2 * command.c Command socket processing.
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or
9 * (at your option) any later version.
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
20 * Copyright 2008 The FreeRADIUS server project
21 * Copyright 2008 Alan DeKok <aland@deployingradius.com>
24 #ifdef WITH_COMMAND_SOCKET
26 #include <freeradius-devel/parser.h>
28 #ifdef HAVE_INTTYPES_H
35 #define SUN_LEN(su) (sizeof(*(su)) - sizeof((su)->sun_path) + strlen((su)->sun_path))
39 #ifdef HAVE_SYS_STAT_H
51 typedef struct fr_command_table_t fr_command_table_t;
53 typedef int (*fr_command_func_t)(rad_listen_t *, int, char *argv[]);
58 struct fr_command_table_t {
60 int mode; /* read/write */
62 fr_command_func_t func;
63 fr_command_table_t *table;
66 #define COMMAND_BUFFER_SIZE (1024)
68 typedef struct fr_cs_buffer_t {
73 char buffer[COMMAND_BUFFER_SIZE];
76 #define COMMAND_SOCKET_MAGIC (0xffdeadee)
77 typedef struct fr_command_socket_t {
80 char *copy; /* <sigh> */
89 * The next few entries handle fake packets injected by
92 fr_ipaddr_t src_ipaddr; /* src_port is always 0 */
93 fr_ipaddr_t dst_ipaddr;
95 rad_listen_t *inject_listener;
96 RADCLIENT *inject_client;
99 } fr_command_socket_t;
101 static const CONF_PARSER command_config[] = {
102 { "socket", PW_TYPE_STRING,
103 offsetof(fr_command_socket_t, path), NULL, "${run_dir}/radiusd.sock"},
104 { "uid", PW_TYPE_STRING,
105 offsetof(fr_command_socket_t, uid_name), NULL, NULL},
106 { "gid", PW_TYPE_STRING,
107 offsetof(fr_command_socket_t, gid_name), NULL, NULL},
108 { "mode", PW_TYPE_STRING,
109 offsetof(fr_command_socket_t, mode_name), NULL, NULL},
111 { NULL, -1, 0, NULL, NULL } /* end the list */
114 static FR_NAME_NUMBER mode_names[] = {
116 { "read-only", FR_READ },
117 { "read-write", FR_READ | FR_WRITE },
118 { "rw", FR_READ | FR_WRITE },
122 #ifndef HAVE_GETPEEREID
123 static int getpeereid(int s, uid_t *euid, gid_t *egid)
129 socklen_t cl = sizeof(cr);
131 if (getsockopt(s, SOL_SOCKET, SO_PEERCRED, &cr, &cl) < 0) {
138 #endif /* SO_PEERCRED */
140 #endif /* HAVE_GETPEEREID */
143 static int fr_server_domain_socket(char const *path)
148 struct sockaddr_un salocal;
152 ERROR("No path provided, was NULL");
157 if (len >= sizeof(salocal.sun_path)) {
158 ERROR("Path too long in socket filename");
162 if ((sockfd = socket(AF_UNIX, SOCK_STREAM, 0)) < 0) {
163 ERROR("Failed creating socket: %s",
168 memset(&salocal, 0, sizeof(salocal));
169 salocal.sun_family = AF_UNIX;
170 memcpy(salocal.sun_path, path, len + 1); /* SUN_LEN does strlen */
172 socklen = SUN_LEN(&salocal);
177 if (stat(path, &buf) < 0) {
178 if (errno != ENOENT) {
179 ERROR("Failed to stat %s: %s",
180 path, fr_syserror(errno));
186 * FIXME: Check the enclosing directory?
188 } else { /* it exists */
189 if (!S_ISREG(buf.st_mode)
191 && !S_ISSOCK(buf.st_mode)
194 ERROR("Cannot turn %s into socket", path);
200 * Refuse to open sockets not owned by us.
202 if (buf.st_uid != geteuid()) {
203 ERROR("We do not own %s", path);
208 if (unlink(path) < 0) {
209 ERROR("Failed to delete %s: %s",
210 path, fr_syserror(errno));
216 if (bind(sockfd, (struct sockaddr *)&salocal, socklen) < 0) {
217 ERROR("Failed binding to %s: %s",
218 path, fr_syserror(errno));
224 * FIXME: There's a race condition here. But Linux
225 * doesn't seem to permit fchmod on domain sockets.
227 if (chmod(path, S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP) < 0) {
228 ERROR("Failed setting permissions on %s: %s",
229 path, fr_syserror(errno));
234 if (listen(sockfd, 8) < 0) {
235 ERROR("Failed listening to %s: %s",
236 path, fr_syserror(errno));
245 if ((flags = fcntl(sockfd, F_GETFL, NULL)) < 0) {
246 ERROR("Failure getting socket flags: %s",
253 if( fcntl(sockfd, F_SETFL, flags) < 0) {
254 ERROR("Failure setting socket flags: %s",
266 static void command_close_socket(rad_listen_t *this)
268 this->status = RAD_LISTEN_STATUS_EOL;
271 * This removes the socket from the event fd, so no one
272 * will be calling us any more.
274 radius_update_listener(this);
277 static ssize_t CC_HINT(format (printf, 2, 3)) cprintf(rad_listen_t *listener, char const *fmt, ...)
284 len = vsnprintf(buffer, sizeof(buffer), fmt, ap);
287 if (listener->status == RAD_LISTEN_STATUS_EOL) return 0;
289 len = write(listener->fd, buffer, len);
290 if (len <= 0) command_close_socket(listener);
293 * FIXME: Keep writing until done?
298 static int command_hup(rad_listen_t *listener, int argc, char *argv[])
301 module_instance_t *mi;
305 radius_signal_self(RADIUS_SIGNAL_SELF_HUP);
310 * Hack a "main" HUP thingy
312 if (strcmp(argv[0], "main.log") == 0) {
317 cs = cf_section_find("modules");
320 mi = find_module_instance(cs, argv[0], 0);
322 cprintf(listener, "ERROR: No such module \"%s\"\n", argv[0]);
326 if ((mi->entry->module->type & RLM_TYPE_HUP_SAFE) == 0) {
327 cprintf(listener, "ERROR: Module %s cannot be hup'd\n",
332 if (!module_hup_module(mi->cs, mi, time(NULL))) {
333 cprintf(listener, "ERROR: Failed to reload module\n");
337 snprintf(buffer, sizeof(buffer), "modules.%s.hup",
338 cf_section_name1(mi->cs));
339 exec_trigger(NULL, mi->cs, buffer, true);
341 return 1; /* success */
344 static int command_terminate(UNUSED rad_listen_t *listener,
345 UNUSED int argc, UNUSED char *argv[])
347 radius_signal_self(RADIUS_SIGNAL_SELF_TERM);
349 return 1; /* success */
352 extern time_t fr_start_time;
354 static int command_uptime(rad_listen_t *listener,
355 UNUSED int argc, UNUSED char *argv[])
359 CTIME_R(&fr_start_time, buffer, sizeof(buffer));
360 cprintf(listener, "Up since %s", buffer); /* no \r\n */
362 return 1; /* success */
365 static int command_show_config(rad_listen_t *listener, int argc, char *argv[])
372 cprintf(listener, "ERROR: No path was given\n");
376 ci = cf_reference_item(main_config.config, main_config.config, argv[0]);
379 if (!cf_item_is_pair(ci)) return 0;
381 cp = cf_itemtopair(ci);
382 value = cf_pair_value(cp);
383 if (!value) return 0;
385 cprintf(listener, "%s\n", value);
387 return 1; /* success */
390 static char const *tabs = "\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t";
393 * FIXME: Recurse && indent?
