From owner-svn-src-all@FreeBSD.ORG  Fri Dec 11 07:53:44 2009
Return-Path: <owner-svn-src-all@FreeBSD.ORG>
Delivered-To: svn-src-all@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id D3F5F106566B;
	Fri, 11 Dec 2009 07:53:44 +0000 (UTC)
	(envelope-from syrinx@FreeBSD.org)
Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c])
	by mx1.freebsd.org (Postfix) with ESMTP id C21468FC1C;
	Fri, 11 Dec 2009 07:53:44 +0000 (UTC)
Received: from svn.freebsd.org (localhost [127.0.0.1])
	by svn.freebsd.org (8.14.3/8.14.3) with ESMTP id nBB7ritG099423;
	Fri, 11 Dec 2009 07:53:44 GMT (envelope-from syrinx@svn.freebsd.org)
Received: (from syrinx@localhost)
	by svn.freebsd.org (8.14.3/8.14.3/Submit) id nBB7rib9099418;
	Fri, 11 Dec 2009 07:53:44 GMT (envelope-from syrinx@svn.freebsd.org)
Message-Id: <200912110753.nBB7rib9099418@svn.freebsd.org>
From: Shteryana Shopova <syrinx@FreeBSD.org>
Date: Fri, 11 Dec 2009 07:53:44 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
	svn-src-head@freebsd.org
X-SVN-Group: head
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Cc: 
Subject: svn commit: r200399 - head/lib/libtacplus
X-BeenThere: svn-src-all@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "SVN commit messages for the entire src tree \(except for &quot;
	user&quot; and &quot; projects&quot; \)" <svn-src-all.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-all>,
	<mailto:svn-src-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-all>
List-Post: <mailto:svn-src-all@freebsd.org>
List-Help: <mailto:svn-src-all-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-all>,
	<mailto:svn-src-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 11 Dec 2009 07:53:45 -0000

Author: syrinx
Date: Fri Dec 11 07:53:44 2009
New Revision: 200399
URL: http://svn.freebsd.org/changeset/base/200399

Log:
  Add support for TACACS+ accounting to libtacplus(3).
  
  Submitted by:	Michael Pounov misho@aitbg.com
  OKed by:	emaste

Modified:
  head/lib/libtacplus/libtacplus.3
  head/lib/libtacplus/taclib.c
  head/lib/libtacplus/taclib.h
  head/lib/libtacplus/taclib_private.h

