2 * radclient.c General radius packet debug tool.
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or
9 * (at your option) any later version.
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, write to the Free Software
18 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
20 * Copyright 2000 The FreeRADIUS server project
21 * Copyright 2000 Miquel van Smoorenburg <miquels@cistron.nl>
22 * Copyright 2000 Alan DeKok <aland@ox.org>
24 static const char rcsid[] = "$Id$";
27 #include "libradius.h"
39 #include <sys/socket.h>
41 #ifdef HAVE_NETINET_IN_H
42 # include <netinet/in.h>
45 #ifdef HAVE_SYS_SELECT_H
46 # include <sys/select.h>
57 static int retries = 10;
58 static float timeout = 3;
59 static const char *secret = NULL;
60 static int do_output = 1;
61 static int do_summary = 0;
62 static int filedone = 0;
63 static int totalapp = 0;
64 static int totaldeny = 0;
65 static char filesecret[256];
68 * Read valuepairs from the fp up to End-Of-File.
70 static VALUE_PAIR *readvp(FILE *fp)
72 return readvp2(fp, &filedone, "radclient:");
75 static void usage(void)
77 fprintf(stderr, "Usage: radclient [options] server[:port] <command> [<secret>]\n");
79 fprintf(stderr, " <command> One of auth, acct, status, or disconnect.\n");
80 fprintf(stderr, " -c count Send each packet 'count' times.\n");
81 fprintf(stderr, " -d raddb Set dictionary directory.\n");
82 fprintf(stderr, " -f file Read packets from file, not stdin.\n");
83 fprintf(stderr, " -r retries If timeout, retry sending the packet 'retries' times.\n");
84 fprintf(stderr, " -t timeout Wait 'timeout' seconds before retrying (may be a floating point number).\n");
85 fprintf(stderr, " -i id Set request id to 'id'. Values may be 0..255\n");
86 fprintf(stderr, " -S file read secret from file, not command line.\n");
87 fprintf(stderr, " -q Do not print anything out.\n");
88 fprintf(stderr, " -s Print out summary information of auth results.\n");
89 fprintf(stderr, " -v Show program version information.\n");
90 fprintf(stderr, " -x Debugging mode.\n");
95 static int getport(const char *name)
99 svp = getservbyname (name, "udp");
104 return ntohs(svp->s_port);
107 static int send_packet(RADIUS_PACKET *req, RADIUS_PACKET **rep)
112 for (i = 0; i < retries; i++) {
115 rad_send(req, NULL, secret);
117 /* And wait for reply, timing out as necessary */
119 FD_SET(req->sockfd, &rdfdesc);
121 tv.tv_sec = (int)timeout;
122 tv.tv_usec = 1000000 * (timeout - (int) timeout);
124 /* Something's wrong if we don't get exactly one fd. */
125 if (select(req->sockfd + 1, &rdfdesc, NULL, NULL, &tv) != 1) {
129 *rep = rad_recv(req->sockfd);
132 * If we get a response from a machine
133 * which we did NOT send a request to,
136 if (((*rep)->src_ipaddr != req->dst_ipaddr) ||
137 ((*rep)->src_port != req->dst_port)) {
138 char src[64], dst[64];
140 ip_ntoa(src, (*rep)->src_ipaddr);
141 ip_ntoa(dst, req->dst_ipaddr);
142 fprintf(stderr, "radclient: ERROR: Sent request to host %s:%d, got response from host %s:%d\n!",
144 src, (*rep)->src_port);
148 } else { /* NULL: couldn't receive the packet */
149 librad_perror("radclient:");
154 /* No response or no data read (?) */
156 fprintf(stderr, "radclient: no response from server\n");
160 if (rad_decode(*rep, req, secret) != 0) {
161 librad_perror("rad_decode");
165 /* libradius debug already prints out the value pairs for us */
166 if (!librad_debug && do_output) {
167 printf("Received response ID %d, code %d, length = %d\n",
168 (*rep)->id, (*rep)->code, (*rep)->data_len);
169 vp_printlist(stdout, (*rep)->vps);
171 if((*rep)->code == PW_AUTHENTICATION_ACK) {
180 int main(int argc, char **argv)
183 RADIUS_PACKET *rep = NULL;
187 const char *radius_dir = RADDBDIR;
188 char *filename = NULL;
196 id = ((int)getpid() & 0xff);
199 while ((c = getopt(argc, argv, "c:d:f:hi:qst:r:S:xv")) != EOF) switch(c) {
201 if (!isdigit((int) *optarg))
203 count = atoi(optarg);
218 if (!isdigit((int) *optarg))
220 retries = atoi(optarg);
223 if (!isdigit((int) *optarg))
226 if ((id < 0) || (id > 255)) {
234 if (!isdigit((int) *optarg))
236 timeout = atof(optarg);
239 printf("radclient: $Id$ built on " __DATE__ " at " __TIME__ "\n");
243 fp = fopen(optarg, "r");
245 fprintf(stderr, "radclient: Error opening %s: %s\n",
246 optarg, strerror(errno));
249 if (fgets(filesecret, sizeof(filesecret), fp) == NULL) {
250 fprintf(stderr, "radclient: Error reading %s: %s\n",
251 optarg, strerror(errno));
256 /* truncate newline */
257 p = filesecret + strlen(filesecret) - 1;
258 while ((p >= filesecret) &&
264 if (strlen(filesecret) < 2) {
265 fprintf(stderr, "radclient: Secret in %s is too short\n", optarg);
275 argc -= (optind - 1);
276 argv += (optind - 1);
279 ((secret == NULL) && (argc < 4))) {
283 if (dict_init(radius_dir, RADIUS_DICTIONARY) < 0) {
284 librad_perror("radclient");
288 if ((req = rad_alloc(1)) == NULL) {
289 librad_perror("radclient");
296 * Strip port from hostname if needed.
