28RCSID(
"$Id: e0dcc3339e5d6069978466329daed0bdd4ffbf1a $")
30#include <freeradius-devel/util/conf.h>
31#include <freeradius-devel/util/syserror.h>
32#include <freeradius-devel/util/atexit.h>
33#include <freeradius-devel/util/pair_legacy.h>
34#include <freeradius-devel/util/time.h>
35#include <freeradius-devel/server/packet.h>
36#include <freeradius-devel/radius/list.h>
37#include <freeradius-devel/radius/radius.h>
38#include <freeradius-devel/util/chap.h>
39#ifdef HAVE_OPENSSL_SSL_H
40#include <openssl/ssl.h>
57#define pair_update_request(_attr, _da) do { \
58 _attr = fr_pair_find_by_da(&request->request_pairs, NULL, _da); \
60 _attr = fr_pair_afrom_da(request, _da); \
61 assert(_attr != NULL); \
62 fr_pair_append(&request->request_pairs, _attr); \
159 fprintf(stderr,
"Usage: radclient [options] server[:port] <command> [<secret>]\n");
161 fprintf(stderr,
" <command> One of auth, acct, status, coa, disconnect or auto.\n");
162 fprintf(stderr,
" -4 Use IPv4 address of server\n");
163 fprintf(stderr,
" -6 Use IPv6 address of server.\n");
164 fprintf(stderr,
" -A <attribute> Use named 'attribute' to match CoA requests to packets. Default is User-Name\n");
165 fprintf(stderr,
" -b Mandate checks for Blast RADIUS issue (this is not set by default).\n");
166 fprintf(stderr,
" -C [<client_ip>:]<client_port> Client source port and source IP address. Port values may be 1..65535\n");
167 fprintf(stderr,
" -c <count> Send each packet 'count' times.\n");
168 fprintf(stderr,
" -d <raddb> Set user dictionary directory (defaults to " RADDBDIR
").\n");
169 fprintf(stderr,
" -D <dictdir> Set main dictionary directory (defaults to " DICTDIR
").\n");
170 fprintf(stderr,
" -f <request>[:<expected>][:<coa_reply>][:<coa_expected>] Read packets from file, not stdin.\n");
171 fprintf(stderr,
" If a second file is provided, it will be used to verify responses\n");
172 fprintf(stderr,
" -F Print the file name, packet number and reply code.\n");
173 fprintf(stderr,
" -h Print usage help information.\n");
174 fprintf(stderr,
" -i <id> Set request id to 'id'. Values may be 0..255\n");
175 fprintf(stderr,
" -n <num> Send N requests/s\n");
176 fprintf(stderr,
" -o <port> Set CoA listening port (defaults to 3799)\n");
177 fprintf(stderr,
" -p <num> Send 'num' packets from a file in parallel.\n");
178 fprintf(stderr,
" -P <proto> Use proto (tcp or udp) for transport.\n");
179 fprintf(stderr,
" -r <retries> If timeout, retry sending the packet 'retries' times.\n");
180 fprintf(stderr,
" -s Print out summary information of auth results.\n");
181 fprintf(stderr,
" -S <file> read secret from file, not command line.\n");
182 fprintf(stderr,
" -t <timeout> Wait 'timeout' seconds before retrying (may be a floating point number).\n");
183 fprintf(stderr,
" -v Show program version information.\n");
184 fprintf(stderr,
" -x Debugging mode.\n");
202#ifdef HAVE_OPENSSL_SSL_H
203#include <openssl/provider.h>
205static OSSL_PROVIDER *openssl_default_provider = NULL;
206static OSSL_PROVIDER *openssl_legacy_provider = NULL;
213 openssl_default_provider = OSSL_PROVIDER_load(NULL,
"default");
214 if (!openssl_default_provider) {
215 ERROR(
"(TLS) Failed loading default provider");
224 openssl_legacy_provider = OSSL_PROVIDER_load(NULL,
"legacy");
225 if (!openssl_legacy_provider) {
226 ERROR(
"(TLS) Failed loading legacy provider");
235 if (openssl_default_provider && !OSSL_PROVIDER_unload(openssl_default_provider)) {
236 ERROR(
"Failed unloading default provider");
238 openssl_default_provider = NULL;