Modified: head/lib/libtacplus/libtacplus.3
==============================================================================
--- head/lib/libtacplus/libtacplus.3	Fri Dec 11 04:14:44 2009	(r200398)
+++ head/lib/libtacplus/libtacplus.3	Fri Dec 11 07:53:44 2009	(r200399)
@@ -44,6 +44,8 @@
 .Fn tac_create_authen "struct tac_handle *h" "int action" "int type" "int service"
 .Ft int
 .Fn tac_create_author "struct tac_handle *h" "int method" "int type" "int service"
+.Ft int
+.Fn tac_create_acct "struct tac_handle *h" "int acct" "int action" "int type" "int service"
 .Ft char *
 .Fn tac_get_av "struct tac_handle *h" "u_int index"
 .Ft char *
@@ -59,6 +61,8 @@
 .Ft int
 .Fn tac_send_author "struct tac_handle *h"
 .Ft int
+.Fn tac_send_acct "struct tac_handle *h"
+.Ft int
 .Fn tac_set_av "struct tac_handle *h" "u_int index" "const char *av_pair"
 .Ft int
 .Fn tac_set_data "struct tac_handle *h" "const void *data" "size_t data_len"
@@ -193,6 +197,20 @@ TACACS+ protocol specification.
 The
 .In taclib.h
 header file contains symbolic constants for these values.
+.Sh CREATING A TACACS+ ACCOUNTING REQUEST
+To begin constructing a new accounting request, call
+.Fn tac_create_acct .
+The
+.Va acct ,
+.Va action ,
+.Va type ,
+and
+.Va service
+arguments must be set to appropriate values as defined in the
+TACACS+ protocol specification.
+The
+.In taclib.h
+header file contains symbolic constants for these values.
 .Sh SETTING OPTIONAL PARAMETERS ON A REQUEST
 After creating a request,
 various optional parameters may be attached to it through calls to
@@ -354,6 +372,29 @@ include:
 .Pp
 The number of AV pairs received is obtained using
 .Fn TAC_AUTHEN_AV_COUNT .
+.Sh SENDING THE ACCOUNTING REQUEST AND RECEIVING THE RESPONSE
+After the TACACS+ authorization request has been constructed, it
+is sent by means of
+.Fn tac_send_acct .
+This function connects to a server if not already connected, sends
+the request, and waits for a reply.
+On failure,
+.Fn tac_send_acct
+returns \-1.
+Otherwise, it returns the TACACS+ status code 
+Possible status codes, defined in
+.In taclib.h ,
+include:
+.Pp
+.Bl -item -compact -offset indent
+.It
+.Dv TAC_ACCT_STATUS_SUCCESS
+.It
+.Dv TAC_ACCT_STATUS_ERROR
+.It
+.Dv TAC_ACCT_STATUS_FOLLOW
+.El
+.Pp
 .Sh EXTRACTING INFORMATION FROM THE SERVER'S AUTHORIZATION RESPONSE
 Like an authentication response packet, an authorization
 response packet from the
@@ -418,10 +459,14 @@ which can be retrieved using
 .It
 .Fn tac_create_author
 .It
+.Fn tac_create_acct
+.It
 .Fn tac_send_authen
 .It
 .Fn tac_send_author
 .It
+.Fn tac_send_acct
+.It
 .Fn tac_set_av
 .It
 .Fn tac_set_data

Modified: head/lib/libtacplus/taclib.c
==============================================================================
--- head/lib/libtacplus/taclib.c	Fri Dec 11 04:14:44 2009	(r200398)
+++ head/lib/libtacplus/taclib.c	Fri Dec 11 07:53:44 2009	(r200399)
@@ -211,6 +211,8 @@ protocol_version(int msg_type, int var, 
 	    }
         break;
 
+	case TAC_ACCT:
+
 	default:
 	    minor = 0;
         break;
@@ -967,6 +969,23 @@ tac_create_author(struct tac_handle *h, 
 	return 0;
 }
 
+int
+tac_create_acct(struct tac_handle *h, int acct, int action, int type, int service)
+{
+	struct tac_acct_start *as;
+
+	create_msg(h, TAC_ACCT, action, type);
+
+	as = &h->request.u.acct_start;
+	as->action = acct;
+	as->authen_action = action;
+	as->priv_lvl = TAC_PRIV_LVL_USER;
+	as->authen_type = type;
+	as->authen_service = service;
+
+	return 0;
+}
+
 static void
 create_msg(struct tac_handle *h, int msg_type, int var, int type)
 {
@@ -1158,6 +1177,49 @@ tac_send_author(struct tac_handle *h)
 }
 
 int
+tac_send_acct(struct tac_handle *h)
+{
+	register int i, current;
+	struct tac_acct_start *as = &h->request.u.acct_start;
+	struct tac_acct_reply *ar = &h->response.u.acct_reply;
+
+	/* start */
+	as = &h->request.u.acct_start;
+	h->request.length = htonl(offsetof(struct tac_acct_start, rest[0]));
+	for (as->av_cnt = 0, i = 0; i < MAXAVPAIRS; i++)
+		if (h->avs[i].len && h->avs[i].data)
+			as->av_cnt++;
+	h->request.length = ntohl(htonl(h->request.length) + as->av_cnt);
+
+	if (add_str_8(h, &as->user_len, &h->user) == -1 ||
+	    add_str_8(h, &as->port_len, &h->port) == -1 ||
+	    add_str_8(h, &as->rem_addr_len, &h->rem_addr) == -1)
+		return -1;
+
+	for (i = current = 0; i < MAXAVPAIRS; i++)
+		if (h->avs[i].len && h->avs[i].data)
+			if (add_str_8(h, &as->rest[current++], &(h->avs[i])) == -1)
+				return -1;
+
+	/* send */
+	if (send_msg(h) == -1 || recv_msg(h) == -1)
+		return -1;
+
+	/* reply */
+	h->srvr_pos = offsetof(struct tac_acct_reply, rest[0]);
+	if (get_srvr_str(h, "msg", &h->srvr_msg, ntohs(ar->msg_len)) == -1 ||
+	    get_srvr_str(h, "data", &h->srvr_data, ntohs(ar->data_len)) == -1 ||
+	    get_srvr_end(h) == -1)
+		return -1;
+
+	/* Sanity checks */
+	if (!h->single_connect)
+		close_connection(h);
+
+	return ar->status;
+}
+
+int
 tac_set_rem_addr(struct tac_handle *h, const char *addr)
 {
 	return save_str(h, &h->rem_addr, addr, addr != NULL ? strlen(addr) : 0);

