Ethereal-dev: [Ethereal-dev] New Tacacs+ dissector
Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.
From: Emanuele Caratti <wiz@xxxxxx>
Date: Sun, 19 May 2002 09:47:29 +0200
Hi!
I've ported ( and cleaned up a little :) ) the dissector for crypted
Tacacs+ I did some years ago to the tvbuff structure.... And I've merged
it with the new tacacs/xtacacs/tacacs+ dissector.
Now you can specify the password to use via preferences in the gui or via
CLI, and read tacacs+ packet.
You can just put the attached files in the ethereal directory and
recompile....
BTW there is a better way to handle the decryption of a tvbuff than using
tvb_get_ptr ?
--
Ciao,
Emanuele
/* packet-tacacs.c
* Routines for cisco tacacs/xtacacs/tacacs+ packet dissection
* Copyright 2001, Paul Ionescu <paul@xxxxxxxx>
*
* Full Tacacs+ parsing with decryption by
* Emanuele Caratti <wiz@xxxxxx>
*
* $Id: packet-tacacs.c,v 1.20 2002/05/19 07:22:28 wiz Exp wiz $
*
* Ethereal - Network traffic analyzer
* By Gerald Combs <gerald@xxxxxxxxxxxx>
* Copyright 1998 Gerald Combs
*
* Copied from old packet-tacacs.c
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*/
/* rfc-1492 for tacacs and xtacacs
* draft-grant-tacacs-02.txt for tacacs+ (tacplus)
*/
#ifdef HAVE_CONFIG_H
# include "config.h"
#endif
#include <stdio.h>
#ifdef HAVE_SYS_TYPES_H
# include <sys/types.h>
#endif
#ifdef HAVE_NETINET_IN_H
# include <netinet/in.h>
#endif
#include <string.h>
#include <glib.h>
#include <epan/packet.h>
#include "prefs.h"
#include "packet-tacacs.h"
static int md5_xor( u_char *data, char *key, int data_len, guint32 session_id, u_char version, u_char seq_no );
static int proto_tacacs = -1;
static int hf_tacacs_version = -1;
static int hf_tacacs_type = -1;
static int hf_tacacs_nonce = -1;
static int hf_tacacs_userlen = -1;
static int hf_tacacs_passlen = -1;
static int hf_tacacs_response = -1;
static int hf_tacacs_reason = -1;
static int hf_tacacs_result1 = -1;
static int hf_tacacs_destaddr = -1;
static int hf_tacacs_destport = -1;
static int hf_tacacs_line = -1;
static int hf_tacacs_result2 = -1;
static int hf_tacacs_result3 = -1;
static gint ett_tacacs = -1;
static char *hf_tacplus_key;
#define VERSION_TACACS 0x00
#define VERSION_XTACACS 0x80
static const value_string tacacs_version_vals[] = {
{ VERSION_TACACS, "TACACS" },
{ VERSION_XTACACS, "XTACACS" },
{ 0, NULL }
};
#define TACACS_LOGIN 1
#define TACACS_RESPONSE 2
#define TACACS_CHANGE 3
#define TACACS_FOLLOW 4
#define TACACS_CONNECT 5
#define TACACS_SUPERUSER 6
#define TACACS_LOGOUT 7
#define TACACS_RELOAD 8
#define TACACS_SLIP_ON 9
#define TACACS_SLIP_OFF 10
#define TACACS_SLIP_ADDR 11
static const value_string tacacs_type_vals[] = {
{ TACACS_LOGIN, "Login" },
{ TACACS_RESPONSE, "Response" },
{ TACACS_CHANGE, "Change" },
{ TACACS_FOLLOW, "Follow" },
{ TACACS_CONNECT, "Connect" },
{ TACACS_SUPERUSER, "Superuser" },
{ TACACS_LOGOUT, "Logout" },
{ TACACS_RELOAD, "Reload" },
{ TACACS_SLIP_ON, "SLIP on" },
{ TACACS_SLIP_OFF, "SLIP off" },
{ TACACS_SLIP_ADDR, "SLIP Addr" },
{ 0, NULL }};
static const value_string tacacs_reason_vals[] = {
{ 0 , "none" },
{ 1 , "expiring" },
{ 2 , "password" },
{ 3 , "denied" },
{ 4 , "quit" },
{ 5 , "idle" },
{ 6 , "drop" },
{ 7 , "bad" },
{ 0 , NULL }
};
static const value_string tacacs_resp_vals[] = {
{ 0 , "this is not a response" },
{ 1 , "accepted" },
{ 2 , "rejected" },
{ 0 , NULL }
};
#define TAC_PLUS_AUTHEN 1
#define TAC_PLUS_AUTHOR 2
#define TAC_PLUS_ACCT 3
#define UDP_PORT_TACACS 49
#define TCP_PORT_TACACS 49
static char scratch_buffer[1024];
static void
dissect_tacplus_args_list( tvbuff_t *tvb, proto_tree *tree, int data_off, int len_off, int arg_cnt )
{
int i;
for(i=0;i<arg_cnt;i++){
int len=tvb_get_guint8(tvb,len_off+i);
proto_tree_add_text( tree, tvb, len_off+i, 1, "Arg(%d) length: %d", i, len );
tvb_get_nstringz0(tvb, data_off, len, scratch_buffer);
proto_tree_add_text( tree, tvb, data_off, len, "Arg(%d) value: %s", i, scratch_buffer );
data_off+=len;
}
}
static int
proto_tree_add_tacplus_common_fields( tvbuff_t *tvb, proto_tree *tree, int offset, int var_off )
{
int val;
/* priv_lvl */
proto_tree_add_text( tree, tvb, offset, 1,
"Privilege Level: %d", tvb_get_guint8(tvb,offset) );
offset++;
/* authen_type */
val=tvb_get_guint8(tvb,offset);
proto_tree_add_text( tree, tvb, offset, 1,
"Authentication type: 0x%01x (%s)",
val, val_to_str( val, tacplus_authen_type_vals, "Unknown Packet" ) );
offset++;
/* service */
val=tvb_get_guint8(tvb,offset);
proto_tree_add_text( tree, tvb, offset, 1,
