Wireshark 4.5.0
The Wireshark network protocol analyzer
Loading...
Searching...
No Matches
packet-tacacs.h
1/* packet-tacacs.h
2 * Routines for cisco tacplus packet dissection
3 * Copyright 2000, Emanuele Caratti <[email protected]>
4 *
5 * Wireshark - Network traffic analyzer
6 * By Gerald Combs <[email protected]>
7 * Copyright 1998 Gerald Combs
8 *
9 * SPDX-License-Identifier: GPL-2.0-or-later
10 */
11
12#ifndef __PACKET_TACACS_H__
13#define __PACKET_TACACS_H__
14
15#define TAC_PLUS_HDR_SIZE 12
16
17#define MD5_LEN 16
18#define MSCHAP_DIGEST_LEN 49
19enum
20{
21 FLAGS_UNENCRYPTED = 0x01,
22 FLAGS_SINGLE = 0x04
23};
24
25/* Tacacs+ packet type */
26enum
27{
28 TAC_PLUS_AUTHEN = 0x01, /* Authentication */
29 TAC_PLUS_AUTHOR = 0x02, /* Authorization */
30 TAC_PLUS_ACCT = 0x03 /* Accounting */
31};
32
33/* Flags */
34#define TAC_PLUS_ENCRYPTED 0x0
35#define TAC_PLUS_CLEAR 0x1
36
37/* Authentication action to perform */
38enum
39{
40 TAC_PLUS_AUTHEN_LOGIN = 0x01,
41 TAC_PLUS_AUTHEN_CHPASS = 0x02,
42 TAC_PLUS_AUTHEN_SENDPASS = 0x03, /* deprecated */
43 TAC_PLUS_AUTHEN_SENDAUTH = 0x04
44};
45
46/* Authentication priv_levels */
47enum
48{
49 TAC_PLUS_PRIV_LVL_MAX = 0x0f,
50 TAC_PLUS_PRIV_LVL_ROOT = 0x0f,
51 TAC_PLUS_PRIV_LVL_USER = 0x01,
52 TAC_PLUS_PRIV_LVL_MIN = 0x00
53};
54
55/* authen types */
56enum
57{
58 TAC_PLUS_AUTHEN_TYPE_ASCII = 0x01, /* ascii */
59 TAC_PLUS_AUTHEN_TYPE_PAP = 0x02, /* pap */
60 TAC_PLUS_AUTHEN_TYPE_CHAP = 0x03, /* chap */
61 TAC_PLUS_AUTHEN_TYPE_ARAP = 0x04, /* arap */
62 TAC_PLUS_AUTHEN_TYPE_MSCHAP = 0x05 /* mschap */
63};
64
65/* authen services */
66enum
67{
68 TAC_PLUS_AUTHEN_SVC_NONE = 0x00,
69 TAC_PLUS_AUTHEN_SVC_LOGIN = 0x01,
70 TAC_PLUS_AUTHEN_SVC_ENABLE = 0x02,
71 TAC_PLUS_AUTHEN_SVC_PPP = 0x03,
72 TAC_PLUS_AUTHEN_SVC_ARAP = 0x04,
73 TAC_PLUS_AUTHEN_SVC_PT = 0x05,
74 TAC_PLUS_AUTHEN_SVC_RCMD = 0x06,
75 TAC_PLUS_AUTHEN_SVC_X25 = 0x07,
76 TAC_PLUS_AUTHEN_SVC_NASI = 0x08,
77 TAC_PLUS_AUTHEN_SVC_FWPROXY = 0x09
78};
79
80/* status of reply packet, that client get from server in authen */
81enum
82{
83 TAC_PLUS_AUTHEN_STATUS_PASS = 0x01,
84 TAC_PLUS_AUTHEN_STATUS_FAIL = 0x02,
85 TAC_PLUS_AUTHEN_STATUS_GETDATA = 0x03,
86 TAC_PLUS_AUTHEN_STATUS_GETUSER = 0x04,
87 TAC_PLUS_AUTHEN_STATUS_GETPASS = 0x05,
88 TAC_PLUS_AUTHEN_STATUS_RESTART = 0x06,
89 TAC_PLUS_AUTHEN_STATUS_ERROR = 0x07,
90 TAC_PLUS_AUTHEN_STATUS_FOLLOW = 0x21
91};
92
93/* Authen reply Flags */
94#define TAC_PLUS_REPLY_FLAG_NOECHO 0x01
95/* Authen continue Flags */
96#define TAC_PLUS_CONTINUE_FLAG_ABORT 0x01
97
98/* methods of authentication */
