28RCSID(
"$Id: 05282cc0e0a9840b81fc4bdb435f6b44f63c76aa $")
30#include <freeradius-devel/util/conf.h>
31#include <freeradius-devel/util/syserror.h>
32#include <freeradius-devel/util/atexit.h>
33#include <freeradius-devel/util/pair_legacy.h>
34#include <freeradius-devel/util/time.h>
35#include <freeradius-devel/server/packet.h>
36#include <freeradius-devel/radius/list.h>
37#include <freeradius-devel/radius/radius.h>
38#include <freeradius-devel/util/chap.h>
39#ifdef HAVE_OPENSSL_SSL_H
40#include <openssl/ssl.h>
41#include <freeradius-devel/util/md4.h>
56#define pair_update_request(_attr, _da) do { \
57 _attr = fr_pair_find_by_da(&request->request_pairs, NULL, _da); \
59 _attr = fr_pair_afrom_da(request, _da); \
60 fr_assert(_attr != NULL); \
61 fr_pair_append(&request->request_pairs, _attr); \
159 fprintf(stderr,
"Usage: radclient [options] server[:port] <command> [<secret>]\n");
161 fprintf(stderr,
" <command> One of auth, acct, status, coa, disconnect or auto.\n");
162 fprintf(stderr,
" -4 Use IPv4 address of server\n");
163 fprintf(stderr,
" -6 Use IPv6 address of server.\n");
164 fprintf(stderr,
" -A <attribute> Use named 'attribute' to match CoA requests to packets. Default is User-Name\n");
165 fprintf(stderr,
" -b Mandate checks for Blast RADIUS issue (this is not set by default).\n");
166 fprintf(stderr,
" -C [<client_ip>:]<client_port> Client source port and source IP address. Port values may be 1..65535\n");
167 fprintf(stderr,
" -c <count> Send each packet 'count' times.\n");
168 fprintf(stderr,
" -d <confdir> Set user dictionary directory (defaults to " CONFDIR
").\n");
169 fprintf(stderr,
" -D <dictdir> Set main dictionary directory (defaults to " DICTDIR
").\n");
170 fprintf(stderr,
" -f <request>[:<expected>][:<coa_reply>][:<coa_expected>] Read packets from file, not stdin.\n");
171 fprintf(stderr,
" If a second file is provided, it will be used to verify responses\n");
172 fprintf(stderr,
" -F Print the file name, packet number and reply code.\n");
173 fprintf(stderr,
" -h Print usage help information.\n");
174 fprintf(stderr,
" -i <id> Set request id to 'id'. Values may be 0..255\n");
175 fprintf(stderr,
" -n <num> Send N requests/s\n");
176 fprintf(stderr,
" -o <port> Set CoA listening port (defaults to 3799)\n");
177 fprintf(stderr,
" -p <num> Send 'num' packets from a file in parallel.\n");
178 fprintf(stderr,
" -P <proto> Use proto (tcp or udp) for transport.\n");
179 fprintf(stderr,
" -r <retries> If timeout, retry sending the packet 'retries' times.\n");
180 fprintf(stderr,
" -s Print out summary information of auth results.\n");
181 fprintf(stderr,
" -S <file> read secret from file, not command line.\n");
182 fprintf(stderr,
" -t <timeout> Wait 'timeout' seconds before retrying (may be a floating point number).\n");
183 fprintf(stderr,
" -v Show program version information.\n");
184 fprintf(stderr,
" -x Debugging mode.\n");
195 rc_request_list_remove(&rc_request_list, request);
204#ifdef HAVE_OPENSSL_SSL_H
205#include <openssl/provider.h>
207static OSSL_PROVIDER *openssl_default_provider = NULL;
208static OSSL_PROVIDER *openssl_legacy_provider = NULL;
215 openssl_default_provider = OSSL_PROVIDER_load(NULL,
"default");
216 if (!openssl_default_provider) {
217 ERROR(
"(TLS) Failed loading default provider");
226 openssl_legacy_provider = OSSL_PROVIDER_load(NULL,
"legacy");
227 if (!openssl_legacy_provider) {
228 ERROR(
"(TLS) Failed loading legacy provider");
232 fr_md5_openssl_init();
233 fr_md4_openssl_init();
240 if (openssl_default_provider && !OSSL_PROVIDER_unload(openssl_default_provider)) {
241 ERROR(
"Failed unloading default provider");