395 static void cprint_conf_parser(rad_listen_t *listener, int indent, CONF_SECTION *cs,
400 char const *name1 = cf_section_name1(cs);
401 char const *name2 = cf_section_name2(cs);
402 CONF_PARSER const *variables = cf_section_parse_table(cs);
405 cprintf(listener, "%.*s%s %s {\n", indent, tabs, name1, name2);
407 cprintf(listener, "%.*s%s {\n", indent, tabs, name1);
415 if (variables) for (i = 0; variables[i].name != NULL; i++) {
420 * No base struct offset, data must be the pointer.
421 * If data doesn't exist, ignore the entry, there
422 * must be something wrong.
425 if (!variables[i].data) {
429 data = variables[i].data;;
431 } else if (variables[i].data) {
432 data = variables[i].data;;
435 data = (((char const *)base) + variables[i].offset);
438 switch (variables[i].type) {
440 cprintf(listener, "%.*s%s = ?\n", indent, tabs,
444 case PW_TYPE_INTEGER:
445 cprintf(listener, "%.*s%s = %u\n", indent, tabs,
446 variables[i].name, *(int const *) data);
450 inet_ntop(AF_INET, data, buffer, sizeof(buffer));
453 case PW_TYPE_IPV6ADDR:
454 inet_ntop(AF_INET6, data, buffer, sizeof(buffer));
457 case PW_TYPE_BOOLEAN:
458 cprintf(listener, "%.*s%s = %s\n", indent, tabs,
460 ((*(bool const *) data) == false) ? "no" : "yes");
464 case PW_TYPE_FILE_INPUT:
465 case PW_TYPE_FILE_OUTPUT:
467 * FIXME: Escape things in the string!
469 if (*(char const * const *) data) {
470 cprintf(listener, "%.*s%s = \"%s\"\n", indent, tabs,
471 variables[i].name, *(char const * const *) data);
473 cprintf(listener, "%.*s%s = \n", indent, tabs,
483 cprintf(listener, "%.*s}\n", indent, tabs);
486 static int command_show_module_config(rad_listen_t *listener, int argc, char *argv[])
489 module_instance_t *mi;
492 cprintf(listener, "ERROR: No module name was given\n");
496 cs = cf_section_find("modules");
499 mi = find_module_instance(cs, argv[0], 0);
501 cprintf(listener, "ERROR: No such module \"%s\"\n", argv[0]);
505 cprint_conf_parser(listener, 0, mi->cs, mi->insthandle);
507 return 1; /* success */
510 static char const *method_names[RLM_COMPONENT_COUNT] = {
522 static int command_show_module_methods(rad_listen_t *listener, int argc, char *argv[])
526 module_instance_t const *mi;
530 cprintf(listener, "ERROR: No module name was given\n");
534 cs = cf_section_find("modules");
537 mi = find_module_instance(cs, argv[0], 0);
539 cprintf(listener, "ERROR: No such module \"%s\"\n", argv[0]);
543 mod = mi->entry->module;
545 for (i = 0; i < RLM_COMPONENT_COUNT; i++) {
546 if (mod->methods[i]) cprintf(listener, "\t%s\n", method_names[i]);
549 return 1; /* success */
553 static int command_show_module_flags(rad_listen_t *listener, int argc, char *argv[])
556 module_instance_t const *mi;
560 cprintf(listener, "ERROR: No module name was given\n");
564 cs = cf_section_find("modules");
567 mi = find_module_instance(cs, argv[0], 0);
569 cprintf(listener, "ERROR: No such module \"%s\"\n", argv[0]);
573 mod = mi->entry->module;
575 if ((mod->type & RLM_TYPE_THREAD_UNSAFE) != 0)
576 cprintf(listener, "\tthread-unsafe\n");
579 if ((mod->type & RLM_TYPE_CHECK_CONFIG_UNSAFE) != 0)
580 cprintf(listener, "\tno-check-config\n");
583 if ((mod->type & RLM_TYPE_HUP_SAFE) != 0)
584 cprintf(listener, "\treload-on-hup\n");
586 return 1; /* success */
589 extern const FR_NAME_NUMBER mod_rcode_table[];
592 static int command_show_module_status(rad_listen_t *listener, int argc, char *argv[])
595 const module_instance_t *mi;
598 cprintf(listener, "ERROR: No module name was given\n");
602 cs = cf_section_find("modules");
605 mi = find_module_instance(cs, argv[0], 0);
607 cprintf(listener, "ERROR: No such module \"%s\"\n", argv[0]);
612 cprintf(listener, "alive\n");
614 cprintf(listener, "%s\n", fr_int2str(mod_rcode_table, mi->code, "<invalid>"));
618 return 1; /* success */
623 * Show all loaded modules
625 static int command_show_modules(rad_listen_t *listener, UNUSED int argc, UNUSED char *argv[])
627 CONF_SECTION *cs, *subcs;
629 cs = cf_section_find("modules");
633 while ((subcs = cf_subsection_find_next(cs, subcs, NULL)) != NULL) {
634 char const *name1 = cf_section_name1(subcs);
635 char const *name2 = cf_section_name2(subcs);
637 module_instance_t *mi;
640 mi = find_module_instance(cs, name2, 0);
643 cprintf(listener, "\t%s (%s)\n", name2, name1);
645 mi = find_module_instance(cs, name1, 0);
648 cprintf(listener, "\t%s\n", name1);
652 return 1; /* success */
656 static int command_show_home_servers(rad_listen_t *listener, UNUSED int argc, UNUSED char *argv[])
660 char const *type, *state, *proto;
664 for (i = 0; i < 256; i++) {
665 home = home_server_bynumber(i);
669 * Internal "virtual" home server.
671 if (home->ipaddr.af == AF_UNSPEC) continue;
673 if (home->type == HOME_TYPE_AUTH) {
676 } else if (home->type == HOME_TYPE_ACCT) {
680 } else if (home->type == HOME_TYPE_COA) {
686 if (home->proto == IPPROTO_UDP) {
690 else if (home->proto == IPPROTO_TCP) {
696 if (home->state == HOME_STATE_ALIVE) {
699 } else if (home->state == HOME_STATE_ZOMBIE) {
702 } else if (home->state == HOME_STATE_IS_DEAD) {
705 } else if (home->state == HOME_STATE_UNKNOWN) {
706 time_t now = time(NULL);
709 * We've recently received a packet, so
710 * the home server seems to be alive.
712 * The *reported* state changes because
713 * the internal state machine NEEDS THE
714 * RIGHT STATE. However, reporting that
715 * to the admin will confuse him. So...
