/*
* Initialize the request.
*/
static int request_init(char const *filename)
{
FILE *fp;
vp_cursor_t cursor;
VALUE_PAIR *vp;
int filedone = 0;
/*
* Determine where to read the VP's from.
*/
if (filename) {
fp = fopen(filename, "r");
if (!fp) {
fprintf(stderr, "dhcpclient: Error opening %s: %s\n",
filename, fr_syserror(errno));
return 0;
}
} else {
fp = stdin;
}
request = rad_alloc(NULL, 0);
/*
* Read the VP's.
*/
request->vps = readvp2(NULL, fp, &filedone, "dhcpclient:");
if (!request->vps) {
rad_free(&request);
if (fp != stdin) fclose(fp);
return 1;
}
/*
* Fix / set various options
*/
for (vp = paircursor(&cursor, &request->vps); vp; vp = pairnext(&cursor)) {
switch (vp->da->attr) {
default:
break;
/*
* Allow it to set the packet type in
* the attributes read from the file.
*/
case PW_PACKET_TYPE:
request->code = vp->vp_integer;
break;
case PW_PACKET_DST_PORT:
request->dst_port = (vp->vp_integer & 0xffff);
break;
case PW_PACKET_DST_IP_ADDRESS:
request->dst_ipaddr.af = AF_INET;
request->dst_ipaddr.ipaddr.ip4addr.s_addr = vp->vp_ipaddr;
break;
case PW_PACKET_DST_IPV6_ADDRESS:
request->dst_ipaddr.af = AF_INET6;
request->dst_ipaddr.ipaddr.ip6addr = vp->vp_ipv6addr;
break;
case PW_PACKET_SRC_PORT:
request->src_port = (vp->vp_integer & 0xffff);
break;
case PW_PACKET_SRC_IP_ADDRESS:
request->src_ipaddr.af = AF_INET;
request->src_ipaddr.ipaddr.ip4addr.s_addr = vp->vp_ipaddr;
break;
case PW_PACKET_SRC_IPV6_ADDRESS:
request->src_ipaddr.af = AF_INET6;
request->src_ipaddr.ipaddr.ip6addr = vp->vp_ipv6addr;
break;
} /* switch over the attribute */
} /* loop over the VP's we read in */
if (fp != stdin) fclose(fp);
/*
* And we're done.
*/
return 1;
}
static REQUEST *request_setup(FILE *fp)
{
VALUE_PAIR *vp;
REQUEST *request;
vp_cursor_t cursor;
/*
* Create and initialize the new request.
*/
request = request_alloc(NULL);
request->packet = rad_alloc(request, false);
if (!request->packet) {
ERROR("No memory");
talloc_free(request);
return NULL;
}
request->reply = rad_alloc(request, false);
if (!request->reply) {
ERROR("No memory");
talloc_free(request);
return NULL;
}
request->listener = listen_alloc(request);
request->client = client_alloc(request);
request->number = 0;
request->master_state = REQUEST_ACTIVE;
request->child_state = REQUEST_RUNNING;
request->handle = NULL;
request->server = talloc_typed_strdup(request, "default");
request->root = &main_config;
/*
* Read packet from fp
*/
if (readvp2(request->packet, &request->packet->vps, fp, &filedone) < 0) {
fr_perror("unittest");
talloc_free(request);
return NULL;
}
/*
* Set the defaults for IPs, etc.
*/
request->packet->code = PW_CODE_ACCESS_REQUEST;
request->packet->src_ipaddr.af = AF_INET;
request->packet->src_ipaddr.ipaddr.ip4addr.s_addr = htonl(INADDR_LOOPBACK);
request->packet->src_port = 18120;
request->packet->dst_ipaddr.af = AF_INET;
request->packet->dst_ipaddr.ipaddr.ip4addr.s_addr = htonl(INADDR_LOOPBACK);
request->packet->dst_port = 1812;
/*
* Copied from radclient
*/
#if 1
/*
* Fix up Digest-Attributes issues
*/
for (vp = fr_cursor_init(&cursor, &request->packet->vps);
vp;
vp = fr_cursor_next(&cursor)) {
/*
* Double quoted strings get marked up as xlat expansions,
* but we don't support that here.
*/
if (vp->type == VT_XLAT) {
vp->vp_strvalue = vp->value.xlat;
vp->value.xlat = NULL;
vp->type = VT_DATA;
}
if (!vp->da->vendor) switch (vp->da->attr) {
default:
break;
/*
* Allow it to set the packet type in
* the attributes read from the file.
*/
case PW_PACKET_TYPE:
request->packet->code = vp->vp_integer;
break;
case PW_PACKET_DST_PORT:
request->packet->dst_port = (vp->vp_integer & 0xffff);
break;
case PW_PACKET_DST_IP_ADDRESS:
request->packet->dst_ipaddr.af = AF_INET;
request->packet->dst_ipaddr.ipaddr.ip4addr.s_addr = vp->vp_ipaddr;
break;
case PW_PACKET_DST_IPV6_ADDRESS:
request->packet->dst_ipaddr.af = AF_INET6;
request->packet->dst_ipaddr.ipaddr.ip6addr = vp->vp_ipv6addr;
break;
case PW_PACKET_SRC_PORT:
request->packet->src_port = (vp->vp_integer & 0xffff);
break;
case PW_PACKET_SRC_IP_ADDRESS:
request->packet->src_ipaddr.af = AF_INET;
request->packet->src_ipaddr.ipaddr.ip4addr.s_addr = vp->vp_ipaddr;
break;
case PW_PACKET_SRC_IPV6_ADDRESS:
request->packet->src_ipaddr.af = AF_INET6;
request->packet->src_ipaddr.ipaddr.ip6addr = vp->vp_ipv6addr;
break;
case PW_CHAP_PASSWORD: {
int i, already_hex = 0;
/*
* If it's 17 octets, it *might* be already encoded.
* Or, it might just be a 17-character password (maybe UTF-8)
* Check it for non-printable characters. The odds of ALL
* of the characters being 32..255 is (1-7/8)^17, or (1/8)^17,
* or 1/(2^51), which is pretty much zero.
*/
if (vp->length == 17) {
for (i = 0; i < 17; i++) {
if (vp->vp_octets[i] < 32) {
already_hex = 1;
break;
}
}
}
/*
* Allow the user to specify ASCII or hex CHAP-Password
*/
if (!already_hex) {
uint8_t *p;
size_t len, len2;
len = len2 = vp->length;
if (len2 < 17) len2 = 17;
p = talloc_zero_array(vp, uint8_t, len2);
memcpy(p, vp->vp_strvalue, len);
rad_chap_encode(request->packet,
p,
fr_rand() & 0xff, vp);
vp->vp_octets = p;
vp->length = 17;
}
}
break;
case PW_DIGEST_REALM:
case PW_DIGEST_NONCE:
case PW_DIGEST_METHOD:
case PW_DIGEST_URI:
case PW_DIGEST_QOP:
case PW_DIGEST_ALGORITHM:
case PW_DIGEST_BODY_DIGEST:
case PW_DIGEST_CNONCE:
case PW_DIGEST_NONCE_COUNT:
case PW_DIGEST_USER_NAME:
/* overlapping! */
{
DICT_ATTR const *da;
uint8_t *p, *q;
p = talloc_array(vp, uint8_t, vp->length + 2);
memcpy(p + 2, vp->vp_octets, vp->length);
p[0] = vp->da->attr - PW_DIGEST_REALM + 1;
vp->length += 2;
p[1] = vp->length;
da = dict_attrbyvalue(PW_DIGEST_ATTRIBUTES, 0);
rad_assert(da != NULL);
vp->da = da;
/*
* Re-do pairmemsteal ourselves,
* because we play games with
* vp->da, and pairmemsteal goes
* to GREAT lengths to sanitize
* and fix and change and
* double-check the various
* fields.
*/
memcpy(&q, &vp->vp_octets, sizeof(q));
talloc_free(q);
vp->vp_octets = talloc_steal(vp, p);
vp->type = VT_DATA;
VERIFY_VP(vp);
}
break;
}
} /* loop over the VP's we read in */
#endif
if (debug_flag) {
for (vp = fr_cursor_init(&cursor, &request->packet->vps);
vp;
vp = fr_cursor_next(&cursor)) {
/*
* Take this opportunity to verify all the VALUE_PAIRs are still valid.
*/
if (!talloc_get_type(vp, VALUE_PAIR)) {
ERROR("Expected VALUE_PAIR pointer got \"%s\"", talloc_get_name(vp));
fr_log_talloc_report(vp);
rad_assert(0);
}
vp_print(fr_log_fp, vp);
}
fflush(fr_log_fp);
}
/*
* FIXME: set IPs, etc.
*/
request->packet->code = PW_CODE_ACCESS_REQUEST;
request->packet->src_ipaddr.af = AF_INET;
request->packet->src_ipaddr.ipaddr.ip4addr.s_addr = htonl(INADDR_LOOPBACK);
request->packet->src_port = 18120;
request->packet->dst_ipaddr.af = AF_INET;
request->packet->dst_ipaddr.ipaddr.ip4addr.s_addr = htonl(INADDR_LOOPBACK);
request->packet->dst_port = 1812;
/*
* Build the reply template from the request.
*/
request->reply->sockfd = request->packet->sockfd;
request->reply->dst_ipaddr = request->packet->src_ipaddr;
request->reply->src_ipaddr = request->packet->dst_ipaddr;
request->reply->dst_port = request->packet->src_port;
request->reply->src_port = request->packet->dst_port;
request->reply->id = request->packet->id;
request->reply->code = 0; /* UNKNOWN code */
memcpy(request->reply->vector, request->packet->vector,
sizeof(request->reply->vector));
request->reply->vps = NULL;
request->reply->data = NULL;
request->reply->data_len = 0;
/*
* Debugging
*/
request->log.lvl = debug_flag;
request->log.func = vradlog_request;
request->username = pairfind(request->packet->vps, PW_USER_NAME, 0, TAG_ANY);
request->password = pairfind(request->packet->vps, PW_USER_PASSWORD, 0, TAG_ANY);
return request;
}
/*
* The main guy.
*/
int main(int argc, char *argv[])
{
int rcode = EXIT_SUCCESS;
int argval;
const char *input_file = NULL;
const char *output_file = NULL;
const char *filter_file = NULL;
FILE *fp;
REQUEST *request = NULL;
VALUE_PAIR *vp;
VALUE_PAIR *filter_vps = NULL;
/*
* If the server was built with debugging enabled always install
* the basic fatal signal handlers.
*/
#ifndef NDEBUG
if (fr_fault_setup(getenv("PANIC_ACTION"), argv[0]) < 0) {
fr_perror("unittest");
exit(EXIT_FAILURE);
}
#endif
if ((progname = strrchr(argv[0], FR_DIR_SEP)) == NULL)
progname = argv[0];
else
progname++;
debug_flag = 0;
set_radius_dir(NULL, RADIUS_DIR);
/*
* Ensure that the configuration is initialized.
*/
memset(&main_config, 0, sizeof(main_config));
main_config.myip.af = AF_UNSPEC;
main_config.port = 0;
main_config.name = "radiusd";
/*
* The tests should have only IPs, not host names.
*/
fr_hostname_lookups = false;
/*
* We always log to stdout.