243 openssl_default_provider = NULL;
245 if (openssl_legacy_provider && !OSSL_PROVIDER_unload(openssl_legacy_provider)) {
246 ERROR(
"Failed unloading legacy provider");
248 openssl_legacy_provider = NULL;
250 fr_md5_openssl_free();
251 fr_md4_openssl_free();
254#define openssl3_init() (0)
255#define openssl3_free()
259 char const *password)
276 for (i = 0; i < challenge->vp_length; i++) {
298 svp = getservbyname(
name,
"udp");
301 return ntohs(svp->s_port);
314 if (*port == 0) *port =
getport(
"radius");
319 if (*port == 0) *port =
getport(
"radacct");
332 if (*port == 0) *port = 0;
374 for (i = 0; i <
vp->vp_length; i++) {
375 if (
vp->vp_octets[i] < 32) {
388 FILE *coa_reply,
char const *reply_filename,
bool *coa_reply_done,
389 FILE *coa_filter,
char const *filter_filename,
bool *coa_filter_done)
411 &request->
reply_pairs, coa_reply, coa_reply_done,
true) < 0) {
412 REDEBUG(
"Error parsing \"%s\"", reply_filename);
429 &request->
filter, coa_filter, coa_filter_done,
true) < 0) {
430 REDEBUG(
"Error parsing \"%s\"", filter_filename);
434 if (*coa_filter_done && !*coa_reply_done) {
435 REDEBUG(
"Differing number of replies/filters in %s:%s "
436 "(too many replies))", reply_filename, filter_filename);
440 if (!*coa_filter_done && *coa_reply_done) {
441 REDEBUG(
"Differing number of replies/filters in %s:%s "
442 "(too many filters))", reply_filename, filter_filename);
469 ERROR(
"Failed inserting packet from %s into CoA tree", request->
name);
482 FILE *packets, *filters = NULL;
486 bool packets_done =
false;
489 FILE *coa_reply = NULL;
490 FILE *coa_filter = NULL;
491 bool coa_reply_done =
false;
492 bool coa_filter_done =
false;
499 if (strcmp(files->
packets,
"-") != 0) {
500 packets = fopen(files->
packets,
"r");
510 filters = fopen(files->
filters,
"r");
518 coa_reply = fopen(files->
coa_reply,
"r");
540 char const *coa_reply_filename = NULL;
541 char const *coa_filter_filename = NULL;
556 request->
files = files;
558 request->
num = num++;
568 &request->
request_pairs, packets, &packets_done,
true) < 0) {
577 REDEBUG(
"Error parsing \"%s\"", input);
585 WARN(
"Skipping \"%s\": No Attributes", files->
packets);
597 &request->
filter, filters, &filters_done,
true) < 0) {
602 if (filters_done && !packets_done) {
603 REDEBUG(
"Differing number of packets/filters in %s:%s "
608 if (!filters_done && packets_done) {
609 REDEBUG(
"Differing number of packets/filters in %s:%s "
666 request->
name =
vp->vp_strvalue;
674 coa_reply_filename =
vp->vp_strvalue;
677 coa_filter_filename =
vp->vp_strvalue;
736 REDEBUG(
"Packet-Type must be defined,"
737 "or a well known RADIUS port");
741 REDEBUG(
"Can't determine expected reply.Packet-Type for Packet-Type %i",
771 REDEBUG(
"Can't determine expected Packet-Type for reply.Packet-Type %i",
783 REDEBUG(
"Can't determine destination port");
791 if (coa_reply_filename) {
793 RDEBUG(
"Cannot specify CoA file on both the command line and via Radclient-CoA-Filename");
797 coa_reply = fopen(coa_reply_filename,
"r");
803 if (coa_filter_filename) {
804 coa_filter = fopen(coa_filter_filename,
"r");
817 coa_reply, coa_reply_filename, &coa_reply_done,
818 coa_filter, coa_filter_filename, &coa_filter_done) < 0) {
830 }
else if (coa_reply) {
832 coa_reply, coa_reply_filename, &coa_reply_done,
833 coa_filter, coa_filter_filename, &coa_filter_done) < 0) {
837 if (coa_reply_done != packets_done) {
838 REDEBUG(
"Differing number of packets in input file and coa_reply in %s:%s ",
848 rc_request_list_insert_tail(&rc_request_list, request);
857 }
while (!packets_done);
859 if (packets != stdin) fclose(packets);
860 if (filters) fclose(filters);