716 * we lie. Yes, that dress doesn't make
719 if ((home->last_packet_recv + home->ping_interval) >= now) {
727 cprintf(listener, "%s\t%d\t%s\t%s\t%s\t%d\n",
728 ip_ntoh(&home->ipaddr, buffer, sizeof(buffer)),
729 home->port, proto, type, state,
730 home->currently_outstanding);
737 static int command_show_clients(rad_listen_t *listener, UNUSED int argc, UNUSED char *argv[])
743 for (i = 0; i < 256; i++) {
744 client = client_findbynumber(NULL, i);
747 ip_ntoh(&client->ipaddr, buffer, sizeof(buffer));
749 if (((client->ipaddr.af == AF_INET) &&
750 (client->prefix != 32)) ||
751 ((client->ipaddr.af == AF_INET6) &&
752 (client->prefix != 128))) {
753 cprintf(listener, "\t%s/%d\n", buffer, client->prefix);
755 cprintf(listener, "\t%s\n", buffer);
763 static int command_show_version(rad_listen_t *listener, UNUSED int argc, UNUSED char *argv[])
765 cprintf(listener, "%s\n", radiusd_version);
769 static int command_debug_level(rad_listen_t *listener, int argc, char *argv[])
774 cprintf(listener, "ERROR: Must specify <number>\n");
778 number = atoi(argv[0]);
779 if ((number < 0) || (number > 4)) {
780 cprintf(listener, "ERROR: <number> must be between 0 and 4\n");
784 fr_debug_flag = debug_flag = number;
789 static char debug_log_file_buffer[1024];
791 static int command_debug_file(rad_listen_t *listener, int argc, char *argv[])
793 if (debug_flag && default_log.dst == L_DST_STDOUT) {
794 cprintf(listener, "ERROR: Cannot redirect debug logs to a file when already in debugging mode.\n");
798 if ((argc > 0) && (strchr(argv[0], FR_DIR_SEP) != NULL)) {
799 cprintf(listener, "ERROR: Cannot direct debug logs to absolute path.\n");
802 default_log.debug_file = NULL;
804 if (argc == 0) return 0;
807 * This looks weird, but it's here to avoid locking
808 * a mutex for every log message.
810 memset(debug_log_file_buffer, 0, sizeof(debug_log_file_buffer));
813 * Debug files always go to the logging directory.
815 snprintf(debug_log_file_buffer, sizeof(debug_log_file_buffer),
816 "%s/%s", radlog_dir, argv[0]);
818 default_log.debug_file = &debug_log_file_buffer[0];
823 extern fr_cond_t *debug_condition;
824 static int command_debug_condition(UNUSED rad_listen_t *listener, int argc, char *argv[])
828 fr_cond_t *new_condition = NULL;
829 char *p, buffer[1024];
835 talloc_free(debug_condition);
836 debug_condition = NULL;
841 ((argv[0][0] == '"') || (argv[0][0] == '\'')))) {
844 for (i = 0; i < argc; i++) {
847 len = strlcpy(p, argv[i], buffer + sizeof(buffer) - p);
855 * Backwards compatibility. De-escape the string.
867 ERROR("Failed parsing condition '%s': Unexpected end of string", argv[0]);
873 ERROR("Failed parsing condition '%s': Unexpected text after end of string", argv[0]);
890 if (fr_condition_tokenize(NULL, NULL, buffer, &new_condition, &error, FR_COND_ONE_PASS) < 0) {
891 ERROR("Failed parsing condition '%s': %s", buffer, error);
896 * Delete old condition.
898 * This is thread-safe because the condition is evaluated
899 * in the main server thread, along with this code.
901 talloc_free(debug_condition);
902 debug_condition = new_condition;
907 static int command_show_debug_condition(rad_listen_t *listener,
908 UNUSED int argc, UNUSED char *argv[])
912 if (!debug_condition) return 0;
914 fr_cond_sprint(buffer, sizeof(buffer), debug_condition);
916 cprintf(listener, "%s\n", buffer);
921 static int command_show_debug_file(rad_listen_t *listener,
922 UNUSED int argc, UNUSED char *argv[])
924 if (!default_log.debug_file) return 0;
926 cprintf(listener, "%s\n", default_log.debug_file);
931 static int command_show_debug_level(rad_listen_t *listener,
932 UNUSED int argc, UNUSED char *argv[])
934 cprintf(listener, "%d\n", debug_flag);
939 static RADCLIENT *get_client(rad_listen_t *listener, int argc, char *argv[])
943 int proto = IPPROTO_UDP;
946 cprintf(listener, "ERROR: Must specify <ipaddr>\n");
950 if (ip_hton(argv[0], AF_UNSPEC, &ipaddr) < 0) {
951 cprintf(listener, "ERROR: Failed parsing IP address; %s\n",
958 if (strcmp(argv[1], "tcp") == 0) {
961 } else if (strcmp(argv[1], "udp") == 0) {
965 cprintf(listener, "ERROR: Unknown protocol %s. Please use \"udp\" or \"tcp\"\n",
972 client = client_find(NULL, &ipaddr, proto);
974 cprintf(listener, "ERROR: No such client\n");
982 static home_server_t *get_home_server(rad_listen_t *listener, int argc,
983 char *argv[], int *last)
987 int proto = IPPROTO_UDP;
991 cprintf(listener, "ERROR: Must specify <ipaddr> <port> [proto]\n");
995 if (ip_hton(argv[0], AF_UNSPEC, &ipaddr) < 0) {
996 cprintf(listener, "ERROR: Failed parsing IP address; %s\n",
1001 port = atoi(argv[1]);
1003 if (last) *last = 2;
1005 if (strcmp(argv[2], "udp") == 0) {
1006 proto = IPPROTO_UDP;
1007 if (last) *last = 3;
1010 if (strcmp(argv[2], "tcp") == 0) {
1011 proto = IPPROTO_TCP;
1012 if (last) *last = 3;
1017 home = home_server_find(&ipaddr, port, proto);
1019 cprintf(listener, "ERROR: No such home server\n");
1026 static int command_set_home_server_state(rad_listen_t *listener, int argc, char *argv[])
1029 home_server_t *home;
1032 cprintf(listener, "ERROR: Must specify <ipaddr> <port> [proto] <state>\n");
1036 home = get_home_server(listener, argc, argv, &last);
1041 if (strcmp(argv[last], "alive") == 0) {
1042 revive_home_server(home);
1044 } else if (strcmp(argv[last], "dead") == 0) {
1047 gettimeofday(&now, NULL); /* we do this WAY too ofetn */
1048 mark_home_server_dead(home, &now);
1051 cprintf(listener, "ERROR: Unknown state \"%s\"\n", argv[last]);
1058 static int command_show_home_server_state(rad_listen_t *listener, int argc, char *argv[])
1060 home_server_t *home;
1062 home = get_home_server(listener, argc, argv, NULL);
