* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
*
- * Copyright 2000 The FreeRADIUS server project
+ * Copyright 2000,2006 The FreeRADIUS server project
* Copyright 2000 Miquel van Smoorenburg <miquels@cistron.nl>
* Copyright 2000 Alan DeKok <aland@ox.org>
*/
-static const char rcsid[] = "$Id$";
-#include <freeradius-devel/autoconf.h>
+#include <freeradius-devel/ident.h>
+RCSID("$Id$")
-#include <stdio.h>
-#include <stdlib.h>
-
-#ifdef HAVE_UNISTD_H
-# include <unistd.h>
-#endif
+#include <freeradius-devel/libradius.h>
+#include <freeradius-devel/conf.h>
+#include <freeradius-devel/radpaths.h>
-#include <string.h>
#include <ctype.h>
-#include <netdb.h>
-
-#ifdef HAVE_SYS_SELECT_H
-# include <sys/select.h>
-#endif
#ifdef HAVE_GETOPT_H
# include <getopt.h>
#include <assert.h>
-#include <freeradius-devel/conf.h>
-#include <freeradius-devel/radpaths.h>
-#include <freeradius-devel/missing.h>
-#include <freeradius-devel/libradius.h>
+#include "smbdes.h"
+#include "mschap.h"
-static int retries = 10;
-static float timeout = 3;
+static int success = 0;
+static int retries = 3;
+static float timeout = 5;
static const char *secret = NULL;
static int do_output = 1;
static int totalapp = 0;
static int server_port = 0;
static int packet_code = 0;
-static lrad_ipaddr_t server_ipaddr;
+static fr_ipaddr_t server_ipaddr;
static int resend_count = 1;
static int done = 1;
+static int print_filename = 0;
-static lrad_ipaddr_t client_ipaddr;
+static fr_ipaddr_t client_ipaddr;
static int client_port = 0;
static int sockfd;
static int last_used_id = -1;
+#ifdef WITH_TCP
+const char *proto = NULL;
+#endif
+static int ipproto = IPPROTO_UDP;
+
static rbtree_t *filename_tree = NULL;
-static lrad_packet_list_t *pl = NULL;
+static fr_packet_list_t *pl = NULL;
static int sleep_time = -1;
fprintf(stderr, " -x Debugging mode.\n");
fprintf(stderr, " -4 Use IPv4 address of server\n");
fprintf(stderr, " -6 Use IPv6 address of server.\n");
+#ifdef WITH_TCP
+ fprintf(stderr, " -P proto Use proto (tcp or udp) for transport.\n");
+#endif
exit(1);
}
free(radclient);
}
+static int mschapv1_encode(VALUE_PAIR **request, const char *password)
+{
+ unsigned int i;
+ VALUE_PAIR *challenge, *response;
+ uint8_t nthash[16];
+
+ challenge = paircreate(PW_MSCHAP_CHALLENGE, VENDORPEC_MICROSOFT, PW_TYPE_OCTETS);
+ if (!challenge) {
+ fprintf(stderr, "GOT IT %d!\n", __LINE__);
+ return 0;
+ }
+
+ pairadd(request, challenge);
+ challenge->length = 8;
+ for (i = 0; i < challenge->length; i++) {
+ challenge->vp_octets[i] = fr_rand();
+ }
+
+ response = paircreate(PW_MSCHAP_RESPONSE, VENDORPEC_MICROSOFT, PW_TYPE_OCTETS);
+ if (!response) {
+ fprintf(stderr, "GOT IT %d!\n", __LINE__);
+ return 0;
+ }
+
+ pairadd(request, response);
+ response->length = 50;
+ memset(response->vp_octets, 0, response->length);
+
+ response->vp_octets[1] = 0x01; /* NT hash */
+
+ mschap_ntpwdhash(nthash, password);
+
+ smbdes_mschap(nthash, challenge->vp_octets,
+ response->vp_octets + 26);
+ return 1;
+}
+
+
/*
- * Initialize a radclient data structure
+ * Initialize a radclient data structure and add it to
+ * the global linked list.
