FreeRADIUS · martin-belanger · Dec 8, 2016 · Dec 8, 2016 · Dec 12, 2016 · Dec 12, 2016
diff --git a/src/radiusclient.c b/src/radiusclient.c
@@ -42,7 +42,8 @@ static void
 usage(void)
 {
 
-    fprintf(stderr, "usage: radiusclient [-f config_file] [-p nas_port] [-s | [-a] a1=v1 [a2=v2[...[aN=vN]...]]]\n");
+    fprintf(stderr, "usage: radiusclient [-f config_file] [-p nas_port] [-s | [-a] [-e hex-bytes] a1=v1 [a2=v2[...[aN=vN]...]]]\n");
+    fprintf(stderr, "       -e hex-bytes - Specify an EAP message with colon-separated hex bytes. Ex. -e 2:0:0:9:1:74:65:73:74\n");
     exit(1);
 }
 
@@ -55,13 +56,15 @@ main(int argc, char **argv)
     VALUE_PAIR *send, **vp;
     char *rc_conf, *cp;
     char lbuf[4096];
+    size_t  eap_len = 0;
+    uint8_t eap_msg[255];
 
     rc_conf = RC_CONFIG_FILE;
     nas_port = 5060;
 
     acct = 0;
     server = 0;
-    while ((ch = getopt(argc, argv, "af:p:s")) != -1) {
+    while ((ch = getopt(argc, argv, "af:p:se:")) != -1) {
         switch (ch) {
         case 'f':
             rc_conf = optarg;
@@ -79,6 +82,26 @@ main(int argc, char **argv)
             server = 1;
             break;
 
+        case 'e':
+            if (optarg && *optarg != '\0') {
+                char   *next = optarg;
+                while (*next != '\0') {
+                    char    *endptr;
+                    long int l = strtol(next, &endptr, 16);
+                    if (l > 0xFF) {
+                        fprintf(stderr, "-e: hex-bytes invalid. %X greater than 0xFF\n", (unsigned int)l);
+                        exit(3);
+                    }
+                    eap_msg[eap_len++] = (uint8_t)l;
+                    if (*endptr == '\0')
+                        break;
+                    next = endptr + 1;
+                }
+            } else {
+                fprintf(stderr, "-e: can't parse hex-bytes buffer\n");
+                exit(3);
+            }
+            break;
         default:
             usage();
         }
@@ -109,6 +132,13 @@ main(int argc, char **argv)
             }
             vp = &send->next;
         }
+        if (eap_len > 0) {
+
+            if (rc_avpair_add(rh, vp, PW_EAP_MESSAGE, eap_msg, eap_len, 0) == NULL) {
+                fprintf(stderr, "Can't add EAP-Message AV pair\n");
+                exit(3);
+            }
+        }
         exit(process(rh, send, acct, nas_port));
     }
     while (1 == 1) {
@@ -163,7 +193,7 @@ main(int argc, char **argv)
 int
 process(void *rh, VALUE_PAIR *send, int acct, int nas_port)
 {
-    VALUE_PAIR *received;
+    VALUE_PAIR *received = NULL;
     char msg[PW_MAX_MSG_SIZE];
     char buf[BUF_LEN];
     int i;
@@ -179,5 +209,5 @@ process(void *rh, VALUE_PAIR *send, int acct, int nas_port)
         i = rc_acct(rh, nas_port, send);
     }
 
-    return (i == OK_RC) ? 0 : 1;
+    return (i == OK_RC) || (i == CHALLENGE_RC) ? 0 : 1;
 }
diff --git a/tests/eap-tests.sh b/tests/eap-tests.sh
@@ -0,0 +1,72 @@
+#!/bin/sh
+
+# Copyright (C) 2016 Martin Belanger
+#
+# License: BSD
+
+srcdir="${srcdir:-.}"
+
+echo "***********************************************"
+echo "This test will use a radius server on localhost"
+echo "and which can be executed with run-server.sh   "
+echo "The test sends a basic EAP message and expects "
+echo "an Acess-Challenge response. The test does not "
+echo "go beyond this point as there is no real EAP   "
+echo "service capable of handling a full EAP request "
+echo "***********************************************"
+
+TMPFILE=tmp$$.out
+
+if test -z "$SERVER_IP";then
+	echo "the variable SERVER_IP is not defined"
+	exit 77
+fi
+
+sed 's/localhost/'$SERVER_IP'/g' <$srcdir/radiusclient.conf >radiusclient-temp.conf
+sed 's/localhost/'$SERVER_IP'/g' <$srcdir/servers >servers-temp
+
+
+# NOTE: The string 2:0:0:9:1:74:65:73:74 is equivalent to defining a C array as
+#       follows:
+#           uint8_t eap_msg[] = { 2, 0, 0, 9, 1, 't', 'e', 's', 't' };
+#
+#       which corresponds to this EAP message:
+#           Code       = 2       (8-bit)  -> 2 for Response
+#           Identifier = 0       (8-bit)
+#           Length     = 9       (16-bit)
+#           Type       = 1       (8-bit)  -> 1 for Identity
+#           Data       = "test"  (string)
+
+../src/radiusclient -f radiusclient-temp.conf -e 2:0:0:9:1:74:65:73:74 User-Name=test Password=test >$TMPFILE
+if test $? != 0;then
+	echo "Error in PAP auth"
+	exit 1
+fi
+
+grep "^EAP-Message                      = " $TMPFILE >/dev/null 2>&1
+if test $? != 0;then
+	echo "Error in data received by server (EAP-Message)"
+	cat $TMPFILE
+	exit 1
+fi
+
+grep "^Message-Authenticator            =" $TMPFILE >/dev/null 2>&1
+if test $? != 0;then
+	echo "Error in data received by server (Message-Authenticator)"
+	cat $TMPFILE
+	exit 1
+fi
+
+grep "^State                            =" $TMPFILE >/dev/null 2>&1
+if test $? != 0;then
+	echo "Error in data received by server (State)"
+	cat $TMPFILE
+	exit 1
+fi
+
+rm -f servers-temp
+#cat $TMPFILE
+rm -f $TMPFILE
+rm -f radiusclient-temp.conf
+
+exit 0