kravietz · pprindeville · Oct 7, 2016 · Oct 7, 2016 · Dec 8, 2016 · Oct 18, 2016
diff --git a/Makefile.am b/Makefile.am
@@ -45,6 +45,7 @@ libtac/lib/read_wait.c \
 libtac/lib/version.c \
 libtac/lib/xalloc.c \
 libtac/lib/xalloc.h \
+libtac/lib/session.c \
 $(libtac_include_HEADERS)
 if MY_MD5
 libtac_la_SOURCES += \

diff --git a/configure.ac b/configure.ac
@@ -48,6 +48,7 @@ dnl --------------------------------------------------------------------
 dnl Checks for header files.
 AC_HEADER_STDC
 AC_CHECK_HEADERS([arpa/inet.h fcntl.h netdb.h netinet/in.h stdlib.h string.h strings.h sys/socket.h sys/time.h ])
+AC_CHECK_HEADERS([stdbool.h limits.h assert.h])
 AC_CHECK_HEADERS([syslog.h unistd.h openssl/md5.h openssl/rand.h linux/random.h sys/random.h])
 AC_CHECK_HEADER(security/pam_appl.h, [], [AC_MSG_ERROR([PAM libraries missing. Install with "yum install pam-devel" or "apt-get install libpam-dev".])] )
 AM_CONDITIONAL(MY_MD5, [test "$ac_cv_header_openssl_md5_h" = "no" ])

diff --git a/libtac/include/libtac.h b/libtac/include/libtac.h
@@ -42,6 +42,9 @@ extern "C" {
 #else
 #include "cdefs.h"
 #endif
+#include <assert.h>
+#include <stdbool.h>
+#include <limits.h>
 #include "tacplus.h"
 
 #if defined(DEBUGTAC) && !defined(TACDEBUG)
@@ -87,6 +90,7 @@ struct tac_attrib {
 struct areply {
 	struct tac_attrib *attr;
 	char *msg;
+	char *data;
 	int status :8;
 	int flags :8;
 	int seq_no :8;
@@ -132,50 +136,116 @@ extern int tac_ver_major;
 extern int tac_ver_minor;
 extern int tac_ver_patch;
 
-/* header.c */
-extern int session_id;
-extern int tac_encryption;
-extern const char *tac_secret;
-extern char tac_login[64];
-extern int tac_priv_lvl;
-extern int tac_authen_method;
-extern int tac_authen_service;
+/* session.c */
+struct tac_session {
+    unsigned tac_timeout;
+    const char *tac_secret;
+    uint32_t tac_session_id;
+    bool tac_encryption;
+    uint8_t tac_priv_lvl;
+    uint8_t tac_authen_method;
+    uint8_t tac_authen_service;
+    uint8_t tac_authen_type;
+    uint8_t seq_no;
+    int fd;
+
+    /* user defined stuff */
+    uint8_t user_data[0];
+};
+
+struct tac_session *tac_session_alloc(void);
+struct tac_session *tac_session_alloc_extra(unsigned);
+void tac_session_set_authen_type(struct tac_session *, uint8_t);
+void tac_session_set_secret(struct tac_session *, const char *);
+void tac_session_set_timeout(struct tac_session *, unsigned);
+void tac_session_new_session_id(struct tac_session *);
+void tac_session_reset_seq(struct tac_session *);
+void *tac_session_get_user_data(struct tac_session *);
+void tac_session_free(struct tac_session *);
 
+/* header.c */
 extern int tac_debug_enable;
 extern int tac_readtimeout_enable;
 
+/* we return a void * because there are different types of bodies */
+static inline void *tac_hdr_to_body(HDR *th)
+{
+    return (void *)((u_char *)th + TAC_PLUS_HDR_SIZE);
+}
+
+HDR *_tac_req_header(struct tac_session *, u_char, bool);
+
 /* connect.c */
 extern int tac_timeout;
 
-int tac_connect(struct addrinfo **, char **, int);
-int tac_connect_single(const struct addrinfo *, const char *, struct addrinfo *,
-		int);
+int tac_connect(struct tac_session *, struct addrinfo **, unsigned);
+int tac_connect_single(struct tac_session *, const struct addrinfo *, struct addrinfo *, int);
+void tac_close(struct tac_session *);
 char *tac_ntop(const struct sockaddr *);
 