"Service: 0x%01x (%s)",
val, val_to_str( val, tacplus_authen_service_vals, "Unknown Packet" ) );
offset++;
/* user_len && user */
val=tvb_get_guint8(tvb,offset);
proto_tree_add_text( tree, tvb, offset, 1, "User len: %d", val );
if( val ){
tvb_get_nstringz0(tvb, var_off, val, scratch_buffer);
proto_tree_add_text( tree, tvb, var_off, val, "User: %s", scratch_buffer );
var_off+=val;
}
offset++;
/* port_len && port */
val=tvb_get_guint8(tvb,offset);
proto_tree_add_text( tree, tvb, offset, 1, "Port len: %d", val );
if( val ){
tvb_get_nstringz0(tvb, var_off, val, scratch_buffer);
proto_tree_add_text( tree, tvb, var_off, val, "Port: %s", scratch_buffer );
var_off+=val;
}
offset++;
/* rem_addr_len && rem_addr */
val=tvb_get_guint8(tvb,offset);
proto_tree_add_text( tree, tvb, offset, 1, "Remaddr len: %d", val );
if( val ){
tvb_get_nstringz0(tvb, var_off, val, scratch_buffer);
proto_tree_add_text( tree, tvb, var_off, val, "Remote Address: %s", scratch_buffer );
var_off+=val;
}
return var_off;
}
static void
dissect_tacplus_body_authen_req( tvbuff_t* tvb, proto_tree *tree )
{
int val;
int var_off=AUTHEN_S_VARDATA_OFF;
/* Action */
val=tvb_get_guint8( tvb, AUTHEN_S_ACTION_OFF );
proto_tree_add_text( tree, tvb,
AUTHEN_S_ACTION_OFF, 1,
"Action: 0x%01x (%s)", val,
val_to_str( val, tacplus_authen_action_vals, "Unknown Packet" ) );
var_off=proto_tree_add_tacplus_common_fields( tvb, tree , AUTHEN_S_PRIV_LVL_OFF, AUTHEN_S_VARDATA_OFF );
val=tvb_get_guint8( tvb, AUTHEN_S_DATA_LEN_OFF );
proto_tree_add_text( tree, tvb, AUTHEN_S_DATA_LEN_OFF, 1, "Data: %d", val );
if( val ){
/* Data is NAS dependent.... */
proto_tree_add_text( tree, tvb, var_off, val, "Data" );
}
}
static void
dissect_tacplus_body_authen_req_cont( tvbuff_t *tvb, proto_tree *tree )
{
int val;
int var_off=AUTHEN_C_VARDATA_OFF;
val=tvb_get_guint8( tvb, AUTHEN_C_FLAGS_OFF );
proto_tree_add_text( tree, tvb,
AUTHEN_R_FLAGS_OFF, 1, "Flags: 0x%02x %s",
val,
(val&TAC_PLUS_CONTINUE_FLAG_ABORT?"(Abort)":"") );
val=tvb_get_ntohs( tvb, AUTHEN_C_USER_LEN_OFF );
proto_tree_add_text( tree, tvb, AUTHEN_C_USER_LEN_OFF, 2 , "User length: %d", val );
if( val ){
tvb_get_nstringz0( tvb, var_off, val, scratch_buffer );
proto_tree_add_text( tree, tvb, var_off, val, "User: %s", scratch_buffer );
var_off+=val;
}
val=tvb_get_ntohs( tvb, AUTHEN_C_DATA_LEN_OFF );
proto_tree_add_text( tree, tvb, AUTHEN_C_DATA_LEN_OFF, 2 ,
"Data length: %d", val );
if( val ){
proto_tree_add_text( tree, tvb, var_off, val, "Data" );
}
}
/* Server REPLY */
static void
dissect_tacplus_body_authen_rep( tvbuff_t *tvb, proto_tree *tree )
{
int val;
int var_off=AUTHEN_R_VARDATA_OFF;
val=tvb_get_guint8( tvb, AUTHEN_R_STATUS_OFF );
proto_tree_add_text(tree, tvb,
AUTHEN_R_STATUS_OFF, 1, "Status: 0x%01x (%s)", val,
val_to_str( val, tacplus_reply_status_vals, "Unknown Packet" ) );
val=tvb_get_guint8( tvb, AUTHEN_R_FLAGS_OFF );
proto_tree_add_text(tree, tvb,
AUTHEN_R_FLAGS_OFF, 1, "Flags: 0x%02x %s",
val, (val&TAC_PLUS_REPLY_FLAG_NOECHO?"(NoEcho)":"") );
val=tvb_get_ntohs(tvb, AUTHEN_R_SRV_MSG_LEN_OFF );
proto_tree_add_text( tree, tvb, AUTHEN_R_SRV_MSG_LEN_OFF, 2 ,
"Server message length: %d", val );
if( val ) {
tvb_get_nstringz0(tvb, var_off, val, scratch_buffer);
proto_tree_add_text(tree, tvb, var_off, val, "Server message: %s", scratch_buffer );
var_off+=val;
}
val=tvb_get_ntohs(tvb, AUTHEN_R_DATA_LEN_OFF );
proto_tree_add_text( tree, tvb, AUTHEN_R_DATA_LEN_OFF, 2 ,
"Data length: %d", val );
if( val ){
proto_tree_add_text(tree, tvb, var_off, val, "Data" );
}
}
static void
dissect_tacplus_body_author_req( tvbuff_t* tvb, proto_tree *tree )
{
int val;
int var_off;
val=tvb_get_guint8( tvb, AUTHOR_Q_AUTH_METH_OFF ) ;
proto_tree_add_text( tree, tvb, AUTHOR_Q_AUTH_METH_OFF, 1,
"Auth Method: 0x%01x (%s)", val,
val_to_str( val, tacplus_authen_method, "Unknown Authen Method" ) );
val=tvb_get_guint8( tvb, AUTHOR_Q_ARGC_OFF );
var_off=proto_tree_add_tacplus_common_fields( tvb, tree ,
AUTHOR_Q_PRIV_LVL_OFF,
AUTHOR_Q_VARDATA_OFF + val );
proto_tree_add_text( tree, tvb, AUTHOR_Q_ARGC_OFF, 1, "Arg count: %d", val );
/* var_off points after rem_addr */
dissect_tacplus_args_list( tvb, tree, var_off, AUTHOR_Q_VARDATA_OFF, val );
}
static void
dissect_tacplus_body_author_rep( tvbuff_t* tvb, proto_tree *tree )
{
int offset=AUTHOR_R_VARDATA_OFF;
int val=tvb_get_guint8( tvb, AUTHOR_R_STATUS_OFF ) ;
proto_tree_add_text( tree, tvb, AUTHOR_R_STATUS_OFF , 1,
"Auth Status: 0x%01x (%s)", val,
val_to_str( val, tacplus_author_status, "Unknown Authorization Status" ));
