From a852e27a98a0379ef8dc6616766aaad80876e7aa Mon Sep 17 00:00:00 2001
From: yasuoka <yasuoka@openbsd.org>
Date: Wed, 24 Jul 2024 08:27:20 +0000
Subject: [PATCH] dd "msgauth" option for "test" command to specify whether use
 Message-Authentication or not.

---
 usr.sbin/radiusctl/parser.c    | 23 ++++++++++++++++++++++-
 usr.sbin/radiusctl/parser.h    |  3 ++-
 usr.sbin/radiusctl/radiusctl.8 |  7 +++++--
 usr.sbin/radiusctl/radiusctl.c |  9 +++++++--
 4 files changed, 36 insertions(+), 6 deletions(-)

diff --git a/usr.sbin/radiusctl/parser.c b/usr.sbin/radiusctl/parser.c
index c43d7e42fde..c0934db0a2c 100644
--- a/usr.sbin/radiusctl/parser.c
+++ b/usr.sbin/radiusctl/parser.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: parser.c,v 1.3 2024/07/09 17:26:14 yasuoka Exp $	*/
+/*	$OpenBSD: parser.c,v 1.4 2024/07/24 08:27:20 yasuoka Exp $	*/
 
 /*
  * Copyright (c) 2010 Reyk Floeter <reyk@vantronix.net>
@@ -44,6 +44,7 @@ enum token_type {
 	MAXWAIT,
 	FLAGS,
 	SESSION_SEQ,
+	MSGAUTH,
 	ENDTOKEN
 };
 
@@ -58,6 +59,7 @@ static struct parse_result res = {
 	.tries		= TEST_TRIES_DEFAULT,
 	.interval	= { TEST_INTERVAL_DEFAULT, 0 },
 	.maxwait	= { TEST_MAXWAIT_DEFAULT, 0 },
+	.msgauth	= 1
 };
 
 static const struct token t_test[];
@@ -71,6 +73,7 @@ static const struct token t_nas_port[];
 static const struct token t_tries[];
 static const struct token t_interval[];
 static const struct token t_maxwait[];
+static const struct token t_yesno[];
 static const struct token t_ipcp[];
 static const struct token t_ipcp_flags[];
 static const struct token t_ipcp_session_seq[];
@@ -105,6 +108,7 @@ static const struct token t_test_opts[] = {
 	{ KEYWORD,	"interval",	NONE,		t_interval },
 	{ KEYWORD,	"tries",	NONE,		t_tries },
 	{ KEYWORD,	"maxwait",	NONE,		t_maxwait },
+	{ KEYWORD,	"msgauth",	NONE,		t_yesno },
 	{ ENDTOKEN,	"",		NONE,		NULL }
 };
 
@@ -143,6 +147,12 @@ static const struct token t_maxwait[] = {
 	{ ENDTOKEN,	"",		NONE,		NULL }
 };
 
+static const struct token t_yesno[] = {
+	{ MSGAUTH,	"yes",		1,		t_test_opts },
+	{ MSGAUTH,	"no",		0,		t_test_opts },
+	{ ENDTOKEN,	"",		NONE,		NULL }
+};
+
 static const struct token t_ipcp[] = {
 	{ KEYWORD,	"show",		IPCP_SHOW,	NULL },
 	{ KEYWORD,	"dump",		IPCP_DUMP,	t_ipcp_flags },
@@ -365,6 +375,14 @@ match_token(char *word, const struct token table[])
 				printf("invalid argument: %s is %s for "
 				"\"session-id\"", word, errstr);
 			t = &table[i];
+		case MSGAUTH:
+			if (word != NULL &&
+			    strcmp(word, table[i].keyword) == 0) {
+				match++;
+				res.msgauth = table[i].value;
+				t = &table[i];
+			}
+			break;
 		case ENDTOKEN:
 			break;
 		}
@@ -436,6 +454,9 @@ show_valid_args(const struct token table[])
 		case SESSION_SEQ:
 			fprintf(stderr, "  <sequence number>\n");
 			break;
+		case MSGAUTH:
+			fprintf(stderr, "  %s\n", table[i].keyword);
+			break;
 		case ENDTOKEN:
 			break;
 		}
diff --git a/usr.sbin/radiusctl/parser.h b/usr.sbin/radiusctl/parser.h
index 3f5e271bf6e..6fefb0f4790 100644
--- a/usr.sbin/radiusctl/parser.h
+++ b/usr.sbin/radiusctl/parser.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: parser.h,v 1.3 2024/07/09 17:26:14 yasuoka Exp $	*/
+/*	$OpenBSD: parser.h,v 1.4 2024/07/24 08:27:20 yasuoka Exp $	*/
 
