2 * radeapclient.c EAP specific radius packet debug tool.
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or
9 * (at your option) any later version.
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
20 * Copyright 2000,2006 The FreeRADIUS server project
21 * Copyright 2000 Miquel van Smoorenburg <miquels@cistron.nl>
22 * Copyright 2000 Alan DeKok <aland@ox.org>
25 #include <freeradius-devel/ident.h>
28 #include <freeradius-devel/autoconf.h>
40 #include <sys/socket.h>
43 # include <netinet/in.h>
47 # include <sys/select.h>
54 #include <freeradius-devel/conf.h>
55 #include <freeradius-devel/radpaths.h>
56 #include <freeradius-devel/missing.h>
57 #include <freeradius-devel/md5.h>
59 #include "eap_types.h"
62 extern int sha1_data_problems;
64 static int retries = 10;
65 static float timeout = 3;
66 static const char *secret = NULL;
67 static int do_output = 1;
68 static int do_summary = 0;
69 static int filedone = 0;
70 static int totalapp = 0;
71 static int totaldeny = 0;
72 static char filesecret[256];
73 const char *radius_dir = RADDBDIR;
74 const char *progname = "radeapclient";
75 /* lrad_randctx randctx; */
78 radlog_dest_t radlog_dest = RADLOG_STDERR;
79 const char *radlog_dir = NULL;
81 struct main_config_t mainconfig;
84 struct eapsim_keys eapsim_mk;
86 static void NEVER_RETURNS usage(void)
88 fprintf(stderr, "Usage: radeapclient [options] server[:port] <command> [<secret>]\n");
90 fprintf(stderr, " <command> One of auth, acct, status, or disconnect.\n");
91 fprintf(stderr, " -c count Send each packet 'count' times.\n");
92 fprintf(stderr, " -d raddb Set dictionary directory.\n");
93 fprintf(stderr, " -f file Read packets from file, not stdin.\n");
94 fprintf(stderr, " -r retries If timeout, retry sending the packet 'retries' times.\n");
95 fprintf(stderr, " -t timeout Wait 'timeout' seconds before retrying (may be a floating point number).\n");
96 fprintf(stderr, " -i id Set request id to 'id'. Values may be 0..255\n");
97 fprintf(stderr, " -S file read secret from file, not command line.\n");
98 fprintf(stderr, " -q Do not print anything out.\n");
99 fprintf(stderr, " -s Print out summary information of auth results.\n");
100 fprintf(stderr, " -v Show program version information.\n");
101 fprintf(stderr, " -x Debugging mode.\n");
106 int radlog(int lvl, const char *msg, ...)
111 r = lvl; /* shut up compiler */
114 r = vfprintf(stderr, msg, ap);
121 int log_debug(const char *msg, ...)
127 r = vfprintf(stderr, msg, ap);
134 static int getport(const char *name)
138 svp = getservbyname (name, "udp");
143 return ntohs(svp->s_port);
146 static int send_packet(RADIUS_PACKET *req, RADIUS_PACKET **rep)
151 for (i = 0; i < retries; i++) {
154 rad_send(req, NULL, secret);
156 /* And wait for reply, timing out as necessary */
158 FD_SET(req->sockfd, &rdfdesc);
160 tv.tv_sec = (int)timeout;
161 tv.tv_usec = 1000000 * (timeout - (int) timeout);
163 /* Something's wrong if we don't get exactly one fd. */
164 if (select(req->sockfd + 1, &rdfdesc, NULL, NULL, &tv) != 1) {
168 *rep = rad_recv(req->sockfd);
171 * If we get a response from a machine
172 * which we did NOT send a request to,
175 if (((*rep)->src_ipaddr.af != req->dst_ipaddr.af) ||
176 (memcmp(&(*rep)->src_ipaddr.ipaddr,
177 &req->dst_ipaddr.ipaddr,
178 ((req->dst_ipaddr.af == AF_INET ? /* AF_INET6? */
179 sizeof(req->dst_ipaddr.ipaddr.ip4addr) : /* FIXME: AF_INET6 */
180 sizeof(req->dst_ipaddr.ipaddr.ip6addr)))) != 0) ||
181 ((*rep)->src_port != req->dst_port)) {
182 char src[128], dst[128];
184 ip_ntoh(&(*rep)->src_ipaddr, src, sizeof(src));
185 ip_ntoh(&req->dst_ipaddr, dst, sizeof(dst));
186 fprintf(stderr, "radclient: ERROR: Sent request to host %s port %d, got response from host %s port %d\n!",
188 src, (*rep)->src_port);
192 } else { /* NULL: couldn't receive the packet */
193 librad_perror("radclient:");
198 /* No response or no data read (?) */
200 fprintf(stderr, "radclient: no response from server\n");
205 * FIXME: Discard the packet & listen for another.