-int tac_authen_send(int, const char *, const char *, const char *, const char *,
-		u_char);
-int tac_authen_read(int, struct areply *);
-int tac_cont_send_seq(int, const char *, int);
-#define tac_cont_send(fd, pass) tac_cont_send_seq((fd), (pass), 3)
-HDR *_tac_req_header(u_char, int);
-void _tac_crypt(u_char *, const HDR *);
+/* authen_s.c */
+u_char tac_get_authen_type(const char *);
+const char *tag_get_authen_string(uint8_t);
+
+void tac_authen_send_pkt(struct tac_session *,
+    const char *, const char *, const char *, const char *, u_char,
+    u_char **, unsigned *);
+int tac_authen_send(struct tac_session *,
+    const char *, const char *, const char *, const char *, u_char);
+
+/* authen_r.c */
+int tac_authen_parse(struct tac_session *, struct areply *, u_char *, unsigned);
+int tac_authen_read(struct tac_session *, struct areply *);
+
+/* cont_s.c */
+void tac_cont_send_pkt(struct tac_session *, const char *,
+   u_char **, unsigned *);
+int tac_cont_send(struct tac_session *, const char *);
+
+/* crypt.c */
+void _tac_crypt(const struct tac_session *, u_char *, const HDR *);
+
+/* author_r.c */
+int tac_author_parse(struct tac_session *, u_char *, unsigned, struct areply *);
+int tac_author_read(struct tac_session *, struct areply *);
+
+/* author_s.c */
+void tac_author_send_pkt(struct tac_session *, const char *, const char *,
+    const char *, struct tac_attrib *, u_char **, unsigned *);
+int tac_author_send(struct tac_session *, const char *, const char *,
+    const char *, struct tac_attrib *);
+
+/* attrib.c */
 void tac_add_attrib(struct tac_attrib **, char *, char *);
+void tac_add_attrib_pair(struct tac_attrib **, char *, char, char *);
 void tac_free_attrib(struct tac_attrib **);
-char *tac_acct_flag2str(int);
-int tac_acct_send(int, int, const char *, char *, char *, struct tac_attrib *);
-int tac_acct_read(int, struct areply *);
+
+/* acct_s.c */
+char *tac_acct_flag2str(u_char);
+void tac_acct_send_pkt(struct tac_session *, u_char, const char *,
+    const char *, const char *, struct tac_attrib *, u_char **, unsigned *);
+int tac_acct_send(struct tac_session *, u_char, const char *,
+    const char *, const char *, struct tac_attrib *);
+
+/* acct_r.c */
+int tac_acct_parse(struct tac_session *, u_char *, unsigned,
+    struct areply *);
+int tac_acct_read(struct tac_session *, struct areply *);
+
+/* xalloc.c */
 void *xcalloc(size_t, size_t);
 void *xrealloc(void *, size_t);
 char *xstrcpy(char *, const char *, size_t);
-char *_tac_check_header(HDR *, int);
-int tac_author_send(int, const char *, char *, char *, struct tac_attrib *);
-int tac_author_read(int, struct areply *);
-void tac_add_attrib_pair(struct tac_attrib **, char *, char, char *);
-int tac_read_wait(int, int, int, int *);
+
+/* hdr_check.c */
+char *_tac_check_header(struct tac_session *, HDR *, uint8_t);
 
 /* magic.c */
 u_int32_t magic(void);
 
+/* read_wait.c */
+int tac_read_wait(int, int, int, int *);
+
 #ifdef __cplusplus
 }
 #endif

diff --git a/libtac/include/tacplus.h b/libtac/include/tacplus.h
@@ -107,6 +107,7 @@ struct authen_cont {
     u_short user_msg_len;
     u_short user_data_len;
     u_char flags;
+    u_char msg[0];
 
 #define TAC_PLUS_CONTINUE_FLAG_ABORT 0x01
 
@@ -133,6 +134,7 @@ struct authen_reply {
 
     u_short msg_len;
     u_short data_len;
+    u_char  msg[0];
 };
 
 #define TAC_AUTHEN_REPLY_FIXED_FIELDS_SIZE 6
@@ -173,6 +175,7 @@ struct acct {
     u_char port_len;
     u_char r_addr_len;
     u_char arg_cnt;    /* the number of cmd args */
+    u_char arg_len[0];
 };
 
 #define TAC_ACCT_REQ_FIXED_FIELDS_SIZE 9
@@ -201,6 +204,7 @@ struct author {
     u_char port_len;
     u_char r_addr_len;
     u_char arg_cnt;    /* the number of args */
+    u_char arg_len[0];
 };
 
 #define TAC_AUTHOR_REQ_FIXED_FIELDS_SIZE 8
@@ -211,6 +215,7 @@ struct author_reply {
     u_char arg_cnt;
     u_short msg_len;
     u_short data_len;
+    u_char  arg_len[0];
 
 #define TAC_PLUS_AUTHOR_STATUS_PASS_ADD  0x01
 #define TAC_PLUS_AUTHOR_STATUS_PASS_REPL 0x02