The FreeRADIUS server $Id: f3670dba8951ca10eb4948feb3dc3db9423a334f $
Loading...
Searching...
No Matches
radclient-ng.c
Go to the documentation of this file.
1/*
2 * This program is free software; you can redistribute it and/or modify
3 * it under the terms of the GNU General Public License as published by
4 * the Free Software Foundation; either version 2 of the License, or
5 * (at your option) any later version.
6 *
7 * This program is distributed in the hope that it will be useful,
8 * but WITHOUT ANY WARRANTY; without even the implied warranty of
9 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10 * GNU General Public License for more details.
11 *
12 * You should have received a copy of the GNU General Public License
13 * along with this program; if not, write to the Free Software
14 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
15 */
16
17/**
18 * $Id: ffbf3aab88448c39d782b765574168850bc531d1 $
19 *
20 * @file src/bin/radclient.c
21 * @brief General radius client and debug tool.
22 *
23 * @copyright 2000,2006,2014 The FreeRADIUS server project
24 * @copyright 2000 Miquel van Smoorenburg (miquels@cistron.nl)
25 * @copyright 2000 Alan DeKok (aland@freeradius.org)
26 */
27
28RCSID("$Id: ffbf3aab88448c39d782b765574168850bc531d1 $")
29
30#include <freeradius-devel/util/conf.h>
31#include <freeradius-devel/util/syserror.h>
32#include <freeradius-devel/util/atexit.h>
33#include <freeradius-devel/util/pair_legacy.h>
34#include <freeradius-devel/util/time.h>
35#include <freeradius-devel/util/event.h>
36#include <freeradius-devel/server/packet.h>
37#include <freeradius-devel/radius/list.h>
38#include <freeradius-devel/radius/radius.h>
39#include <freeradius-devel/util/chap.h>
40#include <freeradius-devel/radius/client.h>
41
42#ifdef HAVE_OPENSSL_SSL_H
43#include <openssl/ssl.h>
44#include <freeradius-devel/util/md4.h>
45#endif
46
47#ifdef HAVE_GETOPT_H
48# include <getopt.h>
49#endif
50
51
52typedef struct request_s request_t; /* to shut up warnings about mschap.h */
53
54#include "smbdes.h"
55#include "mschap.h"
56
57#include "radclient-ng.h"
58
59#define pair_update_request(_attr, _da) do { \
60 _attr = fr_pair_find_by_da(&request->request_pairs, NULL, _da); \
61 if (!_attr) { \
62 _attr = fr_pair_afrom_da(request, _da); \
63 fr_assert(_attr != NULL); \
64 fr_pair_append(&request->request_pairs, _attr); \
65 } \
66 } while (0)
67
68static char *secret = NULL;
69static bool do_output = true;
70
71static const char *attr_coa_filter_name = "User-Name";
72
74
76static int resend_count = 1;
77static bool print_filename = false;
78
79static int forced_id = -1;
80static size_t parallel = 1;
81static bool paused = false;
82
84
86
88
90
91static int ipproto = IPPROTO_UDP;
92
93static bool do_coa = false;
94//static int coafd;
96static fr_rb_tree_t *coa_tree = NULL;
97
98static FR_DLIST_HEAD(rc_request_list) rc_request_list;
99static rc_request_t *current = NULL;
100
101static char const *radclient_version = RADIUSD_VERSION_BUILD("radclient");
102
103static fr_dict_t const *dict_freeradius;
104static fr_dict_t const *dict_radius;
105
106static TALLOC_CTX *autofree = NULL;
107
108extern fr_dict_autoload_t radclient_dict[];
109fr_dict_autoload_t radclient_dict[] = {
110 { .out = &dict_freeradius, .proto = "freeradius" },
111 { .out = &dict_radius, .proto = "radius" },
113};
114
116
120
123
129
132
134
137 { .out = &attr_cleartext_password, .name = "Password.Cleartext", .type = FR_TYPE_STRING, .dict = &dict_freeradius },
138 { .out = &attr_ms_chap_challenge, .name = "Vendor-Specific.Microsoft.CHAP-Challenge", .type = FR_TYPE_OCTETS, .dict = &dict_radius },
139 { .out = &attr_ms_chap_password, .name = "Password.MS-CHAP", .type = FR_TYPE_STRING, .dict = &dict_freeradius },
140 { .out = &attr_ms_chap_response, .name = "Vendor-Specific.Microsoft.CHAP-Response", .type = FR_TYPE_OCTETS, .dict = &dict_radius },
141
142 { .out = &attr_radclient_test_name, .name = "Radclient-Test-Name", .type = FR_TYPE_STRING, .dict = &dict_freeradius },
143 { .out = &attr_request_authenticator, .name = "Request-Authenticator", .type = FR_TYPE_OCTETS, .dict = &dict_freeradius },
144
145 { .out = &attr_radclient_coa_filename, .name = "Radclient-CoA-Filename", .type = FR_TYPE_STRING, .dict = &dict_freeradius },
146 { .out = &attr_radclient_coa_filter, .name = "Radclient-CoA-Filter", .type = FR_TYPE_STRING, .dict = &dict_freeradius },
147
