int main(int argc, char **argv)
{
char *p;
int c;
const char *radius_dir = RADDBDIR;
char filesecret[256];
FILE *fp;
int do_summary = 0;
int persec = 0;
int parallel = 1;
radclient_t *this;
int force_af = AF_UNSPEC;
fr_debug_flag = 0;
filename_tree = rbtree_create(filename_cmp, NULL, 0);
if (!filename_tree) {
fprintf(stderr, "radclient: Out of memory\n");
exit(1);
}
while ((c = getopt(argc, argv, "46c:d:f:Fhi:n:p:qr:sS:t:vx"
#ifdef WITH_TCP
"P:"
#endif
)) != EOF) switch(c) {
case '4':
force_af = AF_INET;
break;
case '6':
force_af = AF_INET6;
break;
case 'c':
if (!isdigit((int) *optarg))
usage();
resend_count = atoi(optarg);
break;
case 'd':
radius_dir = optarg;
break;
case 'f':
rbtree_insert(filename_tree, optarg);
break;
case 'F':
print_filename = 1;
break;
case 'i': /* currently broken */
if (!isdigit((int) *optarg))
usage();
last_used_id = atoi(optarg);
if ((last_used_id < 0) || (last_used_id > 255)) {
usage();
}
break;
case 'n':
persec = atoi(optarg);
if (persec <= 0) usage();
break;
/*
* Note that sending MANY requests in
* parallel can over-run the kernel
* queues, and Linux will happily discard
* packets. So even if the server responds,
* the client may not see the response.
*/
case 'p':
parallel = atoi(optarg);
if (parallel <= 0) usage();
break;
#ifdef WITH_TCP
case 'P':
proto = optarg;
if (strcmp(proto, "tcp") != 0) {
if (strcmp(proto, "udp") == 0) {
proto = NULL;
} else {
usage();
}
} else {
ipproto = IPPROTO_TCP;
}
break;
#endif
case 'q':
do_output = 0;
fr_log_fp = NULL; /* no output from you, either! */
break;
case 'r':
if (!isdigit((int) *optarg))
usage();
retries = atoi(optarg);
if ((retries == 0) || (retries > 1000)) usage();
break;
case 's':
do_summary = 1;
break;
case 'S':
fp = fopen(optarg, "r");
if (!fp) {
fprintf(stderr, "radclient: Error opening %s: %s\n",
optarg, strerror(errno));
exit(1);
}
if (fgets(filesecret, sizeof(filesecret), fp) == NULL) {
fprintf(stderr, "radclient: Error reading %s: %s\n",
optarg, strerror(errno));
exit(1);
}
fclose(fp);
/* truncate newline */
p = filesecret + strlen(filesecret) - 1;
while ((p >= filesecret) &&
(*p < ' ')) {
*p = '\0';
--p;
}
if (strlen(filesecret) < 2) {
fprintf(stderr, "radclient: Secret in %s is too short\n", optarg);
exit(1);
}
secret = filesecret;
break;
case 't':
if (!isdigit((int) *optarg))
usage();
timeout = atof(optarg);
break;
case 'v':
printf("%s", radclient_version);
exit(0);
break;
case 'x':
fr_debug_flag++;
fr_log_fp = stdout;
break;
case 'h':
default:
usage();
break;
}
argc -= (optind - 1);
argv += (optind - 1);
if ((argc < 3) ||
((secret == NULL) && (argc < 4))) {
usage();
}
if (dict_init(radius_dir, RADIUS_DICTIONARY) < 0) {
fr_perror("radclient");
return 1;
}
/*
* Resolve hostname.
*/
if (force_af == AF_UNSPEC) force_af = AF_INET;
server_ipaddr.af = force_af;
if (strcmp(argv[1], "-") != 0) {
const char *hostname = argv[1];
const char *portname = argv[1];
char buffer[256];
if (*argv[1] == '[') { /* IPv6 URL encoded */
p = strchr(argv[1], ']');
if ((size_t) (p - argv[1]) >= sizeof(buffer)) {
usage();
}
memcpy(buffer, argv[1] + 1, p - argv[1] - 1);
buffer[p - argv[1] - 1] = '\0';
hostname = buffer;
portname = p + 1;
}
p = strchr(portname, ':');
if (p && (strchr(p + 1, ':') == NULL)) {
*p = '\0';
portname = p + 1;
} else {
portname = NULL;
}
if (ip_hton(hostname, force_af, &server_ipaddr) < 0) {
fprintf(stderr, "radclient: Failed to find IP address for host %s: %s\n", hostname, strerror(errno));
exit(1);
}
/*
* Strip port from hostname if needed.
*/
if (portname) server_port = atoi(portname);
}
/*
* See what kind of request we want to send.