1067 switch (home->state) {
1068 case HOME_STATE_ALIVE:
1069 cprintf(listener, "alive\n");
1072 case HOME_STATE_IS_DEAD:
1073 cprintf(listener, "dead\n");
1076 case HOME_STATE_ZOMBIE:
1077 cprintf(listener, "zombie\n");
1080 case HOME_STATE_UNKNOWN:
1081 cprintf(listener, "unknown\n");
1085 cprintf(listener, "invalid\n");
1094 * For encode/decode stuff
1096 static int null_socket_dencode(UNUSED rad_listen_t *listener, UNUSED REQUEST *request)
1101 static int null_socket_send(UNUSED rad_listen_t *listener, REQUEST *request)
1107 output_file = request_data_reference(request, null_socket_send, 0);
1109 ERROR("No output file for injected packet %d", request->number);
1113 fp = fopen(output_file, "w");
1115 ERROR("Failed to send injected file to %s: %s",
1116 output_file, fr_syserror(errno));
1120 if (request->reply->code != 0) {
1121 char const *what = "reply";
1125 if (request->reply->code < FR_MAX_PACKET_CODE) {
1126 what = fr_packet_codes[request->reply->code];
1129 fprintf(fp, "%s\n", what);
1132 RDEBUG("Injected %s packet to host %s port 0 code=%d, id=%d", what,
1133 inet_ntop(request->reply->src_ipaddr.af,
1134 &request->reply->src_ipaddr.ipaddr,
1135 buffer, sizeof(buffer)),
1136 request->reply->code, request->reply->id);
1139 for (vp = fr_cursor_init(&cursor, &request->reply->vps);
1141 vp = fr_cursor_next(&cursor)) {
1142 vp_prints(buffer, sizeof(buffer), vp);
1143 fprintf(fp, "%s\n", buffer);
1145 RDEBUG("\t%s", buffer);
1154 static rad_listen_t *get_socket(rad_listen_t *listener, int argc,
1155 char *argv[], int *last)
1159 int proto = IPPROTO_UDP;
1163 cprintf(listener, "ERROR: Must specify <ipaddr> <port> [proto]\n");
1167 if (ip_hton(argv[0], AF_UNSPEC, &ipaddr) < 0) {
1168 cprintf(listener, "ERROR: Failed parsing IP address; %s\n",
1173 port = atoi(argv[1]);
1175 if (last) *last = 2;
1177 if (strcmp(argv[2], "udp") == 0) {
1178 proto = IPPROTO_UDP;
1179 if (last) *last = 3;
1182 if (strcmp(argv[2], "tcp") == 0) {
1183 proto = IPPROTO_TCP;
1184 if (last) *last = 3;
1189 sock = listener_find_byipaddr(&ipaddr, port, proto);
1191 cprintf(listener, "ERROR: No such listen section\n");
1199 static int command_inject_to(rad_listen_t *listener, int argc, char *argv[])
1201 fr_command_socket_t *sock = listener->data;
1202 listen_socket_t *data;
1203 rad_listen_t *found;
1205 found = get_socket(listener, argc, argv, NULL);
1211 sock->inject_listener = found;
1212 sock->dst_ipaddr = data->my_ipaddr;
1213 sock->dst_port = data->my_port;
1218 static int command_inject_from(rad_listen_t *listener, int argc, char *argv[])
1221 fr_command_socket_t *sock = listener->data;
1224 cprintf(listener, "ERROR: No <ipaddr> was given\n");
1228 if (!sock->inject_listener) {
1229 cprintf(listener, "ERROR: You must specify \"inject to\" before using \"inject from\"\n");
1233 sock->src_ipaddr.af = AF_UNSPEC;
1234 if (ip_hton(argv[0], AF_UNSPEC, &sock->src_ipaddr) < 0) {
1235 cprintf(listener, "ERROR: Failed parsing IP address; %s\n",
1240 client = client_listener_find(sock->inject_listener, &sock->src_ipaddr,
1243 cprintf(listener, "ERROR: No such client %s\n", argv[0]);
1246 sock->inject_client = client;
1251 static int command_inject_file(rad_listen_t *listener, int argc, char *argv[])
1253 static int inject_id = 0;
1256 fr_command_socket_t *sock = listener->data;
1258 RADIUS_PACKET *packet;
1262 RAD_REQUEST_FUNP fun = NULL;
1266 cprintf(listener, "ERROR: You must specify <input-file> <output-file>\n");
1270 if (!sock->inject_listener) {
1271 cprintf(listener, "ERROR: You must specify \"inject to\" before using \"inject file\"\n");
1275 if (!sock->inject_client) {
1276 cprintf(listener, "ERROR: You must specify \"inject from\" before using \"inject file\"\n");
1281 * Output files always go to the logging directory.
1283 snprintf(buffer, sizeof(buffer), "%s/%s", radlog_dir, argv[1]);
1285 fp = fopen(argv[0], "r");
1287 cprintf(listener, "ERROR: Failed opening %s: %s\n",
1288 argv[0], fr_syserror(errno));
1292 ret = readvp2(&vp, NULL, fp, &filedone);
1295 cprintf(listener, "ERROR: Failed reading attributes from %s: %s\n",
1296 argv[0], fr_strerror());
1300 fake = talloc(NULL, rad_listen_t);
1301 memcpy(fake, sock->inject_listener, sizeof(*fake));
1304 * Re-write the IO for the listener.
1306 fake->encode = null_socket_dencode;
1307 fake->decode = null_socket_dencode;
1308 fake->send = null_socket_send;
1310 packet = rad_alloc(NULL, 0);
1311 packet->src_ipaddr = sock->src_ipaddr;
1312 packet->src_port = 0;
1314 packet->dst_ipaddr = sock->dst_ipaddr;
1315 packet->dst_port = sock->dst_port;
1317 packet->id = inject_id++;
1319 if (fake->type == RAD_LISTEN_AUTH) {
1320 packet->code = PW_CODE_AUTHENTICATION_REQUEST;
1321 fun = rad_authenticate;
1324 #ifdef WITH_ACCOUNTING
1325 packet->code = PW_CODE_ACCOUNTING_REQUEST;
1326 fun = rad_accounting;
1328 cprintf(listener, "ERROR: This server was built without accounting support.\n");
1336 DEBUG("Injecting %s packet from host %s port 0 code=%d, id=%d",
1337 fr_packet_codes[packet->code],
1338 inet_ntop(packet->src_ipaddr.af,
1339 &packet->src_ipaddr.ipaddr,
1340 buffer, sizeof(buffer)),
1341 packet->code, packet->id);
1343 for (vp = fr_cursor_init(&cursor, &packet->vps);
1345 vp = fr_cursor_next(&cursor)) {
1346 vp_prints(buffer, sizeof(buffer), vp);
1347 DEBUG("\t%s", buffer);
1350 WARN("INJECTION IS LEAKING MEMORY!");
1353 if (!request_receive(fake, packet, sock->inject_client, fun)) {
1354 cprintf(listener, "ERROR: Failed to inject request. See log file for details\n");
1362 * Remember what the output file is, and remember to
1363 * delete the fake listener when done.