148 { .out = &attr_chap_password, .name = "CHAP-Password", .type = FR_TYPE_OCTETS, .dict = &dict_radius },
149 { .out = &attr_chap_challenge, .name = "CHAP-Challenge", .type = FR_TYPE_OCTETS, .dict = &dict_radius },
150 { .out = &attr_packet_type, .name = "Packet-Type", .type = FR_TYPE_UINT32, .dict = &dict_radius },
151 { .out = &attr_user_password, .name = "User-Password", .type = FR_TYPE_STRING, .dict = &dict_radius },
152 { .out = &attr_user_name, .name = "User-Name", .type = FR_TYPE_STRING, .dict = &dict_radius },
153
155};
156
157static NEVER_RETURNS void usage(void)
158{
159 fprintf(stderr, "Usage: radclient [options] server[:port] <command> [<secret>]\n");
160
161 fprintf(stderr, " <command> One of auth, acct, status, coa, disconnect or auto.\n");
162 fprintf(stderr, " -4 Use IPv4 address of server\n");
163 fprintf(stderr, " -6 Use IPv6 address of server.\n");
164 fprintf(stderr, " -A <attribute> Use named 'attribute' to match CoA requests to packets. Default is User-Name\n");
165 fprintf(stderr, " -C [<client_ip>:]<client_port> Client source port and source IP address. Port values may be 1..65535\n");
166 fprintf(stderr, " -c <count> Send each packet 'count' times.\n");
167 fprintf(stderr, " -d <confdir> Set user dictionary directory (defaults to " CONFDIR ").\n");
168 fprintf(stderr, " -D <dictdir> Set main dictionary directory (defaults to " DICTDIR ").\n");
169 fprintf(stderr, " -f <file>[:<file>] Read packets from file, not stdin.\n");
170 fprintf(stderr, " If a second file is provided, it will be used to verify responses\n");
171 fprintf(stderr, " -F Print the file name, packet number and reply code.\n");
172 fprintf(stderr, " -h Print usage help information.\n");
173 fprintf(stderr, " -i <id> Set request id to 'id'. Values may be 0..255\n");
174 fprintf(stderr, " -o <port> Set CoA listening port (defaults to 3799)\n");
175 fprintf(stderr, " -p <num> Send 'num' packets from a file in parallel.\n");
176 fprintf(stderr, " -P <proto> Use proto (tcp or udp) for transport.\n");
177 fprintf(stderr, " -r <retries> If timeout, retry sending the packet 'retries' times.\n");
178 fprintf(stderr, " -s Print out summary information of auth results.\n");
179 fprintf(stderr, " -S <file> read secret from file, not command line.\n");
180 fprintf(stderr, " -t <timeout> Wait 'timeout' seconds before retrying (may be a floating point number).\n");
181 fprintf(stderr, " -v Show program version information.\n");
182 fprintf(stderr, " -x Debugging mode.\n");
183
184 fr_exit_now(EXIT_SUCCESS);
185}
186
187/*
188 * Free a radclient struct, which may (or may not)
189 * already be in the list.
190 */
191static int _rc_request_free(rc_request_t *request)
192{
193 rc_request_list_remove(&rc_request_list, request);
194
195 if (do_coa) {
196 (void) fr_rb_delete(coa_tree, &request->node);
197 // @todo - cancel incoming CoA packet/
198 }
199
200 if (request->packet && (request->packet->id >= 0)) {
202 }
203
204 return 0;
205}
206
207#ifdef HAVE_OPENSSL_SSL_H
208#include <openssl/provider.h>
209
210static OSSL_PROVIDER *openssl_default_provider = NULL;
211static OSSL_PROVIDER *openssl_legacy_provider = NULL;
212
213static int openssl3_init(void)
214{
215 /*
216 * Load the default provider for most algorithms
217 */
218 openssl_default_provider = OSSL_PROVIDER_load(NULL, "default");
219 if (!openssl_default_provider) {
220 ERROR("(TLS) Failed loading default provider");
221 return -1;
222 }
223
224 /*
225 * Needed for MD4
226 *
227 * https://www.openssl.org/docs/man3.0/man7/migration_guide.html#Legacy-Algorithms
228 */
229 openssl_legacy_provider = OSSL_PROVIDER_load(NULL, "legacy");
230 if (!openssl_legacy_provider) {
231 ERROR("(TLS) Failed loading legacy provider");
232 return -1;
233 }
234
235 fr_md5_openssl_init();
236 fr_md4_openssl_init();
237
238 return 0;
239}
240
241static void openssl3_free(void)
242{
243 if (openssl_default_provider && !OSSL_PROVIDER_unload(openssl_default_provider)) {
244 ERROR("Failed unloading default provider");
245 }
246 openssl_default_provider = NULL;
247
248 if (openssl_legacy_provider && !OSSL_PROVIDER_unload(openssl_legacy_provider)) {
249 ERROR("Failed unloading legacy provider");
250 }
251 openssl_legacy_provider = NULL;
252
253 fr_md5_openssl_free();
254 fr_md4_openssl_free();
255}
256#else
257#define openssl3_init()
258#define openssl3_free()
259#endif
260
261static int _loop_status(UNUSED fr_time_t now, fr_time_delta_t wake, UNUSED void *ctx)
262{
