2 * Radius printer routines as specified on:
5 * "Remote Authentication Dial In User Service (RADIUS)"
11 * "RADIUS Accounting Modifications for Tunnel Protocol Support"
14 * "RADIUS Attributes for Tunnel Protocol Support"
19 * Alfredo Andres Omella (aandres@s21sec.com) v0.1 2000/09/15
21 * TODO: Among other things to print ok MacIntosh and Vendor values
25 static const char rcsid[] =
26 "$Id: print-radius.c,v 1.5 2000/12/18 08:16:58 guy Exp $";
33 #include <sys/param.h>
35 #include <netinet/in.h>
39 #include "interface.h"
40 #include "addrtoname.h"
43 #define TAM_SIZE(x) (sizeof(x)/sizeof(x[0]) )
45 #define PRINT_HEX(bytes_len, ptr_data) \
48 printf("%02X", *ptr_data ); \
54 /* Radius packet codes */
55 #define RADCMD_ACCESS_REQ 1 /* Access-Request */
56 #define RADCMD_ACCESS_ACC 2 /* Access-Accept */
57 #define RADCMD_ACCESS_REJ 3 /* Access-Reject */
58 #define RADCMD_ACCOUN_REQ 4 /* Accounting-Request */
59 #define RADCMD_ACCOUN_RES 5 /* Accounting-Response */
60 #define RADCMD_ACCESS_CHA 11 /* Access-Challenge */
61 #define RADCMD_STATUS_SER 12 /* Status-Server */
62 #define RADCMD_STATUS_CLI 13 /* Status-Client */
63 #define RADCMD_RESERVED 255 /* Reserved */
66 /********************************/
67 /* Begin Radius Attribute types */
68 /********************************/
72 #define LOG_SERVICE 15
74 #define SESSION_TIMEOUT 27
75 #define IDLE_TIMEOUT 28
76 #define FRM_ATALK_LINK 37
77 #define FRM_ATALK_NETWORK 38
80 #define ACCT_SESSION_TIME 46
82 #define TUNNEL_TYPE 64
83 #define TUNNEL_MEDIUM 65
84 #define TUNNEL_CLIENT_END 66
85 #define TUNNEL_SERVER_END 67
86 #define TUNNEL_PASS 69
89 #define ARAP_FEATURES 71
91 #define TUNNEL_PRIV_GROUP 81
92 #define TUNNEL_ASSIGN_ID 82
93 #define TUNNEL_PREFERENCE 83
95 #define ARAP_CHALLENGE_RESP 84
96 #define ACCT_INT_INTERVAL 85
98 #define TUNNEL_CLIENT_AUTH 90
99 #define TUNNEL_SERVER_AUTH 91
100 /********************************/
101 /* End Radius Attribute types */
102 /********************************/
105 static void print_attr_string(register u_char *, u_int, u_short );
106 static void print_attr_num(register u_char *, u_int, u_short );
107 static void print_attr_address(register u_char *, u_int, u_short);
108 static void print_attr_time(register u_char *, u_int, u_short);
109 static void print_attr_strange(register u_char *, u_int, u_short);
112 struct radius_hdr { u_int8_t code; /* Radius packet code */
113 u_int8_t id; /* Radius packet id */
114 u_int16_t len; /* Radius total length */
115 u_int8_t auth[16]; /* Authenticator */
119 struct radius_attr { u_int8_t type; /* Attribute type */
120 u_int8_t len; /* Attribute length */
124 /* Service-Type Attribute standard values */
125 static const char *serv_type[]={ NULL,
134 "Callback NAS Prompt",
136 "Callback Administrative",
139 /* Framed-Protocol Attribute standard values */
140 static const char *frm_proto[]={ NULL,
144 "Gandalf proprietary",
149 /* Framed-Routing Attribute standard values */
150 static const char *frm_routing[]={ "None",
156 /* Framed-Compression Attribute standard values */
157 static const char *frm_comp[]={ "None",
163 /* Login-Service Attribute standard values */
164 static const char *login_serv[]={ "Telnet",
167 "PortMaster(proprietary)",
176 /* Termination-Action Attribute standard values */
