2 * radclient.c General radius packet debug tool.
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or
9 * (at your option) any later version.
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, write to the Free Software
18 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
20 * Copyright 2000 The FreeRADIUS server project
21 * Copyright 2000 Miquel van Smoorenburg <miquels@cistron.nl>
22 * Copyright 2000 Alan DeKok <aland@ox.org>
24 static const char rcsid[] = "$Id$";
27 #include "libradius.h"
39 #include <sys/socket.h>
41 #ifdef HAVE_NETINET_IN_H
42 # include <netinet/in.h>
45 #ifdef HAVE_SYS_SELECT_H
46 # include <sys/select.h>
59 static int retries = 10;
60 static float timeout = 3;
61 static const char *secret = NULL;
62 static int do_output = 1;
63 static int filedone = 0;
64 static int totalapp = 0;
65 static int totaldeny = 0;
66 static int totallost = 0;
68 static int server_port = 0;
69 static int packet_code = 0;
70 static uint32_t server_ipaddr = 0;
71 static int resend_count = 1;
75 static int radius_id[256];
76 static int last_used_id = 0;
78 static rbtree_t *filename_tree = NULL;
79 static rbtree_t *request_tree = NULL;
81 static int sleep_time = -1;
83 typedef struct radclient_t {
84 struct radclient_t *prev;
85 struct radclient_t *next;
90 RADIUS_PACKET *request;
97 static radclient_t *radclient_head = NULL;
98 static radclient_t *radclient_tail = NULL;
102 * Read valuepairs from the fp up to End-Of-File.
104 static VALUE_PAIR *readvp(FILE *fp)
106 return readvp2(fp, &filedone, "radclient:");
109 static void usage(void)
111 fprintf(stderr, "Usage: radclient [options] server[:port] <command> [<secret>]\n");
113 fprintf(stderr, " <command> One of auth, acct, status, or disconnect.\n");
114 fprintf(stderr, " -c count Send each packet 'count' times.\n");
115 fprintf(stderr, " -d raddb Set dictionary directory.\n");
116 fprintf(stderr, " -f file Read packets from file, not stdin.\n");
117 fprintf(stderr, " -r retries If timeout, retry sending the packet 'retries' times.\n");
118 fprintf(stderr, " -t timeout Wait 'timeout' seconds before retrying (may be a floating point number).\n");
119 fprintf(stderr, " -i id Set request id to 'id'. Values may be 0..255\n");
120 fprintf(stderr, " -S file read secret from file, not command line.\n");
121 fprintf(stderr, " -q Do not print anything out.\n");
122 fprintf(stderr, " -s Print out summary information of auth results.\n");
123 fprintf(stderr, " -v Show program version information.\n");
124 fprintf(stderr, " -x Debugging mode.\n");
130 * Free a radclient struct
132 static void radclient_free(void *data)
134 radclient_t *radclient = (radclient_t *) data;
136 if (!radclient) return;
138 if (radclient->request) rad_free(&radclient->request);
139 if (radclient->reply) rad_free(&radclient->reply);
141 if (!radclient->prev) {
142 assert(radclient_head = radclient);
143 radclient_head = radclient->next;
145 assert(radclient_head != radclient);
146 radclient->prev->next = radclient->next;
149 if (!radclient->next) {
150 assert(radclient_tail = radclient);
151 radclient_tail = radclient->prev;
153 assert(radclient_tail != radclient);
154 radclient->next->prev = radclient->prev;
161 * Initialize a radclient data structure
163 static radclient_t *radclient_init(const char *filename)
167 radclient_t *radclient;
172 radclient = malloc(sizeof(*radclient));
174 perror("radclient: ");
177 memset(radclient, 0, sizeof(*radclient));
179 radclient->request = rad_alloc(1);
180 if (!radclient->request) {
181 librad_perror("radclient: ");
182 radclient_free(radclient);
186 radclient->filename = filename;
187 radclient->request->id = -1; /* allocate when sending */
191 * Maybe read them, from stdin, if there's no
192 * filename, or if the filename is '-'.