val=tvb_get_ntohs( tvb, AUTHOR_R_SRV_MSG_LEN_OFF );
offset+=val;
proto_tree_add_text( tree, tvb, AUTHOR_R_SRV_MSG_LEN_OFF, 2, "Server Msg length: %d", val );
val=tvb_get_ntohs( tvb, AUTHOR_R_DATA_LEN_OFF );
offset+=val;
proto_tree_add_text( tree, tvb, AUTHOR_R_DATA_LEN_OFF, 2, "Data length: %d", val );
val=tvb_get_guint8( tvb, AUTHOR_R_ARGC_OFF);
offset+=val;
proto_tree_add_text( tree, tvb, AUTHOR_R_ARGC_OFF, 1, "Arg count: %d", val );
dissect_tacplus_args_list( tvb, tree, offset, AUTHOR_R_VARDATA_OFF, val );
}
static void
dissect_tacplus_body_acct_req( tvbuff_t* tvb, proto_tree *tree )
{
int val, var_off;
val=tvb_get_guint8( tvb, ACCT_Q_FLAGS_OFF );
proto_tree_add_text( tree, tvb, ACCT_Q_FLAGS_OFF, 1, "Flags: 0x%04x", val );
val=tvb_get_guint8( tvb, ACCT_Q_METHOD_OFF );
proto_tree_add_text( tree, tvb, ACCT_Q_METHOD_OFF, 1,
"Authen Method: 0x%04x (%s)",
val, val_to_str( val, tacplus_authen_type_vals, "Unknown Packet" ) );
val=tvb_get_guint8( tvb, ACCT_Q_ARG_CNT_OFF );
/* authen_type */
var_off=proto_tree_add_tacplus_common_fields( tvb, tree ,
ACCT_Q_PRIV_LVL_OFF,
ACCT_Q_VARDATA_OFF+val
);
proto_tree_add_text( tree, tvb, ACCT_Q_ARG_CNT_OFF, 1,
"Arg Cnt: %d", val );
dissect_tacplus_args_list( tvb, tree, var_off, ACCT_Q_VARDATA_OFF, val );
}
static void
dissect_tacplus_body_acct_rep( tvbuff_t* tvb, proto_tree *tree )
{
int val, var_off=ACCT_Q_VARDATA_OFF;
/* Status */
val=tvb_get_guint8( tvb, ACCT_R_STATUS_OFF );
proto_tree_add_text( tree, tvb, ACCT_R_STATUS_OFF, 1, "Status: 0x%02x (%s)", val,
val_to_str( val, tacplus_acct_status, "Bogus status..") );
/* Server Message */
val=tvb_get_ntohs( tvb, ACCT_R_SRV_MSG_LEN_OFF );
proto_tree_add_text( tree, tvb, ACCT_R_SRV_MSG_LEN_OFF, 2 ,
"Server message length: %d", val );
if( val ) {
tvb_get_nstringz0( tvb, var_off, val, scratch_buffer );
proto_tree_add_text( tree, tvb, var_off,
val, "Server message: %s", scratch_buffer );
var_off+=val;
}
/* Data */
val=tvb_get_ntohs( tvb, ACCT_R_DATA_LEN_OFF );
proto_tree_add_text( tree, tvb, ACCT_R_DATA_LEN_OFF, 2 ,
"Data length: %d", val );
if( val ) {
tvb_get_nstringz0( tvb, var_off, val, scratch_buffer );
proto_tree_add_text( tree, tvb, var_off,
val, "Data: %s", scratch_buffer );
}
}
static void
dissect_tacplus_body(tvbuff_t * tvb, proto_tree * tree )
{
int type = tvb_get_guint8( tvb, H_TYPE_OFF );
int seq_no = tvb_get_guint8( tvb, H_SEQ_NO_OFF );
switch (type) {
case TAC_PLUS_AUTHEN:
if ( seq_no & 0x01) {
if ( seq_no == 1 )
dissect_tacplus_body_authen_req( tvb, tree );
else
dissect_tacplus_body_authen_req_cont( tvb, tree );
} else {
// printf("Len: %x %x\n",tac->body.authen.r.srv_msg_len,tvb_get_letohs(tvb, AUTHEN_R_SRV_MSG_LEN_OFF ) );
dissect_tacplus_body_authen_rep( tvb, tree );
}
return;
break;
case TAC_PLUS_AUTHOR:
if ( seq_no & 0x01)
dissect_tacplus_body_author_req( tvb, tree );
else
dissect_tacplus_body_author_rep( tvb, tree );
return;
break;
case TAC_PLUS_ACCT:
if ( seq_no & 0x01)
dissect_tacplus_body_acct_req( tvb, tree );
else
dissect_tacplus_body_acct_rep( tvb, tree );
return;
break;
}
proto_tree_add_text( tree, tvb, 0, tvb_get_ntohl(tvb, H_LENGTH_OFF), "Bogus..");
}
static void
dissect_tacacs(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
{
proto_tree *tacacs_tree;
proto_item *ti;
guint8 txt_buff[256],version,type,userlen,passlen;
if (check_col(pinfo->cinfo, COL_PROTOCOL))
col_set_str(pinfo->cinfo, COL_PROTOCOL, "TACACS");
if (check_col(pinfo->cinfo, COL_INFO))
col_clear(pinfo->cinfo, COL_INFO);
version = tvb_get_guint8(tvb,0);
if (version != 0) {
if (check_col(pinfo->cinfo, COL_PROTOCOL))
col_set_str(pinfo->cinfo, COL_PROTOCOL, "XTACACS");
}
type = tvb_get_guint8(tvb,1);
if (check_col(pinfo->cinfo, COL_INFO))
col_add_str(pinfo->cinfo, COL_INFO,
val_to_str(type, tacacs_type_vals, "Unknown (0x%02x)"));
if (tree)
{
ti = proto_tree_add_protocol_format(tree, proto_tacacs,
tvb, 0, -1, version==0?"TACACS":"XTACACS");
tacacs_tree = proto_item_add_subtree(ti, ett_tacacs);
proto_tree_add_uint(tacacs_tree, hf_tacacs_version, tvb, 0, 1,
version);
proto_tree_add_uint(tacacs_tree, hf_tacacs_type, tvb, 1, 1,
type);
proto_tree_add_item(tacacs_tree, hf_tacacs_nonce, tvb, 2, 2,
FALSE);
if (version==0)
{
if (type!=TACACS_RESPONSE)
{
userlen=tvb_get_guint8(tvb,4);
proto_tree_add_uint(tacacs_tree, hf_tacacs_userlen, tvb, 4, 1,
userlen);
passlen=tvb_get_guint8(tvb,5);
proto_tree_add_uint(tacacs_tree, hf_tacacs_passlen, tvb, 5, 1,
passlen);
tvb_get_nstringz0(tvb,6,userlen,txt_buff);