177 static const char *term_action[]={ "Default",
181 /* NAS-Port-Type Attribute standard values */
182 static const char *nas_port_type[]={ "Async",
189 "HDLC Clear Channel",
201 "Wireless - IEEE 802.11",
204 /* Acct-Status-Type Accounting Attribute standard values */
205 static const char *acct_status[]={ NULL,
219 "Tunnel-Link-Reject",
223 /* Acct-Authentic Accounting Attribute standard values */
224 static const char *acct_auth[]={ NULL,
230 /* Acct-Terminate-Cause Accounting Attribute standard values */
231 static const char *acct_term[]={ NULL,
246 "Service Unavailable",
252 /* Tunnel-Type Attribute standard values */
253 static const char *tunnel_type[]={ NULL,
265 "IP-in-IP Tunneling",
268 /* Tunnel-Medium-Type Attribute standard values */
269 static const char *tunnel_medium[]={ NULL,
284 "E.164 with NSAP subaddress",
287 /* ARAP-Zone-Access Attribute standard values */
288 static const char *arap_zone[]={ NULL,
289 "Only access to dfl zone",
290 "Use zone filter inc.",
292 "Use zone filter exc.",
295 static const char *prompt[]={ "No Echo",
300 struct attrtype { char *name; /* Attribute name */
301 const char **subtypes; /* Standard Values (if any) */
302 u_char siz_subtypes; /* Size of total standard values */
303 u_char first_subtype; /* First standard value is 0 or 1 */
304 void (*print_func)(register u_char *, u_int, u_short );
307 { NULL, NULL, 0, 0, NULL },
308 { "User", NULL, 0, 0, print_attr_string },
309 { "Pass", NULL, 0, 0, NULL },
310 { "CHAP-Pass", NULL, 0, 0, NULL },
311 { "NAS_ipaddr", NULL, 0, 0, print_attr_address },
312 { "NAS_port", NULL, 0, 0, print_attr_num },
313 { "Service_type", serv_type, TAM_SIZE(serv_type)-1, 1, print_attr_num },
314 { "Framed_proto", frm_proto, TAM_SIZE(frm_proto)-1, 1, print_attr_num },
315 { "Framed_ipaddr", NULL, 0, 0, print_attr_address },
316 { "Framed_ipnet", NULL, 0, 0, print_attr_address },
317 { "Framed_routing", frm_routing, TAM_SIZE(frm_routing), 0,
319 { "Filter_id", NULL, 0, 0, print_attr_string },
320 { "Framed_mtu", NULL, 0, 0, print_attr_num },
321 { "Framed_compress", frm_comp, TAM_SIZE(frm_comp), 0, print_attr_num },
322 { "Login_iphost", NULL, 0, 0, print_attr_address },
323 { "Login_service", login_serv, TAM_SIZE(login_serv), 0, print_attr_num },
324 { "Login_TCP_port", NULL, 0, 0, print_attr_num },
325 /*17*/ { "Unassigned", NULL, 0, 0, NULL },
326 { "Reply", NULL, 0, 0, print_attr_string },
327 { "Callback-number", NULL, 0, 0, print_attr_string },
328 { "Callback-id", NULL, 0, 0, print_attr_string },
329 /*21*/ { "Unassigned", NULL, 0, 0, NULL },
330 { "Framed_route", NULL, 0, 0, print_attr_string },
331 { "Framed_ipx_net", NULL, 0, 0, print_attr_num },
332 { "State", NULL, 0, 0, print_attr_string },
333 { "Class", NULL, 0, 0, print_attr_string },
334 { "Vendor_specific", NULL, 0, 0, print_attr_string },
335 { "Session_timeout", NULL, 0, 0, print_attr_num },
336 { "Idle_timeout", NULL, 0, 0, print_attr_num },
337 { "Term_action", term_action, TAM_SIZE(term_action), 0, print_attr_num },
338 { "Called_station", NULL, 0, 0, print_attr_string },
339 { "Calling_station", NULL, 0, 0, print_attr_string },
340 { "NAS_id", NULL, 0, 0, print_attr_string },
341 { "Proxy_state", NULL, 0, 0, print_attr_string },