207 * Hmm... we should really be using eapol_test, which does
208 * a lot more than radeapclient.
210 if (rad_verify(*rep, req, secret) != 0) {
211 librad_perror("rad_verify");
215 if (rad_decode(*rep, req, secret) != 0) {
216 librad_perror("rad_decode");
220 /* libradius debug already prints out the value pairs for us */
221 if (!librad_debug && do_output) {
222 printf("Received response ID %d, code %d, length = %d\n",
223 (*rep)->id, (*rep)->code, (*rep)->data_len);
224 vp_printlist(stdout, (*rep)->vps);
226 if((*rep)->code == PW_AUTHENTICATION_ACK) {
235 static void cleanresp(RADIUS_PACKET *resp)
237 VALUE_PAIR *vpnext, *vp, **last;
241 * maybe should just copy things we care about, or keep
242 * a copy of the original input and start from there again?
244 pairdelete(&resp->vps, PW_EAP_MESSAGE);
245 pairdelete(&resp->vps, ATTRIBUTE_EAP_BASE+PW_EAP_IDENTITY);
248 for(vp = *last; vp != NULL; vp = vpnext)
252 if((vp->attribute > ATTRIBUTE_EAP_BASE &&
253 vp->attribute <= ATTRIBUTE_EAP_BASE+256) ||
254 (vp->attribute > ATTRIBUTE_EAP_SIM_BASE &&
255 vp->attribute <= ATTRIBUTE_EAP_SIM_BASE+256))
266 * we got an EAP-Request/Sim/Start message in a legal state.
268 * pick a supported version, put it into the reply, and insert a nonce.
270 static int process_eap_start(RADIUS_PACKET *req,
273 VALUE_PAIR *vp, *newvp;
274 VALUE_PAIR *anyidreq_vp, *fullauthidreq_vp, *permanentidreq_vp;
275 uint16_t *versions, selectedversion;
276 unsigned int i,versioncount;
278 /* form new response clear of any EAP stuff */
281 if((vp = pairfind(req->vps, ATTRIBUTE_EAP_SIM_BASE+PW_EAP_SIM_VERSION_LIST)) == NULL) {
282 fprintf(stderr, "illegal start message has no VERSION_LIST\n");
286 versions = (uint16_t *)vp->vp_strvalue;
288 /* verify that the attribute length is big enough for a length field */
291 fprintf(stderr, "start message has illegal VERSION_LIST. Too short: %d\n", vp->length);
295 versioncount = ntohs(versions[0])/2;
296 /* verify that the attribute length is big enough for the given number
297 * of versions present.
299 if((unsigned)vp->length <= (versioncount*2 + 2))
301 fprintf(stderr, "start message is too short. Claimed %d versions does not fit in %d bytes\n", versioncount, vp->length);
306 * record the versionlist for the MK calculation.
308 eapsim_mk.versionlistlen = versioncount*2;
309 memcpy(eapsim_mk.versionlist, (unsigned char *)(versions+1),
310 eapsim_mk.versionlistlen);
312 /* walk the version list, and pick the one we support, which
313 * at present, is 1, EAP_SIM_VERSION.