861 if (coa_reply) fclose(coa_reply);
862 if (coa_filter) fclose(coa_filter);
872 if (packets != stdin) fclose(packets);
873 if (filters) fclose(filters);
874 if (coa_reply) fclose(coa_reply);
875 if (coa_filter) fclose(coa_filter);
891 ERROR(
"No server was given, and request %" PRIu64
" in file %s did not contain "
899 ERROR(
"Request was \"auto\", and request %" PRIu64
" in file %s did not contain Packet-Type",
931 if (!request || !request->
packet ||
959#ifdef STATIC_ANALYZER
1016 ERROR(
"Can't add new socket");
1041 if (!challenge || (challenge->vp_length < 7)) {
1047 fr_rand() & 0xff, challenge->vp_octets, challenge->vp_length,
1056 DEBUG(
"WARNING: No password in the request");
1101 REDEBUG(
"No reply from server for ID %d socket %d",
1110 request->
done =
true;
1165 request->
done =
true;
1185#ifdef STATIC_ANALYZER
1191 FD_SET(
coafd, &set);
1205 DEBUG(
"Failed reading CoA packet");
1213 DEBUG(
"CoA verification failed");
1226 DEBUG(
"Failed decoding CoA packet");
1236 my.name =
"receive CoA request";
1241 DEBUG(
"No matching request packet for CoA packet %u %u", packet->
data[0], packet->
data[1]);
1248 request->
packet = talloc_steal(request, packet);
1278 RDEBUG(
"%s: CoA request passed filter", request->
name);
1282 REDEBUG(
"%s: CoA Request for failed filter", request->
name);
1307 RDEBUG(
"Failed getting reply packet type");
1318 REDEBUG(
"Failed sending CoA reply");
1327 TALLOC_FREE(
parent->coa);
1343 bool have_message_authenticator =
false;
1350 switch (reply->
data[0]) {
1356 ERROR(
"Invalid reply ID %d to Access-Request ID %d", reply->
data[1], request->
packet->
id);
1362 ERROR(
"Invalid reply code %d to Access-Request", reply->
data[0]);
1369 attr = reply->
data + 20;
1377 if (
blast_radius && (attr[0] != FR_MESSAGE_AUTHENTICATOR)) {
1378 RDEBUG(
"WARNING The %s reply packet does not have Message-Authenticator as the first attribute. The packet may be vulnerable to Blast RADIUS attacks.",
1389 while (attr < end) {
1412 if (attr[0] == FR_MESSAGE_AUTHENTICATOR) {
1413 have_message_authenticator =
true;
1427 if (attr[0] == FR_PROXY_STATE) {
1428 if (!
vp || (
vp->vp_length != (
size_t) (attr[1] - 2)) || (memcmp(
vp->vp_octets, attr + 2,
vp->vp_length) != 0)) {
1429 ERROR(
"Invalid reply to Access-Request ID %d - Discarding packet due to Blast RADIUS attack being detected.", request->
packet->
id);
1430 ERROR(
"We received a Proxy-State in the reply which we did not send, or which is different from what we sent.");
1445 ERROR(
"The %s reply packet does not contain Message-Authenticator - discarding packet due to Blast RADIUS checks.",
1467 volatile int max_fd;
1469#ifdef STATIC_ANALYZER
1482 FD_SET(
coafd, &set);
1495 if (FD_ISSET(
coafd, &set)) {
1497 FD_CLR(
coafd, &set);
1507 ERROR(
"Received bad packet");
1543 ERROR(
"Received reply to request we did not send. (id=%d socket %d)",
1548 request = packet->
uctx;
1569 REDEBUG(
"Reply verification failed");
1584 request->
reply = reply;
1593 REDEBUG(
"Reply decode failed");
1646 RDEBUG(
"%s: Response passed filter", request->
name);
1650 REDEBUG(
"%s: Response for failed filter", request->
name);
1656 request->
done =
true;
1672 int ret = EXIT_SUCCESS;
1674 char const *confdir = CONFDIR;
1675 char const *dict_dir = DICTDIR;
1676 char filesecret[256];
1678 int do_summary =
false;
1681 int force_af = AF_UNSPEC;
1710 talloc_set_log_stderr();
1712 rc_request_list_talloc_init(&rc_request_list);
1723 while ((c = getopt(argc, argv,
"46bc:A:C:d:D:e:f:Fhi:n:o:p:P:r:sS:t:vx")) != -1)
switch (c) {
1729 force_af = AF_INET6;
1752 if (strchr(optarg,
':')) {
1754 optarg, -1, AF_UNSPEC,
true,
false) < 0) {