194 if (filename && (strcmp(filename, "-") != 0)) {
195 fp = fopen(filename, "r");
197 fprintf(stderr, "radclient: Error opening %s: %s\n",
198 filename, strerror(errno));
199 radclient_free(radclient);
209 radclient->request->vps = readvp(fp);
210 if (fp != stdin) fclose(fp);
211 if (!radclient->request->vps) {
212 librad_perror("radclient: ");
213 radclient_free(radclient);
218 * Keep a copy of the the User-Password attribute.
220 if ((vp = pairfind(radclient->request->vps, PW_PASSWORD)) != NULL) {
221 strNcpy(radclient->password, (char *)vp->strvalue, sizeof(vp->strvalue));
223 * Otherwise keep a copy of the CHAP-Password attribute.
225 } else if ((vp = pairfind(radclient->request->vps, PW_CHAP_PASSWORD)) != NULL) {
226 strNcpy(radclient->password, (char *)vp->strvalue, sizeof(vp->strvalue));
228 radclient->password[0] = '\0';
232 * Fix up Digest-Attributes issues
234 for (vp = radclient->request->vps; vp != NULL; vp = vp->next) {
235 switch (vp->attribute) {
240 * Allow it to set the packet type in
241 * the attributes read from the file.
244 radclient->request->code = vp->lvalue;
247 case PW_PACKET_DST_PORT:
248 radclient->request->dst_port = (vp->lvalue & 0xffff);
251 case PW_DIGEST_REALM:
252 case PW_DIGEST_NONCE:
253 case PW_DIGEST_METHOD:
256 case PW_DIGEST_ALGORITHM:
257 case PW_DIGEST_BODY_DIGEST:
258 case PW_DIGEST_CNONCE:
259 case PW_DIGEST_NONCE_COUNT:
260 case PW_DIGEST_USER_NAME:
262 memmove(&vp->strvalue[2], &vp->strvalue[0], vp->length);
263 vp->strvalue[0] = vp->attribute - PW_DIGEST_REALM + 1;
265 vp->strvalue[1] = vp->length;
266 vp->attribute = PW_DIGEST_ATTRIBUTES;
269 } /* loop over the VP's we read in */
279 * Sanity check each argument.
281 static int radclient_sane(radclient_t *radclient)
283 if (radclient->request->dst_port == 0) {
284 radclient->request->dst_port = server_port;
286 radclient->request->dst_ipaddr = server_ipaddr;
288 if (radclient->request->code == 0) {
289 if (packet_code == -1) {
290 fprintf(stderr, "radclient: Request was \"auto\", but file %s did not contain Packet-Type\n", radclient->filename);
294 radclient->request->code = packet_code;
296 radclient->request->sockfd = sockfd;
303 * For request handline.
305 static int filename_cmp(const void *one, const void *two)
307 return strcmp((const char *) one, (const char *) two);
310 static int filename_walk(void *data)
312 const char *filename = data;
313 radclient_t *radclient;
316 * Initialize the request we're about
319 radclient = radclient_init(filename);
324 if (!radclient_head) {
325 assert(radclient_tail == NULL);
326 radclient_head = radclient;
327 radclient_tail = radclient;
329 assert(radclient_tail->next == NULL);
330 radclient_tail->next = radclient;
331 radclient->prev = radclient_tail;
332 radclient_tail = radclient;
340 * Compare two RADIUS_PACKET data structures, based on a number
343 static int request_cmp(const void *one, const void *two)
345 const radclient_t *a = one;
346 const radclient_t *b = two;
349 * The following code looks unreasonable, but it's
350 * the only way to make the comparisons work.