316 for(i=0; i < versioncount; i++)
318 if(ntohs(versions[i+1]) == EAP_SIM_VERSION)
320 selectedversion=EAP_SIM_VERSION;
324 if(selectedversion == 0)
326 fprintf(stderr, "eap-sim start message. No compatible version found. We need %d\n", EAP_SIM_VERSION);
327 for(i=0; i < versioncount; i++)
329 fprintf(stderr, "\tfound version %d\n",
330 ntohs(versions[i+1]));
335 * now make sure that we have only FULLAUTH_ID_REQ.
336 * I think that it actually might not matter - we can answer in
337 * anyway we like, but it is illegal to have more than one
340 anyidreq_vp = pairfind(req->vps, ATTRIBUTE_EAP_SIM_BASE+PW_EAP_SIM_ANY_ID_REQ);
341 fullauthidreq_vp = pairfind(req->vps, ATTRIBUTE_EAP_SIM_BASE+PW_EAP_SIM_FULLAUTH_ID_REQ);
342 permanentidreq_vp = pairfind(req->vps, ATTRIBUTE_EAP_SIM_BASE+PW_EAP_SIM_PERMANENT_ID_REQ);
344 if(fullauthidreq_vp == NULL ||
345 anyidreq_vp != NULL ||
346 permanentidreq_vp != NULL) {
347 fprintf(stderr, "start message has %sanyidreq, %sfullauthid and %spermanentid. Illegal combination.\n",
348 (anyidreq_vp != NULL ? "a " : "no "),
349 (fullauthidreq_vp != NULL ? "a " : "no "),
350 (permanentidreq_vp != NULL ? "a " : "no "));
354 /* okay, we have just any_id_req there, so fill in response */
356 /* mark the subtype as being EAP-SIM/Response/Start */
357 newvp = paircreate(ATTRIBUTE_EAP_SIM_SUBTYPE, PW_TYPE_INTEGER);
358 newvp->lvalue = eapsim_start;
359 pairreplace(&(rep->vps), newvp);
361 /* insert selected version into response. */
362 newvp = paircreate(ATTRIBUTE_EAP_SIM_BASE+PW_EAP_SIM_SELECTED_VERSION,
364 versions = (uint16_t *)newvp->vp_strvalue;
365 versions[0] = htons(selectedversion);
367 pairreplace(&(rep->vps), newvp);
369 /* record the selected version */
370 memcpy(eapsim_mk.versionselect, (unsigned char *)versions, 2);
377 * insert a nonce_mt that we make up.
379 newvp = paircreate(ATTRIBUTE_EAP_SIM_BASE+PW_EAP_SIM_NONCE_MT,
381 newvp->vp_octets[0]=0;
382 newvp->vp_octets[1]=0;
383 newvp->length = 18; /* 16 bytes of nonce + padding */
385 nonce[0]=lrad_rand();
386 nonce[1]=lrad_rand();
387 nonce[2]=lrad_rand();
388 nonce[3]=lrad_rand();
389 memcpy(&newvp->vp_octets[2], nonce, 16);
390 pairreplace(&(rep->vps), newvp);
392 /* also keep a copy of the nonce! */
393 memcpy(eapsim_mk.nonce_mt, nonce, 16);
397 uint16_t *pidlen, idlen;
400 * insert the identity here.
402 vp = pairfind(rep->vps, PW_USER_NAME);
405 fprintf(stderr, "eap-sim: We need to have a User-Name attribute!\n");
408 newvp = paircreate(ATTRIBUTE_EAP_SIM_BASE+PW_EAP_SIM_IDENTITY,
410 idlen = strlen(vp->vp_strvalue);
411 pidlen = (uint16_t *)newvp->vp_strvalue;
412 *pidlen = htons(idlen);
413 newvp->length = idlen + 2;
415 memcpy(&newvp->vp_strvalue[2], vp->vp_strvalue, idlen);
416 pairreplace(&(rep->vps), newvp);
419 memcpy(eapsim_mk.identity, vp->vp_strvalue, idlen);
420 eapsim_mk.identitylen = idlen;
427 * we got an EAP-Request/Sim/Challenge message in a legal state.
429 * use the RAND challenge to produce the SRES result, and then
430 * use that to generate a new MAC.