240 if (openssl_legacy_provider && !OSSL_PROVIDER_unload(openssl_legacy_provider)) {
241 ERROR(
"Failed unloading legacy provider");
243 openssl_legacy_provider = NULL;
246#define openssl3_init()
247#define openssl3_free()
251 char const *password)
268 for (i = 0; i < challenge->vp_length; i++) {
290 svp = getservbyname(
name,
"udp");
293 return ntohs(svp->s_port);
306 if (*port == 0) *port =
getport(
"radius");
311 if (*port == 0) *port =
getport(
"radacct");
324 if (*port == 0) *port = 0;
366 for (i = 0; i <
vp->vp_length; i++) {
367 if (
vp->vp_octets[i] < 32) {
378static int coa_init(
rc_request_t *
parent, FILE *coa_reply,
char const *reply_filename,
bool *coa_reply_done, FILE *coa_filter,
char const *filter_filename,
bool *coa_filter_done)
400 &request->
reply_pairs, coa_reply, coa_reply_done) < 0) {
401 REDEBUG(
"Error parsing \"%s\"", reply_filename);
418 &request->
filter, coa_filter, coa_filter_done) < 0) {
419 REDEBUG(
"Error parsing \"%s\"", filter_filename);
423 if (*coa_filter_done && !*coa_reply_done) {
424 REDEBUG(
"Differing number of replies/filters in %s:%s "
425 "(too many replies))", reply_filename, filter_filename);
429 if (!*coa_filter_done && *coa_reply_done) {
430 REDEBUG(
"Differing number of replies/filters in %s:%s "
431 "(too many filters))", reply_filename, filter_filename);
458 ERROR(
"Failed inserting packet from %s into CoA tree", request->
name);
471 FILE *packets, *filters = NULL;
475 bool packets_done =
false;
478 FILE *coa_reply = NULL;
479 FILE *coa_filter = NULL;
480 bool coa_reply_done =
false;
481 bool coa_filter_done =
false;
483 assert(files->
packets != NULL);
488 if (strcmp(files->
packets,
"-") != 0) {
489 packets = fopen(files->
packets,
"r");
499 filters = fopen(files->
filters,
"r");
507 coa_reply = fopen(files->
coa_reply,
"r");
529 char const *coa_reply_filename = NULL;
530 char const *coa_filter_filename = NULL;
545 request->
files = files;
547 request->
num = num++;
566 REDEBUG(
"Error parsing \"%s\"", input);
574 WARN(
"Skipping \"%s\": No Attributes", files->
packets);
586 &request->
filter, filters, &filters_done) < 0) {
591 if (filters_done && !packets_done) {
592 REDEBUG(
"Differing number of packets/filters in %s:%s "
597 if (!filters_done && packets_done) {
598 REDEBUG(
"Differing number of packets/filters in %s:%s "
656 request->
name =
vp->vp_strvalue;
659 coa_reply_filename =
vp->vp_strvalue;
662 coa_filter_filename =
vp->vp_strvalue;
721 REDEBUG(
"Packet-Type must be defined,"
722 "or a well known RADIUS port");
726 REDEBUG(
"Can't determine expected &reply.Packet-Type for Packet-Type %i",
756 REDEBUG(
"Can't determine expected Packet-Type for &reply.Packet-Type %i",
768 REDEBUG(
"Can't determine destination port");
776 if (coa_reply_filename) {
778 RDEBUG(
"Cannot specify CoA file on both the command line and via Radclient-CoA-Filename");
782 coa_reply = fopen(coa_reply_filename,
"r");
788 if (coa_filter_filename) {
789 coa_filter = fopen(coa_filter_filename,
"r");
798 if (
coa_init(request, coa_reply, coa_reply_filename, &coa_reply_done,
799 coa_filter, coa_filter_filename, &coa_filter_done) < 0) {
811 }
else if (coa_reply) {
812 if (
coa_init(request, coa_reply, coa_reply_filename, &coa_reply_done,
813 coa_filter, coa_filter_filename, &coa_filter_done) < 0) {
817 if (coa_reply_done != packets_done) {
818 REDEBUG(
"Differing number of packets in input file and coa_reply in %s:%s ",
837 }
while (!packets_done);
839 if (packets != stdin) fclose(packets);
840 if (filters) fclose(filters);
841 if (coa_reply) fclose(coa_reply);
