2 * command.c Command socket processing.
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or
9 * (at your option) any later version.
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
20 * Copyright 2008 The FreeRADIUS server project
21 * Copyright 2008 Alan DeKok <aland@deployingradius.com>
24 #ifdef WITH_COMMAND_SOCKET
26 #include <freeradius-devel/modpriv.h>
27 #include <freeradius-devel/conffile.h>
28 #include <freeradius-devel/stats.h>
29 #include <freeradius-devel/realms.h>
34 #define SUN_LEN(su) (sizeof(*(su)) - sizeof((su)->sun_path) + strlen((su)->sun_path))
38 #ifdef HAVE_SYS_STAT_H
50 typedef struct fr_command_table_t fr_command_table_t;
52 typedef int (*fr_command_func_t)(rad_listen_t *, int, char *argv[]);
57 struct fr_command_table_t {
59 int mode; /* read/write */
61 fr_command_func_t func;
62 fr_command_table_t *table;
65 #define COMMAND_BUFFER_SIZE (1024)
67 typedef struct fr_command_socket_t {
69 char *copy; /* <sigh> */
79 * The next few entries handle fake packets injected by
82 fr_ipaddr_t src_ipaddr; /* src_port is always 0 */
83 fr_ipaddr_t dst_ipaddr;
85 rad_listen_t *inject_listener;
86 RADCLIENT *inject_client;
89 * The next few entries do buffer management.
93 char buffer[COMMAND_BUFFER_SIZE];
94 } fr_command_socket_t;
96 static const CONF_PARSER command_config[] = {
97 { "socket", PW_TYPE_STRING_PTR,
98 offsetof(fr_command_socket_t, path), NULL, "${run_dir}/radiusd.sock"},
99 { "uid", PW_TYPE_STRING_PTR,
100 offsetof(fr_command_socket_t, uid_name), NULL, NULL},
101 { "gid", PW_TYPE_STRING_PTR,
102 offsetof(fr_command_socket_t, gid_name), NULL, NULL},
103 { "mode", PW_TYPE_STRING_PTR,
104 offsetof(fr_command_socket_t, mode_name), NULL, NULL},
106 { NULL, -1, 0, NULL, NULL } /* end the list */
109 static FR_NAME_NUMBER mode_names[] = {
111 { "read-only", FR_READ },
112 { "read-write", FR_READ | FR_WRITE },
113 { "rw", FR_READ | FR_WRITE },
118 static ssize_t cprintf(rad_listen_t *listener, const char *fmt, ...)
120 __attribute__ ((format (printf, 2, 3)))
124 #ifndef HAVE_GETPEEREID
125 static int getpeereid(int s, uid_t *euid, gid_t *egid)
131 socklen_t cl = sizeof(cr);
133 if (getsockopt(s, SOL_SOCKET, SO_PEERCRED, &cr, &cl) < 0) {
140 #endif /* SO_PEERCRED */
142 #endif /* HAVE_GETPEEREID */
145 static int fr_server_domain_socket(const char *path)
150 struct sockaddr_un salocal;
154 if (len >= sizeof(salocal.sun_path)) {
155 radlog(L_ERR, "Path too long in socket filename.");
159 if ((sockfd = socket(AF_UNIX, SOCK_STREAM, 0)) < 0) {
160 radlog(L_ERR, "Failed creating socket: %s",
165 memset(&salocal, 0, sizeof(salocal));
166 salocal.sun_family = AF_UNIX;
167 memcpy(salocal.sun_path, path, len + 1); /* SUN_LEN does strlen */
169 socklen = SUN_LEN(&salocal);
174 if (stat(path, &buf) < 0) {
175 if (errno != ENOENT) {
176 radlog(L_ERR, "Failed to stat %s: %s",
177 path, strerror(errno));
182 * FIXME: Check the enclosing directory?
184 } else { /* it exists */
185 if (!S_ISREG(buf.st_mode)
187 && !S_ISSOCK(buf.st_mode)
190 radlog(L_ERR, "Cannot turn %s into socket", path);
195 * Refuse to open sockets not owned by us.
197 if (buf.st_uid != geteuid()) {
198 radlog(L_ERR, "We do not own %s", path);
202 if (unlink(path) < 0) {
203 radlog(L_ERR, "Failed to delete %s: %s",
204 path, strerror(errno));
209 if (bind(sockfd, (struct sockaddr *)&salocal, socklen) < 0) {
210 radlog(L_ERR, "Failed binding to %s: %s",
211 path, strerror(errno));
217 * FIXME: There's a race condition here. But Linux
218 * doesn't seem to permit fchmod on domain sockets.
220 if (chmod(path, S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP) < 0) {
221 radlog(L_ERR, "Failed setting permissions on %s: %s",
222 path, strerror(errno));
227 if (listen(sockfd, 8) < 0) {
228 radlog(L_ERR, "Failed listening to %s: %s",
229 path, strerror(errno));
238 if ((flags = fcntl(sockfd, F_GETFL, NULL)) < 0) {
239 radlog(L_ERR, "Failure getting socket flags: %s",
246 if( fcntl(sockfd, F_SETFL, flags) < 0) {
247 radlog(L_ERR, "Failure setting socket flags: %s",
259 static void command_close_socket(rad_listen_t *this)
261 this->status = RAD_LISTEN_STATUS_CLOSED;
264 * This removes the socket from the event fd, so no one
265 * will be calling us any more.
271 static ssize_t cprintf(rad_listen_t *listener, const char *fmt, ...)
278 len = vsnprintf(buffer, sizeof(buffer), fmt, ap);
281 if (listener->status == RAD_LISTEN_STATUS_CLOSED) return 0;
283 len = write(listener->fd, buffer, len);
284 if (len <= 0) command_close_socket(listener);
287 * FIXME: Keep writing until done?
292 static int command_hup(rad_listen_t *listener, int argc, char *argv[])
295 module_instance_t *mi;
298 radius_signal_self(RADIUS_SIGNAL_SELF_HUP);
302 cs = cf_section_find("modules");
305 mi = find_module_instance(cs, argv[0], 0);
307 cprintf(listener, "ERROR: No such module \"%s\"\n", argv[0]);
311 if ((mi->entry->module->type & RLM_TYPE_HUP_SAFE) == 0) {
312 cprintf(listener, "ERROR: Module %s cannot be hup'd\n",
317 if (!module_hup_module(mi->cs, mi, time(NULL))) {
318 cprintf(listener, "ERROR: Failed to reload module\n");
322 return 1; /* success */
325 static int command_terminate(UNUSED rad_listen_t *listener,
326 UNUSED int argc, UNUSED char *argv[])
328 radius_signal_self(RADIUS_SIGNAL_SELF_TERM);
330 return 1; /* success */
333 extern time_t fr_start_time;
335 static int command_uptime(rad_listen_t *listener,
336 UNUSED int argc, UNUSED char *argv[])
340 CTIME_R(&fr_start_time, buffer, sizeof(buffer));
341 cprintf(listener, "Up since %s", buffer); /* no \r\n */
343 return 1; /* success */
346 static const char *tabs = "\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t";
349 * FIXME: Recurse && indent?