99enum {
100 TAC_PLUS_AUTHEN_METH_NOT_SET = 0x00,
101 TAC_PLUS_AUTHEN_METH_NONE = 0x01,
102 TAC_PLUS_AUTHEN_METH_KRB5 = 0x02,
103 TAC_PLUS_AUTHEN_METH_LINE = 0x03,
104 TAC_PLUS_AUTHEN_METH_ENABLE = 0x04,
105 TAC_PLUS_AUTHEN_METH_LOCAL = 0x05,
106 TAC_PLUS_AUTHEN_METH_TACACSPLUS = 0x06,
107 TAC_PLUS_AUTHEN_METH_GUEST = 0x08,
108 TAC_PLUS_AUTHEN_METH_RADIUS = 0x10,
109 TAC_PLUS_AUTHEN_METH_KRB4 = 0x11,
110 TAC_PLUS_AUTHEN_METH_RCMD = 0x20
111};
112
113/* authorization status */
114enum
115{
116 TAC_PLUS_AUTHOR_STATUS_PASS_ADD = 0x01,
117 TAC_PLUS_AUTHOR_STATUS_PASS_REPL = 0x02,
118 TAC_PLUS_AUTHOR_STATUS_FAIL = 0x10,
119 TAC_PLUS_AUTHOR_STATUS_ERROR = 0x11,
120 TAC_PLUS_AUTHOR_STATUS_FOLLOW = 0x21
121};
122
123/* accounting flag */
124
125enum
126{
127 TAC_PLUS_ACCT_FLAG_MORE = 0x1, /* deprecated */
128 TAC_PLUS_ACCT_FLAG_START = 0x2,
129 TAC_PLUS_ACCT_FLAG_STOP = 0x4,
130 TAC_PLUS_ACCT_FLAG_WATCHDOG = 0x8
131};
132/* accounting status */
133enum {
134 TAC_PLUS_ACCT_STATUS_SUCCESS = 0x01,
135 TAC_PLUS_ACCT_STATUS_ERROR = 0x02,
136 TAC_PLUS_ACCT_STATUS_FOLLOW = 0x21
137};
138
139/* Header offsets */
140#define H_VER_OFF (0)
141#define H_TYPE_OFF (H_VER_OFF+1)
142#define H_SEQ_NO_OFF (H_TYPE_OFF+1)
143#define H_FLAGS_OFF (H_SEQ_NO_OFF+1)
144#define H_SESSION_ID_OFF (H_FLAGS_OFF+1)
145#define H_LENGTH_OFF (H_SESSION_ID_OFF+4)
146
147#define TACPLUS_BODY_OFF 0
148/* authen START offsets */
149#define AUTHEN_S_ACTION_OFF (TACPLUS_BODY_OFF)
150#define AUTHEN_S_PRIV_LVL_OFF (AUTHEN_S_ACTION_OFF+1)
151#define AUTHEN_S_AUTHEN_TYPE_OFF (AUTHEN_S_PRIV_LVL_OFF+1)
152#define AUTHEN_S_SERVICE_OFF (AUTHEN_S_AUTHEN_TYPE_OFF+1)
153#define AUTHEN_S_USER_LEN_OFF (AUTHEN_S_SERVICE_OFF+1)
154#define AUTHEN_S_PORT_LEN_OFF (AUTHEN_S_USER_LEN_OFF+1)
155#define AUTHEN_S_REM_ADDR_LEN_OFF (AUTHEN_S_PORT_LEN_OFF+1)
156#define AUTHEN_S_DATA_LEN_OFF (AUTHEN_S_REM_ADDR_LEN_OFF+1)
157#define AUTHEN_S_VARDATA_OFF (AUTHEN_S_DATA_LEN_OFF+1) /* variable data offset (user, port, etc ) */
158
159/* authen REPLY fields offset */
160#define AUTHEN_R_STATUS_OFF (TACPLUS_BODY_OFF)
161#define AUTHEN_R_FLAGS_OFF (AUTHEN_R_STATUS_OFF+1)
162#define AUTHEN_R_SRV_MSG_LEN_OFF (AUTHEN_R_FLAGS_OFF+1)
163#define AUTHEN_R_DATA_LEN_OFF (AUTHEN_R_SRV_MSG_LEN_OFF+2)
164#define AUTHEN_R_VARDATA_OFF (AUTHEN_R_DATA_LEN_OFF+2)
165
166/* authen CONTINUE fields offset */
167#define AUTHEN_C_USER_LEN_OFF (TACPLUS_BODY_OFF)
168#define AUTHEN_C_DATA_LEN_OFF (AUTHEN_C_USER_LEN_OFF+2)
169#define AUTHEN_C_FLAGS_OFF (AUTHEN_C_DATA_LEN_OFF+2)
170#define AUTHEN_C_VARDATA_OFF (AUTHEN_C_FLAGS_OFF+1)