263 if (fr_time_delta_unwrap(wake) < (NSEC / 10)) return 0;
264
265 if (rc_request_list_num_elements(&rc_request_list) != 0) return 0;
266
267 fr_log(&default_log, L_DBG, __FILE__, __LINE__, "Main loop waking up in %pV seconds", fr_box_time_delta(wake));
268
269 return 0;
270}
271
273 char const *password)
274{
275 unsigned int i;
276 uint8_t *p;
277 fr_pair_t *challenge, *reply;
278 uint8_t nthash[16];
279
282
284
285 fr_pair_append(list, challenge);
286
287 MEM(p = talloc_array(challenge, uint8_t, 8));
288 fr_pair_value_memdup_buffer_shallow(challenge, p, false);
289
290 for (i = 0; i < challenge->vp_length; i++) {
291 p[i] = fr_rand();
292 }
293
295 fr_pair_append(list, reply);
296 p = talloc_zero_array(reply, uint8_t, 50); /* really reply->da->flags.length */
298
299 p[1] = 0x01; /* NT hash */
300
301 if (mschap_nt_password_hash(nthash, password) < 0) return 0;
302
303 smbdes_mschap(nthash, challenge->vp_octets, p + 26);
304 return 1;
305}
306
307
308static int getport(char const *name)
309{
310 struct servent *svp;
311
312 svp = getservbyname(name, "udp");
313 if (!svp) return 0;
314
315 return ntohs(svp->s_port);
316}
317
318/*
319 * Set a port from the request type if we don't already have one
320 */
322{
323 switch (type) {
324 default:
328 if (*port == 0) *port = getport("radius");
329 if (*port == 0) *port = FR_AUTH_UDP_PORT;
330 return;
331
333 if (*port == 0) *port = getport("radacct");
334 if (*port == 0) *port = FR_ACCT_UDP_PORT;
335 return;
336
338 if (*port == 0) *port = FR_POD_UDP_PORT;
339 return;
340
342 if (*port == 0) *port = FR_COA_UDP_PORT;
343 return;
344
346 if (*port == 0) *port = 0;
347 return;
348 }
349}
350
351/*
352 * Resolve a port to a request type
353 */
355{
356 /*
357 * getport returns 0 if the service doesn't exist
358 * so we need to return early, to avoid incorrect
359 * codes.
360 */
361 if (port == 0) return FR_RADIUS_CODE_UNDEFINED;
362
363 if ((port == getport("radius")) || (port == FR_AUTH_UDP_PORT) || (port == FR_AUTH_UDP_PORT_ALT)) {
365 }
366 if ((port == getport("radacct")) || (port == FR_ACCT_UDP_PORT) || (port == FR_ACCT_UDP_PORT_ALT)) {
368 }
370
372}
373
374
376{
377 size_t i;
378
379 if (!vp || (vp->vp_type != FR_TYPE_OCTETS)) return true;
380
381 /*
382 * If it's 17 octets, it *might* be already encoded.
383 * Or, it might just be a 17-character password (maybe UTF-8)
384 * Check it for non-printable characters. The odds of ALL
385 * of the characters being 32..255 is (1-7/8)^17, or (1/8)^17,
386 * or 1/(2^51), which is pretty much zero.
387 */
388 for (i = 0; i < vp->vp_length; i++) {
389 if (vp->vp_octets[i] < 32) {
390 return true;
391 }
392 }
393
394 return false;
395}
396
397/** Read one CoA reply and potentially a filter
398 *
399 */
401 FILE *coa_reply, char const *reply_filename, bool *coa_reply_done,
402 FILE *coa_filter, char const *filter_filename, bool *coa_filter_done)
403{
404 rc_request_t *request;
405 fr_pair_t *vp;
406
407 /*
408 * Allocate it.
409 */
410 MEM(request = talloc_zero(parent, rc_request_t));
411 MEM(request->reply = fr_packet_alloc(request, false));
412
413 /*
414 * Don't initialize src/dst IP/port, or anything else. That will be read from the network.
415 */
416 fr_pair_list_init(&request->filter);
419
420 /*
421 * Read the reply VP's.
422 */
424 &request->reply_pairs, coa_reply, coa_reply_done, true) < 0) {
425 REDEBUG("Error parsing \"%s\"", reply_filename);
426 error:
427 talloc_free(request);
428 return -1;
429 }
430
431 /*
432 * The reply can be empty. In which case we just send an empty ACK.
433 */
435 if (vp) request->reply->code = vp->vp_uint32;
436
437 /*
438 * Read in filter VP's.
439 */
440 if (coa_filter) {
442 &request->filter, coa_filter, coa_filter_done, true) < 0) {
443 REDEBUG("Error parsing \"%s\"", filter_filename);
444 goto error;
445 }
446
447 if (*coa_filter_done && !*coa_reply_done) {
448 REDEBUG("Differing number of replies/filters in %s:%s "
449 "(too many replies))", reply_filename, filter_filename);
450 goto error;
451 }
452
453 if (!*coa_filter_done && *coa_reply_done) {
454 REDEBUG("Differing number of replies/filters in %s:%s "
455 "(too many filters))", reply_filename, filter_filename);
456 goto error;
457 }
458
459 /*
460 * This allows efficient list comparisons later
461 */
463 }
464
465 request->name = parent->name;
466
467 /*
468 * Automatically set the response code from the request code
469 * (if one wasn't already set).
