/ 
Net-TacacsPlus-1.10
River stage one • 1 direct dependent • 2 total dependents
/ Net::TacacsPlus::Packet

NAME

Net::TacacsPlus::Packet - Tacacs+ packet object

SYNOPSIS

# construct authentication START packet

$pkt = Net::TacacsPlus::Packet->new(
	#header
	'type' => TAC_PLUS_AUTHEN,
	'seq_no' => 1,
	'flags' => 0,
	'session_id' => $session_id,
	#start
	'action' => TAC_PLUS_AUTHEN_LOGIN,
	'authen_type' => TAC_PLUS_AUTHEN_TYPE_(ASCII|PAP),
	'key' => $secret,
	);


# construct authentication CONTINUE packet

$pkt = Net::TacacsPlus::Packet->new(
	#header
	'type' => TAC_PLUS_AUTHEN,
	'seq_no' => 3,
	'session_id' => $session_id,
	#continue
	'user_msg' => $username,
	'data' => '',
	'key' => $secret,
	);

# construct authentication REPLY packet from received raw packet

$reply = Net::TacacsPlus::Packet->new(
		'type' => TAC_PLUS_AUTHEN,
		'raw' => $raw_reply,
		'key' => $secret,
		);

# construct authorization REQUEST packet

$pkt = Net::TacacsPlus::Packet->new(
	#header
	'type' => TAC_PLUS_AUTHOR,
	'seq_no' => 1,
	'session_id' => $session_id,
	#request
	'user' => $username,
	'args' => $args, # arrayref
	'key' => $secret,
	);

# construct authorization RESPONSE packet from received raw packet

$response = Net::TacacsPlus::Packet->new(
		'type' => TAC_PLUS_AUTHOR,
		'raw' => $raw_reply,
		'key' => $secret,
		);

# construct accounting REQUEST packet

$pkt = Net::TacacsPlus::Packet->new(
	#header
	'type' => TAC_PLUS_ACCT,
	'seq_no' => 1,
	'session_id' => $session_id,
	#request
	'acct_flags' => TAC_PLUS_ACCT_FLAG_*,
	'user' => $username,
	'args' => $args, # arrayref
	'key' => $secret,
	);

# construct accounting REPLY packet from received raw packet

$reply = Net::TacacsPlus::Packet->new(
		'type' => TAC_PLUS_ACCT,
		'raw' => $raw_reply,
		'key' => $secret,
		);

DESCRIPTION

Library to create and manipulate Tacacs+ packets. Object can be build from parameters or from raw received packet.

AUTHOR

Jozef Kutej <jkutej@cpan.org>

Authorization and Accounting contributed by Rubio Vaughan <rubio@passim.net>

VERSION

1.06

SEE ALSO

tac-rfc.1.78.txt, Net::TacacsPlus::Client

METHODS

new( somekey => somevalue )

1. if constructing from parameters need this parameters:

for header:

'type'      : TAC_PLUS_(AUTHEN|AUTHOR|ACCT) 
'seq_no'    : sequencenumber
'flags'     : TAC_PLUS_(UNENCRYPTED_FLAG|SINGLE_CONNECT_FLAG)
'session_id': session id

for authentication START body:

'action'     : TAC_PLUS_AUTHEN_(LOGIN|CHPASS|SENDPASS|SENDAUTH)
'authen_type': TAC_PLUS_AUTHEN_TYPE_(ASCII|PAP)
'key'        : encryption key

for authentication CONTINUE body: 'user_msg': msg required by server 'data' : data required by server 'key' : encryption key

for authorization REQUEST body: 'user': username 'args': authorization arguments 'key' : encryption key

for accounting REQUEST body: 'acct_flags': TAC_PLUS_ACCT_FLAG_(MORE|START|STOP|WATCHDOG) 'user' : username 'args' : authorization arguments 'key' : encryption key

2. if constructing from received raw packet

for AUTHEN reply, AUTHOR response and ACCT reply:

'type': TAC_PLUS_(AUTHEN|AUTHOR|ACCT)
'raw' : raw packet
'key' : encryption key
check_reply($snd, $rcv)

compare send and reply packet for errors

$snd - packet object that was send $rcv - packet object that was received afterwards

checks sequence number, session id, version and flags

decode_raw($raw_pkt)

From raw packet received create reply object: Net::TacacsPlus::Packet::AuthenReplyBody or Net::TacacsPlus::Packet::AuthorResponseBody or Net::TacacsPlus::Packet::AccountReplyBody

raw( )

return binary representation of whole packet.

raw_xor_body($data)

XOR $data by pseudo pas.

compute_pseudo_pad( $sess_id,$key,$version,$seq_no,$length )

compute md5 hash from parameters truncated to $length

pseudo_pad = {MD5_1 [,MD5_2 [ ... ,MD5_n]]} truncated to len(data)

The first MD5 hash is generated by concatenating the session_id, the secret key, the version number and the sequence number and then running MD5 over that stream. All of those input values are available in the packet header, except for the secret key which is a shared secret between the TACACS+ client and daemon.

server_msg( )

returns last server msg

seq_no()

Return packet sequence number.

session_id()

Return packet session id.

version()

Return version from packet header

flags()

Return flags from packet header.

args()

Return arguments returned by server in authorization response packet.

status( )

returns status of packet. it is used in REPLY packets received from server.

status is one of:

TAC_PLUS_AUTHEN_STATUS_PASS        => 0x01,
TAC_PLUS_AUTHEN_STATUS_FAIL        => 0x02,
TAC_PLUS_AUTHEN_STATUS_GETDATA     => 0x03,
TAC_PLUS_AUTHEN_STATUS_GETUSER     => 0x04,
TAC_PLUS_AUTHEN_STATUS_GETPASS     => 0x05,
TAC_PLUS_AUTHEN_STATUS_RESTART     => 0x06,
TAC_PLUS_AUTHEN_STATUS_ERROR       => 0x07,
TAC_PLUS_AUTHEN_STATUS_FOLLOW      => 0x21,
TAC_PLUS_AUTHOR_STATUS_PASS_ADD    => 0x01,
TAC_PLUS_AUTHOR_STATUS_PASS_REPL   => 0x02,
TAC_PLUS_AUTHOR_STATUS_FAIL        => 0x10,
TAC_PLUS_AUTHOR_STATUS_ERROR       => 0x11,
TAC_PLUS_AUTHOR_STATUS_FOLLOW      => 0x21,
TAC_PLUS_ACCT_STATUS_SUCCESS       => 0x01,
TAC_PLUS_ACCT_STATUS_ERROR         => 0x02,
TAC_PLUS_ACCT_STATUS_FOLLOW        => 0x21,
send()

Send out packet.

type()

Returns packet type taken from packet header eg. $self->header->type;

COPYRIGHT AND LICENSE

Copyright (C) 2006 by Jozef Kutej

This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself, either Perl version 5.8.4 or, at your option, any later version of Perl 5 you may have available.