int main(int argc, char **argv) { char *p; int c; const char *radius_dir = RADDBDIR; char filesecret[256]; FILE *fp; int do_summary = 0; int persec = 0; int parallel = 1; radclient_t *this; int force_af = AF_UNSPEC; fr_debug_flag = 0; filename_tree = rbtree_create(filename_cmp, NULL, 0); if (!filename_tree) { fprintf(stderr, "radclient: Out of memory\n"); exit(1); } while ((c = getopt(argc, argv, "46c:d:f:Fhi:n:p:qr:sS:t:vx" #ifdef WITH_TCP "P:" #endif )) != EOF) switch(c) { case '4': force_af = AF_INET; break; case '6': force_af = AF_INET6; break; case 'c': if (!isdigit((int) *optarg)) usage(); resend_count = atoi(optarg); break; case 'd': radius_dir = optarg; break; case 'f': rbtree_insert(filename_tree, optarg); break; case 'F': print_filename = 1; break; case 'i': /* currently broken */ if (!isdigit((int) *optarg)) usage(); last_used_id = atoi(optarg); if ((last_used_id < 0) || (last_used_id > 255)) { usage(); } break; case 'n': persec = atoi(optarg); if (persec <= 0) usage(); break; /* * Note that sending MANY requests in * parallel can over-run the kernel * queues, and Linux will happily discard * packets. So even if the server responds, * the client may not see the response. */ case 'p': parallel = atoi(optarg); if (parallel <= 0) usage(); break; #ifdef WITH_TCP case 'P': proto = optarg; if (strcmp(proto, "tcp") != 0) { if (strcmp(proto, "udp") == 0) { proto = NULL; } else { usage(); } } else { ipproto = IPPROTO_TCP; } break; #endif case 'q': do_output = 0; fr_log_fp = NULL; /* no output from you, either! */ break; case 'r': if (!isdigit((int) *optarg)) usage(); retries = atoi(optarg); if ((retries == 0) || (retries > 1000)) usage(); break; case 's': do_summary = 1; break; case 'S': fp = fopen(optarg, "r"); if (!fp) { fprintf(stderr, "radclient: Error opening %s: %s\n", optarg, strerror(errno)); exit(1); } if (fgets(filesecret, sizeof(filesecret), fp) == NULL) { fprintf(stderr, "radclient: Error reading %s: %s\n", optarg, strerror(errno)); exit(1); } fclose(fp); /* truncate newline */ p = filesecret + strlen(filesecret) - 1; while ((p >= filesecret) && (*p < ' ')) { *p = '\0'; --p; } if (strlen(filesecret) < 2) { fprintf(stderr, "radclient: Secret in %s is too short\n", optarg); exit(1); } secret = filesecret; break; case 't': if (!isdigit((int) *optarg)) usage(); timeout = atof(optarg); break; case 'v': printf("%s", radclient_version); exit(0); break; case 'x': fr_debug_flag++; fr_log_fp = stdout; break; case 'h': default: usage(); break; } argc -= (optind - 1); argv += (optind - 1); if ((argc < 3) || ((secret == NULL) && (argc < 4))) { usage(); } if (dict_init(radius_dir, RADIUS_DICTIONARY) < 0) { fr_perror("radclient"); return 1; } /* * Resolve hostname. */ if (force_af == AF_UNSPEC) force_af = AF_INET; server_ipaddr.af = force_af; if (strcmp(argv[1], "-") != 0) { const char *hostname = argv[1]; const char *portname = argv[1]; char buffer[256]; if (*argv[1] == '[') { /* IPv6 URL encoded */ p = strchr(argv[1], ']'); if ((size_t) (p - argv[1]) >= sizeof(buffer)) { usage(); } memcpy(buffer, argv[1] + 1, p - argv[1] - 1); buffer[p - argv[1] - 1] = '\0'; hostname = buffer; portname = p + 1; } p = strchr(portname, ':'); if (p && (strchr(p + 1, ':') == NULL)) { *p = '\0'; portname = p + 1; } else { portname = NULL; } if (ip_hton(hostname, force_af, &server_ipaddr) < 0) { fprintf(stderr, "radclient: Failed to find IP address for host %s: %s\n", hostname, strerror(errno)); exit(1); } /* * Strip port from hostname if needed. */ if (portname) server_port = atoi(portname); } /* * See what kind of request we want to send. */ if (strcmp(argv[2], "auth") == 0) { if (server_port == 0) server_port = getport("radius"); if (server_port == 0) server_port = PW_AUTH_UDP_PORT; packet_code = PW_AUTHENTICATION_REQUEST; } else if (strcmp(argv[2], "challenge") == 0) { if (server_port == 0) server_port = getport("radius"); if (server_port == 0) server_port = PW_AUTH_UDP_PORT; packet_code = PW_ACCESS_CHALLENGE; } else if (strcmp(argv[2], "acct") == 0) { if (server_port == 0) server_port = getport("radacct"); if (server_port == 0) server_port = PW_ACCT_UDP_PORT; packet_code = PW_ACCOUNTING_REQUEST; do_summary = 0; } else if (strcmp(argv[2], "status") == 0) { if (server_port == 0) server_port = getport("radius"); if (server_port == 0) server_port = PW_AUTH_UDP_PORT; packet_code = PW_STATUS_SERVER; } else if (strcmp(argv[2], "disconnect") == 0) { if (server_port == 0) server_port = PW_COA_UDP_PORT; packet_code = PW_DISCONNECT_REQUEST; } else if (strcmp(argv[2], "coa") == 0) { if (server_port == 0) server_port = PW_COA_UDP_PORT; packet_code = PW_COA_REQUEST; } else if (strcmp(argv[2], "auto") == 0) { packet_code = -1; } else if (isdigit((int) argv[2][0])) { if (server_port == 0) server_port = getport("radius"); if (server_port == 0) server_port = PW_AUTH_UDP_PORT; packet_code = atoi(argv[2]); } else { usage(); } /* * Add the secret. */ if (argv[3]) secret = argv[3]; /* * If no '-f' is specified, we're reading from stdin. */ if (rbtree_num_elements(filename_tree) == 0) { if (!radclient_init("-")) exit(1); } /* * Walk over the list of filenames, creating the requests. */ if (rbtree_walk(filename_tree, InOrder, filename_walk, NULL) != 0) { exit(1); } /* * No packets read. Die. */ if (!radclient_head) { fprintf(stderr, "radclient: Nothing to send.\n"); exit(1); } /* * Bind to the first specified IP address and port. * This means we ignore later ones. */ if (radclient_head->request->src_ipaddr.af == AF_UNSPEC) { memset(&client_ipaddr, 0, sizeof(client_ipaddr)); client_ipaddr.af = server_ipaddr.af; client_port = 0; } else { client_ipaddr = radclient_head->request->src_ipaddr; client_port = radclient_head->request->src_port; } #ifdef WITH_TCP if (proto) { sockfd = fr_tcp_client_socket(NULL, &server_ipaddr, server_port); } else #endif sockfd = fr_socket(&client_ipaddr, client_port); if (sockfd < 0) { fprintf(stderr, "radclient: socket: %s\n", fr_strerror()); exit(1); } pl = fr_packet_list_create(1); if (!pl) { fprintf(stderr, "radclient: Out of memory\n"); exit(1); } if (!fr_packet_list_socket_add(pl, sockfd, ipproto, &server_ipaddr, server_port, NULL)) { fprintf(stderr, "radclient: Out of memory\n"); exit(1); } /* * Walk over the list of packets, sanity checking * everything. */ for (this = radclient_head; this != NULL; this = this->next) { this->request->src_ipaddr = client_ipaddr; this->request->src_port = client_port; if (radclient_sane(this) != 0) { exit(1); } } /* * Walk over the packets to send, until * we're all done. * * FIXME: This currently busy-loops until it receives * all of the packets. It should really have some sort of * send packet, get time to wait, select for time, etc. * loop. */ do { int n = parallel; radclient_t *next; const char *filename = NULL; done = 1; sleep_time = -1; /* * Walk over the packets, sending them. */ for (this = radclient_head; this != NULL; this = next) { next = this->next; /* * If there's a packet to receive, * receive it, but don't wait for a * packet. */ recv_one_packet(0); /* * This packet is done. Delete it. */ if (this->done) { radclient_free(this); continue; } /* * Packets from multiple '-f' are sent * in parallel. * * Packets from one file are sent in * series, unless '-p' is specified, in * which case N packets from each file * are sent in parallel. */ if (this->filename != filename) { filename = this->filename; n = parallel; } if (n > 0) { n--; /* * Send the current packet. */ send_one_packet(this); /* * Wait a little before sending * the next packet, if told to. */ if (persec) { struct timeval tv; /* * Don't sleep elsewhere. */ sleep_time = 0; if (persec == 1) { tv.tv_sec = 1; tv.tv_usec = 0; } else { tv.tv_sec = 0; tv.tv_usec = 1000000/persec; } /* * Sleep for milliseconds, * portably. * * If we get an error or * a signal, treat it like * a normal timeout. */ select(0, NULL, NULL, NULL, &tv); } /* * If we haven't sent this packet * often enough, we're not done, * and we shouldn't sleep. */ if (this->resend < resend_count) { done = 0; sleep_time = 0; } } else { /* haven't sent this packet, we're not done */ assert(this->done == 0); assert(this->reply == NULL); done = 0; } } /* * Still have outstanding requests. */ if (fr_packet_list_num_elements(pl) > 0) { done = 0; } else { sleep_time = 0; } /* * Nothing to do until we receive a request, so * sleep until then. Once we receive one packet, * we go back, and walk through the whole list again, * sending more packets (if necessary), and updating * the sleep time. */ if (!done && (sleep_time > 0)) { recv_one_packet(sleep_time); } } while (!done); rbtree_free(filename_tree); fr_packet_list_free(pl); while (radclient_head) radclient_free(radclient_head); dict_free(); if (do_summary) { printf("\n\t Total approved auths: %d\n", totalapp); printf("\t Total denied auths: %d\n", totaldeny); printf("\t Total lost auths: %d\n", totallost); } if (success) return 0; return 1; }
/* * Initialize a radclient data structure */ static radclient_t *radclient_init(char * auth_statement) { VALUE_PAIR *vp; radclient_t *start, *radclient, *prev = NULL; int filedone = 0; int packet_number = 1; start = NULL; /* * Determine where to read the VP's from. */ /* * Loop until the file is done. */ /* * Allocate it. */ radclient = malloc(sizeof(*radclient)); memset(radclient, 0, sizeof(*radclient)); radclient->request = rad_alloc(1); radclient->request->id = -1; /* allocate when sending */ radclient->packet_number = packet_number++; /* * Read the VP's. */ radclient->request->vps = readvp2(auth_statement, &filedone, "radclient: X"); if (!radclient->request->vps) { radclient_free(radclient); return radclient; /* done: return the list */ } /* * Keep a copy of the the User-Password attribute. */ if ((vp = pairfind(radclient->request->vps, PW_PASSWORD)) != NULL) { strNcpy(radclient->password, (char *)vp->strvalue, sizeof(radclient->password)); /* * Otherwise keep a copy of the CHAP-Password attribute. */ } else if ((vp = pairfind(radclient->request->vps, PW_CHAP_PASSWORD)) != NULL) { strNcpy(radclient->password, (char *)vp->strvalue, sizeof(radclient->password)); } else { radclient->password[0] = '\0'; } /* * Fix up Digest-Attributes issues */ for (vp = radclient->request->vps; vp != NULL; vp = vp->next) { switch (vp->attribute) { default: break; /* * Allow it to set the packet type in * the attributes read from the file. */ case PW_PACKET_TYPE: radclient->request->code = vp->lvalue; break; case PW_PACKET_DST_PORT: radclient->request->dst_port = (vp->lvalue & 0xffff); break; case PW_DIGEST_REALM: case PW_DIGEST_NONCE: case PW_DIGEST_METHOD: case PW_DIGEST_URI: case PW_DIGEST_QOP: case PW_DIGEST_ALGORITHM: case PW_DIGEST_BODY_DIGEST: case PW_DIGEST_CNONCE: case PW_DIGEST_NONCE_COUNT: case PW_DIGEST_USER_NAME: /* overlapping! */ memmove(&vp->strvalue[2], &vp->strvalue[0], vp->length); vp->strvalue[0] = vp->attribute - PW_DIGEST_REALM + 1; vp->length += 2; vp->strvalue[1] = vp->length; vp->attribute = PW_DIGEST_ATTRIBUTES; break; } } /* loop over the VP's we read in */ if (!start) { start = radclient; prev = start; } else { prev->next = radclient; radclient->prev = prev; prev = radclient; } /* * And we're done. */ return radclient; }