351 static void cprint_conf_parser(rad_listen_t *listener, int indent, CONF_SECTION *cs,
357 const char *name1 = cf_section_name1(cs);
358 const char *name2 = cf_section_name2(cs);
359 const CONF_PARSER *variables = cf_section_parse_table(cs);
363 cprintf(listener, "%.*s%s %s {\n", indent, tabs, name1, name2);
365 cprintf(listener, "%.*s%s {\n", indent, tabs, name1);
373 if (variables) for (i = 0; variables[i].name != NULL; i++) {
375 * No base struct offset, data must be the pointer.
376 * If data doesn't exist, ignore the entry, there
377 * must be something wrong.
380 if (!variables[i].data) {
384 data = variables[i].data;;
386 } else if (variables[i].data) {
387 data = variables[i].data;;
390 data = (((const char *)base) + variables[i].offset);
393 switch (variables[i].type) {
395 cprintf(listener, "%.*s%s = ?\n", indent, tabs,
399 case PW_TYPE_INTEGER:
400 cprintf(listener, "%.*s%s = %u\n", indent, tabs,
401 variables[i].name, *(const int *) data);
405 inet_ntop(AF_INET, data, buffer, sizeof(buffer));
408 case PW_TYPE_IPV6ADDR:
409 inet_ntop(AF_INET6, data, buffer, sizeof(buffer));
412 case PW_TYPE_BOOLEAN:
413 cprintf(listener, "%.*s%s = %s\n", indent, tabs,
415 ((*(const int *) data) == 0) ? "no" : "yes");
418 case PW_TYPE_STRING_PTR:
419 case PW_TYPE_FILENAME:
421 * FIXME: Escape things in the string!
423 if (*(const char * const *) data) {
424 cprintf(listener, "%.*s%s = \"%s\"\n", indent, tabs,
425 variables[i].name, *(const char * const *) data);
427 cprintf(listener, "%.*s%s = \n", indent, tabs,
437 cprintf(listener, "%.*s}\n", indent, tabs);
440 static int command_show_module_config(rad_listen_t *listener, int argc, char *argv[])
443 module_instance_t *mi;
446 cprintf(listener, "ERROR: No module name was given\n");
450 cs = cf_section_find("modules");
453 mi = find_module_instance(cs, argv[0], 0);
455 cprintf(listener, "ERROR: No such module \"%s\"\n", argv[0]);
459 cprint_conf_parser(listener, 0, mi->cs, mi->insthandle);
461 return 1; /* success */
464 static const char *method_names[RLM_COMPONENT_COUNT] = {
476 static int command_show_module_methods(rad_listen_t *listener, int argc, char *argv[])
480 const module_instance_t *mi;
484 cprintf(listener, "ERROR: No module name was given\n");
488 cs = cf_section_find("modules");
491 mi = find_module_instance(cs, argv[0], 0);
493 cprintf(listener, "ERROR: No such module \"%s\"\n", argv[0]);
497 mod = mi->entry->module;
499 for (i = 0; i < RLM_COMPONENT_COUNT; i++) {
500 if (mod->methods[i]) cprintf(listener, "\t%s\n", method_names[i]);
503 return 1; /* success */
507 static int command_show_module_flags(rad_listen_t *listener, int argc, char *argv[])
510 const module_instance_t *mi;
514 cprintf(listener, "ERROR: No module name was given\n");
518 cs = cf_section_find("modules");
521 mi = find_module_instance(cs, argv[0], 0);
523 cprintf(listener, "ERROR: No such module \"%s\"\n", argv[0]);
527 mod = mi->entry->module;
529 if ((mod->type & RLM_TYPE_THREAD_SAFE) != 0)
530 cprintf(listener, "\tthread-safe\n");
533 if ((mod->type & RLM_TYPE_CHECK_CONFIG_SAFE) != 0)
534 cprintf(listener, "\twill-check-config\n");
537 if ((mod->type & RLM_TYPE_HUP_SAFE) != 0)
538 cprintf(listener, "\treload-on-hup\n");
540 return 1; /* success */
545 * Show all loaded modules
547 static int command_show_modules(rad_listen_t *listener, UNUSED int argc, UNUSED char *argv[])
549 CONF_SECTION *cs, *subcs;
551 cs = cf_section_find("modules");
555 while ((subcs = cf_subsection_find_next(cs, subcs, NULL)) != NULL) {
556 const char *name1 = cf_section_name1(subcs);
557 const char *name2 = cf_section_name2(subcs);
559 module_instance_t *mi;
562 mi = find_module_instance(cs, name2, 0);
565 cprintf(listener, "\t%s (%s)\n", name2, name1);
567 mi = find_module_instance(cs, name1, 0);
570 cprintf(listener, "\t%s\n", name1);
574 return 1; /* success */
578 static int command_show_home_servers(rad_listen_t *listener, UNUSED int argc, UNUSED char *argv[])
582 const char *type, *state, *proto;
586 for (i = 0; i < 256; i++) {
587 home = home_server_bynumber(i);
591 * Internal "virtual" home server.