*/
if (strcmp(argv[2], "auth") == 0) {
if (server_port == 0) server_port = getport("radius");
if (server_port == 0) server_port = PW_AUTH_UDP_PORT;
packet_code = PW_AUTHENTICATION_REQUEST;
} else if (strcmp(argv[2], "challenge") == 0) {
if (server_port == 0) server_port = getport("radius");
if (server_port == 0) server_port = PW_AUTH_UDP_PORT;
packet_code = PW_ACCESS_CHALLENGE;
} else if (strcmp(argv[2], "acct") == 0) {
if (server_port == 0) server_port = getport("radacct");
if (server_port == 0) server_port = PW_ACCT_UDP_PORT;
packet_code = PW_ACCOUNTING_REQUEST;
do_summary = 0;
} else if (strcmp(argv[2], "status") == 0) {
if (server_port == 0) server_port = getport("radius");
if (server_port == 0) server_port = PW_AUTH_UDP_PORT;
packet_code = PW_STATUS_SERVER;
} else if (strcmp(argv[2], "disconnect") == 0) {
if (server_port == 0) server_port = PW_COA_UDP_PORT;
packet_code = PW_DISCONNECT_REQUEST;
} else if (strcmp(argv[2], "coa") == 0) {
if (server_port == 0) server_port = PW_COA_UDP_PORT;
packet_code = PW_COA_REQUEST;
} else if (strcmp(argv[2], "auto") == 0) {
packet_code = -1;
} else if (isdigit((int) argv[2][0])) {
if (server_port == 0) server_port = getport("radius");
if (server_port == 0) server_port = PW_AUTH_UDP_PORT;
packet_code = atoi(argv[2]);
} else {
usage();
}
/*
* Add the secret.
*/
if (argv[3]) secret = argv[3];
/*
* If no '-f' is specified, we're reading from stdin.
*/
if (rbtree_num_elements(filename_tree) == 0) {
if (!radclient_init("-")) exit(1);
}
/*
* Walk over the list of filenames, creating the requests.
*/
if (rbtree_walk(filename_tree, InOrder, filename_walk, NULL) != 0) {
exit(1);
}
/*
* No packets read. Die.
*/
if (!radclient_head) {
fprintf(stderr, "radclient: Nothing to send.\n");
exit(1);
}
/*
* Bind to the first specified IP address and port.
* This means we ignore later ones.
*/
if (radclient_head->request->src_ipaddr.af == AF_UNSPEC) {
memset(&client_ipaddr, 0, sizeof(client_ipaddr));
client_ipaddr.af = server_ipaddr.af;
client_port = 0;
} else {
client_ipaddr = radclient_head->request->src_ipaddr;
client_port = radclient_head->request->src_port;
}
#ifdef WITH_TCP
if (proto) {
sockfd = fr_tcp_client_socket(NULL, &server_ipaddr, server_port);
} else
#endif
sockfd = fr_socket(&client_ipaddr, client_port);
if (sockfd < 0) {
fprintf(stderr, "radclient: socket: %s\n", fr_strerror());
exit(1);
}
pl = fr_packet_list_create(1);
if (!pl) {
fprintf(stderr, "radclient: Out of memory\n");
exit(1);
}
if (!fr_packet_list_socket_add(pl, sockfd, ipproto, &server_ipaddr,
server_port, NULL)) {
fprintf(stderr, "radclient: Out of memory\n");
exit(1);
}
/*
* Walk over the list of packets, sanity checking
* everything.
*/
for (this = radclient_head; this != NULL; this = this->next) {
this->request->src_ipaddr = client_ipaddr;
this->request->src_port = client_port;
if (radclient_sane(this) != 0) {
exit(1);
}
}
/*
* Walk over the packets to send, until
* we're all done.
*
* FIXME: This currently busy-loops until it receives
* all of the packets. It should really have some sort of
* send packet, get time to wait, select for time, etc.
* loop.
*/
do {
int n = parallel;
radclient_t *next;
const char *filename = NULL;
done = 1;
sleep_time = -1;
/*
* Walk over the packets, sending them.
*/
for (this = radclient_head; this != NULL; this = next) {
next = this->next;
/*
* If there's a packet to receive,
* receive it, but don't wait for a
* packet.
*/
recv_one_packet(0);
/*
* This packet is done. Delete it.
*/
if (this->done) {
radclient_free(this);
continue;
}
/*
* Packets from multiple '-f' are sent
* in parallel.
*
* Packets from one file are sent in
* series, unless '-p' is specified, in
* which case N packets from each file
* are sent in parallel.
*/
if (this->filename != filename) {
filename = this->filename;
n = parallel;
}
if (n > 0) {
n--;
/*
* Send the current packet.