842 if (coa_filter) fclose(coa_filter);
852 if (packets != stdin) fclose(packets);
853 if (filters) fclose(filters);
854 if (coa_reply) fclose(coa_reply);
855 if (coa_filter) fclose(coa_filter);
871 ERROR(
"No server was given, and request %" PRIu64
" in file %s did not contain "
879 ERROR(
"Request was \"auto\", and request %" PRIu64
" in file %s did not contain Packet-Type",
911 if (!request || !request->
packet ||
935 assert(request->
done ==
false);
937#ifdef STATIC_ANALYZER
955 assert(request->
reply == NULL);
994 ERROR(
"Can't add new socket");
1024 vector = challenge->vp_octets;
1039 DEBUG(
"WARNING: No password in the request");
1085 REDEBUG(
"No reply from server for ID %d socket %d",
1094 request->
done =
true;
1113 request->
done =
true;
1133#ifdef STATIC_ANALYZER
1139 FD_SET(
coafd, &set);
1153 DEBUG(
"Failed reading CoA packet");
1161 DEBUG(
"CoA verification failed");
1173 DEBUG(
"Failed decoding CoA packet");
1182 my.name =
"receive CoA request";
1187 DEBUG(
"No matching request packet for CoA packet %u %u", packet->
data[0], packet->
data[1]);
1194 request->
packet = talloc_steal(request, packet);
1224 RDEBUG(
"%s: CoA request passed filter", request->
name);
1228 REDEBUG(
"%s: CoA Request for failed filter", request->
name);
1253 RDEBUG(
"Failed getting reply packet type");
1264 REDEBUG(
"Failed sending CoA reply");
1273 TALLOC_FREE(
parent->coa);
1289 bool have_message_authenticator =
false;
1296 switch (reply->
data[0]) {
1301 ERROR(
"Invalid reply ID %d to Access-Request ID %d", reply->
data[1], request->
packet->
id);
1307 ERROR(
"Invalid reply code %d to Access-Request", reply->
data[0]);
1314 attr = reply->
data + 20;
1322 if (
blast_radius && (attr[0] != FR_MESSAGE_AUTHENTICATOR)) {
1323 RDEBUG(
"WARNING The %s reply packet does not have Message-Authenticator as the first attribute. The packet may be vulnerable to Blast RADIUS attacks.",
1334 while (attr < end) {
1357 if (attr[0] == FR_MESSAGE_AUTHENTICATOR) {
1358 have_message_authenticator =
true;
1372 if (attr[0] == FR_PROXY_STATE) {
1373 if (!
vp || (
vp->vp_length != (
size_t) (attr[1] - 2)) || (memcmp(
vp->vp_octets, attr + 2,
vp->vp_length) != 0)) {
1374 ERROR(
"Invalid reply to Access-Request ID %d - Discarding packet due to Blast RADIUS attack being detected.", request->
packet->
id);
1375 ERROR(
"We received a Proxy-State in the reply which we did not send, or which is different from what we sent.");
1390 ERROR(
"The %s reply packet does not contain Message-Authenticator - discarding packet due to Blast RADIUS checks.",
1411 volatile int max_fd;
1413#ifdef STATIC_ANALYZER
1426 FD_SET(
coafd, &set);
1439 if (FD_ISSET(
coafd, &set)) {
1441 FD_CLR(
coafd, &set);
1451 ERROR(
"Received bad packet");
1487 ERROR(
"Received reply to request we did not send. (id=%d socket %d)",
1492 request = packet->
uctx;
1513 REDEBUG(
"Reply verification failed");
1523 request->
reply = reply;
1532 REDEBUG(
"Reply decode failed");
1582 RDEBUG(
"%s: Response passed filter", request->
name);
1586 REDEBUG(
"%s: Response for failed filter", request->
name);
1592 request->
done =
true;
1608 int ret = EXIT_SUCCESS;
1610 char const *raddb_dir = RADDBDIR;
1611 char const *dict_dir = DICTDIR;
1612 char filesecret[256];
1614 int do_summary =
false;
1617 int force_af = AF_UNSPEC;
1646 talloc_set_log_stderr();
1659 while ((c = getopt(argc, argv,
"46bc:A:C:d:D:f:Fhi:n:o:p:P:r:sS:t:vx")) != -1)
switch (c) {
1665 force_af = AF_INET6;
1688 if (strchr(optarg,
':')) {
1690 optarg, -1, AF_UNSPEC,
true,
false) < 0) {
1691 fr_perror(