*/
-static radclient_t *radclient_init(const char *filename)
+static int radclient_init(const char *filename)
{
FILE *fp;
VALUE_PAIR *vp;
- radclient_t *start, *radclient, *prev = NULL;
+ radclient_t *radclient;
int filedone = 0;
int packet_number = 1;
- start = NULL;
assert(filename != NULL);
/*
if (!fp) {
fprintf(stderr, "radclient: Error opening %s: %s\n",
filename, strerror(errno));
- return NULL;
+ return 0;
}
} else {
fp = stdin;
radclient = malloc(sizeof(*radclient));
if (!radclient) {
perror("radclient: X");
- return NULL; /* memory leak "start" */
+ if (fp != stdin) fclose(fp);
+ return 0;
}
memset(radclient, 0, sizeof(*radclient));
radclient->request = rad_alloc(1);
if (!radclient->request) {
- librad_perror("radclient: Y");
- radclient_free(radclient);
- return NULL; /* memory leak "start" */
+ fr_perror("radclient: Y");
+ free(radclient);
+ if (fp != stdin) fclose(fp);
+ return 0;
}
+#ifdef WITH_TCP
+ radclient->request->src_ipaddr = client_ipaddr;
+ radclient->request->src_port = client_port;
+ radclient->request->dst_ipaddr = server_ipaddr;
+ radclient->request->dst_port = server_port;
+#endif
+
radclient->filename = filename;
radclient->request->id = -1; /* allocate when sending */
radclient->packet_number = packet_number++;
*/
radclient->request->vps = readvp2(fp, &filedone, "radclient:");
if (!radclient->request->vps) {
- radclient_free(radclient);
- return start; /* done: return the list */
+ rad_free(&radclient->request);
+ free(radclient);
+ if (fp != stdin) fclose(fp);
+ return 1;
}
/*
* Keep a copy of the the User-Password attribute.
*/
- if ((vp = pairfind(radclient->request->vps, PW_PASSWORD)) != NULL) {
- strNcpy(radclient->password, vp->vp_strvalue,
+ if ((vp = pairfind(radclient->request->vps, PW_USER_PASSWORD, 0)) != NULL) {
+ strlcpy(radclient->password, vp->vp_strvalue,
sizeof(radclient->password));
/*
* Otherwise keep a copy of the CHAP-Password attribute.
*/
- } else if ((vp = pairfind(radclient->request->vps, PW_CHAP_PASSWORD)) != NULL) {
- strNcpy(radclient->password, vp->vp_strvalue,
+ } else if ((vp = pairfind(radclient->request->vps, PW_CHAP_PASSWORD, 0)) != NULL) {
+ strlcpy(radclient->password, vp->vp_strvalue,
+ sizeof(radclient->password));
+
+ } else if ((vp = pairfind(radclient->request->vps, PW_MSCHAP_PASSWORD, 0)) != NULL) {
+ strlcpy(radclient->password, vp->vp_strvalue,
sizeof(radclient->password));
} else {
radclient->password[0] = '\0';
* the attributes read from the file.
*/
case PW_PACKET_TYPE:
- radclient->request->code = vp->lvalue;
+ radclient->request->code = vp->vp_integer;
break;
case PW_PACKET_DST_PORT:
- radclient->request->dst_port = (vp->lvalue & 0xffff);
+ radclient->request->dst_port = (vp->vp_integer & 0xffff);
break;
case PW_PACKET_DST_IP_ADDRESS:
radclient->request->dst_ipaddr.af = AF_INET;
- radclient->request->dst_ipaddr.ipaddr.ip4addr.s_addr = vp->lvalue;
+ radclient->request->dst_ipaddr.ipaddr.ip4addr.s_addr = vp->vp_ipaddr;
break;
case PW_PACKET_DST_IPV6_ADDRESS:
break;
case PW_PACKET_SRC_PORT:
- radclient->request->src_port = (vp->lvalue & 0xffff);
+ radclient->request->src_port = (vp->vp_integer & 0xffff);
break;
case PW_PACKET_SRC_IP_ADDRESS:
radclient->request->src_ipaddr.af = AF_INET;
- radclient->request->src_ipaddr.ipaddr.ip4addr.s_addr = vp->lvalue;
+ radclient->request->src_ipaddr.ipaddr.ip4addr.s_addr = vp->vp_ipaddr;
break;
case PW_PACKET_SRC_IPV6_ADDRESS:
}
} /* loop over the VP's we read in */
- if (!start) {
- start = radclient;
- prev = start;
+ /*
+ * Add it to the tail of the list.