*/
fr_log_fp = stdout;
default_log.dst = L_DST_STDOUT;
default_log.fd = STDOUT_FILENO;
/* Process the options. */
while ((argval = getopt(argc, argv, "d:D:f:hi:mMn:o:xX")) != EOF) {
switch (argval) {
case 'd':
set_radius_dir(NULL, optarg);
break;
case 'D':
main_config.dictionary_dir = talloc_typed_strdup(NULL, optarg);
break;
case 'f':
filter_file = optarg;
break;
case 'h':
usage(0);
break;
case 'i':
input_file = optarg;
break;
case 'm':
main_config.debug_memory = true;
break;
case 'M':
memory_report = true;
main_config.debug_memory = true;
break;
case 'n':
main_config.name = optarg;
break;
case 'o':
output_file = optarg;
break;
case 'X':
debug_flag += 2;
main_config.log_auth = true;
main_config.log_auth_badpass = true;
main_config.log_auth_goodpass = true;
break;
case 'x':
debug_flag++;
break;
default:
usage(1);
break;
}
}
if (debug_flag) {
version();
}
fr_debug_flag = debug_flag;
/*
* Mismatch between the binary and the libraries it depends on
*/
if (fr_check_lib_magic(RADIUSD_MAGIC_NUMBER) < 0) {
fr_perror("radiusd");
exit(EXIT_FAILURE);
}
/* Read the configuration files, BEFORE doing anything else. */
if (main_config_init() < 0) {
rcode = EXIT_FAILURE;
goto finish;
}
/*
* Load the modules
*/
if (modules_init(main_config.config) < 0) {
rcode = EXIT_FAILURE;
goto finish;
}
fr_state_init();
/* Set the panic action (if required) */
if (main_config.panic_action &&
#ifndef NDEBUG
!getenv("PANIC_ACTION") &&
#endif
(fr_fault_setup(main_config.panic_action, argv[0]) < 0)) {
rcode = EXIT_FAILURE;
goto finish;
}
setlinebuf(stdout); /* unbuffered output */
if (!input_file || (strcmp(input_file, "-") == 0)) {
fp = stdin;
} else {
fp = fopen(input_file, "r");
if (!fp) {
fprintf(stderr, "Failed reading %s: %s\n",
input_file, strerror(errno));
rcode = EXIT_FAILURE;
goto finish;
}
}
/*
* Grab the VPs from stdin, or from the file.
*/
request = request_setup(fp);
if (!request) {
fprintf(stderr, "Failed reading input: %s\n", fr_strerror());
rcode = EXIT_FAILURE;
goto finish;
}
/*
* No filter file, OR there's no more input, OR we're
* reading from a file, and it's different from the
* filter file.
*/
if (!filter_file || filedone ||
((input_file != NULL) && (strcmp(filter_file, input_file) != 0))) {
if (output_file) {
fclose(fp);
fp = NULL;
}
filedone = false;
}
/*
* There is a filter file. If necessary, open it. If we
* already are reading it via "input_file", then we don't
* need to re-open it.
*/
if (filter_file) {
if (!fp) {
fp = fopen(filter_file, "r");
if (!fp) {
fprintf(stderr, "Failed reading %s: %s\n", filter_file, strerror(errno));
rcode = EXIT_FAILURE;
goto finish;
}
}
if (readvp2(request, &filter_vps, fp, &filedone) < 0) {
fprintf(stderr, "Failed reading attributes from %s: %s\n",
filter_file, fr_strerror());
rcode = EXIT_FAILURE;
goto finish;
}
/*
* FIXME: loop over input packets.
*/
fclose(fp);
}
rad_virtual_server(request);
if (!output_file || (strcmp(output_file, "-") == 0)) {
fp = stdout;
} else {
fp = fopen(output_file, "w");
if (!fp) {
fprintf(stderr, "Failed writing %s: %s\n",
output_file, strerror(errno));
exit(EXIT_FAILURE);
}
}
print_packet(fp, request->reply);
if (output_file) fclose(fp);
/*
* Update the list with the response type.
*/
vp = radius_paircreate(request->reply, &request->reply->vps,
PW_RESPONSE_PACKET_TYPE, 0);
vp->vp_integer = request->reply->code;
{
VALUE_PAIR const *failed[2];
if (filter_vps && !pairvalidate(failed, filter_vps, request->reply->vps)) {
pairvalidate_debug(request, failed);
fr_perror("Output file %s does not match attributes in filter %s",
output_file ? output_file : input_file, filter_file);
rcode = EXIT_FAILURE;
goto finish;
}
}
INFO("Exiting normally");
finish:
talloc_free(request);
/*
* Detach any modules.
*/
modules_free();
xlat_free(); /* modules may have xlat's */
fr_state_delete();
/*
* Free the configuration items.
*/
main_config_free();
if (memory_report) {
INFO("Allocated memory at time of report:");
fr_log_talloc_report(NULL);
}
return rcode;
}
/*
* The main guy.
*/
int main(int argc, char *argv[])
{
int rcode = EXIT_SUCCESS;
int argval;
const char *input_file = NULL;
const char *output_file = NULL;
const char *filter_file = NULL;
FILE *fp;
REQUEST *request;
VALUE_PAIR *filter_vps = NULL;
if ((progname = strrchr(argv[0], FR_DIR_SEP)) == NULL)
progname = argv[0];
else
progname++;
debug_flag = 0;
radius_dir = talloc_strdup(NULL, RADIUS_DIR);
/*
* Ensure that the configuration is initialized.
*/
memset(&mainconfig, 0, sizeof(mainconfig));
mainconfig.myip.af = AF_UNSPEC;
mainconfig.port = -1;
mainconfig.name = "radiusd";
/*
* We always log to stdout.
*/
fr_log_fp = stdout;
default_log.dest = L_DST_STDOUT;
default_log.fd = STDOUT_FILENO;
/* Process the options. */
while ((argval = getopt(argc, argv, "d:D:f:hi:mMn:o:xX")) != EOF) {
switch(argval) {
case 'd':
if (radius_dir) {
rad_const_free(radius_dir);
}
radius_dir = talloc_strdup(NULL, optarg);
break;
case 'D':
mainconfig.dictionary_dir = talloc_strdup(NULL, optarg);
break;
case 'f':
filter_file = optarg;
break;
case 'h':
usage(0);
break;
case 'i':
input_file = optarg;
break;
case 'm':
mainconfig.debug_memory = 1;
break;
case 'M':
memory_report = 1;
mainconfig.debug_memory = 1;
break;
case 'n':
mainconfig.name = optarg;
break;
case 'o':
output_file = optarg;
break;
case 'X':
debug_flag += 2;
mainconfig.log_auth = true;
mainconfig.log_auth_badpass = true;
mainconfig.log_auth_goodpass = true;
break;
case 'x':
debug_flag++;
break;
default:
usage(1);
break;
}
}
if (memory_report) {
talloc_enable_null_tracking();
#ifdef WITH_VERIFY_PTR
talloc_set_abort_fn(die_horribly);
#endif
}
talloc_set_log_fn(log_talloc);
if (debug_flag) {
version();
}
fr_debug_flag = debug_flag;
/* Read the configuration files, BEFORE doing anything else. */
if (read_mainconfig(0) < 0) {
exit(EXIT_FAILURE);
}
setlinebuf(stdout); /* unbuffered output */
if (!input_file || (strcmp(input_file, "-") == 0)) {
fp = stdin;
} else {
fp = fopen(input_file, "r");
if (!fp) {
fprintf(stderr, "Failed reading %s: %s\n",
input_file, strerror(errno));
exit(EXIT_FAILURE);
}
}
/*
* Grab the VPs from stdin, or from the file.
*/
request = request_setup(fp);
if (!request) {
fprintf(stderr, "Failed reading input: %s\n", fr_strerror());
exit(EXIT_FAILURE);
}
/*
* No filter file, OR there's no more input, OR we're
* reading from a file, and it's different from the
* filter file.
*/
if (!filter_file || filedone ||
((input_file != NULL) && (strcmp(filter_file, input_file) != 0))) {
if (output_file) {
fclose(fp);
fp = NULL;
}
filedone = 0;
}
/*
* There is a filter file. If necessary, open it. If we
* already are reading it via "input_file", then we don't
* need to re-open it.
*/
if (filter_file) {
if (!fp) {
fp = fopen(filter_file, "r");
if (!fp) {
fprintf(stderr, "Failed reading %s: %s\n",
filter_file, strerror(errno));
exit(EXIT_FAILURE);
}
}
filter_vps = readvp2(request, fp, &filedone, "radiusd");
if (!filter_vps) {
fprintf(stderr, "Failed reading attributes from %s: %s\n",
filter_file, fr_strerror());
exit(EXIT_FAILURE);
}
/*
* FIXME: loop over input packets.
*/
fclose(fp);
}
rad_virtual_server(request);
if (!output_file || (strcmp(output_file, "-") == 0)) {
fp = stdout;
} else {
fp = fopen(output_file, "w");
if (!fp) {
fprintf(stderr, "Failed writing %s: %s\n",
output_file, strerror(errno));
exit(EXIT_FAILURE);
}
}
print_packet(fp, request->reply);
if (output_file) fclose(fp);
if (filter_vps && !pairvalidate(filter_vps, request->reply->vps)) {
fprintf(stderr, "Output file %s does not match attributes in filter %s\n",
output_file, filter_file);
exit(EXIT_FAILURE);
}
talloc_free(request);
INFO("Exiting normally.");
/*
* Detach any modules.
*/
detach_modules();
xlat_free(); /* modules may have xlat's */
/*
* Free the configuration items.
*/
free_mainconfig();
rad_const_free(radius_dir);
if (memory_report) {
INFO("Allocated memory at time of report:");
log_talloc_report(NULL);
}
return rcode;
}
main(int argc, char *argv[])
{
int filedone;
RADIUS_PACKET *req,*req2;
VALUE_PAIR *vp, *vpkey, *vpextra;
extern unsigned int sha1_data_problems;
req = NULL;
req2 = NULL;
filedone = 0;
if(argc>1) {
sha1_data_problems = 1;
}
if (dict_init(radius_dir, RADIUS_DICTIONARY) < 0) {
librad_perror("radclient");
return 1;
}
if ((req = rad_alloc(1)) == NULL) {
librad_perror("radclient");
exit(1);
}
if ((req2 = rad_alloc(1)) == NULL) {
librad_perror("radclient");
exit(1);
}
while(!filedone) {
if(req->vps) pairfree(&req->vps);
if(req2->vps) pairfree(&req2->vps);
if ((req->vps = readvp2(stdin, &filedone, "eapsimlib:")) == NULL) {
break;
}
printf("\nRead:\n");
vp_printlist(stdout, req->vps);
map_eapsim_types(req);
map_eap_types(req);
printf("Mapped to:\n");
vp_printlist(stdout, req->vps);
/* find the EAP-Message, copy it to req2 */
vp = paircopy2(req->vps, PW_EAP_MESSAGE);
if(vp == NULL) continue;
pairadd(&req2->vps, vp);
/* only call unmap for sim types here */
unmap_eap_types(req2);
unmap_eapsim_types(req2);
printf("Unmapped to:\n");
vp_printlist(stdout, req2->vps);
vp = pairfind(req2->vps,
ATTRIBUTE_EAP_SIM_BASE+PW_EAP_SIM_MAC);
vpkey = pairfind(req->vps, ATTRIBUTE_EAP_SIM_KEY);
vpextra = pairfind(req->vps, ATTRIBUTE_EAP_SIM_EXTRA);
if(vp != NULL && vpkey != NULL && vpextra!=NULL) {
uint8_t calcmac[16];
/* find the EAP-Message, copy it to req2 */
memset(calcmac, 0, sizeof(calcmac));
printf("Confirming MAC...");
if(eapsim_checkmac(req2->vps, vpkey->strvalue,
vpextra->strvalue, vpextra->length,
calcmac)) {
printf("succeed\n");
} else {
int i, j;
printf("calculated MAC (");
for (i = 0; i < 20; i++) {
if(j==4) {
printf("_");
j=0;
}
j++;
printf("%02x", calcmac[i]);
}
printf(" did not match\n");
}
}
fflush(stdout);
}
}
/*
* Initialize a radclient data structure and add it to
* the global linked list.
