFF)
204 #define AUTHOR_R_ARGC_OFF (AUTHOR_R_STATUS_OFF+1)
205 #define AUTHOR_R_SRV_MSG_LEN_OFF (AUTHOR_R_ARGC_OFF+1)
206 #define AUTHOR_R_DATA_LEN_OFF (AUTHOR_R_SRV_MSG_LEN_OFF+2)
207 #define AUTHOR_R_VARDATA_OFF (AUTHOR_R_DATA_LEN_OFF+2)
208 
209 static const value_string tacplus_type_vals[] = {
210  {TAC_PLUS_AUTHEN, "Authentication"},
211  {TAC_PLUS_AUTHOR, "Authorization" },
212  {TAC_PLUS_ACCT, "Accounting" },
213  {0, NULL}};
214 
215 static const value_string tacplus_authen_action_vals[] = {
216  {TAC_PLUS_AUTHEN_LOGIN, "Inbound Login"},
217  {TAC_PLUS_AUTHEN_CHPASS, "Change password request"},
218  {TAC_PLUS_AUTHEN_SENDPASS, "Send password request"},
219  {TAC_PLUS_AUTHEN_SENDAUTH, "Outbound Request (SENDAUTH)"},
220  {0, NULL}};
221 
222 static const value_string tacplus_authen_type_vals[] = {
223  {TAC_PLUS_AUTHEN_TYPE_ASCII, "ASCII"},
224  {TAC_PLUS_AUTHEN_TYPE_PAP, "PAP"},
225  {TAC_PLUS_AUTHEN_TYPE_CHAP, "CHAP"},
226  {TAC_PLUS_AUTHEN_TYPE_ARAP, "ARAP"},
227  {TAC_PLUS_AUTHEN_TYPE_MSCHAP, "MS-CHAP"},
228  {0, NULL}};
229 
230 static const value_string tacplus_authen_service_vals[] = {
231  {TAC_PLUS_AUTHEN_SVC_NONE, "TAC_PLUS_AUTHEN_SVC_NONE"},
232  {TAC_PLUS_AUTHEN_SVC_LOGIN, "Login" },
233  {TAC_PLUS_AUTHEN_SVC_ENABLE, "ENABLE"},
234  {TAC_PLUS_AUTHEN_SVC_PPP, "PPP" },
235  {TAC_PLUS_AUTHEN_SVC_ARAP, "ARAP" },
236  {TAC_PLUS_AUTHEN_SVC_PT, "TAC_PLUS_AUTHEN_SVC_PT"},
237  {TAC_PLUS_AUTHEN_SVC_RCMD, "TAC_PLUS_AUTHEN_SVC_RCMD"},
238  {TAC_PLUS_AUTHEN_SVC_X25, "TAC_PLUS_AUTHEN_SVC_X25"},
239  {TAC_PLUS_AUTHEN_SVC_NASI, "TAC_PLUS_AUTHEN_SVC_NASI"},
240  {TAC_PLUS_AUTHEN_SVC_FWPROXY, "TAC_PLUS_AUTHEN_SVC_FWPROXY"},
241  {0, NULL}};
242 
243 static const value_string tacplus_reply_status_vals[] = {
244  {TAC_PLUS_AUTHEN_STATUS_PASS, "Authentication Passed"},
245  {TAC_PLUS_AUTHEN_STATUS_FAIL, "Authentication Failed"},
246  {TAC_PLUS_AUTHEN_STATUS_GETDATA, "Send Data"},
247  {TAC_PLUS_AUTHEN_STATUS_GETUSER, "Send Username"},
248  {TAC_PLUS_AUTHEN_STATUS_GETPASS, "Send Password"},
249  {TAC_PLUS_AUTHEN_STATUS_RESTART, "Restart Authentication Sequence"},
250  {TAC_PLUS_AUTHEN_STATUS_ERROR, "Unrecoverable Error"},
251  {TAC_PLUS_AUTHEN_STATUS_FOLLOW, "Use Alternate Server"},
252  {0, NULL}};
253 
254 
255 static const value_string tacplus_authen_method[] = {
256  {TAC_PLUS_AUTHEN_METH_NOT_SET, "NOT_SET"},
257  {TAC_PLUS_AUTHEN_METH_NONE, "NONE"},
258  {TAC_PLUS_AUTHEN_METH_KRB5, "KRB5"},
259  {TAC_PLUS_AUTHEN_METH_LINE, "LINE"},
260  {TAC_PLUS_AUTHEN_METH_ENABLE, "ENABLE"},
261  {TAC_PLUS_AUTHEN_METH_LOCAL, "LOCAL"},
262  {TAC_PLUS_AUTHEN_METH_TACACSPLUS, "TACACSPLUS"},
263  {TAC_PLUS_AUTHEN_METH_GUEST, "GUEST"},
264  {TAC_PLUS_AUTHEN_METH_RADIUS, "RADIUS"},
265  {TAC_PLUS_AUTHEN_METH_KRB4, "KRB4"},
266  {TAC_PLUS_AUTHEN_METH_RCMD, "RCMD"},
267  {0, NULL}};
268 
269 static const value_string tacplus_author_status[] = {
270  {TAC_PLUS_AUTHOR_STATUS_PASS_ADD, "PASS_ADD"},
271  {TAC_PLUS_AUTHOR_STATUS_PASS_REPL, "PASS_REPL"},
272  {TAC_PLUS_AUTHOR_STATUS_FAIL, "FAIL"},
273  {TAC_PLUS_AUTHOR_STATUS_ERROR, "ERROR"},
274  {TAC_PLUS_AUTHOR_STATUS_FOLLOW, "FOLLOW"},
275  {0, NULL}};
276 
277 static const value_string tacplus_acct_status[] = {
278  {TAC_PLUS_ACCT_STATUS_SUCCESS, "Success"},
279  {TAC_PLUS_ACCT_STATUS_ERROR, "Error"},
280  {TAC_PLUS_ACCT_STATUS_FOLLOW, "Follow"},
281  {0, NULL}};
282 
283 #endif /* __PACKET_TACACS_H__ */
284 
285 /*
286  * Editor modelines - https://www.wireshark.org/tools/modelines.html
287  *
288  * Local variables:
289  * c-basic-offset: 8
290  * tab-width: 8
291  * indent-tabs-mode: t
292  * End:
293  *
294  * vi: set shiftwidth=8 tabstop=8 noexpandtab:
295  * :indentSize=8:tabSize=8:noTabs=false:
296  */
Definition: value_string.h:26