1755 fr_perror(
"Failed parsing source address");
1762 if (tmp < 1 || tmp > 65535)
usage();
1777 if (strncmp(optarg,
"ignore_count=", 13) == 0) {
1798 p = strchr(optarg, c);
1801 p = strchr(optarg, c);
1815 q = strchr(files->
filters, c);
1838 if (!isdigit((
uint8_t) *optarg)) {
1848 persec = atoi(optarg);
1849 if (persec <= 0)
usage();
1864 parallel = atoi(optarg);
1865 if (parallel <= 0)
usage();
1869 if (!strcmp(optarg,
"tcp")) {
1871 }
else if (!strcmp(optarg,
"udp")) {
1891 fp = fopen(optarg,
"r");
1896 if (fgets(filesecret,
sizeof(filesecret), fp) == NULL) {
1903 p = filesecret + strlen(filesecret) - 1;
1904 while ((p >= filesecret) &&
1910 if (strlen(filesecret) < 2) {
1911 ERROR(
"Secret in %s is too short", optarg);
1920 fr_perror(
"Failed parsing timeout value");
1927 DEBUG(
"%s", radclient_version);
1939 argc -= (optind - 1);
1940 argv += (optind - 1);
1942 if ((argc < 3) || ((
secret == NULL) && (argc < 4))) {
1943 ERROR(
"Insufficient arguments");
1976 "Failed to initialize the dictionaries");
1996 if (!isdigit((
uint8_t) argv[2][0])) {
1999 ERROR(
"Unrecognised request type \"%s\"", argv[2]);
2009 if (strcmp(argv[1],
"-") != 0) {
2046 ERROR(
"Failed parsing input files");
2054 if (!rc_request_list_num_elements(&rc_request_list)) {
2055 ERROR(
"Nothing to send");
2068 request = rc_request_list_head(&rc_request_list);
2084 ERROR(
"Failed opening socket");
2117 ERROR(
"Failed adding socket");
2144 char const *filename = NULL;
2176 if (this->coa)
continue;
2192 if (this->files->packets != filename) {
2193 filename = this->files->packets;
2245 for (i = 0; i < 4; i++) {
2279 rc_request_list_talloc_free(&rc_request_list);
2298 "\tAccepted : %" PRIu64
"\n"
2299 "\tRejected : %" PRIu64
"\n"
2300 "\tLost : %" PRIu64
"\n"
2301 "\tErrored : %" PRIu64
"\n"
2302 "\tPassed filter : %" PRIu64
"\n"
2303 "\tFailed filter : %" PRIu64,
static int const char char buffer[256]
int fr_atexit_global_setup(void)
Setup the atexit handler, should be called at the start of a program's execution.
int fr_atexit_global_trigger_all(void)
Cause all global free triggers to fire.
static TALLOC_CTX * autofree
#define NEVER_RETURNS
Should be placed before the function return type.
void fr_chap_encode(uint8_t out[static 1+FR_CHAP_CHALLENGE_LENGTH], uint8_t id, uint8_t const *challenge, size_t challenge_len, char const *password, size_t password_len)
Encode a CHAP password.
int fr_fault_setup(TALLOC_CTX *ctx, char const *cmd, char const *program)
Registers signal handlers to execute panic_action on fatal signal.
#define fr_exit_now(_x)
Exit without calling atexit() handlers, producing a log message in debug builds.
fr_radius_packet_code_t
RADIUS packet codes.
@ FR_RADIUS_CODE_ACCESS_CHALLENGE
RFC2865 - Access-Challenge.
@ FR_RADIUS_CODE_ACCESS_REQUEST
RFC2865 - Access-Request.
@ FR_RADIUS_CODE_DISCONNECT_REQUEST
RFC3575/RFC5176 - Disconnect-Request.
@ FR_RADIUS_CODE_DISCONNECT_ACK
RFC3575/RFC5176 - Disconnect-Ack (positive)
@ FR_RADIUS_CODE_STATUS_SERVER
RFC2865/RFC5997 - Status Server (request)
@ FR_RADIUS_CODE_COA_REQUEST
RFC3575/RFC5176 - CoA-Request.
@ FR_RADIUS_CODE_ACCESS_ACCEPT
RFC2865 - Access-Accept.
@ FR_RADIUS_CODE_ACCOUNTING_RESPONSE
RFC2866 - Accounting-Response.
@ FR_RADIUS_CODE_COA_NAK
RFC3575/RFC5176 - CoA-Nak (not willing to perform)
@ FR_RADIUS_CODE_UNDEFINED
Packet code has not been set.
@ FR_RADIUS_CODE_COA_ACK
RFC3575/RFC5176 - CoA-Ack (positive)
@ FR_RADIUS_CODE_DISCONNECT_NAK
RFC3575/RFC5176 - Disconnect-Nak (not willing to perform)
@ FR_RADIUS_CODE_PROTOCOL_ERROR
RFC7930 - Protocol-Error (generic NAK)
@ FR_RADIUS_CODE_ACCOUNTING_REQUEST
RFC2866 - Accounting-Request.