"Failed parsing source address");
1698 if (tmp < 1 || tmp > 65535)
usage();
1727 p = strchr(optarg, c);
1730 p = strchr(optarg, c);
1738 MEM(files->
packets = talloc_strndup(files, optarg, p - optarg));
1744 q = strchr(files->
filters, c);
1767 if (!isdigit((
uint8_t) *optarg))
1776 persec = atoi(optarg);
1777 if (persec <= 0)
usage();
1792 parallel = atoi(optarg);
1793 if (parallel <= 0)
usage();
1797 if (!strcmp(optarg,
"tcp")) {
1799 }
else if (!strcmp(optarg,
"udp")) {
1819 fp = fopen(optarg,
"r");
1824 if (fgets(filesecret,
sizeof(filesecret), fp) == NULL) {
1831 p = filesecret + strlen(filesecret) - 1;
1832 while ((p >= filesecret) &&
1838 if (strlen(filesecret) < 2) {
1839 ERROR(
"Secret in %s is too short", optarg);
1842 secret = talloc_strdup(NULL, filesecret);
1848 fr_perror(
"Failed parsing timeout value");
1867 argc -= (optind - 1);
1868 argv += (optind - 1);
1870 if ((argc < 3) || ((
secret == NULL) && (argc < 4))) {
1871 ERROR(
"Insufficient arguments");
1904 "Failed to initialize the dictionaries");
1911 ERROR(
"Unknown or invalid CoA filter attribute %s", optarg);
1929 if (!isdigit((
uint8_t) argv[2][0])) {
1932 ERROR(
"Unrecognised request type \"%s\"", argv[2]);
1942 if (strcmp(argv[1],
"-") != 0) {
1958 if (argv[3])
secret = talloc_strdup(NULL, argv[3]);
1976 ERROR(
"Failed parsing input files");
1985 ERROR(
"Nothing to send");
2011 ERROR(
"Failed opening socket");
2044 ERROR(
"Failed adding socket");
2072 char const *filename = NULL;
2103 if (this->coa)
continue;
2119 if (this->files->packets != filename) {
2120 filename = this->files->packets;
2172 for (i = 0; i < 4; i++) {
2177 assert(this->done ==
false);
2178 assert(this->reply == NULL);
2225 "\tAccepted : %" PRIu64
"\n"
2226 "\tRejected : %" PRIu64
"\n"
2227 "\tLost : %" PRIu64
"\n"
2228 "\tPassed filter : %" PRIu64
"\n"
2229 "\tFailed filter : %" PRIu64,
static int const char char buffer[256]
int fr_atexit_global_setup(void)
Setup the atexit handler, should be called at the start of a program's execution.
int fr_atexit_global_trigger_all(void)
Cause all global free triggers to fire.
#define NEVER_RETURNS
Should be placed before the function return type.
void fr_chap_encode(uint8_t out[static 1+FR_CHAP_CHALLENGE_LENGTH], uint8_t id, uint8_t const *challenge, size_t challenge_len, char const *password, size_t password_len)
Encode a CHAP password.
int fr_fault_setup(TALLOC_CTX *ctx, char const *cmd, char const *program)
Registers signal handlers to execute panic_action on fatal signal.
#define fr_exit_now(_x)
Exit without calling atexit() handlers, producing a log message in debug builds.
fr_radius_packet_code_t
RADIUS packet codes.
@ FR_RADIUS_CODE_ACCESS_CHALLENGE
RFC2865 - Access-Challenge.
@ FR_RADIUS_CODE_ACCESS_REQUEST
RFC2865 - Access-Request.
@ FR_RADIUS_CODE_DISCONNECT_REQUEST
RFC3575/RFC5176 - Disconnect-Request.
@ FR_RADIUS_CODE_DISCONNECT_ACK
RFC3575/RFC5176 - Disconnect-Ack (positive)
@ FR_RADIUS_CODE_STATUS_SERVER
RFC2865/RFC5997 - Status Server (request)
@ FR_RADIUS_CODE_COA_REQUEST
RFC3575/RFC5176 - CoA-Request.
@ FR_RADIUS_CODE_ACCESS_ACCEPT
RFC2865 - Access-Accept.
@ FR_RADIUS_CODE_ACCOUNTING_RESPONSE
RFC2866 - Accounting-Response.
@ FR_RADIUS_CODE_COA_NAK
RFC3575/RFC5176 - CoA-Nak (not willing to perform)
@ FR_RADIUS_CODE_UNDEFINED
Packet code has not been set.
@ FR_RADIUS_CODE_COA_ACK
RFC3575/RFC5176 - CoA-Ack (positive)
@ FR_RADIUS_CODE_DISCONNECT_NAK
RFC3575/RFC5176 - Disconnect-Nak (not willing to perform)
@ FR_RADIUS_CODE_ACCOUNTING_REQUEST
RFC2866 - Accounting-Request.
