2 * radclient.c General radius packet debug tool.
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or
9 * (at your option) any later version.
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, write to the Free Software
18 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
20 * Copyright 2000 The FreeRADIUS server project
21 * Copyright 2000 Miquel van Smoorenburg <miquels@cistron.nl>
22 * Copyright 2000 Alan DeKok <aland@ox.org>
24 static const char rcsid[] = "$Id$";
27 #include "libradius.h"
39 #include <sys/socket.h>
42 #include <netinet/in.h>
46 # include <sys/select.h>
57 static int retries = 10;
58 static float timeout = 3;
59 static const char *secret = "secret";
60 static int do_output = 1;
61 static int do_summary = 0;
62 static int filedone = 0;
63 static int totalapp = 0;
64 static int totaldeny = 0;
67 * Read valuepairs from the fp up to End-Of-File.
69 static VALUE_PAIR *readvp(FILE *fp)
80 while (!error && fgets(buf, sizeof(buf), fp) != NULL) {
84 /* If we get a '\n' by itself, we assume that's the end of that VP */
85 if((buf[0] == '\n') && (list)) {
86 return error ? NULL: list;
88 if((buf[0] == '\n') && (!list)) {
92 if ((vp = pairread(&p, &last_token)) == NULL) {
93 librad_perror("radclient:");
98 } while (last_token == T_COMMA);
102 return error ? NULL: list;
105 static void usage(void)
107 fprintf(stderr, "Usage: radclient [-c count] [-d raddb] [-f file] [-r retries] [-t timeout]\n [-i id] [-qvx] server acct|auth <secret>\n");
109 fprintf(stderr, " -c count Send each packet 'count' times.\n");
110 fprintf(stderr, " -d raddb Set dictionary directory.\n");
111 fprintf(stderr, " -f file Read packets from file, not stdin.\n");
112 fprintf(stderr, " -r retries If timeout, retry sending the packet 'retires' times.\n");
113 fprintf(stderr, " -t timeout Wait 'timeout' seconds before retrying.\n");
114 fprintf(stderr, " -i id Set request id to 'id'. Values may be 0..255\n");
115 fprintf(stderr, " -q Do not print anything out.\n");
116 fprintf(stderr, " -s Print out summary information of auth results.\n");
117 fprintf(stderr, " -v Show program version information.\n");
118 fprintf(stderr, " -x Debugging mode.\n");
123 static int getport(const char *name)
127 svp = getservbyname (name, "udp");
132 return ntohs(svp->s_port);
135 static int send_packet(RADIUS_PACKET *req, RADIUS_PACKET **rep)
140 for (i = 0; i < retries; i++) {
143 rad_send(req, secret);
145 /* And wait for reply, timing out as necessary */
147 FD_SET(req->sockfd, &rdfdesc);
149 tv.tv_sec = (int)timeout;
150 tv.tv_usec = 1000000 * (timeout - (int)timeout);
152 /* Something's wrong if we don't get exactly one fd. */
153 if (select(req->sockfd + 1, &rdfdesc, NULL, NULL, &tv) != 1) {
157 *rep = rad_recv(req->sockfd);
160 } else { /* NULL: couldn't receive the packet */
161 librad_perror("radclient:");
166 /* No response or no data read (?) */
168 fprintf(stderr, "radclient: no response from server\n");
172 if (rad_decode(*rep, req, secret) != 0) {
173 librad_perror("rad_decode");
177 /* libradius debug already prints out the value pairs for us */
178 if (!librad_debug && do_output) {
179 printf("Received response ID %d, code %d, length = %d\n",
180 (*rep)->id, (*rep)->code, (*rep)->data_len);
181 vp_printlist(stdout, (*rep)->vps);
183 if((*rep)->code == PW_AUTHENTICATION_ACK) {
192 int main(int argc, char **argv)
195 RADIUS_PACKET *rep = NULL;
199 const char *radius_dir = RADDBDIR;
200 char *filename = NULL;
208 id = ((int)getpid() & 0xff);
210 while ((c = getopt(argc, argv, "c:d:f:hi:qst:r:xv")) != EOF) switch(c) {
212 if (!isdigit(*optarg)) usage();
213 count = atoi(optarg);
228 if (!isdigit(*optarg)) usage();
229 retries = atoi(optarg);
232 if (!isdigit(*optarg)) usage();
234 if ((id < 0) || (id > 255)) {
242 if (!isdigit(*optarg)) usage();
243 timeout = atof(optarg);
246 printf("radclient: $Id$ built on " __DATE__ " at " __TIME__ "\n");
254 argc -= (optind - 1);
255 argv += (optind - 1);
261 if (dict_init(radius_dir, RADIUS_DICTIONARY) < 0) {
262 librad_perror("radclient");
266 if ((req = rad_alloc(1)) == NULL) {
267 librad_perror("radclient");
274 * Strip port from hostname if needed.