432 * for the moment, we ignore the RANDs, then just plug in the SRES
436 static int process_eap_challenge(RADIUS_PACKET *req,
440 VALUE_PAIR *mac, *randvp;
441 VALUE_PAIR *sres1,*sres2,*sres3;
442 VALUE_PAIR *Kc1, *Kc2, *Kc3;
445 /* look for the AT_MAC and the challenge data */
446 mac = pairfind(req->vps, ATTRIBUTE_EAP_SIM_BASE+PW_EAP_SIM_MAC);
447 randvp= pairfind(req->vps, ATTRIBUTE_EAP_SIM_BASE+PW_EAP_SIM_RAND);
448 if(mac == NULL || rand == NULL) {
449 fprintf(stderr, "radeapclient: challenge message needs to contain RAND and MAC\n");
454 * compare RAND with randX, to verify this is the right response
458 VALUE_PAIR *randcfgvp[3];
459 unsigned char *randcfg[3];
461 randcfg[0] = &randvp->vp_strvalue[2];
462 randcfg[1] = &randvp->vp_strvalue[2+EAPSIM_RAND_SIZE];
463 randcfg[2] = &randvp->vp_strvalue[2+EAPSIM_RAND_SIZE*2];
465 randcfgvp[0] = pairfind(rep->vps, ATTRIBUTE_EAP_SIM_RAND1);
466 randcfgvp[1] = pairfind(rep->vps, ATTRIBUTE_EAP_SIM_RAND2);
467 randcfgvp[2] = pairfind(rep->vps, ATTRIBUTE_EAP_SIM_RAND3);
469 if(randcfgvp[0] == NULL ||
470 randcfgvp[1] == NULL ||
471 randcfgvp[2] == NULL) {
472 fprintf(stderr, "radeapclient: needs to have rand1, 2 and 3 set.\n");
476 if(memcmp(randcfg[0], randcfgvp[0]->vp_strvalue, EAPSIM_RAND_SIZE)!=0 ||
477 memcmp(randcfg[1], randcfgvp[1]->vp_strvalue, EAPSIM_RAND_SIZE)!=0 ||
478 memcmp(randcfg[2], randcfgvp[2]->vp_strvalue, EAPSIM_RAND_SIZE)!=0) {
481 fprintf(stderr, "radeapclient: one of rand 1,2,3 didn't match\n");
482 for(rnum = 0; rnum < 3; rnum++) {
483 fprintf(stderr, "received rand %d: ", rnum);
485 for (i = 0; i < EAPSIM_RAND_SIZE; i++) {
492 fprintf(stderr, "%02x", randcfg[rnum][i]);
494 fprintf(stderr, "\nconfigured rand %d: ", rnum);
496 for (i = 0; i < EAPSIM_RAND_SIZE; i++) {
503 fprintf(stderr, "%02x", randcfgvp[rnum]->vp_strvalue[i]);
505 fprintf(stderr, "\n");
512 * now dig up the sres values from the response packet,
513 * which were put there when we read things in.
515 * Really, they should be calculated from the RAND!