298 if ((p = strchr(argv[1], ':')) != NULL) {
304 * See what kind of request we want to send.
306 if (strcmp(argv[2], "auth") == 0) {
307 if (port == 0) port = getport("radius");
308 if (port == 0) port = PW_AUTH_UDP_PORT;
309 req->code = PW_AUTHENTICATION_REQUEST;
311 } else if (strcmp(argv[2], "acct") == 0) {
312 if (port == 0) port = getport("radacct");
313 if (port == 0) port = PW_ACCT_UDP_PORT;
314 req->code = PW_ACCOUNTING_REQUEST;
317 } else if (strcmp(argv[2], "status") == 0) {
318 if (port == 0) port = getport("radius");
319 if (port == 0) port = PW_AUTH_UDP_PORT;
320 req->code = PW_STATUS_SERVER;
322 } else if (strcmp(argv[2], "disconnect") == 0) {
323 if (port == 0) port = PW_POD_UDP_PORT;
324 req->code = PW_DISCONNECT_REQUEST;
326 } else if (isdigit((int) argv[2][0])) {
327 if (port == 0) port = getport("radius");
328 if (port == 0) port = PW_AUTH_UDP_PORT;
329 req->code = atoi(argv[2]);
337 req->dst_port = port;
338 req->dst_ipaddr = ip_getaddr(argv[1]);
339 if (req->dst_ipaddr == INADDR_NONE) {
340 fprintf(stderr, "radclient: Failed to find IP address for host %s\n", argv[1]);
347 if (argv[3]) secret = argv[3];
351 * Maybe read them, from stdin, if there's no
352 * filename, or if the filename is '-'.
354 if (filename && (strcmp(filename, "-") != 0)) {
355 fp = fopen(filename, "r");
357 fprintf(stderr, "radclient: Error opening %s: %s\n",
358 filename, strerror(errno));
368 if ((req->sockfd = socket(AF_INET, SOCK_DGRAM, 0)) < 0) {
369 perror("radclient: socket: ");
374 if(req->vps) pairfree(&req->vps);
376 if ((req->vps = readvp(fp)) == NULL) {
382 * Keep a copy of the the User-Password attribute.
384 if ((vp = pairfind(req->vps, PW_PASSWORD)) != NULL) {
385 strNcpy(password, (char *)vp->strvalue, sizeof(vp->strvalue));
387 * Otherwise keep a copy of the CHAP-Password attribute.
389 } else if ((vp = pairfind(req->vps, PW_CHAP_PASSWORD)) != NULL) {
390 strNcpy(password, (char *)vp->strvalue, sizeof(vp->strvalue));
396 * Fix up Digest-Attributes issues
398 for (vp = req->vps; vp != NULL; vp = vp->next) {
399 switch (vp->attribute) {
403 case PW_DIGEST_REALM:
404 case PW_DIGEST_NONCE:
405 case PW_DIGEST_METHOD:
408 case PW_DIGEST_ALGORITHM:
409 case PW_DIGEST_BODY_DIGEST:
410 case PW_DIGEST_CNONCE:
411 case PW_DIGEST_NONCE_COUNT:
412 case PW_DIGEST_USER_NAME:
414 memmove(&vp->strvalue[2], &vp->strvalue[0], vp->length);
415 vp->strvalue[0] = vp->attribute - PW_DIGEST_REALM + 1;
417 vp->strvalue[1] = vp->length;
418 vp->attribute = PW_DIGEST_ATTRIBUTES;
424 * Loop, sending the packet N times.
426 for (loop = 0; loop < count; loop++) {
430 * If we've already sent a packet, free up the old
431 * one, and ensure that the next packet has a unique
432 * ID and authentication vector.
439 librad_md5_calc(req->vector, req->vector,
440 sizeof(req->vector));
442 if (*password != '\0') {
443 if ((vp = pairfind(req->vps, PW_PASSWORD)) != NULL) {
444 strNcpy((char *)vp->strvalue, password, strlen(password) + 1);
445 vp->length = strlen(password);
447 } else if ((vp = pairfind(req->vps, PW_CHAP_PASSWORD)) != NULL) {
448 strNcpy((char *)vp->strvalue, password, strlen(password) + 1);
449 vp->length = strlen(password);
451 rad_chap_encode(req, (char *) vp->strvalue, req->id, vp);
454 } /* there WAS a password */
456 send_packet(req, &rep);
461 printf("\n\t Total approved auths: %d\n", totalapp);
462 printf("\t Total denied auths: %d\n", totaldeny);