*/
static int radclient_init(const char *filename)
{
FILE *fp;
VALUE_PAIR *vp;
radclient_t *radclient;
int filedone = 0;
int packet_number = 1;
assert(filename != NULL);
/*
* Determine where to read the VP's from.
*/
if (strcmp(filename, "-") != 0) {
fp = fopen(filename, "r");
if (!fp) {
fprintf(stderr, "radclient: Error opening %s: %s\n",
filename, strerror(errno));
return 0;
}
} else {
fp = stdin;
}
/*
* Loop until the file is done.
*/
do {
/*
* Allocate it.
*/
radclient = malloc(sizeof(*radclient));
if (!radclient) {
perror("radclient: X");
if (fp != stdin) fclose(fp);
return 0;
}
memset(radclient, 0, sizeof(*radclient));
radclient->request = rad_alloc(1);
if (!radclient->request) {
fr_perror("radclient: Y");
free(radclient);
if (fp != stdin) fclose(fp);
return 0;
}
#ifdef WITH_TCP
radclient->request->src_ipaddr = client_ipaddr;
radclient->request->src_port = client_port;
radclient->request->dst_ipaddr = server_ipaddr;
radclient->request->dst_port = server_port;
#endif
radclient->filename = filename;
radclient->request->id = -1; /* allocate when sending */
radclient->packet_number = packet_number++;
/*
* Read the VP's.
*/
radclient->request->vps = readvp2(fp, &filedone, "radclient:");
if (!radclient->request->vps) {
rad_free(&radclient->request);
free(radclient);
if (fp != stdin) fclose(fp);
return 1;
}
/*
* Keep a copy of the the User-Password attribute.
*/
if ((vp = pairfind(radclient->request->vps, PW_USER_PASSWORD, 0)) != NULL) {
strlcpy(radclient->password, vp->vp_strvalue,
sizeof(radclient->password));
/*
* Otherwise keep a copy of the CHAP-Password attribute.
*/
} else if ((vp = pairfind(radclient->request->vps, PW_CHAP_PASSWORD, 0)) != NULL) {
strlcpy(radclient->password, vp->vp_strvalue,
sizeof(radclient->password));
} else if ((vp = pairfind(radclient->request->vps, PW_MSCHAP_PASSWORD, 0)) != NULL) {
strlcpy(radclient->password, vp->vp_strvalue,
sizeof(radclient->password));
} else {
radclient->password[0] = '\0';
}
/*
* Fix up Digest-Attributes issues
*/
for (vp = radclient->request->vps; vp != NULL; vp = vp->next) {
switch (vp->attribute) {
default:
break;
/*
* Allow it to set the packet type in
* the attributes read from the file.
*/
case PW_PACKET_TYPE:
radclient->request->code = vp->vp_integer;
break;
case PW_PACKET_DST_PORT:
radclient->request->dst_port = (vp->vp_integer & 0xffff);
break;
case PW_PACKET_DST_IP_ADDRESS:
radclient->request->dst_ipaddr.af = AF_INET;
radclient->request->dst_ipaddr.ipaddr.ip4addr.s_addr = vp->vp_ipaddr;
break;
case PW_PACKET_DST_IPV6_ADDRESS:
radclient->request->dst_ipaddr.af = AF_INET6;
radclient->request->dst_ipaddr.ipaddr.ip6addr = vp->vp_ipv6addr;
break;
case PW_PACKET_SRC_PORT:
radclient->request->src_port = (vp->vp_integer & 0xffff);
break;
case PW_PACKET_SRC_IP_ADDRESS:
radclient->request->src_ipaddr.af = AF_INET;
radclient->request->src_ipaddr.ipaddr.ip4addr.s_addr = vp->vp_ipaddr;
break;
case PW_PACKET_SRC_IPV6_ADDRESS:
radclient->request->src_ipaddr.af = AF_INET6;
radclient->request->src_ipaddr.ipaddr.ip6addr = vp->vp_ipv6addr;
break;
case PW_DIGEST_REALM:
case PW_DIGEST_NONCE:
case PW_DIGEST_METHOD:
case PW_DIGEST_URI:
case PW_DIGEST_QOP:
case PW_DIGEST_ALGORITHM:
case PW_DIGEST_BODY_DIGEST:
case PW_DIGEST_CNONCE:
case PW_DIGEST_NONCE_COUNT:
case PW_DIGEST_USER_NAME:
/* overlapping! */
memmove(&vp->vp_octets[2], &vp->vp_octets[0],
vp->length);
vp->vp_octets[0] = vp->attribute - PW_DIGEST_REALM + 1;
vp->length += 2;
vp->vp_octets[1] = vp->length;
vp->attribute = PW_DIGEST_ATTRIBUTES;
break;
}
} /* loop over the VP's we read in */
/*
* Add it to the tail of the list.
*/
if (!radclient_head) {
assert(radclient_tail == NULL);
radclient_head = radclient;
radclient->prev = NULL;
} else {
assert(radclient_tail->next == NULL);
radclient_tail->next = radclient;
radclient->prev = radclient_tail;
}
radclient_tail = radclient;
radclient->next = NULL;
} while (!filedone); /* loop until the file is done. */
if (fp != stdin) fclose(fp);
/*
* And we're done.
*/
return 1;
}
static REQUEST *request_setup(FILE *fp)
{
REQUEST *request;
/*
* Create and initialize the new request.
*/
request = request_alloc(NULL);
request->packet = rad_alloc(request, 0);
if (!request->packet) {
ERROR("No memory");
request_free(&request);
return NULL;
}
request->reply = rad_alloc(request, 0);
if (!request->reply) {
ERROR("No memory");
request_free(&request);
return NULL;
}
request->listener = listen_alloc(request);
request->client = client_alloc(request);
request->number = 0;
request->master_state = REQUEST_ACTIVE;
request->child_state = REQUEST_ACTIVE;
request->handle = NULL;
request->server = talloc_strdup(request, "default");
request->root = &mainconfig;
/*
* Read packet from fp
*/
request->packet->vps = readvp2(request->packet, fp, &filedone, "radiusd:");
if (!request->packet->vps) {
talloc_free(request);
return NULL;
}
/*
* FIXME: set IPs, etc.
*/
request->packet->code = PW_CODE_AUTHENTICATION_REQUEST;
request->packet->src_ipaddr.af = AF_INET;
request->packet->src_ipaddr.ipaddr.ip4addr.s_addr = htonl(INADDR_LOOPBACK);
request->packet->src_port = 18120;
request->packet->dst_ipaddr.af = AF_INET;
request->packet->dst_ipaddr.ipaddr.ip4addr.s_addr = htonl(INADDR_LOOPBACK);
request->packet->dst_port = 1812;
/*
* Build the reply template from the request.
*/
request->reply->sockfd = request->packet->sockfd;
request->reply->dst_ipaddr = request->packet->src_ipaddr;
request->reply->src_ipaddr = request->packet->dst_ipaddr;
request->reply->dst_port = request->packet->src_port;
request->reply->src_port = request->packet->dst_port;
request->reply->id = request->packet->id;
request->reply->code = 0; /* UNKNOWN code */
memcpy(request->reply->vector, request->packet->vector,
sizeof(request->reply->vector));
request->reply->vps = NULL;
request->reply->data = NULL;
request->reply->data_len = 0;
/*
* Debugging
*/
request->options = debug_flag;
request->radlog = radlog_request;
request->username = pairfind(request->packet->vps, PW_USER_NAME, 0, TAG_ANY);
request->password = pairfind(request->packet->vps, PW_USER_PASSWORD, 0, TAG_ANY);
return request;
}
int main(int argc, char **argv)
{
RADIUS_PACKET *req;
char *p;
int c;
int port = 0;
char *filename = NULL;
FILE *fp;
int id;
int force_af = AF_UNSPEC;
/*
* We probably don't want to free the talloc autofree context
* directly, so we'll allocate a new context beneath it, and
* free that before any leak reports.
*/
TALLOC_CTX *autofree = talloc_init("main");
id = ((int)getpid() & 0xff);
fr_debug_flag = 0;
radlog_dest = L_DST_STDERR;
set_radius_dir(autofree, RADIUS_DIR);
while ((c = getopt(argc, argv, "46c:d:D:f:hi:qst:r:S:xXv")) != EOF)
{
switch(c) {
case '4':
force_af = AF_INET;
break;
case '6':
force_af = AF_INET6;
break;
case 'd':
set_radius_dir(autofree, optarg);
break;
case 'D':
mainconfig.dictionary_dir = talloc_typed_strdup(NULL, optarg);
break;
case 'f':
filename = optarg;
break;
case 'q':
do_output = 0;
break;
case 'x':
debug_flag++;
fr_debug_flag++;
break;
case 'X':
#if 0
sha1_data_problems = 1; /* for debugging only */
#endif
break;
case 'r':
if (!isdigit((int) *optarg))
usage();
retries = atoi(optarg);
break;
case 'i':
if (!isdigit((int) *optarg))
usage();
id = atoi(optarg);
if ((id < 0) || (id > 255)) {
usage();
}
break;
case 's':
do_summary = 1;
break;
case 't':
if (!isdigit((int) *optarg))
usage();
timeout = atof(optarg);
break;
case 'v':
printf("radeapclient: $Id: 20c518ef414933fae3cdf564852c12e483f7c8c9 $ built on " __DATE__ " at " __TIME__ "\n");
exit(0);
break;
case 'S':
fp = fopen(optarg, "r");
if (!fp) {
fprintf(stderr, "radclient: Error opening %s: %s\n",
optarg, fr_syserror(errno));
exit(1);
}
if (fgets(filesecret, sizeof(filesecret), fp) == NULL) {
fprintf(stderr, "radclient: Error reading %s: %s\n",
optarg, fr_syserror(errno));
exit(1);
}
fclose(fp);
/* truncate newline */
p = filesecret + strlen(filesecret) - 1;
while ((p >= filesecret) &&
(*p < ' ')) {
*p = '\0';
--p;
}
if (strlen(filesecret) < 2) {
fprintf(stderr, "radclient: Secret in %s is too short\n", optarg);
exit(1);
}
secret = filesecret;
break;
case 'h':
default:
usage();
break;
}
}
argc -= (optind - 1);
argv += (optind - 1);
if ((argc < 3) ||
((!secret) && (argc < 4))) {
usage();
}
if (!mainconfig.dictionary_dir) {
mainconfig.dictionary_dir = DICTDIR;
}
/*
* Read the distribution dictionaries first, then
* the ones in raddb.
*/
DEBUG2("including dictionary file %s/%s", mainconfig.dictionary_dir, RADIUS_DICTIONARY);
if (dict_init(mainconfig.dictionary_dir, RADIUS_DICTIONARY) != 0) {
ERROR("Errors reading dictionary: %s",
fr_strerror());
exit(1);
}
/*
* It's OK if this one doesn't exist.
*/
int rcode = dict_read(radius_dir, RADIUS_DICTIONARY);
if (rcode == -1) {
ERROR("Errors reading %s/%s: %s", radius_dir, RADIUS_DICTIONARY,
fr_strerror());
exit(1);
}
/*
* We print this after reading it. That way if
* it doesn't exist, it's OK, and we don't print
* anything.
