diff options
| author | YASUOKA Masahiko <yasuoka@cvs.openbsd.org> | 2024-07-24 08:27:21 +0000 |
|---|---|---|
| committer | YASUOKA Masahiko <yasuoka@cvs.openbsd.org> | 2024-07-24 08:27:21 +0000 |
| commit | c802723471fbdfcd310f9b732adeb228373f53d9 (patch) | |
| tree | 5b16632eae5870b27ec697b673182fbb8ae8515b | |
| parent | 75dfac5cd27fb21411cd477667bafcac07c18b6d (diff) | |
dd "msgauth" option for "test" command to specify whether use
Message-Authentication or not.
| -rw-r--r-- | usr.sbin/radiusctl/parser.c | 23 | ||||
| -rw-r--r-- | usr.sbin/radiusctl/parser.h | 3 | ||||
| -rw-r--r-- | usr.sbin/radiusctl/radiusctl.8 | 7 | ||||
| -rw-r--r-- | usr.sbin/radiusctl/radiusctl.c | 9 |
4 files changed, 36 insertions, 6 deletions
diff --git a/usr.sbin/radiusctl/parser.c b/usr.sbin/radiusctl/parser.c index c43d7e42fde..c0934db0a2c 100644 --- a/usr.sbin/radiusctl/parser.c +++ b/usr.sbin/radiusctl/parser.c @@ -1,4 +1,4 @@ -/* $OpenBSD: parser.c,v 1.3 2024/07/09 17:26:14 yasuoka Exp $ */ +/* $OpenBSD: parser.c,v 1.4 2024/07/24 08:27:20 yasuoka Exp $ */ /* * Copyright (c) 2010 Reyk Floeter <reyk@vantronix.net> @@ -44,6 +44,7 @@ enum token_type { MAXWAIT, FLAGS, SESSION_SEQ, + MSGAUTH, ENDTOKEN }; @@ -58,6 +59,7 @@ static struct parse_result res = { .tries = TEST_TRIES_DEFAULT, .interval = { TEST_INTERVAL_DEFAULT, 0 }, .maxwait = { TEST_MAXWAIT_DEFAULT, 0 }, + .msgauth = 1 }; static const struct token t_test[]; @@ -71,6 +73,7 @@ static const struct token t_nas_port[]; static const struct token t_tries[]; static const struct token t_interval[]; static const struct token t_maxwait[]; +static const struct token t_yesno[]; static const struct token t_ipcp[]; static const struct token t_ipcp_flags[]; static const struct token t_ipcp_session_seq[]; @@ -105,6 +108,7 @@ static const struct token t_test_opts[] = { { KEYWORD, "interval", NONE, t_interval }, { KEYWORD, "tries", NONE, t_tries }, { KEYWORD, "maxwait", NONE, t_maxwait }, + { KEYWORD, "msgauth", NONE, t_yesno }, { ENDTOKEN, "", NONE, NULL } }; @@ -143,6 +147,12 @@ static const struct token t_maxwait[] = { { ENDTOKEN, "", NONE, NULL } }; +static const struct token t_yesno[] = { + { MSGAUTH, "yes", 1, t_test_opts }, + { MSGAUTH, "no", 0, t_test_opts }, + { ENDTOKEN, "", NONE, NULL } +}; + static const struct token t_ipcp[] = { { KEYWORD, "show", IPCP_SHOW, NULL }, { KEYWORD, "dump", IPCP_DUMP, t_ipcp_flags }, @@ -365,6 +375,14 @@ match_token(char *word, const struct token table[]) printf("invalid argument: %s is %s for " "\"session-id\"", word, errstr); t = &table[i]; + case MSGAUTH: + if (word != NULL && + strcmp(word, table[i].keyword) == 0) { + match++; + res.msgauth = table[i].value; + t = &table[i]; + } + break; case ENDTOKEN: break; } @@ -436,6 +454,9 @@ show_valid_args(const struct token table[]) case