518 sres1 = pairfind(rep->vps, ATTRIBUTE_EAP_SIM_SRES1);
519 sres2 = pairfind(rep->vps, ATTRIBUTE_EAP_SIM_SRES2);
520 sres3 = pairfind(rep->vps, ATTRIBUTE_EAP_SIM_SRES3);
525 fprintf(stderr, "radeapclient: needs to have sres1, 2 and 3 set.\n");
528 memcpy(eapsim_mk.sres[0], sres1->vp_strvalue, sizeof(eapsim_mk.sres[0]));
529 memcpy(eapsim_mk.sres[1], sres2->vp_strvalue, sizeof(eapsim_mk.sres[1]));
530 memcpy(eapsim_mk.sres[2], sres3->vp_strvalue, sizeof(eapsim_mk.sres[2]));
532 Kc1 = pairfind(rep->vps, ATTRIBUTE_EAP_SIM_KC1);
533 Kc2 = pairfind(rep->vps, ATTRIBUTE_EAP_SIM_KC2);
534 Kc3 = pairfind(rep->vps, ATTRIBUTE_EAP_SIM_KC3);
539 fprintf(stderr, "radeapclient: needs to have Kc1, 2 and 3 set.\n");
542 memcpy(eapsim_mk.Kc[0], Kc1->vp_strvalue, sizeof(eapsim_mk.Kc[0]));
543 memcpy(eapsim_mk.Kc[1], Kc2->vp_strvalue, sizeof(eapsim_mk.Kc[1]));
544 memcpy(eapsim_mk.Kc[2], Kc3->vp_strvalue, sizeof(eapsim_mk.Kc[2]));
546 /* all set, calculate keys */
547 eapsim_calculate_keys(&eapsim_mk);
550 eapsim_dump_mk(&eapsim_mk);
553 /* verify the MAC, now that we have all the keys. */
554 if(eapsim_checkmac(req->vps, eapsim_mk.K_aut,
555 eapsim_mk.nonce_mt, sizeof(eapsim_mk.nonce_mt),
557 printf("MAC check succeed\n");
561 printf("calculated MAC (");
562 for (i = 0; i < 20; i++) {
569 printf("%02x", calcmac[i]);
571 printf(" did not match\n");
575 /* form new response clear of any EAP stuff */
578 /* mark the subtype as being EAP-SIM/Response/Start */
579 newvp = paircreate(ATTRIBUTE_EAP_SIM_SUBTYPE, PW_TYPE_INTEGER);
580 newvp->lvalue = eapsim_challenge;
581 pairreplace(&(rep->vps), newvp);
584 * fill the SIM_MAC with a field that will in fact get appended
585 * to the packet before the MAC is calculated
587 newvp = paircreate(ATTRIBUTE_EAP_SIM_BASE+PW_EAP_SIM_MAC,
589 memcpy(newvp->vp_strvalue+EAPSIM_SRES_SIZE*0, sres1->vp_strvalue, EAPSIM_SRES_SIZE);
590 memcpy(newvp->vp_strvalue+EAPSIM_SRES_SIZE*1, sres2->vp_strvalue, EAPSIM_SRES_SIZE);
591 memcpy(newvp->vp_strvalue+EAPSIM_SRES_SIZE*2, sres3->vp_strvalue, EAPSIM_SRES_SIZE);
592 newvp->length = EAPSIM_SRES_SIZE*3;
593 pairreplace(&(rep->vps), newvp);
595 newvp = paircreate(ATTRIBUTE_EAP_SIM_KEY, PW_TYPE_OCTETS);
596 memcpy(newvp->vp_strvalue, eapsim_mk.K_aut, EAPSIM_AUTH_SIZE);
597 newvp->length = EAPSIM_AUTH_SIZE;
598 pairreplace(&(rep->vps), newvp);
604 * this code runs the EAP-SIM client state machine.
605 * the *request* is from the server.
606 * the *reponse* is to the server.
609 static int respond_eap_sim(RADIUS_PACKET *req,
612 enum eapsim_clientstates state, newstate;
613 enum eapsim_subtype subtype;
614 VALUE_PAIR *vp, *statevp, *radstate, *eapid;
615 char statenamebuf[32], subtypenamebuf[32];
617 if ((radstate = paircopy2(req->vps, PW_STATE)) == NULL)
622 if ((eapid = paircopy2(req->vps, ATTRIBUTE_EAP_ID)) == NULL)
627 /* first, dig up the state from the request packet, setting
628 * outselves to be in EAP-SIM-Start state if there is none.
631 if((statevp = pairfind(resp->vps, ATTRIBUTE_EAP_SIM_STATE)) == NULL)
633 /* must be initial request */
634 statevp = paircreate(ATTRIBUTE_EAP_SIM_STATE, PW_TYPE_INTEGER);
635 statevp->lvalue = eapsim_client_init;
636 pairreplace(&(resp->vps), statevp);
638 state = statevp->lvalue;
641 * map the attributes, and authenticate them.