352 if (a->request->id < b->request->id) return -1;
353 if (a->request->id > b->request->id) return +1;
355 if (a->request->dst_ipaddr < b->request->dst_ipaddr) return -1;
356 if (a->request->dst_ipaddr > b->request->dst_ipaddr) return +1;
358 if (a->request->dst_port < b->request->dst_port) return -1;
359 if (a->request->dst_port > b->request->dst_port) return +1;
362 * Everything's equal. Say so.
370 static void request_free(void *data)
372 radclient_t *radclient = (radclient_t *) data;
374 if (!radclient || !radclient->request ||
375 (radclient->request->id < 0)) {
380 * One more unused RADIUS ID.
382 radius_id[radclient->request->id] = 0;
383 radclient->request->id = -1;
386 * If we've already sent a packet, free up the old one,
387 * and ensure that the next packet has a unique
388 * authentication vector.
390 if (radclient->request->data) {
391 free(radclient->request->data);
392 radclient->request->data = NULL;
395 if (radclient->reply) rad_free(&radclient->reply);
402 static int send_one_packet(radclient_t *radclient)
407 * Sent this packet as many times as requested.
410 if (radclient->resend > resend_count) {
416 * Remember when we have to wake up, to re-send the
417 * request, of we didn't receive a response.
419 if ((sleep_time == -1) ||
420 (sleep_time > (int) timeout)) {
421 sleep_time = (int) timeout;
425 * Haven't sent the packet yet. Initialize it.
427 if (radclient->request->id == -1) {
430 assert(radclient->reply == NULL);
433 * Find a free packet Id
435 for (i = 0; i < 256; i++) {
436 if (radius_id[(last_used_id + i) & 0xff] == 0) {
437 last_used_id = (last_used_id + i) & 0xff;
438 radius_id[last_used_id] = 1;
439 radclient->request->id = last_used_id++;
446 * Didn't find a free packet ID, we're not done,
447 * we don't sleep, and we stop trying to process
456 assert(radclient->request->id != -1);
457 assert(radclient->request->data == NULL);
459 librad_md5_calc(radclient->request->vector, radclient->request->vector,
460 sizeof(radclient->request->vector));
463 * Update the password, so it can be encrypted with the
464 * new authentication vector.
466 if (radclient->password[0] != '\0') {
469 if ((vp = pairfind(radclient->request->vps, PW_PASSWORD)) != NULL) {
470 strNcpy((char *)vp->strvalue, radclient->password, strlen(radclient->password) + 1);
471 vp->length = strlen(radclient->password);
473 } else if ((vp = pairfind(radclient->request->vps, PW_CHAP_PASSWORD)) != NULL) {
474 strNcpy((char *)vp->strvalue, radclient->password, strlen(radclient->password) + 1);
475 vp->length = strlen(radclient->password);
477 rad_chap_encode(radclient->request, (char *) vp->strvalue, radclient->request->id, vp);
482 radclient->timestamp = time(NULL);
483 radclient->tries = 1;
487 * Duplicate found. Serious error!
489 if (rbtree_insert(request_tree, radclient) == 0) {
493 } else if (radclient->tries == retries) {
495 assert(radclient->request->id >= 0);
498 * Delete the request from the tree of outstanding
501 node = rbtree_find(request_tree, radclient);
502 assert(node != NULL);
504 fprintf(stderr, "radclient: no response from server for ID %d\n", radclient->request->id);
505 rbtree_delete(request_tree, node);
510 * FIXME: Do stuff for packet loss.
513 } else { /* radclient->request->id >= 0 */
514 time_t now = time(NULL);
517 * FIXME: Accounting packets are never retried!
518 * The Acct-Delay-Time attribute is updated to
519 * reflect the delay, and the packet is re-sent
524 * Not time for a retry, do so.
526 if ((now - radclient->timestamp) < timeout) {
528 * When we walk over the tree sending
529 * packets, we update the minimum time
532 if ((sleep_time == -1) ||
533 (sleep_time > (now - radclient->timestamp))) {
534 sleep_time = now - radclient->timestamp;
539 radclient->timestamp = now;
547 rad_send(radclient->request, NULL, secret);
553 * Receive one packet, maybe.