@ FR_RADIUS_CODE_ACCESS_REJECT
RFC2865 - Access-Reject.
#define FR_ACCT_UDP_PORT_ALT
#define FR_AUTH_UDP_PORT_ALT
fr_dict_gctx_t * fr_dict_global_ctx_init(TALLOC_CTX *ctx, bool free_at_exit, char const *dict_dir)
Initialise the global protocol hashes.
fr_dict_t * fr_dict_unconst(fr_dict_t const *dict)
Coerce to non-const.
#define fr_dict_autofree(_to_free)
fr_dict_attr_t const * fr_dict_attr_by_name(fr_dict_attr_err_t *err, fr_dict_attr_t const *parent, char const *attr))
Locate a fr_dict_attr_t by its name.
fr_dict_attr_t const * fr_dict_root(fr_dict_t const *dict)
Return the root attribute of a dictionary.
fr_dict_attr_t const ** out
Where to write a pointer to the resolved fr_dict_attr_t.
fr_dict_t const ** out
Where to write a pointer to the loaded/resolved fr_dict_t.
int fr_dict_attr_autoload(fr_dict_attr_autoload_t const *to_load)
Process a dict_attr_autoload element to load/verify a dictionary attribute.
#define fr_dict_autoload(_to_load)
int fr_dict_read(fr_dict_t *dict, char const *dict_dir, char const *filename)
Read supplementary attribute definitions into an existing dictionary.
Specifies an attribute which must be present for the module to function.
Specifies a dictionary which must be loaded/loadable for the module to function.
static void * fr_dlist_head(fr_dlist_head_t const *list_head)
Return the HEAD item of a list or NULL if the list is empty.
#define fr_dlist_foreach(_list_head, _type, _iter)
Iterate over the contents of a list.
static void * fr_dlist_remove(fr_dlist_head_t *list_head, void *ptr)
Remove an item from the list.
static void fr_dlist_talloc_free(fr_dlist_head_t *head)
Free all items in a doubly linked list (with talloc)
static unsigned int fr_dlist_num_elements(fr_dlist_head_t const *head)
Return the number of elements in the dlist.
static int fr_dlist_insert_tail(fr_dlist_head_t *list_head, void *ptr)
Insert an item into the tail of a list.
#define fr_dlist_talloc_init(_head, _type, _field)
Initialise the head structure of a doubly linked list.
static void * fr_dlist_next(fr_dlist_head_t const *list_head, void const *ptr)
Get the next item in a list.
Head of a doubly linked list.
int fr_inet_pton_port(fr_ipaddr_t *out, uint16_t *port_out, char const *value, ssize_t inlen, int af, bool resolve, bool mask)
Parses IPv4/6 address + port, to fr_ipaddr_t and integer (port)
int packet_global_init(void)
Initialises the Net.
void fr_packet_net_from_pairs(fr_packet_t *packet, fr_pair_list_t const *list)
Convert pairs to information in a packet.
void fr_log_perror(fr_log_t const *log, fr_log_type_t type, char const *file, int line, fr_log_perror_format_t const *rules, char const *fmt,...)
Drain any outstanding messages from the fr_strerror buffers.
@ L_DST_STDOUT
Log to stdout.
fr_packet_t * fr_packet_alloc(TALLOC_CTX *ctx, bool new_vector)
Allocate a new fr_packet_t.
void fr_packet_free(fr_packet_t **packet_p)
Free a fr_packet_t.
fr_packet_t * fr_packet_list_find_byreply(fr_packet_list_t *pl, fr_packet_t *reply)
void fr_packet_list_free(fr_packet_list_t *pl)
fr_packet_t * fr_packet_list_recv(fr_packet_list_t *pl, fd_set *set, uint32_t max_attributes, bool require_message_authenticator)
fr_packet_list_t * fr_packet_list_create(int alloc_id)
bool fr_packet_list_id_alloc(fr_packet_list_t *pl, int proto, fr_packet_t *request, void **pctx)
bool fr_packet_list_yank(fr_packet_list_t *pl, fr_packet_t *request)
bool fr_packet_list_socket_add(fr_packet_list_t *pl, int sockfd, int proto, fr_ipaddr_t *dst_ipaddr, uint16_t dst_port, void *ctx)
uint32_t fr_packet_list_num_elements(fr_packet_list_t *pl)
int fr_packet_list_fd_set(fr_packet_list_t *pl, fd_set *set)
bool fr_packet_list_id_free(fr_packet_list_t *pl, fr_packet_t *request, bool yank)
@ FR_TYPE_STRING
String of printable characters.