643 unmap_eapsim_types(req);
645 printf("<+++ EAP-sim decoded packet:\n");
646 vp_printlist(stdout, req->vps);
648 if((vp = pairfind(req->vps, ATTRIBUTE_EAP_SIM_SUBTYPE)) == NULL)
652 subtype = vp->lvalue;
655 * look for the appropriate state, and process incoming message
658 case eapsim_client_init:
661 newstate = process_eap_start(req, resp);
664 case eapsim_challenge:
665 case eapsim_notification:
668 fprintf(stderr, "radeapclient: sim in state %s message %s is illegal. Reply dropped.\n",
669 sim_state2name(state, statenamebuf, sizeof(statenamebuf)),
670 sim_subtype2name(subtype, subtypenamebuf, sizeof(subtypenamebuf)));
671 /* invalid state, drop message */
676 case eapsim_client_start:
679 /* NOT SURE ABOUT THIS ONE, retransmit, I guess */
680 newstate = process_eap_start(req, resp);
683 case eapsim_challenge:
684 newstate = process_eap_challenge(req, resp);
688 fprintf(stderr, "radeapclient: sim in state %s message %s is illegal. Reply dropped.\n",
689 sim_state2name(state, statenamebuf, sizeof(statenamebuf)),
690 sim_subtype2name(subtype, subtypenamebuf, sizeof(subtypenamebuf)));
691 /* invalid state, drop message */
698 fprintf(stderr, "radeapclient: sim in illegal state %s\n",
699 sim_state2name(state, statenamebuf, sizeof(statenamebuf)));
703 /* copy the eap state object in */
704 pairreplace(&(resp->vps), eapid);
706 /* update stete info, and send new packet */
707 map_eapsim_types(resp);
709 /* copy the radius state object in */
710 pairreplace(&(resp->vps), radstate);
712 statevp->lvalue = newstate;
716 static int respond_eap_md5(RADIUS_PACKET *req,
719 VALUE_PAIR *vp, *id, *state;
720 int valuesize, namesize;
721 unsigned char identifier;
722 unsigned char *value;
729 if ((state = paircopy2(req->vps, PW_STATE)) == NULL)
731 fprintf(stderr, "radeapclient: no state attribute found\n");
735 if ((id = paircopy2(req->vps, ATTRIBUTE_EAP_ID)) == NULL)
737 fprintf(stderr, "radeapclient: no EAP-ID attribute found\n");
740 identifier = id->lvalue;
742 if ((vp = pairfind(req->vps, ATTRIBUTE_EAP_BASE+PW_EAP_MD5)) == NULL)
744 fprintf(stderr, "radeapclient: no EAP-MD5 attribute found\n");
748 /* got the details of the MD5 challenge */
749 valuesize = vp->vp_octets[0];
750 value = &vp->vp_octets[1];
751 name = &vp->vp_octets[valuesize+1];
752 namesize = vp->length - (valuesize + 1);
755 if(valuesize > vp->length)
757 fprintf(stderr, "radeapclient: md5 valuesize if too big (%d > %d)\n",
758 valuesize, vp->length);
762 /* now do the CHAP operation ourself, rather than build the
763 * buffer. We could also call rad_chap_encode, but it wants
764 * a CHAP-Challenge, which we don't want to bother with.
766 lrad_MD5Init(&context);
767 lrad_MD5Update(&context, &identifier, 1);
768 lrad_MD5Update(&context, password, strlen(password));
769 lrad_MD5Update(&context, value, valuesize);
770 lrad_MD5Final(response, &context);
772 vp = paircreate(ATTRIBUTE_EAP_BASE+PW_EAP_MD5, PW_TYPE_OCTETS);
774 memcpy(&vp->vp_strvalue[1], response, 16);
777 pairreplace(&(rep->vps), vp);
779 pairreplace(&(rep->vps), id);
781 /* copy the state object in */
782 pairreplace(&(rep->vps), state);
789 static int sendrecv_eap(RADIUS_PACKET *rep)
791 RADIUS_PACKET *req = NULL;
792 VALUE_PAIR *vp, *vpnext;
793 int tried_eap_md5 = 0;
796 * Keep a copy of the the User-Password attribute.