1365 request_data_add(request, null_socket_send, 0, talloc_typed_strdup(NULL, buffer), true);
1366 request_data_add(request, null_socket_send, 1, fake, true);
1374 static fr_command_table_t command_table_inject[] = {
1376 "inject to <ipaddr> <port> - Inject packets to the destination IP and port.",
1377 command_inject_to, NULL },
1380 "inject from <ipaddr> - Inject packets as if they came from <ipaddr>",
1381 command_inject_from, NULL },
1384 "inject file <input-file> <output-file> - Inject packet from input-file>, with results sent to <output-file>",
1385 command_inject_file, NULL },
1387 { NULL, 0, NULL, NULL, NULL }
1390 static fr_command_table_t command_table_debug[] = {
1391 { "condition", FR_WRITE,
1392 "debug condition [condition] - Enable debugging for requests matching [condition]",
1393 command_debug_condition, NULL },
1395 { "level", FR_WRITE,
1396 "debug level <number> - Set debug level to <number>. Higher is more debugging.",
1397 command_debug_level, NULL },
1400 "debug file [filename] - Send all debugging output to [filename]",
1401 command_debug_file, NULL },
1403 { NULL, 0, NULL, NULL, NULL }
1406 static fr_command_table_t command_table_show_debug[] = {
1407 { "condition", FR_READ,
1408 "show debug condition - Shows current debugging condition.",
1409 command_show_debug_condition, NULL },
1412 "show debug level - Shows current debugging level.",
1413 command_show_debug_level, NULL },
1416 "show debug file - Shows current debugging file.",
1417 command_show_debug_file, NULL },
1419 { NULL, 0, NULL, NULL, NULL }
1422 static fr_command_table_t command_table_show_module[] = {
1423 { "config", FR_READ,
1424 "show module config <module> - show configuration for given module",
1425 command_show_module_config, NULL },
1427 "show module flags <module> - show other module properties",
1428 command_show_module_flags, NULL },
1430 "show module list - shows list of loaded modules",
1431 command_show_modules, NULL },
1432 { "methods", FR_READ,
1433 "show module methods <module> - show sections where <module> may be used",
1434 command_show_module_methods, NULL },
1435 { "status", FR_READ,
1436 "show module status <module> - show the module status",
1437 command_show_module_status, NULL },
1439 { NULL, 0, NULL, NULL, NULL }
1442 static fr_command_table_t command_table_show_client[] = {
1444 "show client list - shows list of global clients",
1445 command_show_clients, NULL },
1447 { NULL, 0, NULL, NULL, NULL }
1451 static fr_command_table_t command_table_show_home[] = {
1453 "show home_server list - shows list of home servers",
1454 command_show_home_servers, NULL },
1456 "show home_server state <ipaddr> <port> [proto] - shows state of given home server",
1457 command_show_home_server_state, NULL },
1459 { NULL, 0, NULL, NULL, NULL }
1464 static fr_command_table_t command_table_show[] = {
1465 { "client", FR_READ,
1466 "show client <command> - do sub-command of client",
1467 NULL, command_table_show_client },
1468 { "config", FR_READ,
1469 "show config <path> - shows the value of configuration option <path>",
1470 command_show_config, NULL },
1472 "show debug <command> - show debug properties",
1473 NULL, command_table_show_debug },
1475 { "home_server", FR_READ,
1476 "show home_server <command> - do sub-command of home_server",
1477 NULL, command_table_show_home },
1479 { "module", FR_READ,
1480 "show module <command> - do sub-command of module",
1481 NULL, command_table_show_module },
1482 { "uptime", FR_READ,
1483 "show uptime - shows time at which server started",
1484 command_uptime, NULL },
1485 { "version", FR_READ,
1486 "show version - Prints version of the running server",
1487 command_show_version, NULL },
1488 { NULL, 0, NULL, NULL, NULL }
1492 static int command_set_module_config(rad_listen_t *listener, int argc, char *argv[])
1497 module_instance_t *mi;
1498 CONF_PARSER const *variables;
1502 cprintf(listener, "ERROR: No module name or variable was given\n");
1506 cs = cf_section_find("modules");
1509 mi = find_module_instance(cs, argv[0], 0);
1511 cprintf(listener, "ERROR: No such module \"%s\"\n", argv[0]);
1515 if ((mi->entry->module->type & RLM_TYPE_HUP_SAFE) == 0) {
1516 cprintf(listener, "ERROR: Cannot change configuration of module as it is cannot be HUP'd.\n");
1520 variables = cf_section_parse_table(mi->cs);
1522 cprintf(listener, "ERROR: Cannot find configuration for module\n");
1527 for (i = 0; variables[i].name != NULL; i++) {
1529 * FIXME: Recurse into sub-types somehow...
1531 if (variables[i].type == PW_TYPE_SUBSECTION) continue;
1533 if (strcmp(variables[i].name, argv[1]) == 0) {
1540 cprintf(listener, "ERROR: No such variable \"%s\"\n", argv[1]);
1544 i = rcode; /* just to be safe */
1547 * It's not part of the dynamic configuration. The module
1548 * needs to re-parse && validate things.
1550 if (variables[i].data) {
1551 cprintf(listener, "ERROR: Variable cannot be dynamically updated\n");
1555 data = ((char *) mi->insthandle) + variables[i].offset;
1557 cp = cf_pair_find(mi->cs, argv[1]);
1561 * Replace the OLD value in the configuration file with
1564 * FIXME: Parse argv[2] depending on it's data type!
1565 * If it's a string, look for leading single/double quotes,
1566 * end then call tokenize functions???
1568 cf_pair_replace(mi->cs, cp, argv[2]);
1570 rcode = cf_item_parse(mi->cs, argv[1], variables[i].type,
1573 cprintf(listener, "ERROR: Failed to parse value\n");
1577 return 1; /* success */
1580 extern const FR_NAME_NUMBER mod_rcode_table[];
1582 static int command_set_module_status(rad_listen_t *listener, int argc, char *argv[])
1585 module_instance_t *mi;
1588 cprintf(listener, "ERROR: No module name or status was given\n");
1592 cs = cf_section_find("modules");
1595 mi = find_module_instance(cs, argv[0], 0);
1597 cprintf(listener, "ERROR: No such module \"%s\"\n", argv[0]);
1602 if (strcmp(argv[1], "alive") == 0) {
1605 } else if (strcmp(argv[1], "dead") == 0) {
1606 mi->code = RLM_MODULE_FAIL;
1612 rcode = fr_str2int(mod_rcode_table, argv[1], -1);
1614 cprintf(listener, "ERROR: Unknown status \"%s\"\n", argv[1]);
1622 return 1; /* success */
1626 static char const *elapsed_names[8] = {
1627 "1us", "10us", "100us", "1ms", "10ms", "100ms", "1s", "10s"
1631 #ifdef WITH_STATS_64BIT
1633 #define PU "%" PRIu64
1639 #define PU "%" PRIu32
1645 static int command_print_stats(rad_listen_t *listener, fr_stats_t *stats,
1646 int auth, int server)
1650 cprintf(listener, "\trequests\t" PU "\n", stats->total_requests);
1651 cprintf(listener, "\tresponses\t" PU "\n", stats->total_responses);
1654 cprintf(listener, "\taccepts\t\t" PU "\n",
1655 stats->total_access_accepts);
1656 cprintf(listener, "\trejects\t\t" PU "\n",
1657 stats->total_access_rejects);
1658 cprintf(listener, "\tchallenges\t" PU "\n",
1659 stats->total_access_challenges);
1662 cprintf(listener, "\tdup\t\t" PU "\n", stats->total_dup_requests);
1663 cprintf(listener, "\tinvalid\t\t" PU "\n", stats->total_invalid_requests);
1664 cprintf(listener, "\tmalformed\t" PU "\n", stats->total_malformed_requests);
1665 cprintf(listener, "\tbad_authenticator\t" PU "\n", stats->total_bad_authenticators);
1666 cprintf(listener, "\tdropped\t\t" PU "\n", stats->total_packets_dropped);
1667 cprintf(listener, "\tunknown_types\t" PU "\n", stats->total_unknown_types);
1670 cprintf(listener, "\ttimeouts\t" PU "\n", stats->total_timeouts);
1673 cprintf(listener, "\tlast_packet\t%" PRId64 "\n", (int64_t) stats->last_packet);
1674 for (i = 0; i < 8; i++) {
1675 cprintf(listener, "\telapsed.%s\t%u\n",
1676 elapsed_names[i], stats->elapsed[i]);
1683 static FR_NAME_NUMBER state_names[] = {
1684 { "unopened", STATE_UNOPENED },
1685 { "unlocked", STATE_UNLOCKED },
1686 { "header", STATE_HEADER },
1687 { "reading", STATE_READING },
1688 { "queued", STATE_QUEUED },
1689 { "running", STATE_RUNNING },
1690 { "no-reply", STATE_NO_REPLY },
1691 { "replied", STATE_REPLIED },
1696 static int command_stats_detail(rad_listen_t *listener, int argc, char *argv[])
1699 listen_detail_t *data;
1703 cprintf(listener, "ERROR: Must specify <filename>\n");
1708 for (this = main_config.listen; this != NULL; this = this->next) {
1709 if (this->type != RAD_LISTEN_DETAIL) continue;
1712 if (strcmp(argv[1], data->filename) != 0) continue;
1718 cprintf(listener, "ERROR: No detail file listener\n");
1722 cprintf(listener, "\tstate\t%s\n",
1723 fr_int2str(state_names, data->state, "?"));
1725 if ((data->state == STATE_UNOPENED) ||
1726 (data->state == STATE_UNLOCKED)) {
1731 * Race conditions: file might not exist.