593 if (home->ipaddr.af == AF_UNSPEC) continue;
595 if (home->type == HOME_TYPE_AUTH) {
598 } else if (home->type == HOME_TYPE_ACCT) {
603 if (home->proto == IPPROTO_UDP) {
607 else if (home->proto == IPPROTO_TCP) {
613 if (home->state == HOME_STATE_ALIVE) {
616 } else if (home->state == HOME_STATE_ZOMBIE) {
619 } else if (home->state == HOME_STATE_IS_DEAD) {
624 cprintf(listener, "%s\t%d\t%s\t%s\t%s\t%d\n",
625 ip_ntoh(&home->ipaddr, buffer, sizeof(buffer)),
626 home->port, proto, type, state,
627 home->currently_outstanding);
634 static int command_show_clients(rad_listen_t *listener, UNUSED int argc, UNUSED char *argv[])
640 for (i = 0; i < 256; i++) {
641 client = client_findbynumber(NULL, i);
644 ip_ntoh(&client->ipaddr, buffer, sizeof(buffer));
646 if (((client->ipaddr.af == AF_INET) &&
647 (client->prefix != 32)) ||
648 ((client->ipaddr.af == AF_INET6) &&
649 (client->prefix != 128))) {
650 cprintf(listener, "\t%s/%d\n", buffer, client->prefix);
652 cprintf(listener, "\t%s\n", buffer);
660 static int command_show_xml(rad_listen_t *listener, UNUSED int argc, UNUSED char *argv[])
663 FILE *fp = fdopen(dup(listener->fd), "a");
666 cprintf(listener, "ERROR: Can't dup %s\n", strerror(errno));
671 cprintf(listener, "ERROR: <reference> is required\n");
675 ci = cf_reference_item(mainconfig.config, mainconfig.config, argv[0]);
677 cprintf(listener, "ERROR: No such item <reference>\n");
681 if (cf_item_is_section(ci)) {
682 cf_section2xml(fp, cf_itemtosection(ci));
684 } else if (cf_item_is_pair(ci)) {
685 cf_pair2xml(fp, cf_itemtopair(ci));
688 cprintf(listener, "ERROR: No such item <reference>\n");
695 return 1; /* success */
698 static int command_show_version(rad_listen_t *listener, UNUSED int argc, UNUSED char *argv[])
700 cprintf(listener, "%s\n", radiusd_version);
704 static int command_debug_level(rad_listen_t *listener, int argc, char *argv[])
709 cprintf(listener, "ERROR: Must specify <number>\n");
713 number = atoi(argv[0]);
714 if ((number < 0) || (number > 4)) {
715 cprintf(listener, "ERROR: <number> must be between 0 and 4\n");
719 fr_debug_flag = debug_flag = number;
724 char *debug_log_file = NULL;
725 static char debug_log_file_buffer[1024];
727 static int command_debug_file(rad_listen_t *listener, int argc, char *argv[])
729 if (debug_flag && mainconfig.radlog_dest == RADLOG_STDOUT) {
730 cprintf(listener, "ERROR: Cannot redirect debug logs to a file when already in debugging mode.\n");
734 if ((argc > 0) && (strchr(argv[0], FR_DIR_SEP) != NULL)) {
735 cprintf(listener, "ERROR: Cannot direct debug logs to absolute path.\n");
738 debug_log_file = NULL;
740 if (argc == 0) return 0;
743 * This looks weird, but it's here to avoid locking
744 * a mutex for every log message.
746 memset(debug_log_file_buffer, 0, sizeof(debug_log_file_buffer));
749 * Debug files always go to the logging directory.
751 snprintf(debug_log_file_buffer, sizeof(debug_log_file_buffer),
752 "%s/%s", radlog_dir, argv[0]);
754 debug_log_file = &debug_log_file_buffer[0];
759 extern char *debug_condition;
760 static int command_debug_condition(UNUSED rad_listen_t *listener, int argc, char *argv[])
763 * Delete old condition.
765 * This is thread-safe because the condition is evaluated
766 * in the main server thread, as is this code.
768 free(debug_condition);
769 debug_condition = NULL;
778 debug_condition = strdup(argv[0]);
783 static int command_show_debug_condition(rad_listen_t *listener,
784 UNUSED int argc, UNUSED char *argv[])
786 if (!debug_condition) return 0;
788 cprintf(listener, "%s\n", debug_condition);
793 static int command_show_debug_file(rad_listen_t *listener,
794 UNUSED int argc, UNUSED char *argv[])
796 if (!debug_log_file) return 0;
798 cprintf(listener, "%s\n", debug_log_file);
803 static int command_show_debug_level(rad_listen_t *listener,
804 UNUSED int argc, UNUSED char *argv[])
806 cprintf(listener, "%d\n", debug_flag);
811 static RADCLIENT *get_client(rad_listen_t *listener, int argc, char *argv[])
815 int proto = IPPROTO_UDP;
818 cprintf(listener, "ERROR: Must specify <ipaddr>\n");
822 if (ip_hton(argv[0], AF_UNSPEC, &ipaddr) < 0) {
823 cprintf(listener, "ERROR: Failed parsing IP address; %s\n",
830 if (strcmp(argv[1], "tcp") == 0) {
833 } else if (strcmp(argv[1], "udp") == 0) {
837 cprintf(listener, "ERROR: Unknown protocol %s. Please use \"udp\" or \"tcp\"\n",
844 client = client_find(NULL, &ipaddr, proto);
846 cprintf(listener, "ERROR: No such client\n");
854 static int command_show_client_config(rad_listen_t *listener, int argc, char *argv[])
859 client = get_client(listener, argc, argv);
864 if (!client->cs) return 1;
866 fp = fdopen(dup(listener->fd), "a");
868 cprintf(listener, "ERROR: Can't dup %s\n", strerror(errno));
872 cf_section2file(fp, client->cs);
879 static home_server *get_home_server(rad_listen_t *listener, int argc,
880 char *argv[], int *last)
884 int proto = IPPROTO_UDP;
888 cprintf(listener, "ERROR: Must specify <ipaddr> <port> [proto]\n");
892 if (ip_hton(argv[0], AF_UNSPEC, &ipaddr) < 0) {
893 cprintf(listener, "ERROR: Failed parsing IP address; %s\n",
898 port = atoi(argv[1]);
902 if (strcmp(argv[2], "udp") == 0) {
907 if (strcmp(argv[2], "tcp") == 0) {
914 home = home_server_find(&ipaddr, port, proto);
916 cprintf(listener, "ERROR: No such home server\n");
923 static int command_show_home_server_config(rad_listen_t *listener, int argc, char *argv[])
928 home = get_home_server(listener, argc, argv, NULL);
933 if (!home->cs) return 1;
935 fp = fdopen(dup(listener->fd), "a");
937 cprintf(listener, "ERROR: Can't dup %s\n", strerror(errno));
941 cf_section2file(fp, home->cs);
947 extern void revive_home_server(void *ctx);
948 extern void mark_home_server_dead(home_server *home, struct timeval *when);
950 static int command_set_home_server_state(rad_listen_t *listener, int argc, char *argv[])
956 cprintf(listener, "ERROR: Must specify <ipaddr> <port> [proto] <state>\n");