470 */
471 if (request->filter_code == FR_RADIUS_CODE_UNDEFINED) {
473 }
474
475 parent->coa = request;
476
477 /*
478 * Ensure that the packet is also tracked in the CoA tree.
479 */
482 ERROR("Failed inserting packet from %s into CoA tree", request->name);
483 fr_exit_now(EXIT_FAILURE);
484 }
485
486 return 0;
487}
488
489/*
490 * Initialize a radclient data structure and add it to
491 * the global linked list.
492 */
493static int radclient_init(TALLOC_CTX *ctx, rc_file_pair_t *files)
494{
495 FILE *packets, *filters = NULL;
496
497 fr_pair_t *vp;
498 rc_request_t *request = NULL;
499 bool packets_done = false;
500 uint64_t num = 0;
501
502 FILE *coa_reply = NULL;
503 FILE *coa_filter = NULL;
504 bool coa_reply_done = false;
505 bool coa_filter_done = false;
506
507 fr_assert(files->packets != NULL);
508
509 /*
510 * Determine where to read the VP's from.
511 */
512 if (strcmp(files->packets, "-") != 0) {
513 packets = fopen(files->packets, "r");
514 if (!packets) {
515 ERROR("Error opening %s: %s", files->packets, fr_syserror(errno));
516 return -1;
517 }
518
519 /*
520 * Read in the pairs representing the expected response.
521 */
522 if (files->filters) {
523 filters = fopen(files->filters, "r");
524 if (!filters) {
525 ERROR("Error opening %s: %s", files->filters, fr_syserror(errno));
526 goto error;
527 }
528 }
529
530 if (files->coa_reply) {
531 coa_reply = fopen(files->coa_reply, "r");
532 if (!coa_reply) {
533 ERROR("Error opening %s: %s", files->coa_reply, fr_syserror(errno));
534 goto error;
535 }
536 }
537
538 if (files->coa_filter) {
539 coa_filter = fopen(files->coa_filter, "r");
540 if (!coa_filter) {
541 ERROR("Error opening %s: %s", files->coa_filter, fr_syserror(errno));
542 goto error;
543 }
544 }
545 } else {
546 packets = stdin;
547 }
548
549 /*
550 * Loop until the file is done.
551 */
552 do {
553 char const *coa_reply_filename = NULL;
554 char const *coa_filter_filename = NULL;
555
556 /*
557 * Allocate it.
558 */
559 MEM(request = talloc_zero(ctx, rc_request_t));
560 MEM(request->packet = fr_packet_alloc(request, true));
561 request->packet->uctx = request;
562
563 /*
564 * Don't set request->packet->socket. The underlying socket isn't open yet.
565 */
566
567 request->files = files;
568 request->packet->id = -1;
569 request->num = num++;
570
571 fr_pair_list_init(&request->filter);
574
575 /*
576 * Read the request VP's.
577 */
579 &request->request_pairs, packets, &packets_done, true) < 0) {
580 char const *input;
581
582 if ((files->packets[0] == '-') && (files->packets[1] == '\0')) {
583 input = "stdin";
584 } else {
585 input = files->packets;
586 }
587
588 REDEBUG("Error parsing \"%s\"", input);
589 goto error;
590 }
591
592 /*
593 * Skip empty entries
594 */
595 if (fr_pair_list_empty(&request->request_pairs)) {
596 WARN("Skipping \"%s\": No Attributes", files->packets);
597 talloc_free(request);
598 continue;
599 }
600
601 /*
602 * Read in filter VP's.
603 */
604 if (filters) {
605 bool filters_done;
606
608 &request->filter, filters, &filters_done, true) < 0) {
609 REDEBUG("Error parsing \"%s\"", files->filters);
610 goto error;
611 }
612
613 if (filters_done && !packets_done) {
614 REDEBUG("Differing number of packets/filters in %s:%s "
615 "(too many requests)", files->packets, files->filters);
616 goto error;
617 }
618
619 if (!filters_done && packets_done) {
620 REDEBUG("Differing number of packets/filters in %s:%s "
621 "(too many filters)", files->packets, files->filters);
622 goto error;
623 }
624
625 vp = fr_pair_find_by_da(&request->filter, NULL, attr_packet_type);
626 if (vp) {
627 if (!FR_RADIUS_PACKET_CODE_VALID(vp->vp_uint32)) {
628 REDEBUG("Invalid filter code %u in %s:%s", vp->vp_uint32,
629 files->packets, files->filters);
630 goto error;
631 }
632
633 request->filter_code = vp->vp_uint32;
634 fr_pair_delete(&request->filter, vp);
635 }
636
637 /*
638 * This allows efficient list comparisons later
639 */
641 }
642
643 /*
644 * Process special attributes
645 */
646 for (vp = fr_pair_list_head(&request->request_pairs);
647 vp;
648 vp = fr_pair_list_next(&request->request_pairs, vp)) {
649 /*
650 * Allow it to set the packet type in
651 * the attributes read from the file.