@ FR_RADIUS_CODE_ACCESS_REJECT
RFC2865 - Access-Reject.
#define FR_ACCT_UDP_PORT_ALT
#define FR_AUTH_UDP_PORT_ALT
static fr_dict_t const * dict_freeradius
fr_dict_t * fr_dict_unconst(fr_dict_t const *dict)
Coerce to non-const.
#define fr_dict_autofree(_to_free)
fr_dict_attr_t const * fr_dict_attr_by_name(fr_dict_attr_err_t *err, fr_dict_attr_t const *parent, char const *attr))
Locate a fr_dict_attr_t by its name.
fr_dict_attr_t const * fr_dict_root(fr_dict_t const *dict)
Return the root attribute of a dictionary.
fr_dict_attr_t const ** out
Where to write a pointer to the resolved fr_dict_attr_t.
fr_dict_t const ** out
Where to write a pointer to the loaded/resolved fr_dict_t.
int fr_dict_read(fr_dict_t *dict, char const *dict_dir, char const *filename))
Read supplementary attribute definitions into an existing dictionary.
int fr_dict_attr_autoload(fr_dict_attr_autoload_t const *to_load)
Process a dict_attr_autoload element to load/verify a dictionary attribute.
#define fr_dict_autoload(_to_load)
#define DICT_AUTOLOAD_TERMINATOR
fr_dict_gctx_t * fr_dict_global_ctx_init(TALLOC_CTX *ctx, bool free_at_exit, char const *dict_dir))
Initialise the global protocol hashes.
Specifies an attribute which must be present for the module to function.
Specifies a dictionary which must be loaded/loadable for the module to function.
#define fr_dlist_foreach(_list_head, _type, _iter)
Iterate over the contents of a list.
static unsigned int fr_dlist_num_elements(fr_dlist_head_t const *head)
Return the number of elements in the dlist.
static int fr_dlist_insert_tail(fr_dlist_head_t *list_head, void *ptr)
Insert an item into the tail of a list.
#define FR_DLIST_HEAD(_name)
Expands to the type name used for the head wrapper structure.
#define fr_dlist_talloc_init(_head, _type, _field)
Initialise the head structure of a doubly linked list.
Head of a doubly linked list.
void fr_bio_shutdown & my
int fr_inet_pton_port(fr_ipaddr_t *out, uint16_t *port_out, char const *value, ssize_t inlen, int af, bool resolve, bool mask)
Parses IPv4/6 address + port, to fr_ipaddr_t and integer (port)
int packet_global_init(void)
Initialises the Net.
void fr_packet_net_from_pairs(fr_packet_t *packet, fr_pair_list_t const *list)
Convert pairs to information in a packet.
void fr_log_perror(fr_log_t const *log, fr_log_type_t type, char const *file, int line, fr_log_perror_format_t const *rules, char const *fmt,...)
Drain any outstanding messages from the fr_strerror buffers.
@ L_DST_STDOUT
Log to stdout.
fr_packet_t * fr_packet_alloc(TALLOC_CTX *ctx, bool new_vector)
Allocate a new fr_packet_t.
void fr_packet_free(fr_packet_t **packet_p)
Free a fr_packet_t.
fr_packet_t * fr_packet_list_find_byreply(fr_packet_list_t *pl, fr_packet_t *reply)
void fr_packet_list_free(fr_packet_list_t *pl)
int fr_packet_list_recv(fr_packet_list_t *pl, fd_set *set, TALLOC_CTX *ctx, fr_packet_t **packet_p, uint32_t max_attributes, bool require_message_authenticator)
fr_packet_list_t * fr_packet_list_create(int alloc_id)
bool fr_packet_list_id_alloc(fr_packet_list_t *pl, int proto, fr_packet_t *request, void **pctx)
bool fr_packet_list_yank(fr_packet_list_t *pl, fr_packet_t *request)
bool fr_packet_list_socket_add(fr_packet_list_t *pl, int sockfd, int proto, fr_ipaddr_t *dst_ipaddr, uint16_t dst_port, void *ctx)
uint32_t fr_packet_list_num_elements(fr_packet_list_t *pl)
int fr_packet_list_fd_set(fr_packet_list_t *pl, fd_set *set)
bool fr_packet_list_id_free(fr_packet_list_t *pl, fr_packet_t *request, bool yank)
@ FR_TYPE_STRING
String of printable characters.