proto_tree_add_text(tacacs_tree, tvb, 6, userlen, "Username: %s",txt_buff);
tvb_get_nstringz0(tvb,6+userlen,passlen,txt_buff);
proto_tree_add_text(tacacs_tree, tvb, 6+userlen, passlen, "Password: %s",txt_buff);
}
else
{
proto_tree_add_item(tacacs_tree, hf_tacacs_response, tvb, 4, 1,
FALSE);
proto_tree_add_item(tacacs_tree, hf_tacacs_reason, tvb, 5, 1,
FALSE);
}
}
else
{
userlen=tvb_get_guint8(tvb,4);
proto_tree_add_uint(tacacs_tree, hf_tacacs_userlen, tvb, 4, 1,
userlen);
passlen=tvb_get_guint8(tvb,5);
proto_tree_add_uint(tacacs_tree, hf_tacacs_passlen, tvb, 5, 1,
passlen);
proto_tree_add_item(tacacs_tree, hf_tacacs_response, tvb, 6, 1,
FALSE);
proto_tree_add_item(tacacs_tree, hf_tacacs_reason, tvb, 7, 1,
FALSE);
proto_tree_add_item(tacacs_tree, hf_tacacs_result1, tvb, 8, 4,
FALSE);
proto_tree_add_item(tacacs_tree, hf_tacacs_destaddr, tvb, 12, 4,
FALSE);
proto_tree_add_item(tacacs_tree, hf_tacacs_destport, tvb, 16, 2,
FALSE);
proto_tree_add_item(tacacs_tree, hf_tacacs_line, tvb, 18, 2,
FALSE);
proto_tree_add_item(tacacs_tree, hf_tacacs_result2, tvb, 20, 4,
FALSE);
proto_tree_add_item(tacacs_tree, hf_tacacs_result3, tvb, 24, 2,
FALSE);
if (type!=TACACS_RESPONSE)
{
tvb_get_nstringz0(tvb,26,userlen,txt_buff);
proto_tree_add_text(tacacs_tree, tvb, 26, userlen, "Username: %s",txt_buff);
tvb_get_nstringz0(tvb,26+userlen,passlen,txt_buff);
proto_tree_add_text(tacacs_tree, tvb, 26+userlen, passlen, "Password; %s",txt_buff);
}
}
}
}
void
proto_register_tacacs(void)
{
static hf_register_info hf[] = {
{ &hf_tacacs_version,
{ "Version", "tacacs.version",
FT_UINT8, BASE_HEX, VALS(tacacs_version_vals), 0x0,
"Version", HFILL }},
{ &hf_tacacs_type,
{ "Type", "tacacs.type",
FT_UINT8, BASE_DEC, VALS(tacacs_type_vals), 0x0,
"Type", HFILL }},
{ &hf_tacacs_nonce,
{ "Nonce", "tacacs.nonce",
FT_UINT16, BASE_HEX, NULL, 0x0,
"Nonce", HFILL }},
{ &hf_tacacs_userlen,
{ "Username length", "tacacs.userlen",
FT_UINT8, BASE_DEC, NULL, 0x0,
"Username length", HFILL }},
{ &hf_tacacs_passlen,
{ "Password length", "tacacs.passlen",
FT_UINT8, BASE_DEC, NULL, 0x0,
"Password length", HFILL }},
{ &hf_tacacs_response,
{ "Response", "tacacs.response",
FT_UINT8, BASE_DEC, VALS(tacacs_resp_vals), 0x0,
"Response", HFILL }},
{ &hf_tacacs_reason,
{ "Reason", "tacacs.reason",
FT_UINT8, BASE_DEC, VALS(tacacs_reason_vals), 0x0,
"Reason", HFILL }},
{ &hf_tacacs_result1,
{ "Result 1", "tacacs.result1",
FT_UINT32, BASE_HEX, NULL, 0x0,
"Result 1", HFILL }},
{ &hf_tacacs_destaddr,
{ "Destination address", "tacacs.destaddr",
FT_IPv4, BASE_NONE, NULL, 0x0,
"Destination address", HFILL }},
{ &hf_tacacs_destport,
{ "Destination port", "tacacs.destport",
FT_UINT16, BASE_DEC, NULL, 0x0,
"Destination port", HFILL }},
{ &hf_tacacs_line,
{ "Line", "tacacs.line",
FT_UINT16, BASE_DEC, NULL, 0x0,
"Line", HFILL }},
{ &hf_tacacs_result2,
{ "Result 2", "tacacs.result2",
FT_UINT32, BASE_HEX, NULL, 0x0,
"Result 2", HFILL }},
{ &hf_tacacs_result3,
{ "Result 3", "tacacs.result3",
FT_UINT16, BASE_HEX, NULL, 0x0,
"Result 3", HFILL }},
};
static gint *ett[] = {
&ett_tacacs,
};
proto_tacacs = proto_register_protocol("TACACS", "TACACS", "tacacs");
proto_register_field_array(proto_tacacs, hf, array_length(hf));
proto_register_subtree_array(ett, array_length(ett));
}
void
proto_reg_handoff_tacacs(void)
{
dissector_handle_t tacacs_handle;
tacacs_handle = create_dissector_handle(dissect_tacacs, proto_tacacs);
dissector_add("udp.port", UDP_PORT_TACACS, tacacs_handle);
}
static int proto_tacplus = -1;
static int hf_tacplus_response = -1;
static int hf_tacplus_request = -1;
static int hf_tacplus_majvers = -1;
static int hf_tacplus_minvers = -1;
static int hf_tacplus_type = -1;
static int hf_tacplus_seqno = -1;
static int hf_tacplus_flags = -1;
static int hf_tacplus_flags_payload_type = -1;
static int hf_tacplus_flags_connection_type = -1;
static int hf_tacplus_session_id = -1;
static int hf_tacplus_packet_len = -1;
static gint ett_tacplus = -1;
static gint ett_tacplus_body = -1;
static gint ett_tacplus_flags = -1;
#define FLAGS_UNENCRYPTED 0x01
static const true_false_string payload_type = {
"Unencrypted",
"Encrypted"
};
#define FLAGS_SINGLE 0x04
static const true_false_string connection_type = {
"Single",
"Multiple"
};
static void
dissect_tacplus(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
{
proto_tree *tacplus_tree;
proto_item *ti;
guint8 version,flags;
proto_tree *flags_tree;
proto_item *tf;
proto_item *tmp_pi;
guint32 len;
gboolean request=(pinfo->match_port == pinfo->destport);