+ */
+ if (!radclient_head) {
+ assert(radclient_tail == NULL);
+ radclient_head = radclient;
+ radclient->prev = NULL;
} else {
- prev->next = radclient;
- radclient->prev = prev;
- prev = radclient;
+ assert(radclient_tail->next == NULL);
+ radclient_tail->next = radclient;
+ radclient->prev = radclient_tail;
}
+ radclient_tail = radclient;
+ radclient->next = NULL;
+
} while (!filedone); /* loop until the file is done. */
if (fp != stdin) fclose(fp);
/*
* And we're done.
*/
- return start;
+ return 1;
}
static int filename_walk(void *context, void *data)
{
const char *filename = data;
- radclient_t *radclient;
context = context; /* -Wunused */
/*
- * Initialize the request we're about
- * to send.
+ * Read request(s) from the file.
*/
- radclient = radclient_init(filename);
- if (!radclient) {
- exit(1);
- }
-
- if (!radclient_head) {
- assert(radclient_tail == NULL);
- radclient_head = radclient;
- } else {
- assert(radclient_tail->next == NULL);
- radclient_tail->next = radclient;
- radclient->prev = radclient_tail;
+ if (!radclient_init(filename)) {
+ return 1; /* stop walking */
}
- /*
- * We may have had a list of "radclient" structures
- * returned to us.
- */
- while (radclient->next) radclient = radclient->next;
- radclient_tail = radclient;
-
return 0;
}
/*
* One more unused RADIUS ID.
*/
- lrad_packet_list_id_free(pl, radclient->request);
+ fr_packet_list_id_free(pl, radclient->request);
radclient->request->id = -1;
/*
printf("%02x", packet->data[i]);
}
printf("\n");
-
+
if (packet->data_len > 20) {
int total;
const uint8_t *ptr;
* this packet.
*/
retry:
- rcode = lrad_packet_list_id_alloc(pl, radclient->request);
+ radclient->request->src_ipaddr.af = server_ipaddr.af;
+ rcode = fr_packet_list_id_alloc(pl, ipproto,
+ radclient->request, NULL);
if (rcode < 0) {
int mysockfd;
- mysockfd = lrad_socket(&client_ipaddr, 0);
+#ifdef WITH_TCP
+ if (proto) {
+ mysockfd = fr_tcp_client_socket(NULL,
+ &server_ipaddr,
+ server_port);
+ } else
+#endif
+ mysockfd = fr_socket(&client_ipaddr, 0);
if (!mysockfd) {
fprintf(stderr, "radclient: Can't open new socket\n");
exit(1);
}
- if (!lrad_packet_list_socket_add(pl, mysockfd)) {
+ if (!fr_packet_list_socket_add(pl, mysockfd, ipproto,
+ &server_ipaddr,
+ server_port, NULL)) {
fprintf(stderr, "radclient: Can't add new socket\n");
exit(1);
}
assert(radclient->request->data == NULL);
for (i = 0; i < 4; i++) {
- *((uint32_t *) radclient->request->vector) = lrad_rand();
+ ((uint32_t *) radclient->request->vector)[i] = fr_rand();
}
/*
if (radclient->password[0] != '\0') {
VALUE_PAIR *vp;
- if ((vp = pairfind(radclient->request->vps, PW_PASSWORD)) != NULL) {
- strNcpy(vp->vp_strvalue, radclient->password,
+ if ((vp = pairfind(radclient->request->vps, PW_USER_PASSWORD, 0)) != NULL) {
+ strlcpy(vp->vp_strvalue, radclient->password,
sizeof(vp->vp_strvalue));
vp->length = strlen(vp->vp_strvalue);
- } else if ((vp = pairfind(radclient->request->vps, PW_CHAP_PASSWORD)) != NULL) {
+ } else if ((vp = pairfind(radclient->request->vps, PW_CHAP_PASSWORD, 0)) != NULL) {
/*
* FIXME: AND there's no CHAP-Challenge,
* AND vp->length != 17
* AND rad_chap_encode() != vp->vp_octets
*/
- strNcpy(vp->vp_strvalue, radclient->password,
+ strlcpy(vp->vp_strvalue, radclient->password,
sizeof(vp->vp_strvalue));
vp->length = strlen(vp->vp_strvalue);
vp->vp_octets,
radclient->request->id, vp);
vp->length = 17;
+
+ } else if ((vp = pairfind(radclient->request->vps, PW_MSCHAP_PASSWORD, 0)) != NULL) {
+ mschapv1_encode(&radclient->request->vps,
+ radclient->password);
+ } else if (fr_debug_flag) {
+ printf("WARNING: No password in the request\n");
}
}
/*
* Duplicate found. Serious error!