*/
if (rcode == 0) {
DEBUG2("including dictionary file %s/%s", radius_dir, RADIUS_DICTIONARY);
}
req = rad_alloc(NULL, 1);
if (!req) {
fr_perror("radclient");
exit(1);
}
#if 0
{
FILE *randinit;
if((randinit = fopen("/dev/urandom", "r")) == NULL)
{
perror("/dev/urandom");
} else {
fread(randctx.randrsl, 256, 1, randinit);
fclose(randinit);
}
}
fr_randinit(&randctx, 1);
#endif
req->id = id;
/*
* Resolve hostname.
*/
if (force_af == AF_UNSPEC) force_af = AF_INET;
req->dst_ipaddr.af = force_af;
if (strcmp(argv[1], "-") != 0) {
char const *hostname = argv[1];
char const *portname = argv[1];
char buffer[256];
if (*argv[1] == '[') { /* IPv6 URL encoded */
p = strchr(argv[1], ']');
if ((size_t) (p - argv[1]) >= sizeof(buffer)) {
usage();
}
memcpy(buffer, argv[1] + 1, p - argv[1] - 1);
buffer[p - argv[1] - 1] = '\0';
hostname = buffer;
portname = p + 1;
}
p = strchr(portname, ':');
if (p && (strchr(p + 1, ':') == NULL)) {
*p = '\0';
portname = p + 1;
} else {
portname = NULL;
}
if (ip_hton(hostname, force_af, &req->dst_ipaddr) < 0) {
fprintf(stderr, "radclient: Failed to find IP address for host %s: %s\n", hostname, fr_syserror(errno));
exit(1);
}
/*
* Strip port from hostname if needed.
*/
if (portname) port = atoi(portname);
}
/*
* See what kind of request we want to send.
*/
if (strcmp(argv[2], "auth") == 0) {
if (port == 0) port = getport("radius");
if (port == 0) port = PW_AUTH_UDP_PORT;
req->code = PW_CODE_AUTHENTICATION_REQUEST;
} else if (strcmp(argv[2], "acct") == 0) {
if (port == 0) port = getport("radacct");
if (port == 0) port = PW_ACCT_UDP_PORT;
req->code = PW_CODE_ACCOUNTING_REQUEST;
do_summary = 0;
} else if (strcmp(argv[2], "status") == 0) {
if (port == 0) port = getport("radius");
if (port == 0) port = PW_AUTH_UDP_PORT;
req->code = PW_CODE_STATUS_SERVER;
} else if (strcmp(argv[2], "disconnect") == 0) {
if (port == 0) port = PW_POD_UDP_PORT;
req->code = PW_CODE_DISCONNECT_REQUEST;
} else if (isdigit((int) argv[2][0])) {
if (port == 0) port = getport("radius");
if (port == 0) port = PW_AUTH_UDP_PORT;
req->code = atoi(argv[2]);
} else {
usage();
}
req->dst_port = port;
/*
* Add the secret.
*/
if (argv[3]) secret = argv[3];
/*
* Read valuepairs.
* Maybe read them, from stdin, if there's no
* filename, or if the filename is '-'.
*/
if (filename && (strcmp(filename, "-") != 0)) {
fp = fopen(filename, "r");
if (!fp) {
fprintf(stderr, "radclient: Error opening %s: %s\n",
filename, fr_syserror(errno));
exit(1);
}
} else {
fp = stdin;
}
/*
* Send request.
*/
if ((req->sockfd = socket(AF_INET, SOCK_DGRAM, 0)) < 0) {
perror("radclient: socket: ");
exit(1);
}
while(!filedone) {
if(req->vps) pairfree(&req->vps);
if ((req->vps = readvp2(NULL, fp, &filedone, "radeapclient:")) == NULL) {
break;
}
sendrecv_eap(req);
}
if(do_summary) {
printf("\n\t Total approved auths: %d\n", totalapp);
printf("\t Total denied auths: %d\n", totaldeny);
}
talloc_free(autofree);
return 0;
}
int main(int argc, char **argv)
{
RADIUS_PACKET *req;
char *p;
int c;
uint16_t port = 0;
char *filename = NULL;
FILE *fp;
int id;
int force_af = AF_UNSPEC;
static fr_log_t radclient_log = {
.colourise = true,
.fd = STDOUT_FILENO,
.dst = L_DST_STDOUT,
.file = NULL,
.debug_file = NULL,
};
radlog_init(&radclient_log, false);
/*
* We probably don't want to free the talloc autofree context
* directly, so we'll allocate a new context beneath it, and
* free that before any leak reports.
*/
TALLOC_CTX *autofree = talloc_init("main");
id = ((int)getpid() & 0xff);
fr_debug_flag = 0;
set_radius_dir(autofree, RADIUS_DIR);
while ((c = getopt(argc, argv, "46c:d:D:f:hi:qst:r:S:xXv")) != EOF)
{
switch(c) {
case '4':
force_af = AF_INET;
break;
case '6':
force_af = AF_INET6;
break;
case 'd':
set_radius_dir(autofree, optarg);
break;
case 'D':
main_config.dictionary_dir = talloc_typed_strdup(NULL, optarg);
break;
case 'f':
filename = optarg;
break;
case 'q':
do_output = 0;
break;
case 'x':
debug_flag++;
fr_debug_flag++;
break;
case 'X':
#if 0
sha1_data_problems = 1; /* for debugging only */
#endif
break;
case 'r':
if (!isdigit((int) *optarg))
usage();
retries = atoi(optarg);
break;
case 'i':
if (!isdigit((int) *optarg))
usage();
id = atoi(optarg);
if ((id < 0) || (id > 255)) {
usage();
}
break;
case 's':
do_summary = 1;
break;
case 't':
if (!isdigit((int) *optarg))
usage();
timeout = atof(optarg);
break;
case 'v':
printf("radeapclient: $Id: 69643e042c5a7c9053977756a5623e3c07598f2e $ built on " __DATE__ " at " __TIME__ "\n");
exit(0);
break;
case 'S':
fp = fopen(optarg, "r");
if (!fp) {
fprintf(stderr, "radclient: Error opening %s: %s\n",
optarg, fr_syserror(errno));
exit(1);
}
if (fgets(filesecret, sizeof(filesecret), fp) == NULL) {
fprintf(stderr, "radclient: Error reading %s: %s\n",
optarg, fr_syserror(errno));
exit(1);
}
fclose(fp);
/* truncate newline */
p = filesecret + strlen(filesecret) - 1;
while ((p >= filesecret) &&
(*p < ' ')) {
*p = '\0';
--p;
}
if (strlen(filesecret) < 2) {
fprintf(stderr, "radclient: Secret in %s is too short\n", optarg);
exit(1);
}
secret = filesecret;
break;
case 'h':
default:
usage();
break;
}
}
argc -= (optind - 1);
argv += (optind - 1);
if ((argc < 3) ||
((!secret) && (argc < 4))) {
usage();
}
if (!main_config.dictionary_dir) {
main_config.dictionary_dir = DICTDIR;
}
/*
* Read the distribution dictionaries first, then
* the ones in raddb.
*/
DEBUG2("including dictionary file %s/%s", main_config.dictionary_dir, RADIUS_DICTIONARY);
if (dict_init(main_config.dictionary_dir, RADIUS_DICTIONARY) != 0) {
ERROR("Errors reading dictionary: %s",
fr_strerror());
exit(1);
}
/*
* It's OK if this one doesn't exist.
*/
int rcode = dict_read(radius_dir, RADIUS_DICTIONARY);
if (rcode == -1) {
ERROR("Errors reading %s/%s: %s", radius_dir, RADIUS_DICTIONARY,
fr_strerror());
exit(1);
}
/*
* We print this after reading it. That way if
* it doesn't exist, it's OK, and we don't print
* anything.
*/
if (rcode == 0) {
DEBUG2("including dictionary file %s/%s", radius_dir, RADIUS_DICTIONARY);
}
req = rad_alloc(NULL, 1);
if (!req) {
fr_perror("radclient");
exit(1);
}
#if 0
{
FILE *randinit;
if((randinit = fopen("/dev/urandom", "r")) == NULL)
{
perror("/dev/urandom");
} else {
fread(randctx.randrsl, 256, 1, randinit);
fclose(randinit);
}
}
fr_randinit(&randctx, 1);
#endif
req->id = id;
/*
* Resolve hostname.
*/
if (force_af == AF_UNSPEC) force_af = AF_INET;
req->dst_ipaddr.af = force_af;
if (strcmp(argv[1], "-") != 0) {
char const *hostname = argv[1];
char const *portname = argv[1];
char buffer[256];
if (*argv[1] == '[') { /* IPv6 URL encoded */
p = strchr(argv[1], ']');
if ((size_t) (p - argv[1]) >= sizeof(buffer)) {
usage();
}
memcpy(buffer, argv[1] + 1, p - argv[1] - 1);
buffer[p - argv[1] - 1] = '\0';
hostname = buffer;
portname = p + 1;
}
p = strchr(portname, ':');
if (p && (strchr(p + 1, ':') == NULL)) {
*p = '\0';
portname = p + 1;
} else {
portname = NULL;
}
if (ip_hton(&req->dst_ipaddr, force_af, hostname, false) < 0) {
fprintf(stderr, "radclient: Failed to find IP address for host %s: %s\n", hostname, fr_syserror(errno));
exit(1);
}
/*
* Strip port from hostname if needed.
*/
if (portname) port = atoi(portname);
}
/*
* See what kind of request we want to send.
*/
if (strcmp(argv[2], "auth") == 0) {
if (port == 0) port = getport("radius");
if (port == 0) port = PW_AUTH_UDP_PORT;
req->code = PW_CODE_AUTHENTICATION_REQUEST;
} else if (strcmp(argv[2], "acct") == 0) {
if (port == 0) port = getport("radacct");
if (port == 0) port = PW_ACCT_UDP_PORT;
req->code = PW_CODE_ACCOUNTING_REQUEST;
do_summary = 0;
} else if (strcmp(argv[2], "status") == 0) {
if (port == 0) port = getport("radius");
if (port == 0) port = PW_AUTH_UDP_PORT;
req->code = PW_CODE_STATUS_SERVER;
} else if (strcmp(argv[2], "disconnect") == 0) {
if (port == 0) port = PW_POD_UDP_PORT;
req->code = PW_CODE_DISCONNECT_REQUEST;
} else if (isdigit((int) argv[2][0])) {
if (port == 0) port = getport("radius");
if (port == 0) port = PW_AUTH_UDP_PORT;
req->code = atoi(argv[2]);
} else {
usage();
}
req->dst_port = port;
/*
* Add the secret.
*/
if (argv[3]) secret = argv[3];
/*
* Read valuepairs.
* Maybe read them, from stdin, if there's no
* filename, or if the filename is '-'.
*/
if (filename && (strcmp(filename, "-") != 0)) {
fp = fopen(filename, "r");
if (!fp) {
fprintf(stderr, "radclient: Error opening %s: %s\n",
filename, fr_syserror(errno));
exit(1);
}
} else {
fp = stdin;
}
/*
* Send request.
*/
if ((req->sockfd = socket(AF_INET, SOCK_DGRAM, 0)) < 0) {
perror("radclient: socket: ");
exit(1);
}
while(!filedone) {
if (req->vps) pairfree(&req->vps);
if (readvp2(&req->vps, NULL, fp, &filedone) < 0) {
fr_perror("radeapclient");
break;
}
sendrecv_eap(req);
}
if(do_summary) {
printf("\n\t Total approved auths: %d\n", totalapp);
printf("\t Total denied auths: %d\n", totaldeny);
}
talloc_free(autofree);
return 0;
}
/*
* given a radius request with some attributes in the EAP range, build
* them all into a single EAP-Message body.