652 */
653 if (vp->da == attr_packet_type) {
654 request->packet->code = vp->vp_uint32;
655 } else if (vp->da == attr_request_authenticator) {
656 if (vp->vp_length > sizeof(request->packet->vector)) {
657 memcpy(request->packet->vector, vp->vp_octets, sizeof(request->packet->vector));
658 } else {
659 memset(request->packet->vector, 0, sizeof(request->packet->vector));
660 memcpy(request->packet->vector, vp->vp_octets, vp->vp_length);
661 }
662 } else if (vp->da == attr_cleartext_password) {
663 request->password = vp;
664 /*
665 * Keep a copy of the the password attribute.
666 */
667 } else if (vp->da == attr_chap_password) {
668 /*
669 * If it's already hex, do nothing.
670 */
671 if ((vp->vp_length == 17) && (already_hex(vp))) continue;
672
673 /*
674 * CHAP-Password is octets, so it may not be zero terminated.
675 */
677 fr_pair_value_bstrndup(request->password, vp->vp_strvalue, vp->vp_length, true);
678 } else if (vp->da == attr_ms_chap_password) {
680 fr_pair_value_bstrndup(request->password, vp->vp_strvalue, vp->vp_length, true);
681
682 } else if (vp->da == attr_radclient_test_name) {
683 request->name = vp->vp_strvalue;
684
685 /*
686 * Allow these to be dynamically specified
687 * in the request file, as well as on the
688 * command line.
689 */
690 } else if (vp->da == attr_radclient_coa_filename) {
691 coa_reply_filename = vp->vp_strvalue;
692
693 } else if (vp->da == attr_radclient_coa_filter) {
694 coa_filter_filename = vp->vp_strvalue;
695 }
696 } /* loop over the VP's we read in */
697
698 /*
699 * Use the default set on the command line
700 */
701 if (request->packet->code == FR_RADIUS_CODE_UNDEFINED) request->packet->code = packet_code;
702
703 /*
704 * Fill in the packet header from attributes, and then
705 * re-realize the attributes.
706 */
707 fr_packet_net_from_pairs(request->packet, &request->request_pairs);
708
709 /*
710 * Default to the filename
711 */
712 if (!request->name) request->name = request->files->packets;
713
714 /*
715 * Automatically set the response code from the request code
716 * (if one wasn't already set).
717 */
718 if (request->filter_code == FR_RADIUS_CODE_UNDEFINED) {
719 switch (request->packet->code) {
722 break;
723
726 break;
727
730 break;
731
734 break;
735
738 break;
739
741 REDEBUG("Packet-Type must be defined,"
742 "or a well known RADIUS port");
743 goto error;
744
745 default:
746 REDEBUG("Can't determine expected reply.Packet-Type for Packet-Type %i",
747 request->packet->code);
748 goto error;
749 }
750 /*
751 * Automatically set the request code from the response code
752 * (if one wasn't already set).
753 */
754 } else if (request->packet->code == FR_RADIUS_CODE_UNDEFINED) {
755 switch (request->filter_code) {
759 break;
760
763 break;
764
768 break;
769
773 break;
774
775 default:
776 REDEBUG("Can't determine expected Packet-Type for reply.Packet-Type %i",
777 request->filter_code);
778 goto error;
779 }
780 }
781
782 /*
783 * Automatically set the dst port (if one wasn't already set).
784 */
785 radclient_get_port(request->packet->code, &request->packet->socket.inet.dst_port);
786 if (request->packet->socket.inet.dst_port == 0) {
787 REDEBUG("Can't determine destination port");
788 goto error;
789 }
790
791 /*
792 * We expect different responses for Status-Server, depending on which port is being used.
793 */
794 if (request->packet->code == FR_RADIUS_CODE_STATUS_SERVER) {
795 switch (radclient_get_code(request->packet->socket.inet.dst_port)) {
798 break;
799
802 break;
803
804 default:
806 break;
807 }
808 }
809
810 /*
811 * Read in the CoA filename and filter.
812 */
813 if (coa_reply_filename) {
814 if (coa_reply) {
815 RDEBUG("Cannot specify CoA file on both the command line and via Radclient-CoA-Filename");
816 goto error;
817 }
818
819 coa_reply = fopen(coa_reply_filename, "r");
820 if (!coa_reply) {
821 ERROR("Error opening %s: %s", coa_reply_filename, fr_syserror(errno));
822 goto error;
823 }
824
825 if (coa_filter_filename) {
826 coa_filter = fopen(coa_filter_filename, "r");
827 if (!coa_filter) {
828 ERROR("Error opening %s: %s", coa_filter_filename, fr_syserror(errno));
829 goto error;
830 }
831 } else {
832 coa_filter = NULL;
833 }
834
835 /*
836 * Read in one CoA reply and/or filter
837 */
838 if (coa_init(request,
839 coa_reply, coa_reply_filename, &coa_reply_done,
840 coa_filter, coa_filter_filename, &coa_filter_done) < 0) {
841 goto error;
842 }
843
844 fclose(coa_reply);
845 coa_reply = NULL;
846 if (coa_filter) {
847 fclose(coa_filter);
848 coa_filter = NULL;
849 }
850 do_coa = true;
851
852 } else if (coa_reply) {
853 if (coa_init(request,
854 coa_reply, coa_reply_filename, &coa_reply_done,
855 coa_filter, coa_filter_filename, &coa_filter_done) < 0) {
856 goto error;
857 }
858
859 if (coa_reply_done != packets_done) {
860 REDEBUG("Differing number of packets in input file and coa_reply in %s:%s ",
861 files->packets, files->coa_reply);
862 goto error;
863
864 }
865 }
866
867 /*
868 * Add it to the tail of the list.