798 if ((vp = pairfind(rep->vps, PW_CLEARTEXT_PASSWORD)) != NULL) {
799 strlcpy(password, (char *)vp->vp_strvalue, sizeof(vp->vp_strvalue));
801 } else if ((vp = pairfind(rep->vps, PW_USER_PASSWORD)) != NULL) {
802 strlcpy(password, (char *)vp->vp_strvalue, sizeof(vp->vp_strvalue));
804 * Otherwise keep a copy of the CHAP-Password attribute.
806 } else if ((vp = pairfind(rep->vps, PW_CHAP_PASSWORD)) != NULL) {
807 strlcpy(password, (char *)vp->vp_strvalue, sizeof(vp->vp_strvalue));
815 printf("\n+++> About to send encoded packet:\n");
816 vp_printlist(stdout, rep->vps);
819 * if there are EAP types, encode them into an EAP-Message
825 * Fix up Digest-Attributes issues
827 for (vp = rep->vps; vp != NULL; vp = vp->next) {
828 switch (vp->attribute) {
832 case PW_DIGEST_REALM:
833 case PW_DIGEST_NONCE:
834 case PW_DIGEST_METHOD:
837 case PW_DIGEST_ALGORITHM:
838 case PW_DIGEST_BODY_DIGEST:
839 case PW_DIGEST_CNONCE:
840 case PW_DIGEST_NONCE_COUNT:
841 case PW_DIGEST_USER_NAME:
843 memmove(&vp->vp_strvalue[2], &vp->vp_octets[0], vp->length);
844 vp->vp_octets[0] = vp->attribute - PW_DIGEST_REALM + 1;
846 vp->vp_octets[1] = vp->length;
847 vp->attribute = PW_DIGEST_ATTRIBUTES;
853 * If we've already sent a packet, free up the old
854 * one, and ensure that the next packet has a unique
855 * ID and authentication vector.
862 librad_md5_calc(rep->vector, rep->vector,
863 sizeof(rep->vector));
865 if (*password != '\0') {
866 if ((vp = pairfind(rep->vps, PW_CLEARTEXT_PASSWORD)) != NULL) {
867 strlcpy((char *)vp->vp_strvalue, password, sizeof(vp->vp_strvalue));
868 vp->length = strlen(password);
870 } else if ((vp = pairfind(rep->vps, PW_USER_PASSWORD)) != NULL) {
871 strlcpy((char *)vp->vp_strvalue, password, sizeof(vp->vp_strvalue));
872 vp->length = strlen(password);
874 } else if ((vp = pairfind(rep->vps, PW_CHAP_PASSWORD)) != NULL) {
875 strlcpy((char *)vp->vp_strvalue, password, sizeof(vp->vp_strvalue));
876 vp->length = strlen(password);
878 rad_chap_encode(rep, (char *) vp->vp_strvalue, rep->id, vp);
881 } /* there WAS a password */
883 /* send the response, wait for the next request */
884 send_packet(rep, &req);
886 /* okay got back the packet, go and decode the EAP-Message. */
887 unmap_eap_types(req);
889 printf("<+++ EAP decoded packet:\n");
890 vp_printlist(stdout, req->vps);
892 /* now look for the code type. */
893 for (vp = req->vps; vp != NULL; vp = vpnext) {
896 switch (vp->attribute) {
900 case ATTRIBUTE_EAP_BASE+PW_EAP_MD5:
901 if(respond_eap_md5(req, rep) && tried_eap_md5 < 3)
908 case ATTRIBUTE_EAP_BASE+PW_EAP_SIM:
909 if(respond_eap_sim(req, rep))
921 int main(int argc, char **argv)
927 char *filename = NULL;
932 id = ((int)getpid() & 0xff);
935 radlog_dest = RADLOG_STDERR;
937 while ((c = getopt(argc, argv, "c:d:f:hi:qst:r:S:xXv")) != EOF)
941 if (!isdigit((int) *optarg))
943 count = atoi(optarg);
961 sha1_data_problems = 1; /* for debugging only */
968 if (!isdigit((int) *optarg))
970 retries = atoi(optarg);