*
* Note that this function will build multiple EAP-Message bodies
* if there are multiple eligible EAP-types. This is incorrect, as the
* recipient will in fact concatenate them.
*
* XXX - we could break the loop once we process one type. Maybe this
* just deserves an assert?
*
*/
static void map_eap_methods(RADIUS_PACKET *req)
{
VALUE_PAIR *vp, *vpnext;
int id, eapcode;
int eap_method;
eap_packet_t *pt_ep = talloc_zero(req, eap_packet_t);
vp = pairfind(req->vps, ATTRIBUTE_EAP_ID, 0, TAG_ANY);
if(!vp) {
id = ((int)getpid() & 0xff);
} else {
id = vp->vp_integer;
}
vp = pairfind(req->vps, ATTRIBUTE_EAP_CODE, 0, TAG_ANY);
if(!vp) {
eapcode = PW_EAP_REQUEST;
} else {
eapcode = vp->vp_integer;
}
for(vp = req->vps; vp != NULL; vp = vpnext) {
/* save it in case it changes! */
vpnext = vp->next;
if(vp->da->attr >= ATTRIBUTE_EAP_BASE &&
vp->da->attr < ATTRIBUTE_EAP_BASE+256) {
break;
}
}
if(!vp) {
return;
}
eap_method = vp->da->attr - ATTRIBUTE_EAP_BASE;
switch(eap_method) {
case PW_EAP_IDENTITY:
case PW_EAP_NOTIFICATION:
case PW_EAP_NAK:
case PW_EAP_MD5:
case PW_EAP_OTP:
case PW_EAP_GTC:
case PW_EAP_TLS:
case PW_EAP_LEAP:
case PW_EAP_TTLS:
case PW_EAP_PEAP:
default:
/*
* no known special handling, it is just encoded as an
* EAP-message with the given type.
*/
/* nuke any existing EAP-Messages */
pairdelete(&req->vps, PW_EAP_MESSAGE, 0, TAG_ANY);
pt_ep->code = eapcode;
pt_ep->id = id;
pt_ep->type.num = eap_method;
pt_ep->type.length = vp->length;
pt_ep->type.data = talloc_memdup(vp, vp->vp_octets, vp->length);
talloc_set_type(pt_ep->type.data, uint8_t);
eap_basic_compose(req, pt_ep);
}
}
int main(int argc, char **argv)
{
RADIUS_PACKET *req;
char *p;
int c;
int port = 0;
char *filename = NULL;
FILE *fp;
int count = 1;
int id;
int force_af = AF_UNSPEC;
id = ((int)getpid() & 0xff);
fr_debug_flag = 0;
radlog_dest = L_DST_STDERR;
while ((c = getopt(argc, argv, "46c:d:f:hi:qst:r:S:xXv")) != EOF)
{
switch(c) {
case '4':
force_af = AF_INET;
break;
case '6':
force_af = AF_INET6;
break;
case 'c':
if (!isdigit((int) *optarg))
usage();
count = atoi(optarg);
break;
case 'd':
radius_dir = strdup(optarg);
break;
case 'f':
filename = optarg;
break;
case 'q':
do_output = 0;
break;
case 'x':
debug_flag++;
fr_debug_flag++;
break;
case 'X':
#if 0
sha1_data_problems = 1; /* for debugging only */
#endif
break;
case 'r':
if (!isdigit((int) *optarg))
usage();
retries = atoi(optarg);
break;
case 'i':
if (!isdigit((int) *optarg))
usage();
id = atoi(optarg);
if ((id < 0) || (id > 255)) {
usage();
}
break;
case 's':
do_summary = 1;
break;
case 't':
if (!isdigit((int) *optarg))
usage();
timeout = atof(optarg);
break;
case 'v':
printf("radclient: $Id: 5b775f9943b9ba7fca66ce3ed72f1e7629a2f9f3 $ built on " __DATE__ " at " __TIME__ "\n");
exit(0);
break;
case 'S':
fp = fopen(optarg, "r");
if (!fp) {
fprintf(stderr, "radclient: Error opening %s: %s\n",
optarg, strerror(errno));
exit(1);
}
if (fgets(filesecret, sizeof(filesecret), fp) == NULL) {
fprintf(stderr, "radclient: Error reading %s: %s\n",
optarg, strerror(errno));
exit(1);
}
fclose(fp);
/* truncate newline */
p = filesecret + strlen(filesecret) - 1;
while ((p >= filesecret) &&
(*p < ' ')) {
*p = '\0';
--p;
}
if (strlen(filesecret) < 2) {
fprintf(stderr, "radclient: Secret in %s is too short\n", optarg);
exit(1);
}
secret = filesecret;
break;
case 'h':
default:
usage();
break;
}
}
argc -= (optind - 1);
argv += (optind - 1);
if ((argc < 3) ||
((!secret) && (argc < 4))) {
usage();
}
if (!radius_dir) radius_dir = strdup(RADDBDIR);
if (dict_init(radius_dir, RADIUS_DICTIONARY) < 0) {
fr_perror("radclient");
return 1;
}
req = rad_alloc(NULL, 1);
if (!req) {
fr_perror("radclient");
exit(1);
}
#if 0
{
FILE *randinit;
if((randinit = fopen("/dev/urandom", "r")) == NULL)
{
perror("/dev/urandom");
} else {
fread(randctx.randrsl, 256, 1, randinit);
fclose(randinit);
}
}
fr_randinit(&randctx, 1);
#endif
req->id = id;
/*
* Resolve hostname.
*/
if (force_af == AF_UNSPEC) force_af = AF_INET;
req->dst_ipaddr.af = force_af;
if (strcmp(argv[1], "-") != 0) {
char const *hostname = argv[1];
char const *portname = argv[1];
char buffer[256];
if (*argv[1] == '[') { /* IPv6 URL encoded */
p = strchr(argv[1], ']');
if ((size_t) (p - argv[1]) >= sizeof(buffer)) {
usage();
}
memcpy(buffer, argv[1] + 1, p - argv[1] - 1);
buffer[p - argv[1] - 1] = '\0';
hostname = buffer;
portname = p + 1;
}
p = strchr(portname, ':');
if (p && (strchr(p + 1, ':') == NULL)) {
*p = '\0';
portname = p + 1;
} else {
portname = NULL;
}
if (ip_hton(hostname, force_af, &req->dst_ipaddr) < 0) {
fprintf(stderr, "radclient: Failed to find IP address for host %s: %s\n", hostname, strerror(errno));
exit(1);
}
/*
* Strip port from hostname if needed.
*/
if (portname) port = atoi(portname);
}
/*
* See what kind of request we want to send.
*/
if (strcmp(argv[2], "auth") == 0) {
if (port == 0) port = getport("radius");
if (port == 0) port = PW_AUTH_UDP_PORT;
req->code = PW_AUTHENTICATION_REQUEST;
} else if (strcmp(argv[2], "acct") == 0) {
if (port == 0) port = getport("radacct");
if (port == 0) port = PW_ACCT_UDP_PORT;
req->code = PW_ACCOUNTING_REQUEST;
do_summary = 0;
} else if (strcmp(argv[2], "status") == 0) {
if (port == 0) port = getport("radius");
if (port == 0) port = PW_AUTH_UDP_PORT;
req->code = PW_STATUS_SERVER;
} else if (strcmp(argv[2], "disconnect") == 0) {
if (port == 0) port = PW_POD_UDP_PORT;
req->code = PW_DISCONNECT_REQUEST;
} else if (isdigit((int) argv[2][0])) {
if (port == 0) port = getport("radius");
if (port == 0) port = PW_AUTH_UDP_PORT;
req->code = atoi(argv[2]);
} else {
usage();
}
req->dst_port = port;
/*
* Add the secret.
*/
if (argv[3]) secret = argv[3];
/*
* Read valuepairs.
* Maybe read them, from stdin, if there's no
* filename, or if the filename is '-'.
*/
if (filename && (strcmp(filename, "-") != 0)) {
fp = fopen(filename, "r");
if (!fp) {
fprintf(stderr, "radclient: Error opening %s: %s\n",
filename, strerror(errno));
exit(1);
}
} else {
fp = stdin;
}
/*
* Send request.
*/
if ((req->sockfd = socket(AF_INET, SOCK_DGRAM, 0)) < 0) {
perror("radclient: socket: ");
exit(1);
}
while(!filedone) {
if(req->vps) pairfree(&req->vps);
if ((req->vps = readvp2(fp, &filedone, "radeapclient:"))
== NULL) {
break;
}
sendrecv_eap(req);
}
free(radius_dir);
if(do_summary) {
printf("\n\t Total approved auths: %d\n", totalapp);
printf("\t Total denied auths: %d\n", totaldeny);
}
return 0;
}
/*
* Initialize a radclient data structure and add it to
* the global linked list.
*/
static int radclient_init(TALLOC_CTX *ctx, rc_file_pair_t *files)
{
FILE *packets, *filters = NULL;
vp_cursor_t cursor;
VALUE_PAIR *vp;
rc_request_t *request;
bool packets_done = false;
uint64_t num = 0;
assert(files->packets != NULL);
/*
* Determine where to read the VP's from.
*/
if (strcmp(files->packets, "-") != 0) {
packets = fopen(files->packets, "r");
if (!packets) {
ERROR("Error opening %s: %s", files->packets, strerror(errno));
return 0;
}
/*
* Read in the pairs representing the expected response.
*/
if (files->filters) {
filters = fopen(files->filters, "r");
if (!filters) {
ERROR("Error opening %s: %s", files->filters, strerror(errno));
fclose(packets);
return 0;
}
}
} else {
packets = stdin;
}
/*
* Loop until the file is done.
*/
do {
/*
* Allocate it.
*/
request = talloc_zero(ctx, rc_request_t);
if (!request) {
ERROR("Out of memory");
goto error;
}
talloc_set_destructor(request, _rc_request_free);
request->packet = rad_alloc(request, 1);
if (!request->packet) {
ERROR("Out of memory");
goto error;
}
#ifdef WITH_TCP
request->packet->src_ipaddr = client_ipaddr;
request->packet->src_port = client_port;
request->packet->dst_ipaddr = server_ipaddr;
request->packet->dst_port = server_port;
request->packet->proto = ipproto;
#endif
request->files = files;
request->packet->id = -1; /* allocate when sending */
request->num = num++;
/*
* Read the request VP's.
*/
if (readvp2(&request->packet->vps, request->packet, packets, &packets_done) < 0) {
ERROR("Error parsing \"%s\"", files->packets);
goto error;
}
fr_cursor_init(&cursor, &request->filter);
vp = fr_cursor_next_by_num(&cursor, PW_PACKET_TYPE, 0, TAG_ANY);
if (vp) {
fr_cursor_remove(&cursor);
request->packet_code = vp->vp_integer;
talloc_free(vp);
} else {
request->packet_code = packet_code; /* Use the default set on the command line */
}
/*
* Read in filter VP's.