960 home = get_home_server(listener, argc, argv, &last);
965 if (strcmp(argv[last], "alive") == 0) {
966 revive_home_server(home);
968 } else if (strcmp(argv[last], "dead") == 0) {
971 gettimeofday(&now, NULL); /* we do this WAY too ofetn */
972 mark_home_server_dead(home, &now);
975 cprintf(listener, "ERROR: Unknown state \"%s\"\n", argv[last]);
982 static int command_show_home_server_state(rad_listen_t *listener, int argc, char *argv[])
986 home = get_home_server(listener, argc, argv, NULL);
991 switch (home->state) {
992 case HOME_STATE_ALIVE:
993 cprintf(listener, "alive\n");
996 case HOME_STATE_IS_DEAD:
997 cprintf(listener, "dead\n");
1000 case HOME_STATE_ZOMBIE:
1001 cprintf(listener, "zombie\n");
1005 cprintf(listener, "unknown\n");
1014 * For encode/decode stuff
1016 static int null_socket_dencode(UNUSED rad_listen_t *listener, UNUSED REQUEST *request)
1021 static int null_socket_send(UNUSED rad_listen_t *listener, REQUEST *request)
1027 output_file = request_data_reference(request, null_socket_send, 0);
1029 radlog(L_ERR, "WARNING: No output file for injected packet %d",
1034 fp = fopen(output_file, "w");
1036 radlog(L_ERR, "Failed to send injected file to %s: %s",
1037 output_file, strerror(errno));
1041 if (request->reply->code != 0) {
1042 const char *what = "reply";
1045 if (request->reply->code < FR_MAX_PACKET_CODE) {
1046 what = fr_packet_codes[request->reply->code];
1049 fprintf(fp, "%s\n", what);
1052 request->radlog(L_DBG, 0, request,
1053 "Injected %s packet to host %s port 0 code=%d, id=%d",
1055 inet_ntop(request->reply->src_ipaddr.af,
1056 &request->reply->src_ipaddr.ipaddr,
1057 buffer, sizeof(buffer)),
1058 request->reply->code, request->reply->id);
1061 for (vp = request->reply->vps; vp != NULL; vp = vp->next) {
1062 vp_prints(buffer, sizeof(buffer), vp);
1063 fprintf(fp, "%s\n", buffer);
1065 request->radlog(L_DBG, 0, request, "\t%s",
1075 static int command_inject_to(rad_listen_t *listener, int argc, char *argv[])
1078 RAD_LISTEN_TYPE type;
1079 fr_command_socket_t *sock = listener->data;
1081 rad_listen_t *found = NULL;
1084 cprintf(listener, "ERROR: Must specify [auth/acct]\n");
1088 if (strcmp(argv[0], "auth") == 0) {
1089 type = RAD_LISTEN_AUTH;
1091 } else if (strcmp(argv[0], "acct") == 0) {
1092 #ifdef WITH_ACCOUNTING
1093 type = RAD_LISTEN_ACCT;
1095 cprintf(listener, "ERROR: This server was built without accounting support.\n");
1100 cprintf(listener, "ERROR: Unknown socket type\n");
1105 cprintf(listener, "ERROR: No <ipaddr> <port> was given\n");
1110 * FIXME: Look for optional arg 4, and bind interface.
1113 if (ip_hton(argv[1], AF_UNSPEC, &ipaddr) < 0) {
1114 cprintf(listener, "ERROR: Failed parsing IP address; %s\n",
1118 port = atoi(argv[2]);
1120 found = listener_find_byipaddr(&ipaddr, port);
1122 cprintf(listener, "ERROR: Could not find matching listener\n");
1126 sock->inject_listener = found;
1127 sock->dst_ipaddr = ipaddr;
1128 sock->dst_port = port;
1133 static int command_inject_from(rad_listen_t *listener, int argc, char *argv[])
1136 fr_command_socket_t *sock = listener->data;
1139 cprintf(listener, "ERROR: No <ipaddr> was given\n");
1143 if (!sock->inject_listener) {
1144 cprintf(listener, "ERROR: You must specify \"inject to\" before using \"inject from\"\n");
1148 sock->src_ipaddr.af = AF_UNSPEC;
1149 if (ip_hton(argv[0], AF_UNSPEC, &sock->src_ipaddr) < 0) {
1150 cprintf(listener, "ERROR: Failed parsing IP address; %s\n",
1155 client = client_listener_find(sock->inject_listener, &sock->src_ipaddr,
1158 cprintf(listener, "ERROR: No such client %s\n", argv[0]);
1161 sock->inject_client = client;
1166 static int command_inject_file(rad_listen_t *listener, int argc, char *argv[])
1168 static int inject_id = 0;
1170 fr_command_socket_t *sock = listener->data;
1172 REQUEST *request = NULL;
1173 RADIUS_PACKET *packet;
1176 RAD_REQUEST_FUNP fun = NULL;
1180 cprintf(listener, "ERROR: You must specify <input-file> <output-file>\n");
1185 * Output files always go to the logging directory.
1187 snprintf(buffer, sizeof(buffer), "%s/%s", radlog_dir, argv[1]);
1189 fp = fopen(argv[0], "r");
1191 cprintf(listener, "ERROR: Failed opening %s: %s\n",
1192 argv[0], strerror(errno));
1196 vp = readvp2(fp, &filedone, "");
1199 cprintf(listener, "ERROR: Failed reading attributes from %s: %s\n",
1200 argv[0], fr_strerror());
1204 fake = rad_malloc(sizeof(*fake));
1205 memcpy(fake, sock->inject_listener, sizeof(*fake));
1208 * Re-write the IO for the listener.
1210 fake->encode = null_socket_dencode;
1211 fake->decode = null_socket_dencode;
1212 fake->send = null_socket_send;
1214 packet = rad_alloc(0);
1215 packet->src_ipaddr = sock->src_ipaddr;
1216 packet->src_port = 0;
1218 packet->dst_ipaddr = sock->dst_ipaddr;
1219 packet->dst_port = sock->dst_port;
1221 packet->id = inject_id++;
1223 if (fake->type == RAD_LISTEN_AUTH) {
1224 packet->code = PW_AUTHENTICATION_REQUEST;
1225 fun = rad_authenticate;
1228 #ifdef WITH_ACCOUNTING
1229 packet->code = PW_ACCOUNTING_REQUEST;
1230 fun = rad_accounting;
1232 cprintf(listener, "ERROR: This server was built without accounting support.\n");
1239 if (!received_request(fake, packet, &request, sock->inject_client)) {
1240 cprintf(listener, "ERROR: Failed to inject request. See log file for details\n");
1247 * Remember what the output file is, and remember to
1248 * delete the fake listener when done.
1250 request_data_add(request, null_socket_send, 0, strdup(buffer), free);
1251 request_data_add(request, null_socket_send, 1, fake, free);
1254 request->radlog(L_DBG, 0, request,
1255 "Injected %s packet from host %s port 0 code=%d, id=%d",
1256 fr_packet_codes[packet->code],
1257 inet_ntop(packet->src_ipaddr.af,
1258 &packet->src_ipaddr.ipaddr,
1259 buffer, sizeof(buffer)),
1260 packet->code, packet->id);
1262 for (vp = packet->vps; vp != NULL; vp = vp->next) {
1263 vp_prints(buffer, sizeof(buffer), vp);
1264 request->radlog(L_DBG, 0, request, "\t%s", buffer);
1269 * And go process it.