342 { "Login_LAT_service", NULL, 0, 0, print_attr_string },
343 { "Login_LAT_node", NULL, 0, 0, print_attr_string },
344 { "Login_LAT_group", NULL, 0, 0, print_attr_string },
345 { "Framed_atalk_link", NULL, 0, 0, print_attr_num },
346 { "Framed_atalk_net", NULL, 0, 0, print_attr_num },
347 { "Framed_atalk_zone", NULL, 0, 0, print_attr_string },
348 { "Acct_status", acct_status, TAM_SIZE(acct_status)-1, 1, print_attr_num },
349 { "Acct_delay", NULL, 0, 0, print_attr_num },
350 { "Acct_in_octets", NULL, 0, 0, print_attr_num },
351 { "Acct_out_octets", NULL, 0, 0, print_attr_num },
352 { "Acct_session_id", NULL, 0, 0, print_attr_string },
353 { "Acct_authentic", acct_auth, TAM_SIZE(acct_auth)-1, 1, print_attr_num },
354 { "Acct_session_time", NULL, 0, 0, print_attr_num },
355 { "Acct_in_packets", NULL, 0, 0, print_attr_num },
356 { "Acct_out_packets", NULL, 0, 0, print_attr_num },
357 { "Acct_term_cause", acct_term, TAM_SIZE(acct_term)-1, 1, print_attr_num },
358 { "Acct_multi_session_id", NULL, 0, 0, print_attr_string },
359 { "Acct_link_count", NULL, 0, 0, print_attr_num },
360 { "Acct_in_giga", NULL, 0, 0, print_attr_num },
361 { "Acct_out_giga", NULL, 0, 0, print_attr_num },
362 /*54*/ { "Unassigned", NULL, 0, 0, NULL },
363 { "Event_timestamp", NULL, 0, 0, print_attr_time },
364 /*56*/ { "Unassigned", NULL, 0, 0, NULL },
365 /*57*/ { "Unassigned", NULL, 0, 0, NULL },
366 /*58*/ { "Unassigned", NULL, 0, 0, NULL },
367 /*59*/ { "Unassigned", NULL, 0, 0, NULL },
368 { "CHAP_challenge", NULL, 0, 0, print_attr_string },
369 { "NAS_port_type", nas_port_type, TAM_SIZE(nas_port_type), 0,
371 { "Port_limit", NULL, 0, 0, print_attr_num },
372 /*63*/ { "Login_LAT_port", NULL, 0, 0, print_attr_string },
373 { "Tunnel_type", tunnel_type, TAM_SIZE(tunnel_type)-1, 1, print_attr_num },
374 { "Tunnel_medium", tunnel_medium, TAM_SIZE(tunnel_medium)-1, 1,
376 { "Tunnel_client_end", NULL, 0, 0, print_attr_string },
377 { "Tunnel_server_end", NULL, 0, 0, print_attr_string },
378 { "Acct_tunnel_connect", NULL, 0, 0, print_attr_string },
379 { "Tunnel_pass", NULL, 0, 0, print_attr_string },
380 { "ARAP_pass", NULL, 0, 0, print_attr_strange },
381 { "ARAP_feature", NULL, 0, 0, print_attr_strange },
382 /*72*/ { "ARAP_zone_acces", arap_zone, TAM_SIZE(arap_zone)-1, 1,
384 { "ARAP_security", NULL, 0, 0, print_attr_string },
385 { "ARAP_security_data", NULL, 0, 0, print_attr_string },
386 { "Password_retry", NULL, 0, 0, print_attr_num },
387 { "Prompt", prompt, TAM_SIZE(prompt), 0, print_attr_num },
388 { "Connect_info", NULL, 0, 0, print_attr_string },
389 { "Config_token", NULL, 0, 0, print_attr_string },
390 { "EAP_msg", NULL, 0, 0, print_attr_string },
391 /*80*/ { "Message_auth", NULL, 0, 0, print_attr_string },
392 { "Tunnel_priv_group", NULL, 0, 0, print_attr_string },
393 { "Tunnel_assign_id", NULL, 0, 0, print_attr_string },
394 { "Tunnel_pref", NULL, 0, 0, print_attr_num },
395 { "ARAP_challenge_resp", NULL, 0, 0, print_attr_strange },
396 { "Acct_interim_interval", NULL, 0, 0, print_attr_num },
397 /*86*/ { "Acct_tunnel_pack_lost", NULL, 0, 0, print_attr_num },
398 { "NAS_port_id", NULL, 0, 0, print_attr_string },
399 { "Framed_pool", NULL, 0, 0, print_attr_string },
400 { "Unassigned", NULL, 0, 0, NULL },
