# tacacs-plus [TACACS+]
This is a simple TACACS+ library to help with basic encoding and decoding of TACACS+ authentication and authorization packets.
More information on TACACS+ can be found here, https://tools.ietf.org/html/draft-ietf-opsawg-tacacs-05.
var tacacs = ;// receive or send raw TCP packet (port 49) to a TACACS+ server or clientvar decoded = tacacs;
The decoded object, depending on the sequence of packets, should be something along the lines of this.
In certain instances, the data element may not be populated if there is an issue with the type of messages or the sequence number. You can manually decode a message body using the decode functions in the library.
Creating a Simple Auth Start
If you are creating a client, to create a simple auth start to send to a server, simply do something along the lines of the following code snippit.
var tacacs = ;// create the auth start bodyvar authStart = tacacs;// create the tacacs+ headervar header = tacacs;// combine the header and bodyvar authStartPacket = Buffer;// open a connection and send the raw packet via TCP to the server (this example is not using encryption)
- All decode processes take Buffers that are then converted to objects.
- All create processes take objects and return Buffers of data.
You can use the
decodeByteData functions to encrypt and decrypt data packets.
Using encryption requires a shared secret key as well as cryptographically secure random Session ID values.
var crypto = ;var tacacs = ;// Generate a random 32-bit sessionvar sessionIdBytes = crypto;var sessionId = Math;// create the auth start bodyvar authStart = tacacs;var version = tacacs;var sequenceNumber = 1;var encryptedAuthStart = tacacs;// create the tacacs+ headervar headerOptions =majorVersion: tacacsTAC_PLUS_MAJOR_VERminorVersion: tacacsTAC_PLUS_MINOR_VER_DEFAULTtype: tacacsTAC_PLUS_AUTHENsequenceNumber: sequenceNumberflags: 0x0 // setting this to zero assumes encryption is being usedsessionId: sessionIdlength: authStartlengthvar header = tacacs;var packetToSend = Buffer;// open a connection and send the packet via TCP to the server
Here is a very simple client that sends a auth start packet to a server, then the server responds to the client... this is a very simple "getting started" sample, that requires a lot more development to implement a full workflow, but it illustrates how to start.
For a more complete client example, see
var crypto = ;var tacacs = ;// SAMPLE SERVERvar server = net;server;server;// SIMPLE CLIENTvar client = net;client;client;
simple authorization request and responses can also be created by using the createAuthorizationRequest and createAuthorizationResponse and their associated decode processes.
const tacacs = ;var authorReq = tacacs;console;var decodedReq = tacacs;console;console;var authorResp = tacacs;console;var decodedResp = tacacs;console;