1271 thread_pool_addrequest(request, fun);
1277 static fr_command_table_t command_table_inject[] = {
1279 "inject to <ipaddr> <port> - Inject packets to the destination IP and port.",
1280 command_inject_to, NULL },
1283 "inject from <ipaddr> - Inject packets as if they came from <ipaddr>",
1284 command_inject_from, NULL },
1287 "inject file <input-file> <output-file> - Inject packet from input-file>, with results sent to <output-file>",
1288 command_inject_file, NULL },
1290 { NULL, 0, NULL, NULL, NULL }
1293 static fr_command_table_t command_table_debug[] = {
1294 { "condition", FR_WRITE,
1295 "debug condition [condition] - Enable debugging for requests matching [condition]",
1296 command_debug_condition, NULL },
1298 { "level", FR_WRITE,
1299 "debug level <number> - Set debug level to <number>. Higher is more debugging.",
1300 command_debug_level, NULL },
1303 "debug file [filename] - Send all debugging output to [filename]",
1304 command_debug_file, NULL },
1306 { NULL, 0, NULL, NULL, NULL }
1309 static fr_command_table_t command_table_show_debug[] = {
1310 { "condition", FR_READ,
1311 "show debug condition - Shows current debugging condition.",
1312 command_show_debug_condition, NULL },
1315 "show debug level - Shows current debugging level.",
1316 command_show_debug_level, NULL },
1319 "show debug file - Shows current debugging file.",
1320 command_show_debug_file, NULL },
1322 { NULL, 0, NULL, NULL, NULL }
1325 static fr_command_table_t command_table_show_module[] = {
1326 { "config", FR_READ,
1327 "show module config <module> - show configuration for given module",
1328 command_show_module_config, NULL },
1330 "show module flags <module> - show other module properties",
1331 command_show_module_flags, NULL },
1333 "show module list - shows list of loaded modules",
1334 command_show_modules, NULL },
1335 { "methods", FR_READ,
1336 "show module methods <module> - show sections where <module> may be used",
1337 command_show_module_methods, NULL },
1339 { NULL, 0, NULL, NULL, NULL }
1342 static fr_command_table_t command_table_show_client[] = {
1343 { "config", FR_READ,
1344 "show client config <ipaddr> "
1348 "- show configuration for given client",
1349 command_show_client_config, NULL },
1351 "show client list - shows list of global clients",
1352 command_show_clients, NULL },
1354 { NULL, 0, NULL, NULL, NULL }
1358 static fr_command_table_t command_table_show_home[] = {
1359 { "config", FR_READ,
1360 "show home_server config <ipaddr> <port> [proto] - show configuration for given home server",
1361 command_show_home_server_config, NULL },
1363 "show home_server list - shows list of home servers",
1364 command_show_home_servers, NULL },
1366 "show home_server state <ipaddr> <port> [proto] - shows state of given home server",
1367 command_show_home_server_state, NULL },
1369 { NULL, 0, NULL, NULL, NULL }
1374 static fr_command_table_t command_table_show[] = {
1375 { "client", FR_READ,
1376 "show client <command> - do sub-command of client",
1377 NULL, command_table_show_client },
1379 "show debug <command> - show debug properties",
1380 NULL, command_table_show_debug },
1382 { "home_server", FR_READ,
1383 "show home_server <command> - do sub-command of home_server",
1384 NULL, command_table_show_home },
1386 { "module", FR_READ,
1387 "show module <command> - do sub-command of module",
1388 NULL, command_table_show_module },
1389 { "uptime", FR_READ,
1390 "show uptime - shows time at which server started",
1391 command_uptime, NULL },
1392 { "version", FR_READ,
1393 "show version - Prints version of the running server",
1394 command_show_version, NULL },
1396 "show xml <reference> - Prints out configuration as XML",
1397 command_show_xml, NULL },
1398 { NULL, 0, NULL, NULL, NULL }
1402 static int command_set_module_config(rad_listen_t *listener, int argc, char *argv[])
1407 module_instance_t *mi;
1408 const CONF_PARSER *variables;
1412 cprintf(listener, "ERROR: No module name or variable was given\n");
1416 cs = cf_section_find("modules");
1419 mi = find_module_instance(cs, argv[0], 0);
1421 cprintf(listener, "ERROR: No such module \"%s\"\n", argv[0]);
1425 if ((mi->entry->module->type & RLM_TYPE_HUP_SAFE) == 0) {
1426 cprintf(listener, "ERROR: Cannot change configuration of module as it is cannot be HUP'd.\n");
1430 variables = cf_section_parse_table(mi->cs);
1432 cprintf(listener, "ERROR: Cannot find configuration for module\n");
1437 for (i = 0; variables[i].name != NULL; i++) {
1439 * FIXME: Recurse into sub-types somehow...
1441 if (variables[i].type == PW_TYPE_SUBSECTION) continue;
1443 if (strcmp(variables[i].name, argv[1]) == 0) {
1450 cprintf(listener, "ERROR: No such variable \"%s\"\n", argv[1]);
1454 i = rcode; /* just to be safe */
1457 * It's not part of the dynamic configuration. The module
1458 * needs to re-parse && validate things.
1460 if (variables[i].data) {
1461 cprintf(listener, "ERROR: Variable cannot be dynamically updated\n");
1465 data = ((char *) mi->insthandle) + variables[i].offset;
1467 cp = cf_pair_find(mi->cs, argv[1]);
1471 * Replace the OLD value in the configuration file with
1474 * FIXME: Parse argv[2] depending on it's data type!
1475 * If it's a string, look for leading single/double quotes,
1476 * end then call tokenize functions???