*/
if (filters) {
bool filters_done;
if (readvp2(&request->filter, request, filters, &filters_done) < 0) {
ERROR("Error parsing \"%s\"", files->filters);
goto error;
}
if (!request->filter) {
goto error;
}
if (filters_done && !packets_done) {
ERROR("Differing number of packets/filters in %s:%s "
"(too many requests))", files->packets, files->filters);
goto error;
}
if (!filters_done && packets_done) {
ERROR("Differing number of packets/filters in %s:%s "
"(too many filters))", files->packets, files->filters);
goto error;
}
fr_cursor_init(&cursor, &request->filter);
vp = fr_cursor_next_by_num(&cursor, PW_PACKET_TYPE, 0, TAG_ANY);
if (vp) {
fr_cursor_remove(&cursor);
request->filter_code = vp->vp_integer;
talloc_free(vp);
}
/*
* xlat expansions aren't supported here
*/
for (vp = fr_cursor_init(&cursor, &request->filter);
vp;
vp = fr_cursor_next(&cursor)) {
if (vp->type == VT_XLAT) {
vp->type = VT_DATA;
vp->vp_strvalue = vp->value.xlat;
}
}
/*
* This allows efficient list comparisons later
*/
pairsort(&request->filter, attrtagcmp);
}
/*
* Determine the response code from the request (if not already set)
*/
if (!request->filter_code) {
switch (request->packet_code) {
case PW_CODE_AUTHENTICATION_REQUEST:
request->filter_code = PW_CODE_AUTHENTICATION_ACK;
break;
case PW_CODE_ACCOUNTING_REQUEST:
request->filter_code = PW_CODE_ACCOUNTING_RESPONSE;
break;
case PW_CODE_COA_REQUEST:
request->filter_code = PW_CODE_COA_ACK;
break;
case PW_CODE_DISCONNECT_REQUEST:
request->filter_code = PW_CODE_DISCONNECT_ACK;
break;
default:
break;
}
}
/*
* Keep a copy of the the User-Password attribute.
*/
if ((vp = pairfind(request->packet->vps, PW_USER_PASSWORD, 0, TAG_ANY)) != NULL) {
strlcpy(request->password, vp->vp_strvalue,
sizeof(request->password));
/*
* Otherwise keep a copy of the CHAP-Password attribute.
*/
} else if ((vp = pairfind(request->packet->vps, PW_CHAP_PASSWORD, 0, TAG_ANY)) != NULL) {
strlcpy(request->password, vp->vp_strvalue,
sizeof(request->password));
} else if ((vp = pairfind(request->packet->vps, PW_MSCHAP_PASSWORD, 0, TAG_ANY)) != NULL) {
strlcpy(request->password, vp->vp_strvalue,
sizeof(request->password));
} else {
request->password[0] = '\0';
}
/*
* Fix up Digest-Attributes issues
*/
for (vp = fr_cursor_init(&cursor, &request->packet->vps);
vp;
vp = fr_cursor_next(&cursor)) {
/*
* Double quoted strings get marked up as xlat expansions,
* but we don't support that in request.
*/
if (vp->type == VT_XLAT) {
vp->vp_strvalue = vp->value.xlat;
vp->value.xlat = NULL;
vp->type = VT_DATA;
}
if (!vp->da->vendor) switch (vp->da->attr) {
default:
break;
/*
* Allow it to set the packet type in
* the attributes read from the file.
*/
case PW_PACKET_TYPE:
request->packet->code = vp->vp_integer;
break;
case PW_PACKET_DST_PORT:
request->packet->dst_port = (vp->vp_integer & 0xffff);
break;
case PW_PACKET_DST_IP_ADDRESS:
request->packet->dst_ipaddr.af = AF_INET;
request->packet->dst_ipaddr.ipaddr.ip4addr.s_addr = vp->vp_ipaddr;
break;
case PW_PACKET_DST_IPV6_ADDRESS:
request->packet->dst_ipaddr.af = AF_INET6;
request->packet->dst_ipaddr.ipaddr.ip6addr = vp->vp_ipv6addr;
break;
case PW_PACKET_SRC_PORT:
request->packet->src_port = (vp->vp_integer & 0xffff);
break;
case PW_PACKET_SRC_IP_ADDRESS:
request->packet->src_ipaddr.af = AF_INET;
request->packet->src_ipaddr.ipaddr.ip4addr.s_addr = vp->vp_ipaddr;
break;
case PW_PACKET_SRC_IPV6_ADDRESS:
request->packet->src_ipaddr.af = AF_INET6;
request->packet->src_ipaddr.ipaddr.ip6addr = vp->vp_ipv6addr;
break;
case PW_DIGEST_REALM:
case PW_DIGEST_NONCE:
case PW_DIGEST_METHOD:
case PW_DIGEST_URI:
case PW_DIGEST_QOP:
case PW_DIGEST_ALGORITHM:
case PW_DIGEST_BODY_DIGEST:
case PW_DIGEST_CNONCE:
case PW_DIGEST_NONCE_COUNT:
case PW_DIGEST_USER_NAME:
/* overlapping! */
{
DICT_ATTR const *da;
uint8_t *p, *q;
p = talloc_array(vp, uint8_t, vp->length + 2);
memcpy(p + 2, vp->vp_octets, vp->length);
p[0] = vp->da->attr - PW_DIGEST_REALM + 1;
vp->length += 2;
p[1] = vp->length;
da = dict_attrbyvalue(PW_DIGEST_ATTRIBUTES, 0);
if (!da) {
ERROR("Out of memory");
goto error;
}
vp->da = da;
/*
* Re-do pairmemsteal ourselves,
* because we play games with
* vp->da, and pairmemsteal goes
* to GREAT lengths to sanitize
* and fix and change and
* double-check the various
* fields.
*/
memcpy(&q, &vp->vp_octets, sizeof(q));
talloc_free(q);
vp->vp_octets = talloc_steal(vp, p);
vp->type = VT_DATA;
VERIFY_VP(vp);
}
break;
}
} /* loop over the VP's we read in */
/*
* Automatically set the port if we don't have a global
* or packet specific one.
*/
if ((server_port == 0) && (request->packet->dst_port == 0)) {
radclient_get_port(request->packet->code, &request->packet->dst_port);
}
/*
* Add it to the tail of the list.
*/
if (!request_head) {
assert(rc_request_tail == NULL);
request_head = request;
request->prev = NULL;
} else {
assert(rc_request_tail->next == NULL);
rc_request_tail->next = request;
request->prev = rc_request_tail;
}
rc_request_tail = request;
request->next = NULL;
} while (!packets_done); /* loop until the file is done. */
if (packets != stdin) fclose(packets);
if (filters) fclose(filters);
/*
* And we're done.
*/
return 1;
error:
talloc_free(request);
if (packets != stdin) fclose(packets);
if (filters) fclose(filters);
return 0;
}
main(int argc, char *argv[])
{
int filedone;
RADIUS_PACKET *req,*req2;
VALUE_PAIR *vp, *vpkey, *vpextra;
extern unsigned int sha1_data_problems;
req = NULL;
req2 = NULL;
filedone = 0;
if(argc>1) {
sha1_data_problems = 1;
}
if (dict_init(radius_dir, RADIUS_DICTIONARY) < 0) {
ERROR("%s", fr_strerror());
return 1;
}
req = rad_alloc(NULL, true)
if (!req) {
ERROR("%s", fr_strerror());
exit(1);
}
req2 = rad_alloc(NULL, true);
if (!req2) {
ERROR("%s", fr_strerror());
exit(1);
}
while(!filedone) {
if (req->vps) pairfree(&req->vps);
if (req2->vps) pairfree(&req2->vps);
if (readvp2(&req->vps, NULL, stdin, &filedone) < 0) {
ERROR("%s", fr_strerror());
break;
}
if (fr_debug_flag > 1) {
DEBUG("Read:");
vp_printlist(stdout, req->vps);
}
map_eapsim_types(req);
map_eap_methods(req);
if (fr_debug_flag > 1) {
DEBUG("Mapped to:");
vp_printlist(stdout, req->vps);
}
/* find the EAP-Message, copy it to req2 */
vp = paircopy2(NULL, req->vps, PW_EAP_MESSAGE, 0, TAG_ANY);
if(!vp) continue;
pairadd(&req2->vps, vp);
/* only call unmap for sim types here */
unmap_eap_methods(req2);
unmap_eapsim_types(req2);
if (fr_debug_flag > 1) {
DEBUG("Unmapped to:");
vp_printlist(stdout, req2->vps);
}
vp = pairfind(req2->vps, PW_EAP_SIM_MAC, 0, TAG_ANY);
vpkey = pairfind(req->vps, PW_EAP_SIM_KEY, 0, TAG_ANY);
vpextra = pairfind(req->vps, PW_EAP_SIM_EXTRA, 0, TAG_ANY);
if(vp != NULL && vpkey != NULL && vpextra!=NULL) {
uint8_t calcmac[16];
/* find the EAP-Message, copy it to req2 */
memset(calcmac, 0, sizeof(calcmac));
DEBUG("Confirming MAC...");
if(eapsim_checkmac(req2->vps, vpkey->vp_strvalue,
vpextra->vp_strvalue, vpextra->length,
calcmac)) {
DEBUG("succeed");
} else {
int i, j;
DEBUG("calculated MAC (");
for (i = 0; i < 20; i++) {
if(j==4) {
DEBUG("_");
j=0;
}
j++;
DEBUG("%02x", calcmac[i]);
}
DEBUG("did not match");
}
}
fflush(stdout);
}
}
/*
* Initialize a radclient data structure
*/
static radclient_t *radclient_init(char * auth_statement)
{
VALUE_PAIR *vp;
radclient_t *start, *radclient, *prev = NULL;
int filedone = 0;
int packet_number = 1;
start = NULL;
/*
* Determine where to read the VP's from.
*/
/*
* Loop until the file is done.
*/
/*
* Allocate it.
*/
radclient = malloc(sizeof(*radclient));
memset(radclient, 0, sizeof(*radclient));
radclient->request = rad_alloc(1);
radclient->request->id = -1; /* allocate when sending */
radclient->packet_number = packet_number++;
/*
* Read the VP's.
*/
radclient->request->vps = readvp2(auth_statement, &filedone, "radclient: X");
if (!radclient->request->vps)
{
radclient_free(radclient);
return radclient; /* done: return the list */
}
/*
* Keep a copy of the the User-Password attribute.
*/
if ((vp = pairfind(radclient->request->vps, PW_PASSWORD)) != NULL)
{
strNcpy(radclient->password, (char *)vp->strvalue, sizeof(radclient->password));
/*
* Otherwise keep a copy of the CHAP-Password attribute.
*/
}
else if ((vp = pairfind(radclient->request->vps, PW_CHAP_PASSWORD)) != NULL)
{
strNcpy(radclient->password, (char *)vp->strvalue, sizeof(radclient->password));
}
else
{
radclient->password[0] = '\0';
}
/*
* Fix up Digest-Attributes issues
*/
for (vp = radclient->request->vps; vp != NULL; vp = vp->next)
{
switch (vp->attribute)
{
default:
break;
/*
* Allow it to set the packet type in
* the attributes read from the file.
*/
case PW_PACKET_TYPE:
radclient->request->code = vp->lvalue;
break;
case PW_PACKET_DST_PORT:
radclient->request->dst_port = (vp->lvalue & 0xffff);
break;
case PW_DIGEST_REALM:
case PW_DIGEST_NONCE:
case PW_DIGEST_METHOD:
case PW_DIGEST_URI:
case PW_DIGEST_QOP:
case PW_DIGEST_ALGORITHM:
case PW_DIGEST_BODY_DIGEST:
case PW_DIGEST_CNONCE:
case PW_DIGEST_NONCE_COUNT:
case PW_DIGEST_USER_NAME:
/* overlapping! */
memmove(&vp->strvalue[2], &vp->strvalue[0], vp->length);
vp->strvalue[0] = vp->attribute - PW_DIGEST_REALM + 1;
vp->length += 2;
vp->strvalue[1] = vp->length;
vp->attribute = PW_DIGEST_ATTRIBUTES;
break;
}
} /* loop over the VP's we read in */
if (!start)
{
start = radclient;
prev = start;
}
else
{
prev->next = radclient;
radclient->prev = prev;
prev = radclient;
}
/*
* And we're done.