@ FR_TYPE_UINT32
32 Bit unsigned integer.
@ FR_TYPE_OCTETS
Raw octets.
int mschap_nt_password_hash(uint8_t out[static NT_DIGEST_LENGTH], char const *password)
Converts Unicode password to 16-byte NT hash with MD4.
static void fr_nbo_from_uint16(uint8_t out[static sizeof(uint16_t)], uint16_t num)
Write out an unsigned 16bit integer in wire format (big endian)
#define RADIUS_HEADER_LENGTH
#define RADIUS_AUTH_VECTOR_LENGTH
int fr_pair_value_memdup(fr_pair_t *vp, uint8_t const *src, size_t len, bool tainted)
Copy data into an "octets" data type.
void fr_pair_validate_debug(fr_pair_t const *failed[2])
Write an error to the library errorbuff detailing the mismatch.
fr_pair_t * fr_pair_find_by_da_nested(fr_pair_list_t const *list, fr_pair_t const *prev, fr_dict_attr_t const *da)
Find a pair with a matching fr_dict_attr_t, by walking the nested fr_dict_attr_t tree.
fr_pair_t * fr_pair_find_by_da(fr_pair_list_t const *list, fr_pair_t const *prev, fr_dict_attr_t const *da)
Find the first pair with a matching da.
int fr_pair_append(fr_pair_list_t *list, fr_pair_t *to_add)
Add a VP to the end of the list.
int fr_pair_delete_by_da(fr_pair_list_t *list, fr_dict_attr_t const *da)
Delete matching pairs from the specified list.
fr_pair_t * fr_pair_afrom_da(TALLOC_CTX *ctx, fr_dict_attr_t const *da)
Dynamically allocate a new attribute and assign a fr_dict_attr_t.
bool fr_pair_validate(fr_pair_t const *failed[2], fr_pair_list_t *filter, fr_pair_list_t *list)
Uses fr_pair_cmp to verify all fr_pair_ts in list match the filter defined by check.
void fr_pair_list_init(fr_pair_list_t *list)
Initialise a pair list header.
int fr_pair_value_bstrndup(fr_pair_t *vp, char const *src, size_t len, bool tainted)
Copy data into a "string" type value pair.
int fr_pair_delete(fr_pair_list_t *list, fr_pair_t *vp)
Remove fr_pair_t from a list and free.
void fr_pair_list_steal(TALLOC_CTX *ctx, fr_pair_list_t *list)
Steal a list of pairs to a new context.
int8_t fr_pair_cmp_by_da(void const *a, void const *b)
Order attributes by their da, and tag.
int fr_pair_value_memdup_buffer_shallow(fr_pair_t *vp, uint8_t const *src, bool tainted)
Assign a talloced buffer to a "octets" type value pair.
int fr_pair_list_afrom_file(TALLOC_CTX *ctx, fr_dict_t const *dict, fr_pair_list_t *out, FILE *fp, bool *pfiledone, bool allow_exec)
Read valuepairs from the fp up to End-Of-File.
int fr_radius_global_init(void)
ssize_t fr_radius_decode_simple(TALLOC_CTX *ctx, fr_pair_list_t *out, uint8_t *packet, size_t packet_len, uint8_t const *vector, char const *secret)
Simple wrapper for callers who just need a shared secret.
void fr_radius_global_free(void)
fr_table_num_sorted_t const fr_radius_request_name_table[]
char const * fr_radius_packet_name[FR_RADIUS_CODE_MAX]
int fr_radius_packet_sign(fr_packet_t *packet, fr_packet_t const *original, char const *secret)
Sign a previously encoded packet.
int fr_radius_packet_verify(fr_packet_t *packet, fr_packet_t *original, char const *secret)
Verify the Request/Response Authenticator (and Message-Authenticator if present) of a packet.
int fr_radius_packet_send(fr_packet_t *packet, fr_pair_list_t *list, fr_packet_t const *original, char const *secret)
Reply to the request.
fr_packet_t * fr_packet_recv(TALLOC_CTX *ctx, int fd, int flags, uint32_t max_attributes, bool require_message_authenticator)
Receive UDP client requests, and fill in the basics of a fr_packet_t structure.
void fr_radius_packet_log(fr_log_t const *log, fr_packet_t *packet, fr_pair_list_t *list, bool received)
ssize_t fr_radius_packet_encode(fr_packet_t *packet, fr_pair_list_t *list, fr_packet_t const *original, char const *secret)
Encode a packet.