1478 cf_pair_replace(mi->cs, cp, argv[2]);
1480 rcode = cf_item_parse(mi->cs, argv[1], variables[i].type,
1483 cprintf(listener, "ERROR: Failed to parse value\n");
1487 return 1; /* success */
1490 static int command_set_module_status(rad_listen_t *listener, int argc, char *argv[])
1493 module_instance_t *mi;
1496 cprintf(listener, "ERROR: No module name or status was given\n");
1500 cs = cf_section_find("modules");
1503 mi = find_module_instance(cs, argv[0], 0);
1505 cprintf(listener, "ERROR: No such module \"%s\"\n", argv[0]);
1510 if (strcmp(argv[1], "alive") == 0) {
1513 } else if (strcmp(argv[1], "dead") == 0) {
1517 cprintf(listener, "ERROR: Unknown status \"%s\"\n", argv[2]);
1521 return 1; /* success */
1524 static int command_print_stats(rad_listen_t *listener, fr_stats_t *stats,
1527 cprintf(listener, "\trequests\t%u\n", stats->total_requests);
1528 cprintf(listener, "\tresponses\t%u\n", stats->total_responses);
1531 cprintf(listener, "\taccepts\t\t%u\n",
1532 stats->total_access_accepts);
1533 cprintf(listener, "\trejects\t\t%u\n",
1534 stats->total_access_rejects);
1535 cprintf(listener, "\tchallenges\t%u\n",
1536 stats->total_access_challenges);
1539 cprintf(listener, "\tdup\t\t%u\n", stats->total_dup_requests);
1540 cprintf(listener, "\tinvalid\t\t%u\n", stats->total_invalid_requests);
1541 cprintf(listener, "\tmalformed\t%u\n", stats->total_malformed_requests);
1542 cprintf(listener, "\tbad_signature\t%u\n", stats->total_bad_authenticators);
1543 cprintf(listener, "\tdropped\t\t%u\n", stats->total_packets_dropped);
1544 cprintf(listener, "\tunknown_types\t%u\n", stats->total_unknown_types);
1551 static FR_NAME_NUMBER state_names[] = {
1552 { "unopened", STATE_UNOPENED },
1553 { "unlocked", STATE_UNLOCKED },
1554 { "header", STATE_HEADER },
1555 { "reading", STATE_READING },
1556 { "queued", STATE_QUEUED },
1557 { "running", STATE_RUNNING },
1558 { "no-reply", STATE_NO_REPLY },
1559 { "replied", STATE_REPLIED },
1564 static int command_stats_detail(rad_listen_t *listener, int argc, char *argv[])
1567 listen_detail_t *data;
1571 cprintf(listener, "ERROR: Must specify <filename>\n");
1576 for (this = mainconfig.listen; this != NULL; this = this->next) {
1577 if (this->type != RAD_LISTEN_DETAIL) continue;
1580 if (strcmp(argv[1], data->filename) != 0) continue;
1585 cprintf(listener, "\tstate\t%s\n",
1586 fr_int2str(state_names, data->state, "?"));
1588 if ((data->state == STATE_UNOPENED) ||
1589 (data->state == STATE_UNLOCKED)) {
1594 * Race conditions: file might not exist.
1596 if (stat(data->filename_work, &buf) < 0) {
1597 cprintf(listener, "packets\t0\n");
1598 cprintf(listener, "tries\t0\n");
1599 cprintf(listener, "offset\t0\n");
1600 cprintf(listener, "size\t0\n");
1604 cprintf(listener, "packets\t%d\n", data->packets);
1605 cprintf(listener, "tries\t%d\n", data->tries);
1606 cprintf(listener, "offset\t%u\n", (unsigned int) data->offset);
1607 cprintf(listener, "size\t%u\n", (unsigned int) buf.st_size);
1614 static int command_stats_home_server(rad_listen_t *listener, int argc, char *argv[])
1619 cprintf(listener, "ERROR: Must specify [auth/acct] OR <ipaddr> <port>\n");
1624 #ifdef WITH_ACCOUNTING
1625 if (strcmp(argv[0], "acct") == 0) {
1626 return command_print_stats(listener,
1627 &proxy_acct_stats, 0);
1630 if (strcmp(argv[0], "auth") == 0) {
1631 return command_print_stats(listener,
1632 &proxy_auth_stats, 1);
1635 cprintf(listener, "ERROR: Should specify [auth/acct]\n");
1639 home = get_home_server(listener, argc, argv, NULL);
1644 command_print_stats(listener, &home->stats,
1645 (home->type == HOME_TYPE_AUTH));
1646 cprintf(listener, "\toutstanding\t%d\n", home->currently_outstanding);
1651 static int command_stats_client(rad_listen_t *listener, int argc, char *argv[])
1657 cprintf(listener, "ERROR: Must specify [auth/acct]\n");
1661 if (strcmp(argv[0], "auth") == 0) {
1664 } else if (strcmp(argv[0], "acct") == 0) {
1665 #ifdef WITH_ACCOUNTING
1668 cprintf(listener, "ERROR: This server was built without accounting support.\n");
1673 cprintf(listener, "ERROR: Unknown statistics type\n");
1678 * Global results for all client.
1681 #ifdef WITH_ACCOUNTING
1683 return command_print_stats(listener,
1684 &radius_acct_stats, auth);
1687 return command_print_stats(listener, &radius_auth_stats, auth);
1690 client = get_client(listener, argc - 1, argv + 1);
1695 #ifdef WITH_ACCOUNTING
1697 return command_print_stats(listener, client->acct, auth);
1701 return command_print_stats(listener, client->auth, auth);
1705 static int command_add_client_file(rad_listen_t *listener, int argc, char *argv[])
1710 cprintf(listener, "ERROR: <file> is required\n");
1715 * Read the file and generate the client.
1717 c = client_read(argv[0], FALSE, FALSE);
1719 cprintf(listener, "ERROR: Unknown error reading client file.\n");
1723 if (!client_add(NULL, c)) {
1724 cprintf(listener, "ERROR: Unknown error inserting new client.\n");
1733 static int command_del_client(rad_listen_t *listener, int argc, char *argv[])
1735 #ifdef WITH_DYNAMIC_CLIENTS
1738 client = get_client(listener, argc - 1, argv + 1);
1739 if (!client) return 0;
1741 if (!client->dynamic) {
1742 cprintf(listener, "ERROR: Client %s was not dynamically defined.\n", argv[1]);
1747 * DON'T delete it. Instead, mark it as "dead now". The
1748 * next time we receive a packet for the client, it will
1751 * If we don't receive a packet from it, the client
1752 * structure will stick around for a while. Oh well...