1733 if (stat(data->filename_work, &buf) < 0) {
1734 cprintf(listener, "packets\t0\n");
1735 cprintf(listener, "tries\t0\n");
1736 cprintf(listener, "offset\t0\n");
1737 cprintf(listener, "size\t0\n");
1741 cprintf(listener, "packets\t%d\n", data->packets);
1742 cprintf(listener, "tries\t%d\n", data->tries);
1743 cprintf(listener, "offset\t%u\n", (unsigned int) data->offset);
1744 cprintf(listener, "size\t%u\n", (unsigned int) buf.st_size);
1751 static int command_stats_home_server(rad_listen_t *listener, int argc, char *argv[])
1753 home_server_t *home;
1756 cprintf(listener, "ERROR: Must specify [auth/acct] OR <ipaddr> <port>\n");
1761 #ifdef WITH_ACCOUNTING
1762 if (strcmp(argv[0], "acct") == 0) {
1763 return command_print_stats(listener,
1764 &proxy_acct_stats, 0, 1);
1767 if (strcmp(argv[0], "auth") == 0) {
1768 return command_print_stats(listener,
1769 &proxy_auth_stats, 1, 1);
1772 cprintf(listener, "ERROR: Should specify [auth/acct]\n");
1776 home = get_home_server(listener, argc, argv, NULL);
1781 command_print_stats(listener, &home->stats,
1782 (home->type == HOME_TYPE_AUTH), 1);
1783 cprintf(listener, "\toutstanding\t%d\n", home->currently_outstanding);
1788 static int command_stats_client(rad_listen_t *listener, int argc, char *argv[])
1792 RADCLIENT *client, fake;
1795 cprintf(listener, "ERROR: Must specify [auth/acct]\n");
1801 * Global statistics.
1803 fake.auth = radius_auth_stats;
1804 #ifdef WITH_ACCOUNTING
1805 fake.auth = radius_acct_stats;
1808 fake.coa = radius_coa_stats;
1809 fake.dsc = radius_dsc_stats;
1815 * Per-client statistics.
1817 client = get_client(listener, argc - 1, argv + 1);
1823 if (strcmp(argv[0], "auth") == 0) {
1825 stats = &client->auth;
1827 } else if (strcmp(argv[0], "acct") == 0) {
1828 #ifdef WITH_ACCOUNTING
1830 stats = &client->acct;
1832 cprintf(listener, "ERROR: This server was built without accounting support.\n");
1836 } else if (strcmp(argv[0], "coa") == 0) {
1839 stats = &client->coa;
1841 cprintf(listener, "ERROR: This server was built without CoA support.\n");
1845 } else if (strcmp(argv[0], "disconnect") == 0) {
1848 stats = &client->dsc;
1850 cprintf(listener, "ERROR: This server was built without CoA support.\n");
1855 cprintf(listener, "ERROR: Unknown statistics type\n");
1860 * Global results for all client.
1863 #ifdef WITH_ACCOUNTING
1865 return command_print_stats(listener,
1866 &radius_acct_stats, auth, 0);
1869 return command_print_stats(listener, &radius_auth_stats, auth, 0);
1872 return command_print_stats(listener, stats, auth, 0);
1876 static int command_stats_socket(rad_listen_t *listener, int argc, char *argv[])
1881 sock = get_socket(listener, argc, argv, NULL);
1886 if (sock->type != RAD_LISTEN_AUTH) auth = false;
1888 return command_print_stats(listener, &sock->stats, auth, 0);
1890 #endif /* WITH_STATS */
1893 #ifdef WITH_DYNAMIC_CLIENTS
1894 static int command_add_client_file(rad_listen_t *listener, int argc, char *argv[])
1899 cprintf(listener, "ERROR: <file> is required\n");
1904 * Read the file and generate the client.
1906 c = client_read(argv[0], false, false);
1908 cprintf(listener, "ERROR: Unknown error reading client file.\n");
1912 if (!client_add(NULL, c)) {
1913 cprintf(listener, "ERROR: Unknown error inserting new client.\n");
1922 static int command_del_client(rad_listen_t *listener, int argc, char *argv[])
1926 client = get_client(listener, argc, argv);
1927 if (!client) return 0;
1929 if (!client->dynamic) {
1930 cprintf(listener, "ERROR: Client %s was not dynamically defined.\n", argv[0]);
1935 * DON'T delete it. Instead, mark it as "dead now". The
1936 * next time we receive a packet for the client, it will
1939 * If we don't receive a packet from it, the client
1940 * structure will stick around for a while. Oh well...