*/
- if (!lrad_packet_list_insert(pl, &radclient->request)) {
+ if (!fr_packet_list_insert(pl, &radclient->request)) {
assert(0 == 1);
}
-
+
+#ifdef WITH_TCP
+ /*
+ * WTF?
+ */
+ if (client_port == 0) {
+ client_ipaddr = radclient->request->src_ipaddr;
+ client_port = radclient->request->src_port;
+ }
+#endif
} else { /* radclient->request->id >= 0 */
time_t now = time(NULL);
*/
if (radclient->tries == retries) {
assert(radclient->request->id >= 0);
-
+
/*
* Delete the request from the tree of
* outstanding requests.
*/
- lrad_packet_list_yank(pl, radclient->request);
+ fr_packet_list_yank(pl, radclient->request);
fprintf(stderr, "radclient: no response from server for ID %d socket %d\n", radclient->request->id, radclient->request->sockfd);
deallocate_id(radclient);
-
+
/*
* Normally we mark it "done" when we've received
* the response, but this is a special case.
*/
if (rad_send(radclient->request, NULL, secret) < 0) {
fprintf(stderr, "radclient: Failed to send packet for ID %d: %s\n",
- radclient->request->id, librad_errstr);
+ radclient->request->id, fr_strerror());
}
- if (librad_debug > 2) print_hex(radclient->request);
+ if (fr_debug_flag > 2) print_hex(radclient->request);
return 0;
}
/* And wait for reply, timing out as necessary */
FD_ZERO(&set);
- max_fd = lrad_packet_list_fd_set(pl, &set);
+ max_fd = fr_packet_list_fd_set(pl, &set);
if (max_fd < 0) exit(1); /* no sockets to listen on! */
if (wait_time <= 0) {
/*
* Look for the packet.
*/
- reply = lrad_packet_list_recv(pl, &set);
+
+ reply = fr_packet_list_recv(pl, &set);
if (!reply) {
fprintf(stderr, "radclient: received bad packet: %s\n",
- librad_errstr);
+ fr_strerror());
+#ifdef WITH_TCP
+ /*
+ * If the packet is bad, we close the socket.
+ * I'm not sure how to do that now, so we just
+ * die...
+ */
+ if (proto) exit(1);
+#endif
return -1; /* bad packet */
}
- if (librad_debug > 2) print_hex(reply);
+ /*
+ * udpfromto issues. We may have bound to "*",
+ * and we want to find the replies that are sent to
+ * (say) 127.0.0.1.