gboolean decrypted=FALSE;
if (check_col(pinfo->cinfo, COL_PROTOCOL))
col_set_str(pinfo->cinfo, COL_PROTOCOL, "TACACS+");
if (check_col(pinfo->cinfo, COL_INFO))
{
int type = tvb_get_guint8(tvb,1);
col_add_fstr( pinfo->cinfo, COL_INFO, "%s: %s",
request ? "Q" : "R",
val_to_str(type, tacplus_type_vals, "Unknown (0x%02x)"));
}
if (tree)
{
ti = proto_tree_add_protocol_format(tree, proto_tacplus,
tvb, 0, -1, "TACACS+");
tacplus_tree = proto_item_add_subtree(ti, ett_tacplus);
if (pinfo->match_port == pinfo->destport)
{
proto_tree_add_boolean_hidden(tacplus_tree,
hf_tacplus_request, tvb, 0, 0, TRUE);
}
else
{
proto_tree_add_boolean_hidden(tacplus_tree,
hf_tacplus_response, tvb, 0, 0, TRUE);
}
version = tvb_get_guint8(tvb,0);
proto_tree_add_uint_format(tacplus_tree, hf_tacplus_majvers, tvb, 0, 1,
version,
"Major version: %s",
(version&0xf0)==0xc0?"TACACS+":"Unknown Version");
proto_tree_add_uint(tacplus_tree, hf_tacplus_minvers, tvb, 0, 1,
version&0xf);
proto_tree_add_item(tacplus_tree, hf_tacplus_type, tvb, 1, 1,
FALSE);
proto_tree_add_item(tacplus_tree, hf_tacplus_seqno, tvb, 2, 1,
FALSE);
flags = tvb_get_guint8(tvb,3);
tf = proto_tree_add_uint_format(tacplus_tree, hf_tacplus_flags,
tvb, 3, 1, flags,
"Flags: %s, %s (0x%02x)",
(flags&FLAGS_UNENCRYPTED) ? "Unencrypted payload" :
"Encrypted payload",
(flags&FLAGS_SINGLE) ? "Single connection" :
"Multiple Connections",
flags);
flags_tree = proto_item_add_subtree(tf, ett_tacplus_flags);
proto_tree_add_boolean(flags_tree, hf_tacplus_flags_payload_type,
tvb, 3, 1, flags);
proto_tree_add_boolean(flags_tree, hf_tacplus_flags_connection_type,
tvb, 3, 1, flags);
proto_tree_add_item(tacplus_tree, hf_tacplus_session_id, tvb, 4, 4,
FALSE);
len = tvb_get_ntohl(tvb,8);
proto_tree_add_uint(tacplus_tree, hf_tacplus_packet_len, tvb, 8, 4,
len);
if (!(flags&FLAGS_UNENCRYPTED) && hf_tacplus_key && *hf_tacplus_key ) {
u_char*tacpkt=(u_char*)tvb_get_ptr( tvb, TAC_PLUS_HDR_SIZE, len );
guint32 tmp_sess;
tvb_memcpy(tvb,(guint8*)&tmp_sess,4,4);
md5_xor( tacpkt, hf_tacplus_key, len, tmp_sess,version, tvb_get_guint8(tvb,2) );
decrypted=TRUE;
}
tmp_pi = proto_tree_add_text(tacplus_tree, tvb, TAC_PLUS_HDR_SIZE, len, "%s%s",
((flags&FLAGS_UNENCRYPTED)?"":( decrypted?"Decrypted ":"Encrypted ")),
request?"Request":"Reply" );
if( decrypted || flags&FLAGS_UNENCRYPTED )
dissect_tacplus_body( tvb, proto_item_add_subtree( tmp_pi, ett_tacplus_body ) );
}
}
void
proto_register_tacplus(void)
{
module_t *tacplus_module;
static hf_register_info hf[] = {
{ &hf_tacplus_response,
{ "Response", "tacplus.response",
FT_BOOLEAN, BASE_NONE, NULL, 0x0,
"TRUE if TACACS+ response", HFILL }},
{ &hf_tacplus_request,
{ "Request", "tacplus.request",
FT_BOOLEAN, BASE_NONE, NULL, 0x0,
"TRUE if TACACS+ request", HFILL }},
{ &hf_tacplus_majvers,
{ "Major version", "tacplus.majvers",
FT_UINT8, BASE_DEC, NULL, 0x0,
"Major version number", HFILL }},
{ &hf_tacplus_minvers,
{ "Minor version", "tacplus.minvers",
FT_UINT8, BASE_DEC, NULL, 0x0,
"Minor version number", HFILL }},
{ &hf_tacplus_type,
{ "Type", "tacplus.type",
FT_UINT8, BASE_DEC, VALS(tacplus_type_vals), 0x0,
"Type", HFILL }},
{ &hf_tacplus_seqno,
{ "Sequence number", "tacplus.seqno",
FT_UINT8, BASE_DEC, NULL, 0x0,
"Sequence number", HFILL }},
{ &hf_tacplus_flags,
{ "Flags", "tacplus.flags",
FT_UINT8, BASE_HEX, NULL, 0x0,
"Flags", HFILL }},
{ &hf_tacplus_flags_payload_type,
{ "Payload type", "tacplus.flags.payload_type",
FT_BOOLEAN, 8, TFS(&payload_type), FLAGS_UNENCRYPTED,
"Payload type (unencrypted or encrypted)", HFILL }},
{ &hf_tacplus_flags_connection_type,
{ "Connection type", "tacplus.flags.connection_type",
FT_BOOLEAN, 8, TFS(&connection_type), FLAGS_SINGLE,
"Connection type (single or multiple)", HFILL }},
{ &hf_tacplus_session_id,
{ "Session ID", "tacplus.session_id",
FT_UINT32, BASE_DEC, NULL, 0x0,
"Session ID", HFILL }},
{ &hf_tacplus_packet_len,
{ "Packet length", "tacplus.packet_len",
FT_UINT32, BASE_DEC, NULL, 0x0,
"Packet length", HFILL }}
};
static gint *ett[] = {
&ett_tacplus,
&ett_tacplus_flags,
&ett_tacplus_body,
};
proto_tacplus = proto_register_protocol("TACACS+", "TACACS+", "tacplus");
proto_register_field_array(proto_tacplus, hf, array_length(hf));
proto_register_subtree_array(ett, array_length(ett));
tacplus_module = prefs_register_protocol (proto_tacplus, NULL);
prefs_register_string_preference ( tacplus_module, "key",
"TACACS+ Encryption Key", "TACACS+ Encryption Key", &hf_tacplus_key );
}
void
proto_reg_handoff_tacplus(void)
{