 /* This file is derived from OpenBSD:src/usr.sbin/ikectl/parser.h 1.9 */
 /*
@@ -60,6 +60,7 @@ struct parse_result {
 	const char		*password;
 	u_short			 port;
 	int			 nas_port;
+	int			 msgauth;
 	enum auth_method	 auth_method;
 
 	/* number of packets to try sending */
diff --git a/usr.sbin/radiusctl/radiusctl.8 b/usr.sbin/radiusctl/radiusctl.8
index 58980c9bae3..00ab5bce21d 100644
--- a/usr.sbin/radiusctl/radiusctl.8
+++ b/usr.sbin/radiusctl/radiusctl.8
@@ -1,4 +1,4 @@
-.\"	$OpenBSD: radiusctl.8,v 1.8 2024/07/14 03:47:44 jsg Exp $
+.\"	$OpenBSD: radiusctl.8,v 1.9 2024/07/24 08:27:20 yasuoka Exp $
 .\"
 .\" Copyright (c) YASUOKA Masahiko <yasuoka@yasuoka.net>
 .\"
@@ -15,7 +15,7 @@
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
 .\"
-.Dd $Mdocdate: July 14 2024 $
+.Dd $Mdocdate: July 24 2024 $
 .Dt RADIUSCTL 8
 .Os
 .Sh NAME
@@ -86,6 +86,9 @@ the default port number 1812 is used.
 .It Cm tries Ar number
 Specifies the number of packets to try sending.
 The default is 3.
+.It Cm msgauth Ar yes | no
+Specifies if Message-Authenticator is given for the access request packet.
+The default is yes.
 .El
 .It Cm ipcp show
 Show all ipcp sessions in the database of
diff --git a/usr.sbin/radiusctl/radiusctl.c b/usr.sbin/radiusctl/radiusctl.c
index d3bc45eb866..6b8a4fedbf4 100644
--- a/usr.sbin/radiusctl/radiusctl.c
+++ b/usr.sbin/radiusctl/radiusctl.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: radiusctl.c,v 1.11 2024/07/22 09:39:23 yasuoka Exp $	*/
+/*	$OpenBSD: radiusctl.c,v 1.12 2024/07/24 08:27:20 yasuoka Exp $	*/
 /*
  * Copyright (c) 2015 YASUOKA Masahiko <yasuoka@yasuoka.net>
  *
@@ -368,7 +368,8 @@ radius_test(struct parse_result *res)
 	u32val = htonl(res->nas_port);
 	radius_put_raw_attr(reqpkt, RADIUS_TYPE_NAS_PORT, &u32val, 4);
 
-	radius_put_message_authenticator(reqpkt, res->secret);
+	if (res->msgauth)
+		radius_put_message_authenticator(reqpkt, res->secret);
 
 	event_init();
 
@@ -500,6 +501,10 @@ radius_dump(FILE *out, RADIUS_PACKET *pkt, bool resp, const char *secret)
 		    : (radius_check_message_authenticator(pkt, secret) == 0)
 		    ? "Verified" : "NG");
 	}
+	if (!resp)
+		fprintf(out, "    Message-Authenticator     = %s\n",
+		    (radius_has_attr(pkt, RADIUS_TYPE_MESSAGE_AUTHENTICATOR))
+		    ? "(Present)" : "(Not present)");
 
 	if (radius_get_string_attr(pkt, RADIUS_TYPE_USER_NAME, buf,
 	    sizeof(buf)) == 0)
-- 
2.20.1