401 { "Tunnel_client_auth_id", NULL, 0, 0, print_attr_string },
402 { "Tunnel_server_auth_id", NULL, 0, 0, print_attr_string },
403 /*92*/ { "Unassigned", NULL, 0, 0, NULL },
404 /*93*/ { "Unassigned", NULL, 0, 0, NULL }
408 /*****************************/
409 /* Print an attribute string */
410 /* value pointed by 'data' */
411 /* and 'length' size. */
412 /*****************************/
413 /* Returns nothing. */
414 /*****************************/
416 print_attr_string(register u_char *data, u_int length, u_short attr_code )
420 TCHECK2(data[0],length);
426 if (*data && (*data <=0x1F) )
427 printf("Tag[%d] ",*data);
429 printf("Salt[%d] ",EXTRACT_16BITS(data) );
433 case TUNNEL_CLIENT_END:
434 case TUNNEL_SERVER_END:
435 case TUNNEL_PRIV_GROUP:
436 case TUNNEL_ASSIGN_ID:
437 case TUNNEL_CLIENT_AUTH:
438 case TUNNEL_SERVER_AUTH:
441 printf("Tag[%d] ",*data);
448 for (i=0; i < length ; i++, data++)
449 printf("%c",(*data < 32 || *data > 128) ? '.' : *data );
460 /******************************/
461 /* Print an attribute numeric */
462 /* value pointed by 'data' */
463 /* and 'length' size. */
464 /******************************/
465 /* Returns nothing. */
466 /******************************/
468 print_attr_num(register u_char *data, u_int length, u_short attr_code )
475 printf("{length %u != 4}", length);
480 /* This attribute has standard values */
481 if (attr_type[attr_code].siz_subtypes)
483 static const char **table;
484 u_int32_t data_value;
485 table = attr_type[attr_code].subtypes;
487 if ( (attr_code == TUNNEL_TYPE) || (attr_code == TUNNEL_MEDIUM) )
490 printf("{Tag[Unused]");
492 printf("{Tag[%d]", *data);
494 data_value = EXTRACT_24BITS(data);
499 data_value = EXTRACT_32BITS(data);
501 if ( data_value <= (attr_type[attr_code].siz_subtypes - 1 +
502 attr_type[attr_code].first_subtype) )
503 printf("{%s}",table[data_value]);
505 printf("{#%d}",data_value);
509 switch(attr_code) /* Be aware of special cases... */
512 if (EXTRACT_32BITS( data) == 0xFFFFFFFE )
513 printf("{NAS_select}");
515 printf("{%d}",EXTRACT_32BITS( data) );
518 case SESSION_TIMEOUT:
521 case ACCT_SESSION_TIME:
522 case ACCT_INT_INTERVAL:
523 timeout = EXTRACT_32BITS( data);
525 printf( "{%02d secs}", timeout);
528 if ( timeout < 3600 )
529 printf( "{%02d:%02d min}",
530 timeout / 60, timeout % 60);
532 printf( "{%02d:%02d:%02d hours}",
533 timeout / 3600, (timeout % 3600) / 60,
539 if (EXTRACT_32BITS(data) )
540 printf("{%d}",EXTRACT_32BITS(data) );
542 printf("{Unnumbered}" );
545 case FRM_ATALK_NETWORK:
546 if (EXTRACT_32BITS(data) )
547 printf("{%d}",EXTRACT_32BITS(data) );
549 printf("{NAS_assign}" );
552 case TUNNEL_PREFERENCE:
556 printf("{Tag[Unused] %d}",EXTRACT_24BITS(data) );
558 printf("{Tag[%d] %d}", tag, EXTRACT_24BITS(data) );
562 printf("{%d}",EXTRACT_32BITS( data) );
576 /*****************************/
577 /* Print an attribute IPv4 */
578 /* address value pointed by */
579 /* 'data' and 'length' size. */
580 /*****************************/
581 /* Returns nothing. */
582 /*****************************/
584 print_attr_address(register u_char *data, u_int length, u_short attr_code )
588 printf("{length %u != 4}", length);
598 if (EXTRACT_32BITS(data) == 0xFFFFFFFF )
599 printf("{User_select}");
601 if (EXTRACT_32BITS(data) == 0xFFFFFFFE )