dissector_handle_t tacplus_handle;
tacplus_handle = create_dissector_handle(dissect_tacplus,
proto_tacplus);
dissector_add("tcp.port", TCP_PORT_TACACS, tacplus_handle);
}
#include <openssl/md5.h>
#define MD5_LEN 16
/* create_md5_hash and md5_xor functions are originally written by
* Roman Volkoff, rv@xxxxxx, for his library libTACACS
* http://provider.kht.ru/software/tacacs/libtacacs/
*/
static void
create_md5_hash(int session_id, char *key, u_char version, u_char seq_no,
u_char * prev_hash, u_char * hash)
{
u_char *md_stream, *mdp;
int md_len;
MD5_CTX mdcontext;
md_len = sizeof(session_id) + strlen(key) + sizeof(version) +
sizeof(seq_no);
if (prev_hash) {
md_len += MD5_LEN;
}
mdp = md_stream = (u_char *) malloc(md_len);
bcopy(&session_id, mdp, sizeof(session_id));
mdp += sizeof(session_id);
bcopy(key, mdp, strlen(key));
mdp += strlen(key);
bcopy(&version, mdp, sizeof(version));
mdp += sizeof(version);
bcopy(&seq_no, mdp, sizeof(seq_no));
mdp += sizeof(seq_no);
if (prev_hash) {
bcopy(prev_hash, mdp, MD5_LEN);
mdp += MD5_LEN;
}
MD5_Init(&mdcontext);
MD5_Update(&mdcontext, md_stream, md_len);
MD5_Final(hash, &mdcontext);
free(md_stream);
return;
}
static int
md5_xor( u_char *data, char *key, int data_len, guint32 session_id, u_char version, u_char seq_no )
{
int i,j;
u_char hash[MD5_LEN]; /* the md5 hash */
u_char last_hash[MD5_LEN]; /* the last hash we generated */
u_char *prev_hashp = (u_char *) NULL; /* pointer to last created hash */
for (i = 0; i < data_len; i += 16) {
create_md5_hash(session_id, key, version,
seq_no, prev_hashp, hash);
bcopy(hash, last_hash, MD5_LEN);
prev_hashp = last_hash;
for (j = 0; j < 16; j++) {
if ((i + j) >= data_len)
return 0;
data[i + j] ^= hash[j];
}
}
return 0;
}
#ifndef __PACKET_TACACS_H__
#define __PACKET_TACACS_H__
/* packet-tacacs.h
* Routines for cisco tacplus packet dissection
* Copyright 2000, Emanuele Caratti <wiz@xxxxxx>
*
* $Id: packet-tacacs.h,v 1.9 2002/05/18 19:18:16 wiz Exp $
*
* Ethereal - Network traffic analyzer
* By Gerald Combs <gerald@xxxxxxxx>
* Copyright 1998 Gerald Combs
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*/
#define TAC_PLUS_HDR_SIZE 12
#define MD5_LEN 16
#define MSCHAP_DIGEST_LEN 49
/* Tacacs+ packet type */
enum
{
TAC_PLUS_AUTHEN = 0x01, /* Authentication */
TAC_PLUS_AUTHOR = 0x02, /* Authorization */
TAC_PLUS_ACCT = 0x03 /* Accounting */
};
/* Flags */
#define TAC_PLUS_ENCRYPTED 0x0
#define TAC_PLUS_CLEAR 0x1
/* Authentication action to perform */
enum
{
TAC_PLUS_AUTHEN_LOGIN = 0x01,
TAC_PLUS_AUTHEN_CHPASS = 0x02,
TAC_PLUS_AUTHEN_SENDPASS = 0x03, /* deprecated */
TAC_PLUS_AUTHEN_SENDAUTH = 0x04
};
/* Authentication priv_levels */
enum
{
TAC_PLUS_PRIV_LVL_MAX = 0x0f,
TAC_PLUS_PRIV_LVL_ROOT = 0x0f,
TAC_PLUS_PRIV_LVL_USER = 0x01,
TAC_PLUS_PRIV_LVL_MIN = 0x00,
};
/* authen types */
enum
{
TAC_PLUS_AUTHEN_TYPE_ASCII = 0x01, /* ascii */
TAC_PLUS_AUTHEN_TYPE_PAP = 0x02, /* pap */
TAC_PLUS_AUTHEN_TYPE_CHAP = 0x03, /* chap */
TAC_PLUS_AUTHEN_TYPE_ARAP = 0x04, /* arap */
TAC_PLUS_AUTHEN_TYPE_MSCHAP = 0x05 /* mschap */
};
/* authen services */
enum
{
TAC_PLUS_AUTHEN_SVC_NONE = 0x00,
TAC_PLUS_AUTHEN_SVC_LOGIN = 0x01,
TAC_PLUS_AUTHEN_SVC_ENABLE = 0x02,
TAC_PLUS_AUTHEN_SVC_PPP = 0x03,
TAC_PLUS_AUTHEN_SVC_ARAP = 0x04,
TAC_PLUS_AUTHEN_SVC_PT = 0x05,
TAC_PLUS_AUTHEN_SVC_RCMD = 0x06,
TAC_PLUS_AUTHEN_SVC_X25 = 0x07,
TAC_PLUS_AUTHEN_SVC_NASI = 0x08,
TAC_PLUS_AUTHEN_SVC_FWPROXY = 0x09
};
/* status of reply packet, that client get from server in authen */
enum
{
TAC_PLUS_AUTHEN_STATUS_PASS = 0x01,
TAC_PLUS_AUTHEN_STATUS_FAIL = 0x02,
TAC_PLUS_AUTHEN_STATUS_GETDATA = 0x03,
TAC_PLUS_AUTHEN_STATUS_GETUSER = 0x04,
TAC_PLUS_AUTHEN_STATUS_GETPASS = 0x05,
TAC_PLUS_AUTHEN_STATUS_RESTART = 0x06,
TAC_PLUS_AUTHEN_STATUS_ERROR = 0x07,
TAC_PLUS_AUTHEN_STATUS_FOLLOW = 0x21
};
/* Authen reply Flags */
#define TAC_PLUS_REPLY_FLAG_NOECHO 0x01
/* Authen continue Flags */
#define TAC_PLUS_CONTINUE_FLAG_ABORT 0x01
/* methods of authentication */
enum {
TAC_PLUS_AUTHEN_METH_NOT_SET = 0x00,
TAC_PLUS_AUTHEN_METH_NONE = 0x01,
TAC_PLUS_AUTHEN_METH_KRB5 = 0x03,
TAC_PLUS_AUTHEN_METH_LINE = 0x03,
TAC_PLUS_AUTHEN_METH_ENABLE = 0x04,
TAC_PLUS_AUTHEN_METH_LOCAL = 0x05,
TAC_PLUS_AUTHEN_METH_TACACSPLUS = 0x06,
TAC_PLUS_AUTHEN_METH_GUEST = 0x08,
TAC_PLUS_AUTHEN_METH_RADIUS = 0x10,
TAC_PLUS_AUTHEN_METH_KRB4 = 0x11,
TAC_PLUS_AUTHEN_METH_RCMD = 0x20
};
/* authorization status */
enum
{
TAC_PLUS_AUTHOR_STATUS_PASS_ADD = 0x01,
TAC_PLUS_AUTHOR_STATUS_PASS_REPL = 0x02,
TAC_PLUS_AUTHOR_STATUS_FAIL = 0x10,