#define rc_request_list_foreach(_list_head, _iter)
static int blast_radius_check(rc_request_t *request, fr_packet_t *reply)
static fr_rb_tree_t * coa_tree
static fr_ipaddr_t client_ipaddr
static fr_dict_attr_t const * attr_packet_type
static fr_dict_attr_t const * attr_request_authenticator
static fr_dict_attr_t const * attr_user_password
static int send_one_packet(rc_request_t *request)
static int getport(char const *name)
static int _rc_request_free(rc_request_t *request)
static uint16_t client_port
static int radclient_sane(rc_request_t *request)
static int recv_one_packet(fr_time_delta_t wait_time)
static fr_dict_attr_t const * attr_coa_match_attr
static fr_time_delta_t sleep_time
int main(int argc, char **argv)
static fr_dict_attr_t const * attr_chap_password
static fr_packet_list_t * packet_list
static fr_dict_attr_t const * attr_ms_chap_response
static fr_dict_attr_t const * attr_ms_chap_challenge
static uint16_t server_port
static fr_dict_attr_t const * attr_chap_challenge
static int recv_coa_packet(fr_time_delta_t wait_time)
static fr_ipaddr_t server_ipaddr
static fr_dict_attr_t const * attr_proxy_state
static fr_dict_attr_t const * attr_cleartext_password
static void deallocate_id(rc_request_t *request)
static bool print_filename
static fr_dict_attr_t const * attr_radclient_test_name
static int radclient_init(TALLOC_CTX *ctx, rc_file_pair_t *files)
static fr_dict_attr_t const * attr_radclient_coa_filename
static int mschapv1_encode(fr_packet_t *packet, fr_pair_list_t *list, char const *password)
static const fr_dict_attr_autoload_t radclient_dict_attr[]
static bool already_hex(fr_pair_t *vp)
static fr_dict_attr_t const * attr_user_name
static void radclient_get_port(fr_radius_packet_code_t type, uint16_t *port)
static fr_dict_attr_t const * attr_ms_chap_password
#define pair_update_request(_attr, _da)
static int8_t request_cmp(void const *one, void const *two)
static const char * attr_coa_filter_name
static fr_time_delta_t timeout
static fr_dict_attr_t const * attr_radclient_coa_filter
static NEVER_RETURNS void usage(void)
static fr_radius_packet_code_t radclient_get_code(uint16_t port)
static fr_dict_attr_t const * attr_message_authenticator
static int coa_init(rc_request_t *parent, FILE *coa_reply, char const *reply_filename, bool *coa_reply_done, FILE *coa_filter, char const *filter_filename, bool *coa_filter_done)
Read one CoA reply and potentially a filter.
Structures for the radclient utility.
uint64_t accepted
Requests to which we received a accept.
uint64_t rejected
Requests to which we received a reject.
uint64_t lost
Requests to which we received no response.
uint64_t failed
Requests which failed a filter.
char const * coa_filter
file containing the CoA filter we want to match
uint64_t passed
Requests which passed a filter.
char const * filters
The file containing the definition of the packet we want to match.
char const * coa_reply
file containing the CoA filter we want to match
char const * packets
The file containing the request packet.
uint64_t error
Requests which received a Protocol-Error response.
#define RADIUS_MAX_ATTRIBUTES
#define FR_RADIUS_PACKET_CODE_VALID(_x)
static fr_dict_t const * dict_radius
uint32_t fr_rand(void)
Return a 32-bit random number.
uint32_t fr_rb_num_elements(fr_rb_tree_t *tree)
Return how many nodes there are in a tree.
void * fr_rb_remove(fr_rb_tree_t *tree, void const *data)
Remove an entry from the tree, without freeing the data.
bool fr_rb_delete_by_inline_node(fr_rb_tree_t *tree, fr_rb_node_t *node)
Remove node and free data (if a free function was specified)
void * fr_rb_find(fr_rb_tree_t const *tree, void const *data)
Find an element in the tree, returning the data, not the node.
bool fr_rb_insert(fr_rb_tree_t *tree, void const *data)
Insert data into a tree.
#define fr_rb_inline_talloc_alloc(_ctx, _type, _field, _data_cmp, _data_free)
Allocs a red black that verifies elements are of a specific talloc type.
static bool fr_rb_node_inline_in_tree(fr_rb_node_t const *node)
Check to see if an item is in a tree by examining its inline fr_rb_node_t.
bool being_freed
Prevent double frees in talloc_destructor.