869 */
870 rc_request_list_insert_tail(&rc_request_list, request);
871
872 /*
873 * Set the destructor so it removes itself from the
874 * request list when freed. We don't set this until
875 * the packet is actually in the list, else we trigger
876 * the asserts in the free callback.
877 */
878 talloc_set_destructor(request, _rc_request_free);
879 } while (!packets_done); /* loop until the file is done. */
880
881 if (packets != stdin) fclose(packets);
882 if (filters) fclose(filters);
883 if (coa_reply) fclose(coa_reply);
884 if (coa_filter) fclose(coa_filter);
885
886 /*
887 * And we're done.
888 */
889 return 0;
890
891error:
892 talloc_free(request);
893
894 if (packets != stdin) fclose(packets);
895 if (filters) fclose(filters);
896 if (coa_reply) fclose(coa_reply);
897 if (coa_filter) fclose(coa_filter);
898
899 return -1;
900}
901
902
903/*
904 * Sanity check each argument.
905 */
906static int radclient_sane(rc_request_t *request)
907{
908 request->packet->socket.inet.src_ipaddr = client_info->fd_info->socket.inet.src_ipaddr;
909 request->packet->socket.inet.src_port = client_info->fd_info->socket.inet.src_port;
910 request->packet->socket.inet.ifindex = client_info->fd_info->socket.inet.ifindex;
911
912 if (request->packet->socket.inet.dst_port == 0) {
913 request->packet->socket.inet.dst_port = fd_config.dst_port;
914 }
915
916 if (request->packet->socket.inet.dst_ipaddr.af == AF_UNSPEC) {
917 if (fd_config.dst_ipaddr.af == AF_UNSPEC) {
918 ERROR("No server was given, and request %" PRIu64 " in file %s did not contain "
919 "Packet-Dst-IP-Address", request->num, request->files->packets);
920 return -1;
921 }
922 request->packet->socket.inet.dst_ipaddr = fd_config.dst_ipaddr;
923 }
924
925 if (request->packet->code == 0) {
926 if (packet_code == -1) {
927 ERROR("Request was \"auto\", and request %" PRIu64 " in file %s did not contain Packet-Type",
928 request->num, request->files->packets);
929 return -1;
930 }
931 request->packet->code = packet_code;
932 }
933
934 request->packet->socket.fd = -1;
935
936 return 0;
937}
938
939
940static int8_t request_cmp(void const *one, void const *two)
941{
942 rc_request_t const *a = one, *b = two;
943 fr_pair_t *vp1, *vp2;
944
946 vp2 = fr_pair_find_by_da(&b->request_pairs, NULL, attr_coa_match_attr);
947
948 if (!vp1) return -1;
949 if (!vp2) return +1;
950
951 return fr_value_box_cmp(&vp1->data, &vp2->data);
952}
953
954static void cleanup(fr_bio_packet_t *client, rc_request_t *request)
955{
956 /*
957 * Don't leave a dangling pointer around.
958 */
959 if (current == request) {
960 current = rc_request_list_prev(&rc_request_list, current);
961 }
962
963 talloc_free(request);
964
965 /*
966 * There are more packets to send, then allow the writer to send them.
967 */
968 if (rc_request_list_num_elements(&rc_request_list) != 0) {
969 return;
970 }
971
972 /*
973 * We're done all packets, and there's nothing more to read, stop.
974 */
975 if (fr_radius_client_bio_outstanding(client) == 0) {
977
979 }
980}
981
983{
984 rc_request_t *request = packet->uctx;
985
986 DEBUG("Timeout - resending packet");
987
988 // @todo - log the updated Acct-Delay-Time from the packet?
989
990 fr_radius_packet_log(&default_log, request->packet, &request->request_pairs, false);
991}
992
994{
995 rc_request_t *request = packet->uctx;
996
997 ERROR("No reply to packet");
998
999 cleanup(client, request);
1000}
1001
1002
1003/*
1004 * Send one packet.
1005 */
1006static int send_one_packet(fr_bio_packet_t *client, rc_request_t *request)
1007{
1008 int rcode;
1009
1010 fr_assert(!request->done);
1011 fr_assert(request->reply == NULL);
1012
1013#ifdef STATIC_ANALYZER
1014 if (!secret) fr_exit_now(EXIT_FAILURE);
1015#endif
1016
1017 fr_assert(request->packet->id < 0);
1018 fr_assert(request->packet->data == NULL);
1019
1020 /*
1021 * Update the password, so it can be encrypted with the
1022 * new authentication vector.
1023 */
1024 if (request->password) {
1025 fr_pair_t *vp;
1026
1027 if ((vp = fr_pair_find_by_da(&request->request_pairs, NULL, attr_chap_password)) != NULL) {
1028 uint8_t buffer[17];
1029 fr_pair_t *challenge;
1030
1031 /*
1032 * Use CHAP-Challenge pair if present, otherwise create CHAP-Challenge and
1033 * populate with current Request Authenticator.