TAC_PLUS_AUTHOR_STATUS_ERROR = 0x11,
TAC_PLUS_AUTHOR_STATUS_FOLLOW = 0x21
};
/* accounting flag */
enum
{
TAC_PLUS_ACCT_FLAG_MORE = 0x1, /* deprecated */
TAC_PLUS_ACCT_FLAG_START = 0x2,
TAC_PLUS_ACCT_FLAG_STOP = 0x4,
TAC_PLUS_ACCT_FLAG_WATCHDOG = 0x8
};
/* accounting status */
enum {
TAC_PLUS_ACCT_STATUS_SUCCESS = 0x01,
TAC_PLUS_ACCT_STATUS_ERROR = 0x02,
TAC_PLUS_ACCT_STATUS_FOLLOW = 0x21
};
/* Header offsets */
#define H_VER_OFF (0)
#define H_TYPE_OFF (H_VER_OFF+1)
#define H_SEQ_NO_OFF (H_TYPE_OFF+1)
#define H_FLAGS_OFF (H_SEQ_NO_OFF+1)
#define H_SESSION_ID_OFF (H_FLAGS_OFF+1)
#define H_LENGTH_OFF (H_SESSION_ID_OFF+4)
/* authen START offsets */
#define AUTHEN_S_ACTION_OFF (TAC_PLUS_HDR_SIZE)
#define AUTHEN_S_PRIV_LVL_OFF (AUTHEN_S_ACTION_OFF+1)
#define AUTHEN_S_AUTHEN_TYPE_OFF (AUTHEN_S_PRIV_LVL_OFF+1)
#define AUTHEN_S_SERVICE_OFF (AUTHEN_S_AUTHEN_TYPE_OFF+1)
#define AUTHEN_S_USER_LEN_OFF (AUTHEN_S_SERVICE_OFF+1)
#define AUTHEN_S_PORT_LEN_OFF (AUTHEN_S_USER_LEN_OFF+1)
#define AUTHEN_S_REM_ADDR_LEN_OFF (AUTHEN_S_PORT_LEN_OFF+1)
#define AUTHEN_S_DATA_LEN_OFF (AUTHEN_S_REM_ADDR_LEN_OFF+1)
#define AUTHEN_S_VARDATA_OFF (AUTHEN_S_DATA_LEN_OFF+1) /* variable data offset (user, port, etc ) */
/* authen REPLY fields offset */
#define AUTHEN_R_STATUS_OFF (TAC_PLUS_HDR_SIZE)
#define AUTHEN_R_FLAGS_OFF (AUTHEN_R_STATUS_OFF+1)
#define AUTHEN_R_SRV_MSG_LEN_OFF (AUTHEN_R_FLAGS_OFF+1)
#define AUTHEN_R_DATA_LEN_OFF (AUTHEN_R_SRV_MSG_LEN_OFF+2)
#define AUTHEN_R_VARDATA_OFF (AUTHEN_R_DATA_LEN_OFF+2)
/* authen CONTINUE fields offset */
#define AUTHEN_C_USER_LEN_OFF (TAC_PLUS_HDR_SIZE)
#define AUTHEN_C_DATA_LEN_OFF (AUTHEN_C_USER_LEN_OFF+2)
#define AUTHEN_C_FLAGS_OFF (AUTHEN_C_DATA_LEN_OFF+2)
#define AUTHEN_C_VARDATA_OFF (AUTHEN_C_FLAGS_OFF+1)
/* acct REQUEST fields offsets */
#define ACCT_Q_FLAGS_OFF (TAC_PLUS_HDR_SIZE)
#define ACCT_Q_METHOD_OFF (ACCT_Q_FLAGS_OFF+1)
#define ACCT_Q_PRIV_LVL_OFF (ACCT_Q_METHOD_OFF+1)
#define ACCT_Q_AUTHEN_TYPE_OFF (ACCT_Q_PRIV_LVL_OFF+1)
#define ACCT_Q_SERVICE_OFF (ACCT_Q_AUTHEN_TYPE_OFF+1)
#define ACCT_Q_USER_LEN_OFF (ACCT_Q_SERVICE_OFF+1)
#define ACCT_Q_PORT_LEN_OFF (ACCT_Q_USER_LEN_OFF+1)
#define ACCT_Q_REM_ADDR_LEN_OFF (ACCT_Q_PORT_LEN_OFF+1)
#define ACCT_Q_ARG_CNT_OFF (ACCT_Q_REM_ADDR_LEN_OFF+1)
#define ACCT_Q_VARDATA_OFF (ACCT_Q_ARG_CNT_OFF+1)
/* acct REPLY fields offsets */
#define ACCT_R_SRV_MSG_LEN_OFF (TAC_PLUS_HDR_SIZE)
#define ACCT_R_DATA_LEN_OFF (ACCT_R_SRV_MSG_LEN_OFF+2)
#define ACCT_R_STATUS_OFF (ACCT_R_DATA_LEN_OFF+2)
#define ACCT_R_VARDATA_OFF (ACCT_R_STATUS_OFF+1)
/* AUTHORIZATION */
/* Request */
#define AUTHOR_Q_AUTH_METH_OFF (TAC_PLUS_HDR_SIZE)
#define AUTHOR_Q_PRIV_LVL_OFF (AUTHOR_Q_AUTH_METH_OFF+1)
#define AUTHOR_Q_AUTHEN_TYPE_OFF (AUTHOR_Q_PRIV_LVL_OFF+1)
#define AUTHOR_Q_SERVICE_OFF (AUTHOR_Q_AUTHEN_TYPE_OFF+1)
#define AUTHOR_Q_USER_LEN_OFF (AUTHOR_Q_SERVICE_OFF+1)
#define AUTHOR_Q_PORT_LEN_OFF (AUTHOR_Q_USER_LEN_OFF+1)
#define AUTHOR_Q_REM_ADDR_LEN_OFF (AUTHOR_Q_PORT_LEN_OFF+1)
#define AUTHOR_Q_ARGC_OFF (AUTHOR_Q_REM_ADDR_LEN_OFF+1)
#define AUTHOR_Q_VARDATA_OFF (AUTHOR_Q_ARGC_OFF+1)
/* Reply */
#define AUTHOR_R_STATUS_OFF (TAC_PLUS_HDR_SIZE)
#define AUTHOR_R_ARGC_OFF (AUTHOR_R_STATUS_OFF+1)
#define AUTHOR_R_SRV_MSG_LEN_OFF (AUTHOR_R_ARGC_OFF+1)
#define AUTHOR_R_DATA_LEN_OFF (AUTHOR_R_SRV_MSG_LEN_OFF+2)
#define AUTHOR_R_VARDATA_OFF (AUTHOR_R_DATA_LEN_OFF+2)
#if 0
/* Packet structures */
typedef struct {
u_char version;
u_char type;
u_char seq_no;
u_char flags;
guint32 session_id;
guint32 length;
} tacplus_pkt_hdr;
/* Authentication START packet */
typedef struct {
u_char action;
u_char priv_lvl;
u_char authen_type;
u_char service;
u_char user_len;
u_char port_len;
u_char rem_addr_len;
u_char data_len;
u_char vardata[1];
} tacplus_authen_start ;
/* Authentication CONTINUE packet */
typedef struct {
guint16 user_len;
guint16 data_len;
u_char flags;
u_char vardata[1];
} tacplus_authen_continue ;
/* Authentication REPLY packet */
typedef struct {
u_char status;
u_char flags;
guint16 srv_msg_len;
guint16 data_len;
u_char vardata[1];
} tacplus_authen_reply;
/* Authentication sub-PACKET */
typedef union {
tacplus_authen_start s; /* start */
tacplus_authen_continue c; /* continue */
tacplus_authen_reply r; /* reply (from srv) */
} tacplus_authen_pkt;
/* AUTHORIZATION request */
typedef struct {
u_char authen_method;
u_char priv_lvl;
u_char authen_type;
u_char authen_service;
u_char user_len;
u_char port_len;
u_char rem_addr_len;
u_char arg_cnt;
u_char vardata[1];