SESSION_SEQ: fprintf(stderr, " <sequence number>\n"); break; + case MSGAUTH: + fprintf(stderr, " %s\n", table[i].keyword); + break; case ENDTOKEN: break; } diff --git a/usr.sbin/radiusctl/parser.h b/usr.sbin/radiusctl/parser.h index 3f5e271bf6e..6fefb0f4790 100644 --- a/usr.sbin/radiusctl/parser.h +++ b/usr.sbin/radiusctl/parser.h @@ -1,4 +1,4 @@ -/* $OpenBSD: parser.h,v 1.3 2024/07/09 17:26:14 yasuoka Exp $ */ +/* $OpenBSD: parser.h,v 1.4 2024/07/24 08:27:20 yasuoka Exp $ */ /* This file is derived from OpenBSD:src/usr.sbin/ikectl/parser.h 1.9 */ /* @@ -60,6 +60,7 @@ struct parse_result { const char *password; u_short port; int nas_port; + int msgauth; enum auth_method auth_method; /* number of packets to try sending */ diff --git a/usr.sbin/radiusctl/radiusctl.8 b/usr.sbin/radiusctl/radiusctl.8 index 58980c9bae3..00ab5bce21d 100644 --- a/usr.sbin/radiusctl/radiusctl.8 +++ b/usr.sbin/radiusctl/radiusctl.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: radiusctl.8,v 1.8 2024/07/14 03:47:44 jsg Exp $ +.\" $OpenBSD: radiusctl.8,v 1.9 2024/07/24 08:27:20 yasuoka Exp $ .\" .\" Copyright (c) YASUOKA Masahiko <yasuoka@yasuoka.net> .\" @@ -15,7 +15,7 @@ .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" .\" -.Dd $Mdocdate: July 14 2024 $ +.Dd $Mdocdate: July 24 2024 $ .Dt RADIUSCTL 8 .Os .Sh NAME @@ -86,6 +86,9 @@ the default port number 1812 is used. .It Cm tries Ar number Specifies the number of packets to try sending. The default is 3. +.It Cm msgauth Ar yes | no +Specifies if Message-Authenticator is given for the access request packet. +The default is yes. .El .It Cm ipcp show Show all ipcp sessions in the database of diff --git a/usr.sbin/radiusctl/radiusctl.c b/usr.sbin/radiusctl/radiusctl.c index d3bc45eb866..6b8a4fedbf4 100644 --- a/usr.sbin/radiusctl/radiusctl.c +++ b/usr.sbin/radiusctl/radiusctl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: radiusctl.c,v 1.11 2024/07/22 09:39:23 yasuoka Exp $ */ +/* $OpenBSD: radiusctl.c,v 1.12 2024/07/24 08:27:20 yasuoka Exp $ */ /* * Copyright (c) 2015 YASUOKA Masahiko <yasuoka@yasuoka.net> * @@ -368,7 +368,8 @@ radius_test(struct parse_result *res) u32val = htonl(res->nas_port); radius_put_raw_attr(reqpkt, RADIUS_TYPE_NAS_PORT, &u32val, 4); - radius_put_message_authenticator(reqpkt, res->secret); + if (res->msgauth) + radius_put_message_authenticator(reqpkt, res->secret); event_init(); @@ -500,6 +501,10 @@ radius_dump(FILE *out, RADIUS_PACKET *pkt, bool resp, const char *secret) : (radius_check_message_authenticator(pkt, secret) == 0) ? "Verified" : "NG"); } + if (!resp) + fprintf(out, " Message-Authenticator = %s\n", + (radius_has_attr(pkt, RADIUS_TYPE_MESSAGE_AUTHENTICATOR)) + ? "(Present)" : "(Not present)"); if (radius_get_string_attr(pkt, RADIUS_TYPE_USER_NAME, buf, sizeof(buf)) == 0) |