1754 client->lifetime = 1;
1756 cprintf(listener, "ERROR: Dynamic clients are not supported.\n");
1763 static fr_command_table_t command_table_del_client[] = {
1764 { "ipaddr", FR_WRITE,
1765 "del client ipaddr <ipaddr> - Delete a dynamically created client",
1766 command_del_client, NULL },
1768 { NULL, 0, NULL, NULL, NULL }
1772 static fr_command_table_t command_table_del[] = {
1773 { "client", FR_WRITE,
1774 "del client <command> - Delete client configuration commands",
1775 NULL, command_table_del_client },
1777 { NULL, 0, NULL, NULL, NULL }
1781 static fr_command_table_t command_table_add_client[] = {
1783 "add client file <filename> - Add new client definition from <filename>",
1784 command_add_client_file, NULL },
1786 { NULL, 0, NULL, NULL, NULL }
1790 static fr_command_table_t command_table_add[] = {
1791 { "client", FR_WRITE,
1792 "add client <command> - Add client configuration commands",
1793 NULL, command_table_add_client },
1795 { NULL, 0, NULL, NULL, NULL }
1800 static fr_command_table_t command_table_set_home[] = {
1801 { "state", FR_WRITE,
1802 "set home_server state <ipaddr> <port> [proto] [alive|dead] - set state for given home server",
1803 command_set_home_server_state, NULL },
1805 { NULL, 0, NULL, NULL, NULL }
1809 static fr_command_table_t command_table_set_module[] = {
1810 { "config", FR_WRITE,
1811 "set module config <module> variable value - set configuration for <module>",
1812 command_set_module_config, NULL },
1814 { "status", FR_WRITE,
1815 "set module status [alive|dead] - set the module to be alive or dead (always return \"fail\")",
1816 command_set_module_status, NULL },
1818 { NULL, 0, NULL, NULL, NULL }
1822 static fr_command_table_t command_table_set[] = {
1823 { "module", FR_WRITE,
1824 "set module <command> - set module commands",
1825 NULL, command_table_set_module },
1827 { "home_server", FR_WRITE,
1828 "set home_server <command> - set home server commands",
1829 NULL, command_table_set_home },
1832 { NULL, 0, NULL, NULL, NULL }
1836 static fr_command_table_t command_table_stats[] = {
1837 { "client", FR_READ,
1838 "stats client [auth/acct] <ipaddr> "
1842 "- show statistics for given client, or for all clients (auth or acct)",
1843 command_stats_client, NULL },
1845 { "home_server", FR_READ,
1846 "stats home_server [<ipaddr>/auth/acct] <port> - show statistics for given home server (ipaddr and port), or for all home servers (auth or acct)",
1847 command_stats_home_server, NULL },
1851 { "detail", FR_READ,
1852 "stats detail <filename> - show statistics for the given detail file",
1853 command_stats_detail, NULL },
1856 { NULL, 0, NULL, NULL, NULL }
1859 static fr_command_table_t command_table[] = {
1860 { "add", FR_WRITE, NULL, NULL, command_table_add },
1861 { "debug", FR_WRITE,
1862 "debug <command> - debugging commands",
1863 NULL, command_table_debug },
1864 { "del", FR_WRITE, NULL, NULL, command_table_del },
1866 "hup [module] - sends a HUP signal to the server, or optionally to one module",
1867 command_hup, NULL },
1868 { "inject", FR_WRITE,
1869 "inject <command> - commands to inject packets into a running server",
1870 NULL, command_table_inject },
1871 { "reconnect", FR_READ,
1872 "reconnect - reconnect to a running server",
1873 NULL, NULL }, /* just here for "help" */
1874 { "terminate", FR_WRITE,
1875 "terminate - terminates the server, and cause it to exit",
1876 command_terminate, NULL },
1877 { "set", FR_WRITE, NULL, NULL, command_table_set },
1878 { "show", FR_READ, NULL, NULL, command_table_show },
1879 { "stats", FR_READ, NULL, NULL, command_table_stats },
1881 { NULL, 0, NULL, NULL, NULL }
1885 static void command_socket_free(rad_listen_t *this)
1887 fr_command_socket_t *sock = this->data;
1896 * Parse the unix domain sockets.
1898 * FIXME: TCP + SSL, after RadSec is in.
1900 static int command_socket_parse(CONF_SECTION *cs, rad_listen_t *this)
1902 fr_command_socket_t *sock;
1904 if (check_config) return 0;
1908 if (cf_section_parse(cs, sock, command_config) < 0) {
1913 if (sock->path) sock->copy = strdup(sock->path);
1915 #if defined(HAVE_GETPEEREID) || defined (SO_PEERCRED)
1916 if (sock->uid_name) {
1919 pw = getpwnam(sock->uid_name);
1921 radlog(L_ERR, "Failed getting uid for %s: %s",
1922 sock->uid_name, strerror(errno));
1926 sock->uid = pw->pw_uid;
1929 if (sock->gid_name) {
1932 gr = getgrnam(sock->gid_name);
1934 radlog(L_ERR, "Failed getting gid for %s: %s",
1935 sock->gid_name, strerror(errno));
1938 sock->gid = gr->gr_gid;
1941 #else /* can't get uid or gid of connecting user */
1943 if (sock->uid_name || sock->gid_name) {
1944 radlog(L_ERR, "System does not support uid or gid authentication for sockets");
1950 if (!sock->mode_name) {
1951 sock->mode = FR_READ;
1953 sock->mode = fr_str2int(mode_names, sock->mode_name, 0);
1955 radlog(L_ERR, "Invalid mode name \"%s\"",
1962 * FIXME: check for absolute pathnames?
1963 * check for uid/gid on the other end...
1966 this->fd = fr_server_domain_socket(sock->path);
1974 static int command_socket_print(const rad_listen_t *this, char *buffer, size_t bufsize)
1976 fr_command_socket_t *sock = this->data;
1978 snprintf(buffer, bufsize, "command file %s", sock->path);
1984 * String split routine. Splits an input string IN PLACE
1985 * into pieces, based on spaces.
1987 static int str2argv(char *str, char **argv, int max_argc)
1994 if (argc >= max_argc) return argc;
1997 * Chop out comments early.
2004 while ((*str == ' ') ||
2007 (*str == '\n')) *(str++) = '\0';
2009 if (!*str) return argc;
2011 if ((*str == '\'') || (*str == '"')) {
2015 token = gettoken((const char **) &p, buffer,
2017 if ((token != T_SINGLE_QUOTED_STRING) &&
2018 (token != T_DOUBLE_QUOTED_STRING)) {
2022 len = strlen(buffer);
2023 if (len >= (size_t) (p - str)) {
2027 memcpy(str, buffer, len + 1);
2040 (*str != '\n')) str++;
2046 static void print_help(rad_listen_t *listener,
2047 fr_command_table_t *table, int recursive)
2051 for (i = 0; table[i].command != NULL; i++) {
2052 if (table[i].help) {
2053 cprintf(listener, "%s\n",
2056 cprintf(listener, "%s <command> - do sub-command of %s\n",
2057 table[i].command, table[i].command);
2060 if (recursive && table[i].table) {
2061 print_help(listener, table[i].table, recursive);
2066 #define MAX_ARGV (16)
2069 * Check if an incoming request is "ok"
2071 * It takes packets, not requests. It sees if the packet looks
2072 * OK. If so, it does a number of sanity checks on it.