555 static int recv_one_packet(int wait_time)
559 radclient_t myclient, *radclient;
560 RADIUS_PACKET myrequest, *reply;
564 /* And wait for reply, timing out as necessary */
566 FD_SET(sockfd, &set);
568 if (wait_time <= 0) {
571 tv.tv_sec = wait_time;
576 * No packet was received.
578 if (select(sockfd + 1, &set, NULL, NULL, &tv) != 1) {
583 * Look for the packet.
585 reply = rad_recv(sockfd);
587 fprintf(stderr, "radclient: received bad packet\n");
588 return -1; /* bad packet */
591 myclient.request = &myrequest;
592 myrequest.id = reply->id;
593 myrequest.dst_ipaddr = reply->src_ipaddr;
594 myrequest.dst_port = reply->src_port;
596 node = rbtree_find(request_tree, &myclient);
598 fprintf(stderr, "radclient: received response to request we did not send.\n");
599 return -1; /* got reply to packet we didn't send */
602 radclient = rbtree_node2data(request_tree, node);
603 assert(radclient != NULL);
604 rbtree_delete(request_tree, node);
605 assert(radclient->request->id == -1);
606 assert(radclient->request->data == NULL);
608 assert(radclient->reply == NULL);
609 radclient->reply = reply;
612 * FIXME: Do stuff to process the reply.
614 if (rad_decode(reply, radclient->request, secret) != 0) {
615 librad_perror("rad_decode");
620 /* libradius debug already prints out the value pairs for us */
621 if (!librad_debug && do_output) {
622 printf("Received response ID %d, code %d, length = %d\n",
623 reply->id, reply->code, reply->data_len);
624 vp_printlist(stdout, reply->vps);
626 if (reply->code != PW_AUTHENTICATION_REJECT) {
632 if (radclient->reply) rad_free(&radclient->reply);
638 * Walk over the tree, sending packets.
640 static int radclient_send(radclient_t *radclient)
643 * Send the current packet.
645 send_one_packet(radclient);
648 * Do rad_recv(), and look for the response in the tree,
649 * but don't wait for a response.
654 * Still elements to wa
656 if (radclient->resend < resend_count) {
664 static int getport(const char *name)
668 svp = getservbyname (name, "udp");
673 return ntohs(svp->s_port);
676 int main(int argc, char **argv)
680 const char *radius_dir = RADDBDIR;
681 char filesecret[256];
687 id = ((int)getpid() & 0xff);
690 filename_tree = rbtree_create(filename_cmp, NULL, 0);
691 if (!filename_tree) {
692 fprintf(stderr, "radclient: Out of memory\n");
696 request_tree = rbtree_create(request_cmp, request_free, 0);
698 fprintf(stderr, "radclient: Out of memory\n");
702 while ((c = getopt(argc, argv, "c:d:f:hi:qst:r:S:xv")) != EOF) switch(c) {
704 if (!isdigit((int) *optarg))
706 resend_count = atoi(optarg);
712 rbtree_insert(filename_tree, optarg);
721 if (!isdigit((int) *optarg))
723 retries = atoi(optarg);
726 if (!isdigit((int) *optarg))
729 if ((id < 0) || (id > 255)) {
737 if (!isdigit((int) *optarg))
739 timeout = atof(optarg);
742 printf("radclient: $Id$ built on " __DATE__ " at " __TIME__ "\n");
746 fp = fopen(optarg, "r");
748 fprintf(stderr, "radclient: Error opening %s: %s\n",
749 optarg, strerror(errno));
752 if (fgets(filesecret, sizeof(filesecret), fp) == NULL) {
753 fprintf(stderr, "radclient: Error reading %s: %s\n",
754 optarg, strerror(errno));
759 /* truncate newline */
760 p = filesecret + strlen(filesecret) - 1;
761 while ((p >= filesecret) &&
767 if (strlen(filesecret) < 2) {
768 fprintf(stderr, "radclient: Secret in %s is too short\n", optarg);
778 argc -= (optind - 1);
779 argv += (optind - 1);
782 ((secret == NULL) && (argc < 4))) {
786 if (dict_init(radius_dir, RADIUS_DICTIONARY) < 0) {
787 librad_perror("radclient");
792 * Strip port from hostname if needed.