1942 client->lifetime = 1;
1948 static fr_command_table_t command_table_del_client[] = {
1949 { "ipaddr", FR_WRITE,
1950 "del client ipaddr <ipaddr> - Delete a dynamically created client",
1951 command_del_client, NULL },
1953 { NULL, 0, NULL, NULL, NULL }
1957 static fr_command_table_t command_table_del[] = {
1958 { "client", FR_WRITE,
1959 "del client <command> - Delete client configuration commands",
1960 NULL, command_table_del_client },
1962 { NULL, 0, NULL, NULL, NULL }
1966 static fr_command_table_t command_table_add_client[] = {
1968 "add client file <filename> - Add new client definition from <filename>",
1969 command_add_client_file, NULL },
1971 { NULL, 0, NULL, NULL, NULL }
1975 static fr_command_table_t command_table_add[] = {
1976 { "client", FR_WRITE,
1977 "add client <command> - Add client configuration commands",
1978 NULL, command_table_add_client },
1980 { NULL, 0, NULL, NULL, NULL }
1985 static fr_command_table_t command_table_set_home[] = {
1986 { "state", FR_WRITE,
1987 "set home_server state <ipaddr> <port> [proto] [alive|dead] - set state for given home server",
1988 command_set_home_server_state, NULL },
1990 { NULL, 0, NULL, NULL, NULL }
1994 static fr_command_table_t command_table_set_module[] = {
1995 { "config", FR_WRITE,
1996 "set module config <module> variable value - set configuration for <module>",
1997 command_set_module_config, NULL },
1999 { "status", FR_WRITE,
2000 "set module status <module> [alive|...] - set the module status to be alive (operating normally), or force a particular code (ok,fail, etc.)",
2001 command_set_module_status, NULL },
2003 { NULL, 0, NULL, NULL, NULL }
2007 static fr_command_table_t command_table_set[] = {
2008 { "module", FR_WRITE,
2009 "set module <command> - set module commands",
2010 NULL, command_table_set_module },
2012 { "home_server", FR_WRITE,
2013 "set home_server <command> - set home server commands",
2014 NULL, command_table_set_home },
2017 { NULL, 0, NULL, NULL, NULL }
2022 static fr_command_table_t command_table_stats[] = {
2023 { "client", FR_READ,
2024 "stats client [auth/acct] <ipaddr> "
2028 "- show statistics for given client, or for all clients (auth or acct)",
2029 command_stats_client, NULL },
2032 { "detail", FR_READ,
2033 "stats detail <filename> - show statistics for the given detail file",
2034 command_stats_detail, NULL },
2038 { "home_server", FR_READ,
2039 "stats home_server [<ipaddr>/auth/acct] <port> - show statistics for given home server (ipaddr and port), or for all home servers (auth or acct)",
2040 command_stats_home_server, NULL },
2043 { "socket", FR_READ,
2044 "stats socket <ipaddr> <port> "
2048 "- show statistics for given socket",
2049 command_stats_socket, NULL },
2051 { NULL, 0, NULL, NULL, NULL }
2055 static fr_command_table_t command_table[] = {
2056 #ifdef WITH_DYNAMIC_CLIENTS
2057 { "add", FR_WRITE, NULL, NULL, command_table_add },
2059 { "debug", FR_WRITE,
2060 "debug <command> - debugging commands",
2061 NULL, command_table_debug },
2062 #ifdef WITH_DYNAMIC_CLIENTS
2063 { "del", FR_WRITE, NULL, NULL, command_table_del },
2066 "hup [module] - sends a HUP signal to the server, or optionally to one module",
2067 command_hup, NULL },
2068 { "inject", FR_WRITE,
2069 "inject <command> - commands to inject packets into a running server",
2070 NULL, command_table_inject },
2071 { "reconnect", FR_READ,
2072 "reconnect - reconnect to a running server",
2073 NULL, NULL }, /* just here for "help" */
2074 { "terminate", FR_WRITE,
2075 "terminate - terminates the server, and cause it to exit",
2076 command_terminate, NULL },
2077 { "set", FR_WRITE, NULL, NULL, command_table_set },
2078 { "show", FR_READ, NULL, NULL, command_table_show },
2080 { "stats", FR_READ, NULL, NULL, command_table_stats },
2083 { NULL, 0, NULL, NULL, NULL }
2087 static void command_socket_free(rad_listen_t *this)
2089 fr_command_socket_t *cmd = this->data;
2092 * If it's a TCP socket, don't do anything.
2094 if (cmd->magic != COMMAND_SOCKET_MAGIC) {
2098 if (!cmd->copy) return;
2104 * Parse the unix domain sockets.
2106 * FIXME: TCP + SSL, after RadSec is in.
2108 static int command_socket_parse_unix(CONF_SECTION *cs, rad_listen_t *this)
2110 fr_command_socket_t *sock;
2112 if (check_config) return 0;
2116 if (cf_section_parse(cs, sock, command_config) < 0) {
2120 sock->magic = COMMAND_SOCKET_MAGIC;
2122 if (sock->path) sock->copy = talloc_typed_strdup(sock, sock->path);
2124 #if defined(HAVE_GETPEEREID) || defined (SO_PEERCRED)
2125 if (sock->uid_name) {
2128 pw = getpwnam(sock->uid_name);
2130 ERROR("Failed getting uid for %s: %s",
2131 sock->uid_name, fr_syserror(errno));
2135 sock->uid = pw->pw_uid;
2140 if (sock->gid_name) {
2143 gr = getgrnam(sock->gid_name);
2145 ERROR("Failed getting gid for %s: %s",
2146 sock->gid_name, fr_syserror(errno));
2149 sock->gid = gr->gr_gid;
2154 #else /* can't get uid or gid of connecting user */
2156 if (sock->uid_name || sock->gid_name) {
2157 ERROR("System does not support uid or gid authentication for sockets");
2163 if (!sock->mode_name) {
2164 sock->co.mode = FR_READ;
2166 sock->co.mode = fr_str2int(mode_names, sock->mode_name, 0);
2167 if (!sock->co.mode) {
2168 ERROR("Invalid mode name \"%s\"",
2175 * FIXME: check for absolute pathnames?
2176 * check for uid/gid on the other end...
2179 this->fd = fr_server_domain_socket(sock->path);
2184 #if defined(HAVE_GETPEEREID) || defined (SO_PEERCRED)
2186 * Don't chown it from (possibly) non-root to root.
2187 * Do chown it from (possibly) root to non-root.
2189 if ((sock->uid != (uid_t) -1) || (sock->gid != (gid_t) -1)) {
2191 if (fchown(this->fd, sock->uid, sock->gid) < 0) {
2192 ERROR("Failed setting ownership of %s: %s",
2193 sock->path, fr_syserror(errno));
2204 static int command_socket_parse(CONF_SECTION *cs, rad_listen_t *this)
2207 CONF_PAIR const *cp;
2208 listen_socket_t *sock;
2210 cp = cf_pair_find(cs, "socket");
2211 if (cp) return command_socket_parse_unix(cs, this);
2213 rcode = common_socket_parse(cs, this);
2214 if (rcode < 0) return -1;
2219 "TLS is not supported for control sockets");
2225 if (sock->proto != IPPROTO_TCP) {
2227 "UDP is not supported for control sockets");
2234 static int command_socket_print(rad_listen_t const *this, char *buffer, size_t bufsize)
2236 fr_command_socket_t *sock = this->data;
2238 if (sock->magic != COMMAND_SOCKET_MAGIC) {
2239 return common_socket_print(this, buffer, bufsize);
2242 snprintf(buffer, bufsize, "command file %s", sock->path);
2248 * String split routine. Splits an input string IN PLACE
2249 * into pieces, based on spaces.
2251 static int str2argvX(char *str, char **argv, int max_argc)
2256 if (argc >= max_argc) return argc;
2259 * Chop out comments early.
2266 while ((*str == ' ') ||
2269 (*str == '\n')) *(str++) = '\0';
2271 if (!*str) return argc;
2275 if ((*str == '\'') || (*str == '"')) {
2288 * Handle \" and nothing else.
2303 (*str != '\n')) str++;
2309 static void print_help(rad_listen_t *listener,
2310 fr_command_table_t *table, int recursive)
2314 for (i = 0; table[i].command != NULL; i++) {
2315 if (table[i].help) {
2316 cprintf(listener, "%s\n",
2319 cprintf(listener, "%s <command> - do sub-command of %s\n",
2320 table[i].command, table[i].command);
2323 if (recursive && table[i].table) {
2324 print_help(listener, table[i].table, recursive);
2329 #define MAX_ARGV (16)
2332 * Check if an incoming request is "ok"
2334 * It takes packets, not requests. It sees if the packet looks
2335 * OK. If so, it does a number of sanity checks on it.
2337 static int command_domain_recv_co(rad_listen_t *listener, fr_cs_buffer_t *co)
2342 char *my_argv[MAX_ARGV], **argv;
2343 fr_command_table_t *table;
2349 len = recv(listener->fd, co->buffer + co->offset,
2350 sizeof(co->buffer) - co->offset - 1, 0);
2351 if (len == 0) goto close_socket; /* clean close */
2354 if ((errno == EAGAIN) || (errno == EINTR)) {
2363 if ((co->offset == 0) && (co->buffer[0] == 0x04)) {
2365 command_close_socket(listener);
2370 * See if there are multiple lines in the buffer.
2372 p = co->buffer + co->offset;
2375 for (c = 0; c < len; c++) {
2376 if ((*p == '\r') || (*p == '\n')) {
2381 * FIXME: do real buffering...