Modified: head/lib/libtacplus/taclib.h
==============================================================================
--- head/lib/libtacplus/taclib.h	Fri Dec 11 04:14:44 2009	(r200398)
+++ head/lib/libtacplus/taclib.h	Fri Dec 11 07:53:44 2009	(r200399)
@@ -103,6 +103,17 @@ struct tac_handle;
 #define TAC_AUTHOR_STATUS_FAIL          0x10
 #define TAC_AUTHOR_STATUS_ERROR         0x11
 
+/* Accounting actions */
+#define TAC_ACCT_MORE			0x1
+#define TAC_ACCT_START			0x2
+#define TAC_ACCT_STOP			0x4
+#define TAC_ACCT_WATCHDOG		0x8
+
+/* Accounting status */
+#define TAC_ACCT_STATUS_SUCCESS		0x1
+#define TAC_ACCT_STATUS_ERROR		0x2
+#define TAC_ACCT_STATUS_FOLLOW		0x21
+
 __BEGIN_DECLS
 int			 tac_add_server(struct tac_handle *,
 			    const char *, int, const char *, int, int);
@@ -127,6 +138,8 @@ int			 tac_set_av(struct tac_handle *, u
 char			*tac_get_av(struct tac_handle *, u_int);
 char			*tac_get_av_value(struct tac_handle *, const char *);
 void			 tac_clear_avs(struct tac_handle *);
+int			 tac_create_acct(struct tac_handle *, int, int, int, int);
+int			 tac_send_acct(struct tac_handle *);
 __END_DECLS
 
 #endif /* _TACLIB_H_ */

Modified: head/lib/libtacplus/taclib_private.h
==============================================================================
--- head/lib/libtacplus/taclib_private.h	Fri Dec 11 04:14:44 2009	(r200398)
+++ head/lib/libtacplus/taclib_private.h	Fri Dec 11 07:53:44 2009	(r200399)
@@ -132,6 +132,26 @@ struct tac_author_response {
 	unsigned char	rest[1];
 };
 
+struct tac_acct_start {
+	u_int8_t	action;
+	u_int8_t	authen_action;
+	u_int8_t	priv_lvl;
+	u_int8_t	authen_type;
+	u_int8_t	authen_service;
+	u_int8_t	user_len;
+	u_int8_t	port_len;
+	u_int8_t	rem_addr_len;
+	u_int8_t	av_cnt;
+	unsigned char	rest[1];
+};
+
+struct tac_acct_reply {
+	u_int16_t	msg_len;
+	u_int16_t	data_len;
+	u_int8_t	status;
+	unsigned char	rest[1];
+};
+
 struct tac_msg {
 	u_int8_t	version;
 	u_int8_t	type;
@@ -145,6 +165,8 @@ struct tac_msg {
 		struct tac_authen_cont authen_cont;
 		struct tac_author_request author_request;
 		struct tac_author_response author_response;
+		struct tac_acct_start acct_start;
+		struct tac_acct_reply acct_reply;
 		unsigned char body[BODYSIZE];
 	} u;
 };