+ */
+ reply->dst_ipaddr = client_ipaddr;
+ reply->dst_port = client_port;
+#ifdef WITH_TCP
+ reply->src_ipaddr = server_ipaddr;
+ reply->src_port = server_port;
+#endif
+
+ if (fr_debug_flag > 2) print_hex(reply);
- request_p = lrad_packet_list_find_byreply(pl, reply);
+ request_p = fr_packet_list_find_byreply(pl, reply);
if (!request_p) {
fprintf(stderr, "radclient: received response to request we did not send. (id=%d socket %d)\n", reply->id, reply->sockfd);
rad_free(&reply);
return -1; /* got reply to packet we didn't send */
}
- radclient = lrad_packet2myptr(radclient_t, request, request_p);
- lrad_packet_list_yank(pl, radclient->request);
- deallocate_id(radclient);
- radclient->reply = reply;
+ radclient = fr_packet2myptr(radclient_t, request, request_p);
/*
* Fails the signature validation: not a real reply.
* FIXME: Silently drop it and listen for another packet.
*/
if (rad_verify(reply, radclient->request, secret) < 0) {
- librad_perror("rad_verify");
+ fr_perror("rad_verify");
totallost++;
goto packet_done; /* shared secret is incorrect */
}
+ fr_packet_list_yank(pl, radclient->request);
+ if (print_filename) printf("%s:%d %d\n",
+ radclient->filename,
+ radclient->packet_number,
+ reply->code);
+ deallocate_id(radclient);
+ radclient->reply = reply;
+ reply = NULL;
+
/*
* If this fails, we're out of memory.
*/
- if (rad_decode(reply, radclient->request, secret) != 0) {
- librad_perror("rad_decode");
+ if (rad_decode(radclient->reply, radclient->request, secret) != 0) {
+ fr_perror("rad_decode");
totallost++;
goto packet_done;
}
/* libradius debug already prints out the value pairs for us */
- if (!librad_debug && do_output) {
- printf("Received response ID %d, code %d, length = %d\n",
- reply->id, reply->code, reply->data_len);
- vp_printlist(stdout, reply->vps);
+ if (!fr_debug_flag && do_output) {
+ printf("Received response ID %d, code %d, length = %ld\n",
+ radclient->reply->id, radclient->reply->code,
+ radclient->reply->data_len);
+ vp_printlist(stdout, radclient->reply->vps);
}
- if (reply->code != PW_AUTHENTICATION_REJECT) {
+
+ if ((radclient->reply->code == PW_AUTHENTICATION_ACK) ||
+ (radclient->reply->code == PW_ACCOUNTING_RESPONSE) ||
+ (radclient->reply->code == PW_COA_ACK) ||
+ (radclient->reply->code == PW_DISCONNECT_ACK)) {
+ success = 1; /* have a good response */
totalapp++;
} else {
totaldeny++;
}
-
-packet_done:
- rad_free(&radclient->reply);
-
- /*
- * Once we've sent the packet as many times as requested,
- * mark it done.
- */
+
if (radclient->resend == resend_count) {
- assert(lrad_packet_list_find(pl, radclient->request) == NULL);
radclient->done = 1;
}
+ packet_done:
+ rad_free(&radclient->reply);
+ rad_free(&reply); /* may be NULL */
+
return 0;
}
radclient_t *this;
int force_af = AF_UNSPEC;
- librad_debug = 0;
+ fr_debug_flag = 0;
filename_tree = rbtree_create(filename_cmp, NULL, 0);
if (!filename_tree) {
exit(1);
}
- while ((c = getopt(argc, argv, "46c:d:f:hi:n:p:qr:sS:t:vx")) != EOF) switch(c) {
+ while ((c = getopt(argc, argv, "46c:d:f:Fhi:n:p:qr:sS:t:vx"
+#ifdef WITH_TCP
+ "P:"
+#endif
+ )) != EOF) switch(c) {
case '4':
force_af = AF_INET;
break;
case 'f':
rbtree_insert(filename_tree, optarg);
break;
+ case 'F':
+ print_filename = 1;
+ break;
case 'i': /* currently broken */
if (!isdigit((int) *optarg))
usage();
if (parallel <= 0) usage();
break;
+#ifdef WITH_TCP
+ case 'P':
+ proto = optarg;
+ if (strcmp(proto, "tcp") != 0) {
+ if (strcmp(proto, "udp") == 0) {
+ proto = NULL;
+ } else {
+ usage();
+ }
+ } else {
+ ipproto = IPPROTO_TCP;
+ }
+ break;
+
+#endif
+
case 'q':
do_output = 0;
+ fr_log_fp = NULL; /* no output from you, either! */
break;
case 'r':
if (!isdigit((int) *optarg))
timeout = atof(optarg);
break;
case 'v':
- printf("radclient: $Id$ built on " __DATE__ " at " __TIME__ "\n");
+ printf("radclient: " RADIUSD_VERSION " built on " __DATE__ " at " __TIME__ "\n");
exit(0);
break;
case 'x':
- librad_debug++;
+ fr_debug_flag++;
+ fr_log_fp = stdout;
break;
case 'h':
default:
}
if (dict_init(radius_dir, RADIUS_DICTIONARY) < 0) {
- librad_perror("radclient");
+ fr_perror("radclient");
return 1;
}
/*
* Resolve hostname.