171
172/* acct REQUEST fields offsets */
173#define ACCT_Q_FLAGS_OFF (TACPLUS_BODY_OFF)
174#define ACCT_Q_METHOD_OFF (ACCT_Q_FLAGS_OFF+1)
175#define ACCT_Q_PRIV_LVL_OFF (ACCT_Q_METHOD_OFF+1)
176#define ACCT_Q_AUTHEN_TYPE_OFF (ACCT_Q_PRIV_LVL_OFF+1)
177#define ACCT_Q_SERVICE_OFF (ACCT_Q_AUTHEN_TYPE_OFF+1)
178#define ACCT_Q_USER_LEN_OFF (ACCT_Q_SERVICE_OFF+1)
179#define ACCT_Q_PORT_LEN_OFF (ACCT_Q_USER_LEN_OFF+1)
180#define ACCT_Q_REM_ADDR_LEN_OFF (ACCT_Q_PORT_LEN_OFF+1)
181#define ACCT_Q_ARG_CNT_OFF (ACCT_Q_REM_ADDR_LEN_OFF+1)
182#define ACCT_Q_VARDATA_OFF (ACCT_Q_ARG_CNT_OFF+1)
183
184/* acct REPLY fields offsets */
185#define ACCT_R_SRV_MSG_LEN_OFF (TACPLUS_BODY_OFF)
186#define ACCT_R_DATA_LEN_OFF (ACCT_R_SRV_MSG_LEN_OFF+2)
187#define ACCT_R_STATUS_OFF (ACCT_R_DATA_LEN_OFF+2)
188#define ACCT_R_VARDATA_OFF (ACCT_R_STATUS_OFF+1)
189
190/* AUTHORIZATION */
191/* Request */
192#define AUTHOR_Q_AUTH_METH_OFF (TACPLUS_BODY_OFF)
193#define AUTHOR_Q_PRIV_LVL_OFF (AUTHOR_Q_AUTH_METH_OFF+1)
194#define AUTHOR_Q_AUTHEN_TYPE_OFF (AUTHOR_Q_PRIV_LVL_OFF+1)
195#define AUTHOR_Q_SERVICE_OFF (AUTHOR_Q_AUTHEN_TYPE_OFF+1)
196#define AUTHOR_Q_USER_LEN_OFF (AUTHOR_Q_SERVICE_OFF+1)
197#define AUTHOR_Q_PORT_LEN_OFF (AUTHOR_Q_USER_LEN_OFF+1)
198#define AUTHOR_Q_REM_ADDR_LEN_OFF (AUTHOR_Q_PORT_LEN_OFF+1)
199#define AUTHOR_Q_ARGC_OFF (AUTHOR_Q_REM_ADDR_LEN_OFF+1)
200#define AUTHOR_Q_VARDATA_OFF (AUTHOR_Q_ARGC_OFF+1)
201
202/* Reply */
203#define AUTHOR_R_STATUS_OFF (TACPLUS_BODY_OFF)
204#define AUTHOR_R_ARGC_OFF (AUTHOR_R_STATUS_OFF+1)
205#define AUTHOR_R_SRV_MSG_LEN_OFF (AUTHOR_R_ARGC_OFF+1)
206#define AUTHOR_R_DATA_LEN_OFF (AUTHOR_R_SRV_MSG_LEN_OFF+2)
207#define AUTHOR_R_VARDATA_OFF (AUTHOR_R_DATA_LEN_OFF+2)
208
209static const value_string tacplus_type_vals[] = {
210 {TAC_PLUS_AUTHEN, "Authentication"},
211 {TAC_PLUS_AUTHOR, "Authorization" },
212 {TAC_PLUS_ACCT, "Accounting" },
213 {0, NULL}};
214
215static const value_string tacplus_authen_action_vals[] = {
216 {TAC_PLUS_AUTHEN_LOGIN, "Inbound Login"},
217 {TAC_PLUS_AUTHEN_CHPASS, "Change password request"},
218 {TAC_PLUS_AUTHEN_SENDPASS, "Send password request"},
219 {TAC_PLUS_AUTHEN_SENDAUTH, "Outbound Request (SENDAUTH)"},
220 {0, NULL}};
221
222static const value_string tacplus_authen_type_vals[] = {
223 {TAC_PLUS_AUTHEN_TYPE_ASCII, "ASCII"},
224 {TAC_PLUS_AUTHEN_TYPE_PAP, "PAP"},
225 {TAC_PLUS_AUTHEN_TYPE_CHAP, "CHAP"},
226 {TAC_PLUS_AUTHEN_TYPE_ARAP, "ARAP"},
227 {TAC_PLUS_AUTHEN_TYPE_MSCHAP, "MS-CHAP"},
228 {0, NULL}};
229
230static const value_string tacplus_authen_service_vals[] = {