2382 * handling of CTRL-C, etc.
2387 * \r \n followed by ASCII...
2398 * Saw CR/LF. Set next element, and exit.
2401 co->next = p - co->buffer;
2405 if (co->offset >= (ssize_t) (sizeof(co->buffer) - 1)) {
2406 ERROR("Line too long!");
2413 DEBUG("radmin> %s", co->buffer);
2415 argc = str2argvX(co->buffer, my_argv, MAX_ARGV);
2416 if (argc == 0) goto do_next; /* empty strings are OK */
2419 cprintf(listener, "ERROR: Failed parsing command.\n");
2425 for (len = 0; len <= co->offset; len++) {
2426 if (co->buffer[len] < 0x20) {
2427 co->buffer[len] = '\0';
2433 * Hard-code exit && quit.
2435 if ((strcmp(argv[0], "exit") == 0) ||
2436 (strcmp(argv[0], "quit") == 0)) goto close_socket;
2438 table = command_table;
2441 for (i = 0; table[i].command != NULL; i++) {
2442 if (strcmp(table[i].command, argv[0]) == 0) {
2444 * Check permissions.
2446 if (((co->mode & FR_WRITE) == 0) &&
2447 ((table[i].mode & FR_WRITE) != 0)) {
2448 cprintf(listener, "ERROR: You do not have write permission. See \"mode = rw\" in the \"listen\" section for this socket.\n");
2452 if (table[i].table) {
2454 * This is the last argument, but
2455 * there's a sub-table. Print help.
2459 table = table[i].table;
2465 table = table[i].table;
2469 if ((argc == 2) && (strcmp(argv[1], "?") == 0)) goto do_help;
2471 if (!table[i].func) {
2472 cprintf(listener, "ERROR: Invalid command\n");
2477 table[i].func(listener, argc - 1, argv + 1);
2486 if ((strcmp(argv[0], "help") == 0) ||
2487 (strcmp(argv[0], "?") == 0)) {
2491 if ((argc > 1) && (strcmp(argv[1], "-r") == 0)) {
2497 print_help(listener, table, recursive);
2501 cprintf(listener, "ERROR: Unknown command \"%s\"\n",
2506 cprintf(listener, "radmin> ");
2508 if (co->next <= co->offset) {
2511 memmove(co->buffer, co->buffer + co->next,
2512 co->offset - co->next);
2513 co->offset -= co->next;
2521 * Write 32-bit magic number && version information.
2523 static int command_write_magic(int newfd, listen_socket_t *sock)
2527 magic = htonl(0xf7eead15);
2528 if (write(newfd, &magic, 4) < 0) {
2529 ERROR("Failed writing initial data to socket: %s",
2530 fr_syserror(errno));
2535 magic = htonl(2); /* protocol version */
2539 if (write(newfd, &magic, 4) < 0) {
2540 ERROR("Failed writing initial data to socket: %s", fr_syserror(errno));
2545 * Write an initial challenge
2551 co = talloc_zero(sock, fr_cs_buffer_t);
2552 sock->packet = (void *) co;
2554 for (i = 0; i < 16; i++) {
2555 co->buffer[i] = fr_rand();
2559 * FIXME: EINTR, etc.
2561 if (write(newfd, co->buffer, 16) < 0) {
2562 ERROR("Failed writing version data to socket: %s", fr_syserror(errno));
2571 static int command_tcp_recv(rad_listen_t *this)
2573 listen_socket_t *sock = this->data;
2574 fr_cs_buffer_t *co = (void *) sock->packet;
2576 rad_assert(co != NULL);
2579 uint8_t expected[16];
2582 * No response yet: keep reading it.
2584 if (co->offset < 16) {
2588 co->buffer + 16 + co->offset, 16 - co->offset);
2591 command_close_socket(this);
2597 if (errno == ECONNRESET) goto close_socket;
2599 if (errno == EINTR) return 0;
2601 ERROR("Failed reading from control socket; %s",
2602 fr_syserror(errno));
2608 if (co->offset < 16) return 0;
2611 fr_hmac_md5((void const *) sock->client->secret,
2612 strlen(sock->client->secret),
2613 (uint8_t *) co->buffer, 16, expected);
2615 if (rad_digest_cmp(expected,
2616 (uint8_t *) co->buffer + 16, 16 != 0)) {
2617 ERROR("radmin failed challenge: Closing socket");
2625 return command_domain_recv_co(this, co);
2629 * Should never be called. The functions should just call write().
2631 static int command_tcp_send(UNUSED rad_listen_t *listener, UNUSED REQUEST *request)
2636 static int command_domain_recv(rad_listen_t *listener)
2638 fr_command_socket_t *sock = listener->data;
2640 return command_domain_recv_co(listener, &sock->co);
2643 static int command_domain_accept(rad_listen_t *listener)
2648 struct sockaddr_storage src;
2649 fr_command_socket_t *sock = listener->data;
2651 salen = sizeof(src);
2653 DEBUG2(" ... new connection request on command socket");
2655 newfd = accept(listener->fd, (struct sockaddr *) &src, &salen);
2658 * Non-blocking sockets must handle this.
2660 if (errno == EWOULDBLOCK) {
2664 DEBUG2(" ... failed to accept connection");
2668 #if defined(HAVE_GETPEEREID) || defined (SO_PEERCRED)
2670 * Perform user authentication.
2672 if (sock->uid_name || sock->gid_name) {
2676 if (getpeereid(newfd, &uid, &gid) < 0) {
2677 ERROR("Failed getting peer credentials for %s: %s",
2678 sock->path, fr_syserror(errno));
2684 * Only do UID checking if the caller is
2685 * non-root. The superuser can do anything, so
2686 * we might as well let them.
2690 * Allow entry if UID or GID matches.
2692 if (sock->uid_name && (sock->uid == uid)) break;
2693 if (sock->gid_name && (sock->gid == gid)) break;
2695 if (sock->uid_name && (sock->uid != uid)) {
2696 ERROR("Unauthorized connection to %s from uid %ld",
2698 sock->path, (long int) uid);
2703 if (sock->gid_name && (sock->gid != gid)) {
2704 ERROR("Unauthorized connection to %s from gid %ld",
2705 sock->path, (long int) gid);
2713 if (command_write_magic(newfd, NULL) < 0) {
2719 * Add the new listener.
2721 this = listen_alloc(listener, listener->type);
2722 if (!this) return 0;
2725 * Copy everything, including the pointer to the socket
2729 memcpy(this, listener, sizeof(*this));
2730 this->status = RAD_LISTEN_STATUS_INIT;
2732 this->data = sock; /* fix it back */
2734 sock->user[0] = '\0';
2735 sock->path = ((fr_command_socket_t *) listener->data)->path;
2736 sock->co.offset = 0;
2737 sock->co.mode = ((fr_command_socket_t *) listener->data)->co.mode;
2740 this->recv = command_domain_recv;
2743 * Tell the event loop that we have a new FD
2745 radius_update_listener(this);
2752 * Send an authentication response packet
2754 static int command_domain_send(UNUSED rad_listen_t *listener,
2755 UNUSED REQUEST *request)
2761 static int command_socket_encode(UNUSED rad_listen_t *listener,
2762 UNUSED REQUEST *request)
2768 static int command_socket_decode(UNUSED rad_listen_t *listener,
2769 UNUSED REQUEST *request)
2774 #endif /* WITH_COMMAND_SOCKET */