2074 static int command_domain_recv(rad_listen_t *listener,
2075 UNUSED RAD_REQUEST_FUNP *pfun,
2076 UNUSED REQUEST **prequest)
2081 char *my_argv[MAX_ARGV], **argv;
2082 fr_command_table_t *table;
2083 fr_command_socket_t *co = listener->data;
2092 len = recv(listener->fd, co->buffer + co->offset,
2093 sizeof(co->buffer) - co->offset - 1, 0);
2094 if (len == 0) goto close_socket; /* clean close */
2097 if ((errno == EAGAIN) || (errno == EINTR)) {
2106 if ((co->offset == 0) && (co->buffer[0] == 0x04)) {
2108 command_close_socket(listener);
2113 * See if there are multiple lines in the buffer.
2115 p = co->buffer + co->offset;
2118 for (c = 0; c < len; c++) {
2119 if ((*p == '\r') || (*p == '\n')) {
2124 * FIXME: do real buffering...
2125 * handling of CTRL-C, etc.
2130 * \r \n followed by ASCII...
2141 * Saw CR/LF. Set next element, and exit.
2144 co->next = p - co->buffer;
2148 if (co->offset >= (ssize_t) (sizeof(co->buffer) - 1)) {
2149 radlog(L_ERR, "Line too long!");
2156 DEBUG("radmin> %s", co->buffer);
2158 argc = str2argv(co->buffer, my_argv, MAX_ARGV);
2159 if (argc == 0) goto do_next; /* empty strings are OK */
2162 cprintf(listener, "ERROR: Failed parsing command.\n");
2168 for (len = 0; len <= co->offset; len++) {
2169 if (co->buffer[len] < 0x20) {
2170 co->buffer[len] = '\0';
2176 * Hard-code exit && quit.
2178 if ((strcmp(argv[0], "exit") == 0) ||
2179 (strcmp(argv[0], "quit") == 0)) goto close_socket;
2183 if (strcmp(argv[0], "login") != 0) {
2184 cprintf(listener, "ERROR: Login required\n");
2189 cprintf(listener, "ERROR: login <user> <password>\n");
2194 * FIXME: Generate && process fake RADIUS request.
2196 if ((strcmp(argv[1], "root") == 0) &&
2197 (strcmp(argv[2], "password") == 0)) {
2198 strlcpy(co->user, argv[1], sizeof(co->user));
2202 cprintf(listener, "ERROR: Login incorrect\n");
2207 table = command_table;
2210 for (i = 0; table[i].command != NULL; i++) {
2211 if (strcmp(table[i].command, argv[0]) == 0) {
2213 * Check permissions.
2215 if (((co->mode & FR_WRITE) == 0) &&
2216 ((table[i].mode & FR_WRITE) != 0)) {
2217 cprintf(listener, "ERROR: You do not have write permission. See \"mode = rw\" in the \"listen\" section for this socket.\n");
2221 if (table[i].table) {
2223 * This is the last argument, but
2224 * there's a sub-table. Print help.
2228 table = table[i].table;
2234 table = table[i].table;
2238 if ((argc == 2) && (strcmp(argv[1], "?") == 0)) goto do_help;
2240 if (!table[i].func) {
2241 cprintf(listener, "ERROR: Invalid command\n");
2246 rcode = table[i].func(listener,
2247 argc - 1, argv + 1);
2256 if ((strcmp(argv[0], "help") == 0) ||
2257 (strcmp(argv[0], "?") == 0)) {
2261 if ((argc > 1) && (strcmp(argv[1], "-r") == 0)) {
2267 print_help(listener, table, recursive);
2271 cprintf(listener, "ERROR: Unknown command \"%s\"\n",
2276 cprintf(listener, "radmin> ");
2278 if (co->next <= co->offset) {
2281 memmove(co->buffer, co->buffer + co->next,
2282 co->offset - co->next);
2283 co->offset -= co->next;
2290 static int command_domain_accept(rad_listen_t *listener,
2291 UNUSED RAD_REQUEST_FUNP *pfun,
2292 UNUSED REQUEST **prequest)
2298 struct sockaddr_storage src;
2299 fr_command_socket_t *sock = listener->data;
2301 salen = sizeof(src);
2303 DEBUG2(" ... new connection request on command socket.");
2308 newfd = accept(listener->fd, (struct sockaddr *) &src, &salen);
2311 * Non-blocking sockets must handle this.
2313 if (errno == EWOULDBLOCK) {
2317 DEBUG2(" ... failed to accept connection.");
2322 * Perform user authentication.
2324 if (sock->uid_name || sock->gid_name) {
2328 if (getpeereid(listener->fd, &uid, &gid) < 0) {
2329 radlog(L_ERR, "Failed getting peer credentials for %s: %s",
2330 sock->path, strerror(errno));
2335 if (sock->uid_name && (sock->uid != uid)) {
2336 radlog(L_ERR, "Unauthorized connection to %s from uid %ld",
2337 sock->path, (long int) uid);
2342 if (sock->gid_name && (sock->gid != gid)) {
2343 radlog(L_ERR, "Unauthorized connection to %s from gid %ld",
2344 sock->path, (long int) gid);
2351 * Write 32-bit magic number && version information.
2353 magic = htonl(0xf7eead15);
2354 if (write(newfd, &magic, 4) < 0) {
2355 radlog(L_ERR, "Failed writing initial data to socket: %s",
2360 magic = htonl(1); /* protocol version */
2361 if (write(newfd, &magic, 4) < 0) {
2362 radlog(L_ERR, "Failed writing initial data to socket: %s",
2370 * Add the new listener.
2372 this = listen_alloc(listener->type);
2373 if (!this) return 0;
2376 * Copy everything, including the pointer to the socket
2380 memcpy(this, listener, sizeof(*this));
2381 this->status = RAD_LISTEN_STATUS_INIT;
2383 this->data = sock; /* fix it back */
2386 sock->user[0] = '\0';
2387 sock->path = ((fr_command_socket_t *) listener->data)->path;
2388 sock->mode = ((fr_command_socket_t *) listener->data)->mode;
2391 this->recv = command_domain_recv;
2394 * Tell the event loop that we have a new FD
2403 * Send an authentication response packet
2405 static int command_domain_send(UNUSED rad_listen_t *listener,
2406 UNUSED REQUEST *request)
2412 static int command_socket_encode(UNUSED rad_listen_t *listener,
2413 UNUSED REQUEST *request)
2419 static int command_socket_decode(UNUSED rad_listen_t *listener,
2420 UNUSED REQUEST *request)
2425 #endif /* WITH_COMMAND_SOCKET */
projects / freeradius.git / blob