*/
+ if (force_af == AF_UNSPEC) force_af = AF_INET;
server_ipaddr.af = force_af;
if (strcmp(argv[1], "-") != 0) {
const char *hostname = argv[1];
if (*argv[1] == '[') { /* IPv6 URL encoded */
p = strchr(argv[1], ']');
- if ((p - argv[1]) >= sizeof(buffer)) {
+ if ((size_t) (p - argv[1]) >= sizeof(buffer)) {
usage();
}
-
+
memcpy(buffer, argv[1] + 1, p - argv[1] - 1);
buffer[p - argv[1] - 1] = '\0';
packet_code = PW_STATUS_SERVER;
} else if (strcmp(argv[2], "disconnect") == 0) {
- if (server_port == 0) server_port = PW_POD_UDP_PORT;
+ if (server_port == 0) server_port = PW_COA_UDP_PORT;
packet_code = PW_DISCONNECT_REQUEST;
} else if (strcmp(argv[2], "coa") == 0) {
- if (server_port == 0) server_port = PW_POD_UDP_PORT;
+ if (server_port == 0) server_port = PW_COA_UDP_PORT;
packet_code = PW_COA_REQUEST;
} else if (strcmp(argv[2], "auto") == 0) {
client_ipaddr = radclient_head->request->src_ipaddr;
client_port = radclient_head->request->src_port;
}
- sockfd = lrad_socket(&client_ipaddr, client_port);
+#ifdef WITH_TCP
+ if (proto) {
+ sockfd = fr_tcp_client_socket(NULL, &server_ipaddr, server_port);
+ } else
+#endif
+ sockfd = fr_socket(&client_ipaddr, client_port);
if (sockfd < 0) {
- fprintf(stderr, "radclient: socket: %s\n", librad_errstr);
+ fprintf(stderr, "radclient: socket: %s\n", fr_strerror());
exit(1);
}
- pl = lrad_packet_list_create(1);
+ pl = fr_packet_list_create(1);
if (!pl) {
fprintf(stderr, "radclient: Out of memory\n");
exit(1);
}
- if (!lrad_packet_list_socket_add(pl, sockfd)) {
+ if (!fr_packet_list_socket_add(pl, sockfd, ipproto, &server_ipaddr,
+ server_port, NULL)) {
fprintf(stderr, "radclient: Out of memory\n");
exit(1);
}
tv.tv_sec = 0;
tv.tv_usec = 1000000/persec;
}
-
+
/*
* Sleep for milliseconds,
* portably.
/*
* Still have outstanding requests.
*/
- if (lrad_packet_list_num_elements(pl) > 0) {
+ if (fr_packet_list_num_elements(pl) > 0) {
done = 0;
} else {
sleep_time = 0;
} while (!done);
rbtree_free(filename_tree);
- lrad_packet_list_free(pl);
+ fr_packet_list_free(pl);
+ while (radclient_head) radclient_free(radclient_head);
+ dict_free();
if (do_summary) {
printf("\n\t Total approved auths: %d\n", totalapp);
printf("\t Total lost auths: %d\n", totallost);
}
- return 0;
+ if (success) return 0;
+
+ return 1;
}