276 if ((p = strchr(argv[1], ':')) != NULL) {
282 * See what kind of request we want to send.
284 if (strcmp(argv[2], "auth") == 0) {
285 if (port == 0) port = getport("radius");
286 if (port == 0) port = PW_AUTH_UDP_PORT;
287 req->code = PW_AUTHENTICATION_REQUEST;
288 } else if (strcmp(argv[2], "acct") == 0) {
289 if (port == 0) port = getport("radacct");
290 if (port == 0) port = PW_ACCT_UDP_PORT;
291 req->code = PW_ACCOUNTING_REQUEST;
293 } else if (isdigit(argv[2][0])) {
294 if (port == 0) port = getport("radius");
295 if (port == 0) port = PW_AUTH_UDP_PORT;
296 req->code = atoi(argv[2]);
304 req->dst_port = port;
305 req->dst_ipaddr = ip_getaddr(argv[1]);
306 if (req->dst_ipaddr == INADDR_NONE) {
307 librad_perror("radclient: %s: ", argv[1]);
314 if (argv[3]) secret = argv[3];
318 * Maybe read them, from stdin, if there's no
319 * filename, or if the filename is '-'.
321 if (filename && (strcmp(filename, "-") != 0)) {
322 fp = fopen(filename, "r");
324 fprintf(stderr, "radclient: Error opening %s: %s\n",
325 filename, strerror(errno));
335 if ((req->sockfd = socket(AF_INET, SOCK_DGRAM, 0)) < 0) {
336 perror("radclient: socket: ");
341 if(req->vps) pairfree(&req->vps);
343 if ((req->vps = readvp(fp)) == NULL) {
349 * Encrypt the Password attribute.
351 if ((vp = pairfind(req->vps, PW_PASSWORD)) != NULL) {
352 strNcpy(password, (char *)vp->strvalue, sizeof(vp->strvalue));
354 rad_pwencode((char *)vp->strvalue,
356 secret, (char *)req->vector);
359 * Not there, encrypt the CHAP-Password attribute.
361 } else if ((vp = pairfind(req->vps, PW_CHAP_PASSWORD)) != NULL) {
362 strNcpy(password, (char *)vp->strvalue, sizeof(vp->strvalue));
363 rad_chap_encode(req, (char *) vp->strvalue, req->id, vp);
371 * Loop, sending the packet N times.
373 for (loop = 0; loop < count; loop++) {
377 * If we've already sent a packet, free up the old
378 * one, and ensure that the next packet has a unique
379 * ID and authentication vector.
385 if (*password != '\0') {
386 vp = pairfind(req->vps, PW_PASSWORD);
388 strNcpy((char *)vp->strvalue, password,
390 vp->length = strlen(password);
394 librad_md5_calc(req->vector, req->vector,
395 sizeof(req->vector));
397 send_packet(req, &rep);
402 printf("\n\t Total approved auths: %d\n", totalapp);
403 printf("\t Total denied auths: %d\n", totaldeny);