*/
return radclient;
}
/*
* Initialize a radclient data structure and add it to
* the global linked list.
*/
static int radclient_init(char const *filename)
{
FILE *fp;
vp_cursor_t cursor;
VALUE_PAIR *vp;
radclient_t *radclient;
int filedone = 0;
int packet_number = 1;
assert(filename != NULL);
/*
* Determine where to read the VP's from.
*/
if (strcmp(filename, "-") != 0) {
fp = fopen(filename, "r");
if (!fp) {
fprintf(stderr, "radclient: Error opening %s: %s\n",
filename, strerror(errno));
return 0;
}
} else {
fp = stdin;
}
/*
* Loop until the file is done.
*/
do {
/*
* Allocate it.
*/
radclient = malloc(sizeof(*radclient));
if (!radclient) {
goto oom;
}
memset(radclient, 0, sizeof(*radclient));
radclient->request = rad_alloc(NULL, 1);
if (!radclient->request) {
goto oom;
}
#ifdef WITH_TCP
radclient->request->src_ipaddr = client_ipaddr;
radclient->request->src_port = client_port;
radclient->request->dst_ipaddr = server_ipaddr;
radclient->request->dst_port = server_port;
#endif
radclient->filename = filename;
radclient->request->id = -1; /* allocate when sending */
radclient->packet_number = packet_number++;
/*
* Read the VP's.
*/
radclient->request->vps = readvp2(NULL, fp, &filedone, "radclient:");
if (!radclient->request->vps) {
rad_free(&radclient->request);
free(radclient);
if (fp != stdin) fclose(fp);
return 1;
}
/*
* Keep a copy of the the User-Password attribute.
*/
if ((vp = pairfind(radclient->request->vps, PW_USER_PASSWORD, 0, TAG_ANY)) != NULL) {
strlcpy(radclient->password, vp->vp_strvalue,
sizeof(radclient->password));
/*
* Otherwise keep a copy of the CHAP-Password attribute.
*/
} else if ((vp = pairfind(radclient->request->vps, PW_CHAP_PASSWORD, 0, TAG_ANY)) != NULL) {
strlcpy(radclient->password, vp->vp_strvalue,
sizeof(radclient->password));
} else if ((vp = pairfind(radclient->request->vps, PW_MSCHAP_PASSWORD, 0, TAG_ANY)) != NULL) {
strlcpy(radclient->password, vp->vp_strvalue,
sizeof(radclient->password));
} else {
radclient->password[0] = '\0';
}
/*
* Fix up Digest-Attributes issues
*/
for (vp = paircursor(&cursor, &radclient->request->vps);
vp;
vp = pairnext(&cursor)) {
/*
* Double quoted strings get marked up as xlat expansions,
* but we don't support that in radclient.
*/
if (vp->type == VT_XLAT) {
vp->vp_strvalue = vp->value.xlat;
vp->value.xlat = NULL;
vp->type = VT_DATA;
}
if (!vp->da->vendor) switch (vp->da->attr) {
default:
break;
/*
* Allow it to set the packet type in
* the attributes read from the file.
*/
case PW_PACKET_TYPE:
radclient->request->code = vp->vp_integer;
break;
case PW_PACKET_DST_PORT:
radclient->request->dst_port = (vp->vp_integer & 0xffff);
break;
case PW_PACKET_DST_IP_ADDRESS:
radclient->request->dst_ipaddr.af = AF_INET;
radclient->request->dst_ipaddr.ipaddr.ip4addr.s_addr = vp->vp_ipaddr;
break;
case PW_PACKET_DST_IPV6_ADDRESS:
radclient->request->dst_ipaddr.af = AF_INET6;
radclient->request->dst_ipaddr.ipaddr.ip6addr = vp->vp_ipv6addr;
break;
case PW_PACKET_SRC_PORT:
radclient->request->src_port = (vp->vp_integer & 0xffff);
break;
case PW_PACKET_SRC_IP_ADDRESS:
radclient->request->src_ipaddr.af = AF_INET;
radclient->request->src_ipaddr.ipaddr.ip4addr.s_addr = vp->vp_ipaddr;
break;
case PW_PACKET_SRC_IPV6_ADDRESS:
radclient->request->src_ipaddr.af = AF_INET6;
radclient->request->src_ipaddr.ipaddr.ip6addr = vp->vp_ipv6addr;
break;
case PW_DIGEST_REALM:
case PW_DIGEST_NONCE:
case PW_DIGEST_METHOD:
case PW_DIGEST_URI:
case PW_DIGEST_QOP:
case PW_DIGEST_ALGORITHM:
case PW_DIGEST_BODY_DIGEST:
case PW_DIGEST_CNONCE:
case PW_DIGEST_NONCE_COUNT:
case PW_DIGEST_USER_NAME:
/* overlapping! */
{
DICT_ATTR const *da;
uint8_t *p;
p = talloc_array(vp, uint8_t, vp->length + 2);
memcpy(p + 2, vp->vp_octets, vp->length);
p[0] = vp->da->attr - PW_DIGEST_REALM + 1;
vp->length += 2;
p[1] = vp->length;
// talloc_free(vp->vp_octets);
vp->vp_octets = p;
da = dict_attrbyvalue(PW_DIGEST_ATTRIBUTES, 0);
if (!da) {
goto oom;
}
vp->da = da;
}
break;
}
} /* loop over the VP's we read in */
/*
* Add it to the tail of the list.
*/
if (!radclient_head) {
assert(radclient_tail == NULL);
radclient_head = radclient;
radclient->prev = NULL;
} else {
assert(radclient_tail->next == NULL);
radclient_tail->next = radclient;
radclient->prev = radclient_tail;
}
radclient_tail = radclient;
radclient->next = NULL;
} while (!filedone); /* loop until the file is done. */
if (fp != stdin) fclose(fp);
/*
* And we're done.
*/
return 1;
oom:
fprintf(stderr, "radclient: Out of memory\n");
free(radclient);
if (fp != stdin) fclose(fp);
return 0;
}
/*
* Initialize a radclient data structure and add it to
* the global linked list.
*/
static int radclient_init(TALLOC_CTX *ctx, rc_file_pair_t *files)
{
FILE *packets, *filters = NULL;
vp_cursor_t cursor;
VALUE_PAIR *vp;
rc_request_t *request;
bool packets_done = false;
uint64_t num = 0;
assert(files->packets != NULL);
/*
* Determine where to read the VP's from.
*/
if (strcmp(files->packets, "-") != 0) {
packets = fopen(files->packets, "r");
if (!packets) {
ERROR("Error opening %s: %s", files->packets, strerror(errno));
return 0;
}
/*
* Read in the pairs representing the expected response.
*/
if (files->filters) {
filters = fopen(files->filters, "r");
if (!filters) {
ERROR("Error opening %s: %s", files->filters, strerror(errno));
fclose(packets);
return 0;
}
}
} else {
packets = stdin;
}
/*
* Loop until the file is done.
*/
do {
/*
* Allocate it.
*/
request = talloc_zero(ctx, rc_request_t);
if (!request) {
ERROR("Out of memory");
goto error;
}
request->packet = rad_alloc(request, true);
if (!request->packet) {
ERROR("Out of memory");
goto error;
}
#ifdef WITH_TCP
request->packet->src_ipaddr = client_ipaddr;
request->packet->src_port = client_port;
request->packet->dst_ipaddr = server_ipaddr;
request->packet->dst_port = server_port;
request->packet->proto = ipproto;
#endif
request->files = files;
request->packet->id = -1; /* allocate when sending */
request->num = num++;
/*
* Read the request VP's.
*/
if (readvp2(request->packet, &request->packet->vps, packets, &packets_done) < 0) {
char const *input;
if ((files->packets[0] == '-') && (files->packets[1] == '\0')) {
input = "stdin";
} else {
input = files->packets;
}
REDEBUG("Error parsing \"%s\"", input);
goto error;
}
/*
* Skip empty entries
*/
if (!request->packet->vps) {
talloc_free(request);
continue;
}
/*
* Read in filter VP's.
*/
if (filters) {
bool filters_done;
if (readvp2(request, &request->filter, filters, &filters_done) < 0) {
REDEBUG("Error parsing \"%s\"", files->filters);
goto error;
}
if (filters_done && !packets_done) {
REDEBUG("Differing number of packets/filters in %s:%s "
"(too many requests))", files->packets, files->filters);
goto error;
}
if (!filters_done && packets_done) {
REDEBUG("Differing number of packets/filters in %s:%s "
"(too many filters))", files->packets, files->filters);
goto error;
}
/*
* xlat expansions aren't supported here
*/
for (vp = fr_cursor_init(&cursor, &request->filter);
vp;
vp = fr_cursor_next(&cursor)) {
if (vp->type == VT_XLAT) {
vp->type = VT_DATA;
vp->vp_strvalue = vp->xlat;
vp->vp_length = talloc_array_length(vp->vp_strvalue) - 1;
}
if (vp->da->vendor == 0 ) switch (vp->da->attr) {
case PW_RESPONSE_PACKET_TYPE:
case PW_PACKET_TYPE:
fr_cursor_remove(&cursor); /* so we don't break the filter */
request->filter_code = vp->vp_integer;
talloc_free(vp);
default:
break;
}
}
/*
* This allows efficient list comparisons later
*/
pairsort(&request->filter, attrtagcmp);
}
request->password[0] = '\0';
/*
* Process special attributes
*/
for (vp = fr_cursor_init(&cursor, &request->packet->vps);
vp;
vp = fr_cursor_next(&cursor)) {
/*
* Double quoted strings get marked up as xlat expansions,
* but we don't support that in request.
*/
if (vp->type == VT_XLAT) {
vp->type = VT_DATA;
vp->vp_strvalue = vp->xlat;
vp->vp_length = talloc_array_length(vp->vp_strvalue) - 1;
}
if (!vp->da->vendor) switch (vp->da->attr) {
default:
break;
/*
* Allow it to set the packet type in
* the attributes read from the file.