973 if (!isdigit((int) *optarg))
976 if ((id < 0) || (id > 255)) {
984 if (!isdigit((int) *optarg))
986 timeout = atof(optarg);
989 printf("radclient: $Id$ built on " __DATE__ " at " __TIME__ "\n");
993 fp = fopen(optarg, "r");
995 fprintf(stderr, "radclient: Error opening %s: %s\n",
996 optarg, strerror(errno));
999 if (fgets(filesecret, sizeof(filesecret), fp) == NULL) {
1000 fprintf(stderr, "radclient: Error reading %s: %s\n",
1001 optarg, strerror(errno));
1006 /* truncate newline */
1007 p = filesecret + strlen(filesecret) - 1;
1008 while ((p >= filesecret) &&
1014 if (strlen(filesecret) < 2) {
1015 fprintf(stderr, "radclient: Secret in %s is too short\n", optarg);
1018 secret = filesecret;
1026 argc -= (optind - 1);
1027 argv += (optind - 1);
1030 ((secret == NULL) && (argc < 4))) {
1034 if (dict_init(radius_dir, RADIUS_DICTIONARY) < 0) {
1035 librad_perror("radclient");
1039 if ((req = rad_alloc(1)) == NULL) {
1040 librad_perror("radclient");
1048 if((randinit = fopen("/dev/urandom", "r")) == NULL)
1050 perror("/dev/urandom");
1052 fread(randctx.randrsl, 256, 1, randinit);
1056 lrad_randinit(&randctx, 1);
1062 * Strip port from hostname if needed.
1064 if ((p = strchr(argv[1], ':')) != NULL) {
1070 * See what kind of request we want to send.
1072 if (strcmp(argv[2], "auth") == 0) {
1073 if (port == 0) port = getport("radius");
1074 if (port == 0) port = PW_AUTH_UDP_PORT;
1075 req->code = PW_AUTHENTICATION_REQUEST;
1077 } else if (strcmp(argv[2], "acct") == 0) {
1078 if (port == 0) port = getport("radacct");
1079 if (port == 0) port = PW_ACCT_UDP_PORT;
1080 req->code = PW_ACCOUNTING_REQUEST;
1083 } else if (strcmp(argv[2], "status") == 0) {
1084 if (port == 0) port = getport("radius");
1085 if (port == 0) port = PW_AUTH_UDP_PORT;
1086 req->code = PW_STATUS_SERVER;
1088 } else if (strcmp(argv[2], "disconnect") == 0) {
1089 if (port == 0) port = PW_POD_UDP_PORT;
1090 req->code = PW_DISCONNECT_REQUEST;
1092 } else if (isdigit((int) argv[2][0])) {
1093 if (port == 0) port = getport("radius");
1094 if (port == 0) port = PW_AUTH_UDP_PORT;
1095 req->code = atoi(argv[2]);
1101 * Ensure that the configuration is initialized.
1103 memset(&mainconfig, 0, sizeof(mainconfig));
1108 req->dst_port = port;
1109 if (ip_hton(argv[1], AF_INET, &req->dst_ipaddr) < 0) {
1110 fprintf(stderr, "radclient: Failed to find IP address for host %s\n", argv[1]);
1117 if (argv[3]) secret = argv[3];
1121 * Maybe read them, from stdin, if there's no
1122 * filename, or if the filename is '-'.
1124 if (filename && (strcmp(filename, "-") != 0)) {
1125 fp = fopen(filename, "r");
1127 fprintf(stderr, "radclient: Error opening %s: %s\n",
1128 filename, strerror(errno));
1138 if ((req->sockfd = socket(AF_INET, SOCK_DGRAM, 0)) < 0) {
1139 perror("radclient: socket: ");
1144 if(req->vps) pairfree(&req->vps);
1146 if ((req->vps = readvp2(fp, &filedone, "radeapclient:"))
1155 printf("\n\t Total approved auths: %d\n", totalapp);
1156 printf("\t Total denied auths: %d\n", totaldeny);