231 {TAC_PLUS_AUTHEN_SVC_NONE, "TAC_PLUS_AUTHEN_SVC_NONE"},
232 {TAC_PLUS_AUTHEN_SVC_LOGIN, "Login" },
233 {TAC_PLUS_AUTHEN_SVC_ENABLE, "ENABLE"},
234 {TAC_PLUS_AUTHEN_SVC_PPP, "PPP" },
235 {TAC_PLUS_AUTHEN_SVC_ARAP, "ARAP" },
236 {TAC_PLUS_AUTHEN_SVC_PT, "TAC_PLUS_AUTHEN_SVC_PT"},
237 {TAC_PLUS_AUTHEN_SVC_RCMD, "TAC_PLUS_AUTHEN_SVC_RCMD"},
238 {TAC_PLUS_AUTHEN_SVC_X25, "TAC_PLUS_AUTHEN_SVC_X25"},
239 {TAC_PLUS_AUTHEN_SVC_NASI, "TAC_PLUS_AUTHEN_SVC_NASI"},
240 {TAC_PLUS_AUTHEN_SVC_FWPROXY, "TAC_PLUS_AUTHEN_SVC_FWPROXY"},
241 {0, NULL}};
242
243static const value_string tacplus_reply_status_vals[] = {
244 {TAC_PLUS_AUTHEN_STATUS_PASS, "Authentication Passed"},
245 {TAC_PLUS_AUTHEN_STATUS_FAIL, "Authentication Failed"},
246 {TAC_PLUS_AUTHEN_STATUS_GETDATA, "Send Data"},
247 {TAC_PLUS_AUTHEN_STATUS_GETUSER, "Send Username"},
248 {TAC_PLUS_AUTHEN_STATUS_GETPASS, "Send Password"},
249 {TAC_PLUS_AUTHEN_STATUS_RESTART, "Restart Authentication Sequence"},
250 {TAC_PLUS_AUTHEN_STATUS_ERROR, "Unrecoverable Error"},
251 {TAC_PLUS_AUTHEN_STATUS_FOLLOW, "Use Alternate Server"},
252 {0, NULL}};
253
254
255static const value_string tacplus_authen_method[] = {
256 {TAC_PLUS_AUTHEN_METH_NOT_SET, "NOT_SET"},
257 {TAC_PLUS_AUTHEN_METH_NONE, "NONE"},
258 {TAC_PLUS_AUTHEN_METH_KRB5, "KRB5"},
259 {TAC_PLUS_AUTHEN_METH_LINE, "LINE"},
260 {TAC_PLUS_AUTHEN_METH_ENABLE, "ENABLE"},
261 {TAC_PLUS_AUTHEN_METH_LOCAL, "LOCAL"},
262 {TAC_PLUS_AUTHEN_METH_TACACSPLUS, "TACACSPLUS"},
263 {TAC_PLUS_AUTHEN_METH_GUEST, "GUEST"},
264 {TAC_PLUS_AUTHEN_METH_RADIUS, "RADIUS"},
265 {TAC_PLUS_AUTHEN_METH_KRB4, "KRB4"},
266 {TAC_PLUS_AUTHEN_METH_RCMD, "RCMD"},
267 {0, NULL}};
268
269static const value_string tacplus_author_status[] = {
270 {TAC_PLUS_AUTHOR_STATUS_PASS_ADD, "PASS_ADD"},
271 {TAC_PLUS_AUTHOR_STATUS_PASS_REPL, "PASS_REPL"},
272 {TAC_PLUS_AUTHOR_STATUS_FAIL, "FAIL"},
273 {TAC_PLUS_AUTHOR_STATUS_ERROR, "ERROR"},
274 {TAC_PLUS_AUTHOR_STATUS_FOLLOW, "FOLLOW"},
275 {0, NULL}};
276
277static const value_string tacplus_acct_status[] = {
278 {TAC_PLUS_ACCT_STATUS_SUCCESS, "Success"},
279 {TAC_PLUS_ACCT_STATUS_ERROR, "Error"},
280 {TAC_PLUS_ACCT_STATUS_FOLLOW, "Follow"},
281 {0, NULL}};
282
283#endif /* __PACKET_TACACS_H__ */
284
285/*
286 * Editor modelines - https://www.wireshark.org/tools/modelines.html
287 *
288 * Local variables:
289 * c-basic-offset: 8
290 * tab-width: 8
291 * indent-tabs-mode: t
292 * End:
293 *
294 * vi: set shiftwidth=8 tabstop=8 noexpandtab:
295 * :indentSize=8:tabSize=8:noTabs=false:
296 */
Definition value_string.h:25