1034 *
1035 * Request Authenticator is re-calculated by fr_radius_packet_sign
1036 */
1037 challenge = fr_pair_find_by_da(&request->request_pairs, NULL, attr_chap_challenge);
1038 if (!challenge || (challenge->vp_length < 7)) {
1040 fr_pair_value_memdup(challenge, request->packet->vector, RADIUS_AUTH_VECTOR_LENGTH, false);
1041 }
1042
1044 fr_rand() & 0xff, challenge->vp_octets, challenge->vp_length,
1045 request->password->vp_strvalue,
1046 request->password->vp_length);
1047 fr_pair_value_memdup(vp, buffer, sizeof(buffer), false);
1048
1049 } else if (fr_pair_find_by_da_nested(&request->request_pairs, NULL, attr_ms_chap_password) != NULL) {
1050 mschapv1_encode(request->packet, &request->request_pairs, request->password->vp_strvalue);
1051
1052 } else {
1053 DEBUG("WARNING: No password in the request");
1054 }
1055 }
1056
1057 request->timestamp = fr_time();
1058 request->tries = 1;
1059
1060 /*
1061 * Ensure that each Access-Request is unique.
1062 */
1063 if (request->packet->code == FR_RADIUS_CODE_ACCESS_REQUEST) {
1064 fr_rand_buffer(request->packet->vector, sizeof(request->packet->vector));
1065 }
1066
1067 /*
1068 * Send the current packet.
1069 */
1070 rcode = fr_bio_packet_write(client, request, request->packet, &request->request_pairs);
1071 if (rcode < 0) {
1072 /*
1073 * Failed writing it. Try again later.
1074 */
1075 if (rcode == fr_bio_error(IO_WOULD_BLOCK)) return 0;
1076
1077 REDEBUG("Failed writing packet - %s", fr_strerror());
1078 return -1;
1079 }
1080
1081 fr_radius_packet_log(&default_log, request->packet, &request->request_pairs, false);
1082
1083 return 0;
1084}
1085
1088 { 0 }
1089};
1090
1093 { 0 }
1094};
1095
1096
1098{
1100
1102 return fr_bio_error(GENERIC);
1103 }
1104
1105 return 0;
1106}
1107
1109{
1111
1113 return fr_bio_error(GENERIC);
1114 }
1115
1116 return 1;
1117}
1118
1119
1121{
1122 ERROR("Failed connecting to server");
1123
1124 /*
1125 * Cleanly close the BIO, so that we exercise the shutdown path.
1126 */
1127 fr_assert(bio == client_bio);
1128 TALLOC_FREE(bio);
1129
1130 fr_exit_now(EXIT_FAILURE);
1131}
1132
1133
1135 int fd_errno, void *uctx)
1136{
1137 fr_bio_packet_t *client = uctx;
1138
1139 ERROR("Failed in connection - %s", fr_syserror(fd_errno));
1140
1141 /*
1142 * Cleanly close the BIO, so that we exercise the shutdown path.
1143 */
1144 fr_assert(client == client_bio);
1145 TALLOC_FREE(client);
1146
1147 fr_exit_now(EXIT_FAILURE);
1148}
1149
1150static void client_read(fr_event_list_t *el, int fd, UNUSED int flags, void *uctx)
1151{
1152 fr_bio_packet_t *client = uctx;
1153 rc_request_t *request;
1155 fr_packet_t *reply;
1156 int rcode;
1157
1159
1160 /*
1161 * Read one packet.
1162 */
1163 rcode = fr_bio_packet_read(client, (void **) &request, &reply, client, &reply_pairs);
1164 if (rcode < 0) {
1165 ERROR("Failed reading packet - %s", fr_bio_strerror(rcode));
1166 fr_exit_now(EXIT_FAILURE);
1167 }
1168
1169 /*
1170 * Not a RADIUS packet, or not a reply to a packet we sent.
1171 */
1172 if (!rcode) return;
1173
1175
1176 if (print_filename) {
1177 RDEBUG("%s response code %d", request->files->packets, reply->code);
1178 }
1179
1180 /*
1181 * Increment counters...
1182 */
1183 switch (reply->code) {
1188 stats.accepted++;
1189 break;
1190
1192 break;
1193
1194 default:
1195 stats.rejected++;
1196 }
1197
1198 fr_strerror_clear(); /* Clear strerror buffer */
1199
1200 /*
1201 * If we had an expected response code, check to see if the
1202 * packet matched that.