The main red black tree structure.
fr_packet_t * reply
Outgoing response.
char const *fr_packet_t * packet
< Module the request is currently being processed by.
void smbdes_mschap(uint8_t const win_password[16], uint8_t const *challenge, uint8_t *response)
int fr_socket_server_udp(fr_ipaddr_t const *src_ipaddr, uint16_t *src_port, char const *port_name, bool async)
Open an IPv4/IPv6 unconnected UDP socket.
int fr_socket_client_tcp(char const *ifname, fr_ipaddr_t *src_ipaddr, fr_ipaddr_t const *dst_ipaddr, uint16_t dst_port, bool async)
Establish a connected TCP socket.
int fr_socket_bind(int sockfd, char const *ifname, fr_ipaddr_t *src_ipaddr, uint16_t *src_port)
Bind a UDP/TCP v4/v6 socket to a given ipaddr src port, and interface.
fr_aka_sim_id_type_t type
fr_log_dst_t dst
Log destination.
int fd
File descriptor to write messages to.
bool print_level
sometimes we don't want log levels printed
uint64_t num
The number (within the file) of the request were reading.
fr_packet_t * reply
The incoming response.
fr_pair_t * password
Password.Cleartext.
char const * name
Test name (as specified in the request).
rc_file_pair_t * files
Request and response file names.
rc_request_t * coa
CoA filter and reply.
fr_packet_t * packet
The outgoing request.
fr_pair_list_t request_pairs
fr_rb_node_t node
rbtree node data for CoA
bool done
Whether the request is complete.
fr_pair_list_t filter
If the reply passes the filter, then the request passes.
fr_pair_list_t reply_pairs
fr_radius_packet_code_t filter_code
Expected code of the response packet.
Stores an attribute, a value and various bits of other data.
fr_dict_attr_t const *_CONST da
Dictionary attribute defines the attribute number, vendor and type of the pair.
char const * fr_syserror(int num)
Guaranteed to be thread-safe version of strerror.
#define fr_table_value_by_str(_table, _name, _def)
Convert a string to a value using a sorted or ordered table.
#define talloc_strndup(_ctx, _str, _len)
#define talloc_autofree_context
The original function is deprecated, so replace it with our version.
#define talloc_strdup(_ctx, _str)
fr_slen_t fr_time_delta_from_str(fr_time_delta_t *out, char const *in, size_t inlen, fr_time_res_t hint)
Create fr_time_delta_t from a string.
#define fr_time_delta_lt(_a, _b)
static fr_time_delta_t fr_time_delta_from_sec(int64_t sec)
#define fr_time_delta_wrap(_time)
#define fr_time_delta_ispos(_a)
#define fr_time_delta_to_timeval(_delta)
Convert a delta to a timeval.
#define fr_time_delta_eq(_a, _b)
static fr_time_delta_t fr_time_delta_sub(fr_time_delta_t a, fr_time_delta_t b)
#define fr_time_sub(_a, _b)
Subtract one time from another.
#define fr_time_delta_gt(_a, _b)
A time delta, a difference in time measured in nanoseconds.
#define FR_DICTIONARY_FILE
unsigned int code
Packet code (type).
fr_socket_t socket
This packet was received on.
int id
Packet ID (used to link requests/responses).
uint8_t * data
Packet data (body).
size_t data_len
Length of packet data.
uint8_t vector[RADIUS_AUTH_VECTOR_LENGTH]
RADIUS authentication vector.
bool fr_pair_list_empty(fr_pair_list_t const *list)
Is a valuepair list empty.
void fr_pair_list_sort(fr_pair_list_t *list, fr_cmp_t cmp)
Sort a doubly linked list of fr_pair_ts using merge sort.
fr_pair_t * fr_pair_list_next(fr_pair_list_t const *list, fr_pair_t const *item))
Get the next item in a valuepair list after a specific entry.
void fr_pair_list_append(fr_pair_list_t *dst, fr_pair_list_t *src)
Appends a list of fr_pair_t from a temporary list to a destination list.
#define PAIR_LIST_VERIFY(_x)
fr_pair_t * fr_pair_list_head(fr_pair_list_t const *list)
Get the head of a valuepair list.
int af
AF_INET, AF_INET6, or AF_UNIX.
int fd
File descriptor if this is a live socket.
int type
SOCK_STREAM, SOCK_DGRAM, etc.
void fr_perror(char const *fmt,...)
Print the current error to stderr with a prefix.
void fr_strerror_clear(void)
Clears all pending messages from the talloc pools.
int fr_check_lib_magic(uint64_t magic)
Check if the application linking to the library has the correct magic number.
#define RADIUSD_VERSION_BUILD(_x)
Create a version string for a utility in the suite of FreeRADIUS utilities.
#define RADIUSD_MAGIC_NUMBER
int8_t fr_value_box_cmp(fr_value_box_t const *a, fr_value_box_t const *b)
Compare two values.
1.9.8