@ FR_TYPE_UINT32
32 Bit unsigned integer.
@ FR_TYPE_OCTETS
Raw octets.
int mschap_nt_password_hash(uint8_t out[static NT_DIGEST_LENGTH], char const *password)
Converts Unicode password to 16-byte NT hash with MD4.
#define RADIUS_AUTH_VECTOR_LENGTH
int fr_pair_value_memdup(fr_pair_t *vp, uint8_t const *src, size_t len, bool tainted)
Copy data into an "octets" data type.
void fr_pair_validate_debug(fr_pair_t const *failed[2])
Write an error to the library errorbuff detailing the mismatch.
fr_pair_t * fr_pair_find_by_da_nested(fr_pair_list_t const *list, fr_pair_t const *prev, fr_dict_attr_t const *da)
Find a pair with a matching fr_dict_attr_t, by walking the nested fr_dict_attr_t tree.
int fr_pair_value_strdup(fr_pair_t *vp, char const *src, bool tainted)
Copy data into an "string" data type.
fr_pair_t * fr_pair_find_by_da(fr_pair_list_t const *list, fr_pair_t const *prev, fr_dict_attr_t const *da)
Find the first pair with a matching da.
int fr_pair_append(fr_pair_list_t *list, fr_pair_t *to_add)
Add a VP to the end of the list.
int fr_pair_delete_by_da(fr_pair_list_t *list, fr_dict_attr_t const *da)
Delete matching pairs from the specified list.
fr_pair_t * fr_pair_afrom_da(TALLOC_CTX *ctx, fr_dict_attr_t const *da)
Dynamically allocate a new attribute and assign a fr_dict_attr_t.
bool fr_pair_validate(fr_pair_t const *failed[2], fr_pair_list_t *filter, fr_pair_list_t *list)
Uses fr_pair_cmp to verify all fr_pair_ts in list match the filter defined by check.
void fr_pair_list_init(fr_pair_list_t *list)
Initialise a pair list header.
int fr_pair_value_bstrndup(fr_pair_t *vp, char const *src, size_t len, bool tainted)
Copy data into a "string" type value pair.
int fr_pair_delete(fr_pair_list_t *list, fr_pair_t *vp)
Remove fr_pair_t from a list and free.
void fr_pair_list_steal(TALLOC_CTX *ctx, fr_pair_list_t *list)
Steal a list of pairs to a new context.
int8_t fr_pair_cmp_by_da(void const *a, void const *b)
Order attributes by their da, and tag.
int fr_pair_value_memdup_buffer_shallow(fr_pair_t *vp, uint8_t const *src, bool tainted)
Assign a talloced buffer to a "octets" type value pair.
int fr_pair_list_afrom_file(TALLOC_CTX *ctx, fr_dict_t const *dict, fr_pair_list_t *out, FILE *fp, bool *pfiledone)
Read valuepairs from the fp up to End-Of-File.
int fr_radius_global_init(void)
ssize_t fr_radius_decode_simple(TALLOC_CTX *ctx, fr_pair_list_t *out, uint8_t *packet, size_t packet_len, uint8_t const *vector, char const *secret)
Simple wrapper for callers who just need a shared secret.
void fr_radius_global_free(void)
fr_table_num_sorted_t const fr_radius_request_name_table[]
char const * fr_radius_packet_name[FR_RADIUS_CODE_MAX]
int fr_packet_verify(fr_packet_t *packet, fr_packet_t *original, char const *secret)
Verify the Request/Response Authenticator (and Message-Authenticator if present) of a packet.
fr_packet_t * fr_packet_recv(TALLOC_CTX *ctx, int fd, int flags, uint32_t max_attributes, bool require_message_authenticator)
Receive UDP client requests, and fill in the basics of a fr_packet_t structure.
int fr_packet_send(fr_packet_t *packet, fr_pair_list_t *list, fr_packet_t const *original, char const *secret)
Reply to the request.