*/
send_one_packet(this);
/*
* Wait a little before sending
* the next packet, if told to.
*/
if (persec) {
struct timeval tv;
/*
* Don't sleep elsewhere.
*/
sleep_time = 0;
if (persec == 1) {
tv.tv_sec = 1;
tv.tv_usec = 0;
} else {
tv.tv_sec = 0;
tv.tv_usec = 1000000/persec;
}
/*
* Sleep for milliseconds,
* portably.
*
* If we get an error or
* a signal, treat it like
* a normal timeout.
*/
select(0, NULL, NULL, NULL, &tv);
}
/*
* If we haven't sent this packet
* often enough, we're not done,
* and we shouldn't sleep.
*/
if (this->resend < resend_count) {
done = 0;
sleep_time = 0;
}
} else { /* haven't sent this packet, we're not done */
assert(this->done == 0);
assert(this->reply == NULL);
done = 0;
}
}
/*
* Still have outstanding requests.
*/
if (fr_packet_list_num_elements(pl) > 0) {
done = 0;
} else {
sleep_time = 0;
}
/*
* Nothing to do until we receive a request, so
* sleep until then. Once we receive one packet,
* we go back, and walk through the whole list again,
* sending more packets (if necessary), and updating
* the sleep time.
*/
if (!done && (sleep_time > 0)) {
recv_one_packet(sleep_time);
}
} while (!done);
rbtree_free(filename_tree);
fr_packet_list_free(pl);
while (radclient_head) radclient_free(radclient_head);
dict_free();
if (do_summary) {
printf("\n\t Total approved auths: %d\n", totalapp);
printf("\t Total denied auths: %d\n", totaldeny);
printf("\t Total lost auths: %d\n", totallost);
}
if (success) return 0;
return 1;
}
/*
* Initialize a radclient data structure
*/
static radclient_t *radclient_init(char * auth_statement)
{
VALUE_PAIR *vp;
radclient_t *start, *radclient, *prev = NULL;
int filedone = 0;
int packet_number = 1;
start = NULL;
/*
* Determine where to read the VP's from.
*/
/*
* Loop until the file is done.
*/
/*
* Allocate it.
*/
radclient = malloc(sizeof(*radclient));
memset(radclient, 0, sizeof(*radclient));
radclient->request = rad_alloc(1);
radclient->request->id = -1; /* allocate when sending */
radclient->packet_number = packet_number++;
/*
* Read the VP's.
*/
radclient->request->vps = readvp2(auth_statement, &filedone, "radclient: X");
if (!radclient->request->vps)
{
radclient_free(radclient);
return radclient; /* done: return the list */
}
/*
* Keep a copy of the the User-Password attribute.
*/
if ((vp = pairfind(radclient->request->vps, PW_PASSWORD)) != NULL)
{
strNcpy(radclient->password, (char *)vp->strvalue, sizeof(radclient->password));
/*
* Otherwise keep a copy of the CHAP-Password attribute.
*/
}
else if ((vp = pairfind(radclient->request->vps, PW_CHAP_PASSWORD)) != NULL)
{
strNcpy(radclient->password, (char *)vp->strvalue, sizeof(radclient->password));
}
else
{
radclient->password[0] = '\0';
}
/*
* Fix up Digest-Attributes issues
*/
for (vp = radclient->request->vps; vp != NULL; vp = vp->next)
{
switch (vp->attribute)
{
default:
break;
/*
* Allow it to set the packet type in
* the attributes read from the file.
*/
case PW_PACKET_TYPE:
radclient->request->code = vp->lvalue;
break;
case PW_PACKET_DST_PORT:
radclient->request->dst_port = (vp->lvalue & 0xffff);
break;
case PW_DIGEST_REALM:
case PW_DIGEST_NONCE:
case PW_DIGEST_METHOD:
case PW_DIGEST_URI:
case PW_DIGEST_QOP:
case PW_DIGEST_ALGORITHM:
case PW_DIGEST_BODY_DIGEST:
case PW_DIGEST_CNONCE:
case PW_DIGEST_NONCE_COUNT:
case PW_DIGEST_USER_NAME:
/* overlapping! */
memmove(&vp->strvalue[2], &vp->strvalue[0], vp->length);
vp->strvalue[0] = vp->attribute - PW_DIGEST_REALM + 1;
vp->length += 2;
vp->strvalue[1] = vp->length;
vp->attribute = PW_DIGEST_ATTRIBUTES;
break;
}
} /* loop over the VP's we read in */
if (!start)
{
start = radclient;
prev = start;
}
else
{
prev->next = radclient;
radclient->prev = prev;
prev = radclient;
}
/*
* And we're done.
*/
return radclient;
}
