1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
|
/* RADIUS/RadSec client using libradsec in blocking mode. */
/* Copyright 2010,2011,2013 NORDUnet A/S. All rights reserved.
See LICENSE for licensing information. */
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <assert.h>
#include <radsec/radsec.h>
#include <radsec/request.h>
#include "err.h"
#include "debug.h" /* For rs_dump_message(). */
#define SECRET "sikrit"
#define USER_NAME "molgan@PROJECT-MOONSHOT.ORG"
#define USER_PW "password"
struct rs_error *
blocking_client (const char *av1, const char *av2, const char *av3,
int use_request_object_flag)
{
struct rs_context *h = NULL;
struct rs_connection *conn = NULL;
struct rs_request *request = NULL;
struct rs_message *req = NULL, *resp = NULL;
struct rs_error *err = NULL;
int r;
#if defined (USE_CONFIG_FILE)
const char *config_fn= av1;
const char *configuration = av2;
#else
const char *host = av1;
const char *service = av2;
const char *proto = av3;
struct rs_peer *server;
#endif
r = rs_context_create (&h);
if (r)
{
assert(r == RSE_NOMEM);
assert (!"out of RAM -- unable to create libradsec context");
}
#if !defined (USE_CONFIG_FILE)
/* Do it without a configuration file by setting all stuff "by
hand". Doesn't work for TLS at the moment because we don't have an
API for setting the X509 cert file names and such. */
{
int conn_type = RS_CONN_TYPE_UDP;
if (rs_conn_create (h, &conn, NULL))
goto cleanup;
if (proto)
{
if (!strncmp (proto, "udp", strlen ("udp")))
conn_type = RS_CONN_TYPE_UDP;
else if (!strncmp (proto, "tls", strlen ("tls")))
conn_type = RS_CONN_TYPE_TLS;
}
rs_conn_set_type (conn, conn_type);
if (rs_peer_create_for_conn (conn, &server))
goto cleanup;
if (rs_peer_set_address (server, host, service))
goto cleanup;
rs_peer_set_timeout (server, 1);
rs_peer_set_retries (server, 3);
if (rs_peer_set_secret (server, SECRET))
goto cleanup;
}
#else /* defined (USE_CONFIG_FILE) */
if (rs_context_read_config (h, config_fn))
goto cleanup;
if (rs_conn_create (h, &conn, configuration))
goto cleanup;
#endif /* defined (USE_CONFIG_FILE) */
if (use_request_object_flag)
{
if (rs_request_create_authn (conn, &request, USER_NAME, USER_PW))
goto cleanup;
if (rs_request_send (request, &resp))
goto cleanup;
}
else
{
if (rs_message_create_authn_request (conn, &req, USER_NAME, USER_PW))
goto cleanup;
if (rs_message_send (req))
goto cleanup;
if (rs_conn_receive_message (conn, req, &resp))
goto cleanup;
}
if (resp)
{
rs_dump_message (resp);
if (rs_message_code (resp) == PW_ACCESS_ACCEPT)
printf ("Good auth.\n");
else
printf ("Bad auth: %d\n", rs_message_code (resp));
}
else
fprintf (stderr, "%s: no response\n", __func__);
cleanup:
err = rs_err_ctx_pop (h);
if (err == RSE_OK)
err = rs_err_conn_pop (conn);
#if !defined (USE_CONFIG_FILE)
rs_peer_free_address (server);
rs_peer_free_secret (server);
#endif
if (resp)
rs_message_destroy (resp);
if (request)
rs_request_destroy (request);
if (conn)
rs_conn_destroy (conn);
if (h)
rs_context_destroy (h);
return err;
}
void
usage (int argc, char *argv[])
{
fprintf (stderr, "usage: %s: [-r] config-file config-name\n", argv[0]);
exit (1);
}
int
main (int argc, char *argv[])
{
int use_request_object_flag = 0;
struct rs_error *err;
if (argc > 1 && argv[1] && argv[1][0] == '-' && argv[1][1] == 'r')
{
use_request_object_flag = 1;
argc--;
argv++;
}
if (argc < 3)
usage (argc, argv);
err = blocking_client (argv[1], argv[2], argc >= 3 ? argv[3] : NULL,
use_request_object_flag);
if (err)
{
fprintf (stderr, "error: %s: %d\n", rs_err_msg (err), rs_err_code (err, 0));
return rs_err_code (err, 1);
}
return 0;
}
|