void fr_radius_packet_log(fr_log_t const *log, fr_packet_t *packet, fr_pair_list_t *list, bool received)
static TALLOC_CTX * autofree
static int blast_radius_check(rc_request_t *request, fr_packet_t *reply)
static fr_rb_tree_t * coa_tree
static fr_ipaddr_t client_ipaddr
static fr_dict_attr_t const * attr_packet_type
static fr_dict_attr_t const * attr_request_authenticator
static fr_dict_attr_t const * attr_user_password
static int send_one_packet(rc_request_t *request)
static int getport(char const *name)
static char const * radclient_version
static int _rc_request_free(rc_request_t *request)
static uint16_t client_port
static int radclient_sane(rc_request_t *request)
static int recv_one_packet(fr_time_delta_t wait_time)
static fr_time_delta_t sleep_time
int main(int argc, char **argv)
static fr_dict_t const * dict_freeradius
static fr_dict_attr_t const * attr_chap_password
static fr_packet_list_t * packet_list
static fr_dict_attr_t const * attr_ms_chap_response
static fr_dict_t const * dict_radius
static fr_dict_attr_t const * attr_ms_chap_challenge
static uint16_t server_port
fr_dict_attr_autoload_t radclient_dict_attr[]
static fr_dict_attr_t const * attr_chap_challenge
static int recv_coa_packet(fr_time_delta_t wait_time)
static fr_ipaddr_t server_ipaddr
static fr_dict_attr_t const * attr_proxy_state
static fr_dict_attr_t const * attr_cleartext_password
static void deallocate_id(rc_request_t *request)
static bool print_filename
static fr_dict_attr_t const * attr_radclient_test_name
static int radclient_init(TALLOC_CTX *ctx, rc_file_pair_t *files)
static fr_dict_attr_t const * attr_radclient_coa_filename
static int mschapv1_encode(fr_packet_t *packet, fr_pair_list_t *list, char const *password)
static bool already_hex(fr_pair_t *vp)
static fr_dict_attr_t const * attr_user_name
fr_dict_autoload_t radclient_dict[]
static fr_dlist_head_t rc_request_list
static fr_dict_attr_t const * attr_coa_filter
static void radclient_get_port(fr_radius_packet_code_t type, uint16_t *port)
static fr_dict_attr_t const * attr_ms_chap_password
#define pair_update_request(_attr, _da)
static int8_t request_cmp(void const *one, void const *two)
static const char * attr_coa_filter_name
static fr_time_delta_t timeout
static fr_dict_attr_t const * attr_radclient_coa_filter
static NEVER_RETURNS void usage(void)
static fr_radius_packet_code_t radclient_get_code(uint16_t port)
static int coa_init(rc_request_t *parent, FILE *coa_reply, char const *reply_filename, bool *coa_reply_done, FILE *coa_filter, char const *filter_filename, bool *coa_filter_done)
Structures for the radclient utility.
uint64_t num
The number (within the file) of the request were reading.
fr_pair_t * password
Password.Cleartext.
uint64_t accepted
Requests to which we received a accept.
fr_packet_t * reply
The incoming response.
fr_pair_list_t request_pairs
char const * coa_reply
file containing the CoA filter we want to match
uint64_t rejected
Requests to which we received a reject.
fr_rb_node_t node
rbtree node data for CoA
char const * packets
The file containing the request packet.
uint64_t lost
Requests to which we received no response.
bool done
Whether the request is complete.
char const * coa_filter
file containing the CoA filter we want to match
fr_pair_list_t filter
If the reply passes the filter, then the request passes.
uint64_t failed
Requests which failed a filter.
fr_pair_list_t reply_pairs
uint64_t passed
Requests which passed a filter.
fr_radius_packet_code_t filter_code
Expected code of the response packet.
rc_request_t * coa
CoA filter and reply.
char const * name
Test name (as specified in the request).
char const * filters
The file containing the definition of the packet we want to match.
fr_packet_t * packet
The outgoing request.
rc_file_pair_t * files
Request and response file names.
#define RADIUS_MAX_ATTRIBUTES
#define FR_RADIUS_PACKET_CODE_VALID(_x)
uint32_t fr_rand(void)
Return a 32-bit random number.
uint32_t fr_rb_num_elements(fr_rb_tree_t *tree)
Return how many nodes there are in a tree.
void * fr_rb_remove(fr_rb_tree_t *tree, void const *data)
Remove an entry from the tree, without freeing the data.
bool fr_rb_delete_by_inline_node(fr_rb_tree_t *tree, fr_rb_node_t *node)
Remove node and free data (if a free function was specified)
void * fr_rb_find(fr_rb_tree_t const *tree, void const *data)
Find an element in the tree, returning the data, not the node.
bool fr_rb_insert(fr_rb_tree_t *tree, void const *data)
Insert data into a tree.