*/
case PW_PACKET_TYPE:
request->packet->code = vp->vp_integer;
break;
case PW_RESPONSE_PACKET_TYPE:
request->filter_code = vp->vp_integer;
break;
case PW_PACKET_DST_PORT:
request->packet->dst_port = (vp->vp_integer & 0xffff);
break;
case PW_PACKET_DST_IP_ADDRESS:
request->packet->dst_ipaddr.af = AF_INET;
request->packet->dst_ipaddr.ipaddr.ip4addr.s_addr = vp->vp_ipaddr;
request->packet->dst_ipaddr.prefix = 32;
break;
case PW_PACKET_DST_IPV6_ADDRESS:
request->packet->dst_ipaddr.af = AF_INET6;
request->packet->dst_ipaddr.ipaddr.ip6addr = vp->vp_ipv6addr;
request->packet->dst_ipaddr.prefix = 128;
break;
case PW_PACKET_SRC_PORT:
if ((vp->vp_integer < 1024) ||
(vp->vp_integer > 65535)) {
ERROR("Invalid value '%u' for Packet-Src-Port", vp->vp_integer);
goto error;
}
request->packet->src_port = (vp->vp_integer & 0xffff);
break;
case PW_PACKET_SRC_IP_ADDRESS:
request->packet->src_ipaddr.af = AF_INET;
request->packet->src_ipaddr.ipaddr.ip4addr.s_addr = vp->vp_ipaddr;
request->packet->src_ipaddr.prefix = 32;
break;
case PW_PACKET_SRC_IPV6_ADDRESS:
request->packet->src_ipaddr.af = AF_INET6;
request->packet->src_ipaddr.ipaddr.ip6addr = vp->vp_ipv6addr;
request->packet->src_ipaddr.prefix = 128;
break;
case PW_DIGEST_REALM:
case PW_DIGEST_NONCE:
case PW_DIGEST_METHOD:
case PW_DIGEST_URI:
case PW_DIGEST_QOP:
case PW_DIGEST_ALGORITHM:
case PW_DIGEST_BODY_DIGEST:
case PW_DIGEST_CNONCE:
case PW_DIGEST_NONCE_COUNT:
case PW_DIGEST_USER_NAME:
/* overlapping! */
{
DICT_ATTR const *da;
uint8_t *p, *q;
p = talloc_array(vp, uint8_t, vp->vp_length + 2);
memcpy(p + 2, vp->vp_octets, vp->vp_length);
p[0] = vp->da->attr - PW_DIGEST_REALM + 1;
vp->vp_length += 2;
p[1] = vp->vp_length;
da = dict_attrbyvalue(PW_DIGEST_ATTRIBUTES, 0);
if (!da) {
ERROR("Out of memory");
goto error;
}
vp->da = da;
/*
* Re-do pairmemsteal ourselves,
* because we play games with
* vp->da, and pairmemsteal goes
* to GREAT lengths to sanitize
* and fix and change and
* double-check the various
* fields.
*/
memcpy(&q, &vp->vp_octets, sizeof(q));
talloc_free(q);
vp->vp_octets = talloc_steal(vp, p);
vp->type = VT_DATA;
VERIFY_VP(vp);
}
break;
/*
* Keep a copy of the the password attribute.
*/
case PW_USER_PASSWORD:
case PW_CHAP_PASSWORD:
case PW_MS_CHAP_PASSWORD:
strlcpy(request->password, vp->vp_strvalue, sizeof(request->password));
break;
case PW_RADCLIENT_TEST_NAME:
request->name = vp->vp_strvalue;
break;
}
} /* loop over the VP's we read in */
/*
* Use the default set on the command line
*/
if (request->packet->code == PW_CODE_UNDEFINED) request->packet->code = packet_code;
/*
* Default to the filename
*/
if (!request->name) request->name = request->files->packets;
/*
* Automatically set the response code from the request code
* (if one wasn't already set).
*/
if (request->filter_code == PW_CODE_UNDEFINED) {
switch (request->packet->code) {
case PW_CODE_ACCESS_REQUEST:
request->filter_code = PW_CODE_ACCESS_ACCEPT;
break;
case PW_CODE_ACCOUNTING_REQUEST:
request->filter_code = PW_CODE_ACCOUNTING_RESPONSE;
break;
case PW_CODE_COA_REQUEST:
request->filter_code = PW_CODE_COA_ACK;
break;
case PW_CODE_DISCONNECT_REQUEST:
request->filter_code = PW_CODE_DISCONNECT_ACK;
break;
case PW_CODE_STATUS_SERVER:
switch (radclient_get_code(request->packet->dst_port)) {
case PW_CODE_ACCESS_REQUEST:
request->filter_code = PW_CODE_ACCESS_ACCEPT;
break;
case PW_CODE_ACCOUNTING_REQUEST:
request->filter_code = PW_CODE_ACCOUNTING_RESPONSE;
break;
default:
REDEBUG("Can't determine expected response to Status-Server request, specify "
"a well known RADIUS port, or add a Response-Packet-Type attribute "
"to the request of filter");
goto error;
}
break;
case PW_CODE_UNDEFINED:
REDEBUG("Both Packet-Type and Response-Packet-Type undefined, specify at least one, "
"or a well known RADIUS port");
goto error;
default:
REDEBUG("Can't determine expected Response-Packet-Type for Packet-Type %i",
request->packet->code);
goto error;
}
/*
* Automatically set the request code from the response code
* (if one wasn't already set).
*/
} else if (request->packet->code == PW_CODE_UNDEFINED) {
switch (request->filter_code) {
case PW_CODE_ACCESS_ACCEPT:
case PW_CODE_ACCESS_REJECT:
request->packet->code = PW_CODE_ACCESS_REQUEST;
break;
case PW_CODE_ACCOUNTING_RESPONSE:
request->packet->code = PW_CODE_ACCOUNTING_REQUEST;
break;
case PW_CODE_DISCONNECT_ACK:
case PW_CODE_DISCONNECT_NAK:
request->packet->code = PW_CODE_DISCONNECT_REQUEST;
break;
case PW_CODE_COA_ACK:
case PW_CODE_COA_NAK:
request->packet->code = PW_CODE_COA_REQUEST;
break;
default:
REDEBUG("Can't determine expected Packet-Type for Response-Packet-Type %i",
request->filter_code);
goto error;
}
}
/*
* Automatically set the dst port (if one wasn't already set).
*/
if (request->packet->dst_port == 0) {
radclient_get_port(request->packet->code, &request->packet->dst_port);
if (request->packet->dst_port == 0) {
REDEBUG("Can't determine destination port");
goto error;
}
}
/*
* Add it to the tail of the list.
*/
if (!request_head) {
assert(rc_request_tail == NULL);
request_head = request;
request->prev = NULL;
} else {
assert(rc_request_tail->next == NULL);
rc_request_tail->next = request;
request->prev = rc_request_tail;
}
rc_request_tail = request;
request->next = NULL;
/*
* Set the destructor so it removes itself from the
* request list when freed. We don't set this until
* the packet is actually in the list, else we trigger
* the asserts in the free callback.
*/
talloc_set_destructor(request, _rc_request_free);
} while (!packets_done); /* loop until the file is done. */
if (packets != stdin) fclose(packets);
if (filters) fclose(filters);
/*
* And we're done.
*/
return 1;
error:
talloc_free(request);
if (packets != stdin) fclose(packets);
if (filters) fclose(filters);
return 0;
}
int main(int argc, char **argv)
{
RADIUS_PACKET *req;
char *p;
int c;
int port = 0;
char *filename = NULL;
FILE *fp;
int count = 1;
int id;
id = ((int)getpid() & 0xff);
librad_debug = 0;
radlog_dest = RADLOG_STDERR;
while ((c = getopt(argc, argv, "c:d:f:hi:qst:r:S:xXv")) != EOF)
{
switch(c) {
case 'c':
if (!isdigit((int) *optarg))
usage();
count = atoi(optarg);
break;
case 'd':
radius_dir = optarg;
break;
case 'f':
filename = optarg;
break;
case 'q':
do_output = 0;
break;
case 'x':
debug_flag++;
librad_debug++;
break;
case 'X':
#if 0
sha1_data_problems = 1; /* for debugging only */
#endif
break;
case 'r':
if (!isdigit((int) *optarg))
usage();
retries = atoi(optarg);
break;
case 'i':
if (!isdigit((int) *optarg))
usage();
id = atoi(optarg);
if ((id < 0) || (id > 255)) {
usage();
}
break;
case 's':
do_summary = 1;
break;
case 't':
if (!isdigit((int) *optarg))
usage();
timeout = atof(optarg);
break;
case 'v':
printf("radclient: $Id: radeapclient.c,v 1.7.4.5 2006/05/19 14:22:23 nbk Exp $ built on " __DATE__ " at " __TIME__ "\n");
exit(0);
break;
case 'S':
fp = fopen(optarg, "r");
if (!fp) {
fprintf(stderr, "radclient: Error opening %s: %s\n",
optarg, strerror(errno));
exit(1);
}
if (fgets(filesecret, sizeof(filesecret), fp) == NULL) {
fprintf(stderr, "radclient: Error reading %s: %s\n",
optarg, strerror(errno));
exit(1);
}
fclose(fp);
/* truncate newline */
p = filesecret + strlen(filesecret) - 1;
while ((p >= filesecret) &&
(*p < ' ')) {
*p = '\0';
--p;
}
if (strlen(filesecret) < 2) {
fprintf(stderr, "radclient: Secret in %s is too short\n", optarg);
exit(1);
}
secret = filesecret;
break;
case 'h':
default:
usage();
break;
}
}
argc -= (optind - 1);
argv += (optind - 1);
if ((argc < 3) ||
((secret == NULL) && (argc < 4))) {
usage();
}
if (dict_init(radius_dir, RADIUS_DICTIONARY) < 0) {
librad_perror("radclient");
return 1;
}
if ((req = rad_alloc(1)) == NULL) {
librad_perror("radclient");
exit(1);
}
#if 0
{
FILE *randinit;
if((randinit = fopen("/dev/urandom", "r")) == NULL)
{
perror("/dev/urandom");
} else {
fread(randctx.randrsl, 256, 1, randinit);
fclose(randinit);
}
}
lrad_randinit(&randctx, 1);
#endif
req->id = id;
/*
* Strip port from hostname if needed.
*/
if ((p = strchr(argv[1], ':')) != NULL) {
*p++ = 0;
port = atoi(p);
}
/*
* See what kind of request we want to send.
*/
if (strcmp(argv[2], "auth") == 0) {
if (port == 0) port = getport("radius");
if (port == 0) port = PW_AUTH_UDP_PORT;
req->code = PW_AUTHENTICATION_REQUEST;
} else if (strcmp(argv[2], "acct") == 0) {
if (port == 0) port = getport("radacct");
if (port == 0) port = PW_ACCT_UDP_PORT;
req->code = PW_ACCOUNTING_REQUEST;
do_summary = 0;
} else if (strcmp(argv[2], "status") == 0) {
if (port == 0) port = getport("radius");
if (port == 0) port = PW_AUTH_UDP_PORT;
req->code = PW_STATUS_SERVER;
} else if (strcmp(argv[2], "disconnect") == 0) {
if (port == 0) port = PW_POD_UDP_PORT;
req->code = PW_DISCONNECT_REQUEST;
} else if (isdigit((int) argv[2][0])) {
if (port == 0) port = getport("radius");
if (port == 0) port = PW_AUTH_UDP_PORT;
req->code = atoi(argv[2]);
} else {
usage();
}
/*
* Ensure that the configuration is initialized.
*/
memset(&mainconfig, 0, sizeof(mainconfig));
/*
* Resolve hostname.
*/
req->dst_port = port;
req->dst_ipaddr = ip_getaddr(argv[1]);
if (req->dst_ipaddr == INADDR_NONE) {
fprintf(stderr, "radclient: Failed to find IP address for host %s\n", argv[1]);
exit(1);
}
/*
* Add the secret.
*/
if (argv[3]) secret = argv[3];
/*
* Read valuepairs.
* Maybe read them, from stdin, if there's no
* filename, or if the filename is '-'.
*/
if (filename && (strcmp(filename, "-") != 0)) {
fp = fopen(filename, "r");
if (!fp) {
fprintf(stderr, "radclient: Error opening %s: %s\n",
filename, strerror(errno));
exit(1);
}
} else {
fp = stdin;
}
/*
* Send request.
*/
if ((req->sockfd = socket(AF_INET, SOCK_DGRAM, 0)) < 0) {
perror("radclient: socket: ");
exit(1);
}
while(!filedone) {
if(req->vps) pairfree(&req->vps);
if ((req->vps = readvp2(fp, &filedone, "radeapclient:"))
== NULL) {
break;
}
sendrecv_eap(req);
}
if(do_summary) {
printf("\n\t Total approved auths: %d\n", totalapp);
printf("\t Total denied auths: %d\n", totaldeny);
}
return 0;
}