} tacplus_author_request;
typedef struct {
u_char status;
u_char arg_cnt;
guint16 srv_msg_len;
guint16 data_len;
u_char vardata[1];
} tacplus_author_reply;
typedef union {
tacplus_author_request q;
tacplus_author_reply r;
} tacplus_author_pkt;
/* ACCOUNTING request */
typedef struct {
u_char flags;
u_char authen_method;
u_char priv_lvl;
u_char authen_type;
u_char authen_service;
u_char user_len;
u_char port_len;
u_char rem_addr_len;
u_char arg_cnt;
u_char vardata[1];
} tacplus_account_request;
typedef struct {
guint16 srv_msg_len;
guint16 data_len;
u_char status;
u_char vardata[1];
} tacplus_account_reply;
typedef union {
tacplus_account_request q; /* Request */
tacplus_account_reply r; /* Reply */
} tacplus_account_pkt;
/* TACACS+ Packet */
typedef struct {
tacplus_pkt_hdr hdr;
union {
tacplus_authen_pkt authen;
tacplus_author_pkt author;
tacplus_account_pkt acct;
} body;
} tacplus_pkt;
#endif
/* From my old tacacs dissector */
static value_string tacplus_type_vals[] = {
{TAC_PLUS_AUTHEN, "Authentication"},
{TAC_PLUS_AUTHOR, "Authorization" },
{TAC_PLUS_ACCT, "Accounting" },
{0, NULL}};
static value_string tacplus_authen_action_vals[] = {
{TAC_PLUS_AUTHEN_LOGIN, "Inbound Login"},
{TAC_PLUS_AUTHEN_CHPASS, "Change password request"},
{TAC_PLUS_AUTHEN_SENDPASS, "Send password request"},
{TAC_PLUS_AUTHEN_SENDAUTH, "Outbound Request (SENDAUTH)"},
{0, NULL}};
#if 0
static value_string tacplus_authen_priv_lvl_vals[] = {
{TAC_PLUS_PRIV_LVL_MAX, "LVL_MAX"},
{TAC_PLUS_PRIV_LVL_ROOT, "LVL_ROOT"},
{TAC_PLUS_PRIV_LVL_USER, "LVL_USER"},
{TAC_PLUS_PRIV_LVL_MIN, "LVL_MIN"},
{0, NULL}};
#endif
static value_string tacplus_authen_type_vals[] = {
{TAC_PLUS_AUTHEN_TYPE_ASCII, "ASCII"},
{TAC_PLUS_AUTHEN_TYPE_PAP, "PAP"},
{TAC_PLUS_AUTHEN_TYPE_CHAP, "CHAP"},
{TAC_PLUS_AUTHEN_TYPE_ARAP, "ARAP"},
{TAC_PLUS_AUTHEN_TYPE_MSCHAP, "MS-CHAP"},
{0, NULL}};
static value_string tacplus_authen_service_vals[] = {
{TAC_PLUS_AUTHEN_SVC_NONE, "TAC_PLUS_AUTHEN_SVC_NONE"},
{TAC_PLUS_AUTHEN_SVC_LOGIN, "Login" },
{TAC_PLUS_AUTHEN_SVC_ENABLE, "ENABLE"},
{TAC_PLUS_AUTHEN_SVC_PPP, "PPP" },
{TAC_PLUS_AUTHEN_SVC_ARAP, "ARAP" },
{TAC_PLUS_AUTHEN_SVC_PT, "TAC_PLUS_AUTHEN_SVC_PT"},
{TAC_PLUS_AUTHEN_SVC_RCMD, "TAC_PLUS_AUTHEN_SVC_RCMD"},
{TAC_PLUS_AUTHEN_SVC_X25, "TAC_PLUS_AUTHEN_SVC_X25"},
{TAC_PLUS_AUTHEN_SVC_NASI, "TAC_PLUS_AUTHEN_SVC_NASI"},
{TAC_PLUS_AUTHEN_SVC_FWPROXY, "TAC_PLUS_AUTHEN_SVC_FWPROXY"},
{0, NULL}};
static value_string tacplus_reply_status_vals[] = {
{TAC_PLUS_AUTHEN_STATUS_PASS, "Authentication Passed"},
{TAC_PLUS_AUTHEN_STATUS_FAIL, "Authentication Failed"},
{TAC_PLUS_AUTHEN_STATUS_GETDATA, "Send Data"},
{TAC_PLUS_AUTHEN_STATUS_GETUSER, "Send Username"},
{TAC_PLUS_AUTHEN_STATUS_GETPASS, "Send Password"},
{TAC_PLUS_AUTHEN_STATUS_RESTART, "Restart Authentication Sequence"},
{TAC_PLUS_AUTHEN_STATUS_ERROR, "Unrecoverable Error"},
{TAC_PLUS_AUTHEN_STATUS_FOLLOW, "Use Alternate Server"},
{0, NULL}};
static value_string tacplus_authen_method[] = {
{TAC_PLUS_AUTHEN_METH_NOT_SET, "NOT_SET"},
{TAC_PLUS_AUTHEN_METH_NONE, "NONE"},
{TAC_PLUS_AUTHEN_METH_KRB5, "KRB5"},
{TAC_PLUS_AUTHEN_METH_LINE, "LINE"},
{TAC_PLUS_AUTHEN_METH_ENABLE, "ENABLE"},
{TAC_PLUS_AUTHEN_METH_LOCAL, "LOCAL"},
{TAC_PLUS_AUTHEN_METH_TACACSPLUS, "TACACSPLUS"},
{TAC_PLUS_AUTHEN_METH_GUEST, "GUEST"},
{TAC_PLUS_AUTHEN_METH_RADIUS, "RADIUS"},
{TAC_PLUS_AUTHEN_METH_KRB4, "KRB4"},
{TAC_PLUS_AUTHEN_METH_RCMD, "RCMD"},
{0, NULL}};
static value_string tacplus_author_status[] = {
{TAC_PLUS_AUTHOR_STATUS_PASS_ADD, "PASS_ADD"},
{TAC_PLUS_AUTHOR_STATUS_PASS_REPL, "PASS_REPL"},
{TAC_PLUS_AUTHOR_STATUS_FAIL, "FAIL"},
{TAC_PLUS_AUTHOR_STATUS_ERROR, "ERROR"},
{TAC_PLUS_AUTHOR_STATUS_FOLLOW, "FOLLOW"},
{0, NULL}};
static value_string tacplus_acct_status[] = {
{TAC_PLUS_ACCT_STATUS_SUCCESS, "Success"},
{TAC_PLUS_ACCT_STATUS_ERROR, "Error"},
{TAC_PLUS_ACCT_STATUS_FOLLOW, "Follow"},
{0, NULL}};
static value_string tacplus_acct_flags[] = {
{TAC_PLUS_ACCT_FLAG_MORE, "More (deprecated)"},
{TAC_PLUS_ACCT_FLAG_START, "Start"},
{TAC_PLUS_ACCT_FLAG_STOP, "Stop"},
{TAC_PLUS_ACCT_FLAG_WATCHDOG,"Update"},
{0, NULL}};
#endif /* __PACKET_TACACS_H__ */
- Follow-Ups:
- Re: [Ethereal-dev] New Tacacs+ dissector
- From: Guy Harris
- Re: [Ethereal-dev] New Tacacs+ dissector
- Prev by Date: Re: [Ethereal-dev] SST (Shiva Smart Tunnel)
- Next by Date: Re: [Ethereal-dev] New Tacacs+ dissector
- Previous by thread: Re: [Ethereal-dev] SST (Shiva Smart Tunnel)
- Next by thread: Re: [Ethereal-dev] New Tacacs+ dissector
- Index(es):