#define fr_rb_inline_talloc_alloc(_ctx, _type, _field, _data_cmp, _data_free)
Allocs a red black that verifies elements are of a specific talloc type.
The main red black tree structure.
fr_packet_t * reply
Outgoing response.
char const *fr_packet_t * packet
< Module the request is currently being processed by.
void smbdes_mschap(uint8_t const win_password[16], uint8_t const *challenge, uint8_t *response)
int fr_socket_server_udp(fr_ipaddr_t const *src_ipaddr, uint16_t *src_port, char const *port_name, bool async)
Open an IPv4/IPv6 unconnected UDP socket.
int fr_socket_client_tcp(char const *ifname, fr_ipaddr_t *src_ipaddr, fr_ipaddr_t const *dst_ipaddr, uint16_t dst_port, bool async)
Establish a connected TCP socket.
int fr_socket_bind(int sockfd, char const *ifname, fr_ipaddr_t *src_ipaddr, uint16_t *src_port)
Bind a UDP/TCP v4/v6 socket to a given ipaddr src port, and interface.
fr_aka_sim_id_type_t type
#define fr_time()
Allow us to arbitrarily manipulate time.
fr_log_dst_t dst
Log destination.
int fd
File descriptor to write messages to.
bool print_level
sometimes we don't want log levels printed
Stores an attribute, a value and various bits of other data.
fr_dict_attr_t const *_CONST da
Dictionary attribute defines the attribute number, vendor and type of the pair.
char const * fr_syserror(int num)
Guaranteed to be thread-safe version of strerror.
#define fr_table_value_by_str(_table, _name, _def)
Convert a string to a value using a sorted or ordered table.
#define talloc_autofree_context
The original function is deprecated, so replace it with our version.
fr_slen_t fr_time_delta_from_str(fr_time_delta_t *out, char const *in, size_t inlen, fr_time_res_t hint)
Create fr_time_delta_t from a string.
#define fr_time_delta_lt(_a, _b)
static fr_time_delta_t fr_time_delta_from_sec(int64_t sec)
#define fr_time_delta_wrap(_time)
#define fr_time_delta_ispos(_a)
#define fr_time_delta_to_timeval(_delta)
Convert a delta to a timeval.
#define fr_time_delta_eq(_a, _b)
#define fr_time_sub(_a, _b)
Subtract one time from another.
#define fr_time_delta_gt(_a, _b)
A time delta, a difference in time measured in nanoseconds.
#define FR_DICTIONARY_FILE
unsigned int code
Packet code (type).
fr_socket_t socket
This packet was received on.
int id
Packet ID (used to link requests/responses).
uint8_t * data
Packet data (body).
size_t data_len
Length of packet data.
uint8_t vector[RADIUS_AUTH_VECTOR_LENGTH]
RADIUS authentication vector.
bool fr_pair_list_empty(fr_pair_list_t const *list)
Is a valuepair list empty.
void fr_pair_list_sort(fr_pair_list_t *list, fr_cmp_t cmp)
Sort a doubly linked list of fr_pair_ts using merge sort.
fr_pair_t * fr_pair_list_next(fr_pair_list_t const *list, fr_pair_t const *item))
Get the next item in a valuepair list after a specific entry.
void fr_pair_list_append(fr_pair_list_t *dst, fr_pair_list_t *src)
Appends a list of fr_pair_t from a temporary list to a destination list.
#define PAIR_LIST_VERIFY(_x)
fr_pair_t * fr_pair_list_head(fr_pair_list_t const *list)
Get the head of a valuepair list.
int af
AF_INET, AF_INET6, or AF_UNIX.
int fd
File descriptor if this is a live socket.
int type
SOCK_STREAM, SOCK_DGRAM, etc.
void fr_perror(char const *fmt,...)
Print the current error to stderr with a prefix.
void fr_strerror_clear(void)
Clears all pending messages from the talloc pools.
int fr_check_lib_magic(uint64_t magic)
Check if the application linking to the library has the correct magic number.
#define RADIUSD_VERSION_BUILD(_x)
Create a version string for a utility in the suite of FreeRADIUS utilities.
#define RADIUSD_MAGIC_NUMBER
int8_t fr_value_box_cmp(fr_value_box_t const *a, fr_value_box_t const *b)
Compare two values.
1.9.8