794 if ((p = strchr(argv[1], ':')) != NULL) {
796 server_port = atoi(p);
802 if ((sockfd = socket(AF_INET, SOCK_DGRAM, 0)) < 0) {
803 perror("radclient: socket: ");
806 memset(radius_id, 0, sizeof(radius_id));
809 * See what kind of request we want to send.
811 if (strcmp(argv[2], "auth") == 0) {
812 if (server_port == 0) server_port = getport("radius");
813 if (server_port == 0) server_port = PW_AUTH_UDP_PORT;
814 packet_code = PW_AUTHENTICATION_REQUEST;
816 } else if (strcmp(argv[2], "acct") == 0) {
817 if (server_port == 0) server_port = getport("radacct");
818 if (server_port == 0) server_port = PW_ACCT_UDP_PORT;
819 packet_code = PW_ACCOUNTING_REQUEST;
822 } else if (strcmp(argv[2], "status") == 0) {
823 if (server_port == 0) server_port = getport("radius");
824 if (server_port == 0) server_port = PW_AUTH_UDP_PORT;
825 packet_code = PW_STATUS_SERVER;
827 } else if (strcmp(argv[2], "disconnect") == 0) {
828 if (server_port == 0) server_port = PW_POD_UDP_PORT;
829 packet_code = PW_DISCONNECT_REQUEST;
831 } else if (strcmp(argv[2], "auto") == 0) {
834 } else if (isdigit((int) argv[2][0])) {
835 if (server_port == 0) server_port = getport("radius");
836 if (server_port == 0) server_port = PW_AUTH_UDP_PORT;
837 packet_code = atoi(argv[2]);
845 server_ipaddr = ip_getaddr(argv[1]);
846 if (server_ipaddr == INADDR_NONE) {
847 fprintf(stderr, "radclient: Failed to find IP address for host %s\n", argv[1]);
854 if (argv[3]) secret = argv[3];
857 * Walk over the list of filenames, creating the requests.
859 if (rbtree_walk(filename_tree, filename_walk, InOrder) != 0) {
864 * No packets read. Die.
866 if (!radclient_head) {
867 fprintf(stderr, "radclient: Nothing to send.\n");
872 * Walk over the list of packets, sanity checking
875 for (this = radclient_head; this != NULL; this = this->next) {
876 if (radclient_sane(this) != 0) {
881 last_used_id = getpid() & 0xff;
884 * Walk over the packets to send, until
887 * FIXME: This currently busy-loops until it receives
888 * all of the packets. It should really have some sort of
889 * send packet, get time to wait, select for time, etc.
899 * Walk over the packets, sending them.
901 for (this = radclient_head; this != NULL; this = next) {
904 radclient_send(this);
906 radclient_free(this);
911 * Still have outstanding requests.
913 if (rbtree_num_elements(request_tree) > 0) {
918 * Nothing to do until we receive a request, so
919 * sleep until then. Once we receive one packet,
920 * we go back, and walk through the whole list again,
921 * sending more packets (if necessary), and updating
924 if (!done && (sleep_time > 0)) {
925 recv_one_packet(sleep_time);
929 rbtree_free(filename_tree);
930 rbtree_free(request_tree);
933 printf("\n\t Total approved auths: %d\n", totalapp);
934 printf("\t Total denied auths: %d\n", totaldeny);
935 printf("\t Total lost auths: %d\n", totallost);