602 printf("{NAS_select}");
604 printf("{%s}",ipaddr_string(data));
608 printf("{%s}",ipaddr_string(data) );
619 /*************************************/
620 /* Print an attribute of 'secs since */
621 /* January 1, 1970 00:00 UTC' value */
622 /* pointed by 'data' and 'length' */
624 /*************************************/
625 /* Returns nothing. */
626 /*************************************/
627 static void print_attr_time(register u_char *data, u_int length, u_short attr_code)
634 printf("{length %u != 4}", length);
640 attr_time = EXTRACT_32BITS(data);
641 strcpy(string, ctime(&attr_time));
642 /* Get rid of the newline */
644 printf("{%.24s}", string);
652 /***********************************/
653 /* Print an attribute of 'strange' */
654 /* data format pointed by 'data' */
655 /* and 'length' size. */
656 /***********************************/
657 /* Returns nothing. */
658 /***********************************/
659 static void print_attr_strange(register u_char *data, u_int length, u_short attr_code)
668 printf("{length %u != 16}", length);
671 printf("{User_challenge[");
674 PRINT_HEX(len_data, data);
675 printf("] User_resp[");
678 PRINT_HEX(len_data, data);
685 printf("{length %u != 14}", length);
690 printf("{User_can_change_pass");
692 printf("{User_cant_change_pass");
695 printf(" Min_pass_len[%d]",*data);
697 printf(" Pass_created_at[");
700 PRINT_HEX(len_data, data);
701 printf("] Pass_expired_in[");
704 PRINT_HEX(len_data, data);
705 printf("] Current_time[");
708 PRINT_HEX(len_data, data);
712 case ARAP_CHALLENGE_RESP:
715 printf("{length %u != 8}", length);
721 PRINT_HEX(len_data, data);
733 radius_attr_print(register u_char *attr, u_int length)
735 register const struct radius_attr *rad_attr = (struct radius_attr *)attr;
739 printf(" [|radius]");
746 if ( rad_attr->len <= length )
748 if ( !rad_attr->type || (rad_attr->type > (TAM_SIZE(attr_type)-1)) )
749 printf("#%d",rad_attr->type);
752 printf(" %s",attr_type[rad_attr->type].name);
754 if (rad_attr->len > 2)
756 if ( attr_type[rad_attr->type].print_func )
757 (*attr_type[rad_attr->type].print_func)(
758 ((u_char *)(rad_attr+1)),
759 rad_attr->len - 2, rad_attr->type);
765 printf(" [|radius]");
768 length-=(rad_attr->len);
769 rad_attr = (struct radius_attr *)( ((char *)(rad_attr))+rad_attr->len);
777 radius_print(const u_char *dat, u_int length)
779 register const struct radius_hdr *rad;
782 i = min(length, snapend - dat) - sizeof(*rad);
786 printf(" [|radius]");
790 rad = (struct radius_hdr *)dat;
794 case RADCMD_ACCESS_REQ:
795 printf(" rad-access-req %d", length);
798 case RADCMD_ACCESS_ACC:
799 printf(" rad-access-accept %d", length);
802 case RADCMD_ACCESS_REJ:
803 printf(" rad-access-reject %d", length);
806 case RADCMD_ACCOUN_REQ:
807 printf(" rad-account-req %d", length);
810 case RADCMD_ACCOUN_RES:
811 printf(" rad-account-resp %d", length);
814 case RADCMD_ACCESS_CHA:
815 printf(" rad-access-cha %d", length);
818 case RADCMD_STATUS_SER:
819 printf(" rad-status-serv %d", length);
822 case RADCMD_STATUS_CLI:
823 printf(" rad-status-cli %d", length);
826 case RADCMD_RESERVED:
827 printf(" rad-reserved %d", length);
831 printf(" rad-#%d %d", rad->code, length);
834 printf(" [id %d]", rad->id);
837 radius_attr_print( ((u_char *)(rad+1)), i);