1203 */
1204 if ((request->filter_code != FR_RADIUS_CODE_UNDEFINED) && (reply->code != request->filter_code)) {
1205 if (FR_RADIUS_PACKET_CODE_VALID(reply->code)) {
1206 REDEBUG("%s: Expected %s got %s", request->name, fr_radius_packet_name[request->filter_code],
1207 fr_radius_packet_name[reply->code]);
1208 } else {
1209 REDEBUG("%s: Expected %u got %i", request->name, request->filter_code,
1210 reply->code);
1211 }
1212 stats.failed++;
1213 /*
1214 * Check if the contents of the packet matched the filter
1215 */
1216 } else if (fr_pair_list_empty(&request->filter)) {
1217 stats.passed++;
1218 } else {
1219 fr_pair_t const *failed[2];
1220
1222 if (fr_pair_validate(failed, &request->filter, &reply_pairs)) {
1223 RDEBUG("%s: Response passed filter", request->name);
1224 stats.passed++;
1225 } else {
1226 fr_pair_validate_debug(failed);
1227 REDEBUG("%s: Response for failed filter", request->name);
1228 stats.failed++;
1229 }
1230 }
1231
1232 /*
1233 * The retry bio takes care of suppressing duplicate replies.
1234 */
1235 if (paused) {
1237 fr_perror("radclient");
1238 fr_exit_now(EXIT_FAILURE);
1239 }
1240 paused = false;
1241 }
1242
1243 /*
1244 * If we're not done, then leave this packet in the list for future resending.
1245 */
1246 request->done = (request->resend >= resend_count);
1247 if (!request->done) {
1248 /*
1249 * We don't care about duplicate replies, they can go away.
1250 */
1251 (void) fr_radius_client_fd_bio_cancel(client, request->packet);
1252 request->packet->id = -1;
1253 TALLOC_FREE(request->packet->data);
1254 return;
1255 }
1256
1257 fr_packet_free(&reply);
1258
1259 cleanup(client, request);
1260}
1261
1262static void client_write(fr_event_list_t *el, int fd, UNUSED int flags, void *uctx)
1263{
1264 fr_bio_packet_t *client = uctx;
1265 rc_request_t *request;
1266
1267 request = rc_request_list_next(&rc_request_list, current);
1268 fr_assert(!paused);
1269
1270 if (!request) request = rc_request_list_head(&rc_request_list);
1271
1272 /*
1273 * Nothing more to send, stop trying to write packets.
1274 */
1275 if (!request) {
1276 pause:
1278 fr_perror("radclient");
1279 fr_exit_now(EXIT_FAILURE);
1280 }
1281 return;
1282 }
1283
1284 /*
1285 * No more packets to send, we pause the read.
1286 */
1287 if (request->packet->id >= 0) {
1288 paused = true;
1289 goto pause;
1290 }
1291
1292 if (send_one_packet(client, request) < 0) {
1293 fr_perror("radclient");
1294 fr_exit_now(EXIT_FAILURE);
1295 }
1296
1297 request->resend++;
1298 current = request;
1299
1300 /*
1301 * 0 means "don't limit requests".
1302 */
1304 paused = true;
1305 goto pause;
1306 }
1307}
1308
1310{
1311 fr_radius_client_bio_info_t const *info;
1312
1313 info = fr_radius_client_bio_info(client);
1314
1315 if (fr_event_fd_insert(autofree, NULL, info->retry_info->el, info->fd_info->socket.fd,
1316 client_read, client_write, client_error, client) < 0) {
1317 fr_perror("radclient");
1318 fr_exit_now(EXIT_FAILURE);
1319 }
1320}
1321
1322
1323/**
1324 *
1325 * @hidecallgraph
1326 */
1327int main(int argc, char **argv)
1328{
1329 int ret = EXIT_SUCCESS;
1330 int c;
1331 char const *confdir = CONFDIR;
1332 char const *dict_dir = DICTDIR;
1333 char *end;
1334 char filesecret[256];
1335 FILE *fp;
1336 int do_summary = false;
1337 fr_dlist_head_t filenames;
1338
1339 int retries = 5;
1341
1342 /*
1343 * It's easier having two sets of flags to set the
1344 * verbosity of library calls and the verbosity of
1345 * radclient.
1346 */
1347 fr_debug_lvl = 0;
1348 fr_log_fp = stdout;
1349
1350 /*
1351 * Must be called first, so the handler is called last
1352 */
1354
1355 fr_time_start();
1356
1358#ifndef NDEBUG
1359 if (fr_fault_setup(autofree, getenv("PANIC_ACTION"), argv[0]) < 0) {
1360 fr_perror("radclient");
1361 fr_exit_now(EXIT_FAILURE);
1362 }
1363#endif
1364
1365#ifdef STATIC_ANALYZER
1366 /*
1367 * clang scan thinks that fr_fault_setup() will set autofree=NULL.
1368 */
1369 if (!autofree) fr_exit_now(EXIT_FAILURE);
1370#endif
1371
1372 talloc_set_log_stderr();
1373
1374 rc_request_list_talloc_init(&rc_request_list);
1375
1376 fr_dlist_talloc_init(&filenames, rc_file_pair_t, entry);
1377
1378 /*
1379 * Always log to stdout
1380 */
1382 default_log.fd = STDOUT_FILENO;
1383 default_log.print_level = false;
1384
1385 /*
1386 * Initialize the kind of socket we want.
1387 */
1390 .socket_type = SOCK_DGRAM,
1391
1392 .src_ipaddr = (fr_ipaddr_t) {
1393 .af = AF_INET,
1394 },
1395 .dst_ipaddr = (fr_ipaddr_t) {
1396 .af = AF_INET,
1397 },
1398
1399 .src_port = 0,
1400 .dst_port = 1812,
1401
1402 .interface = NULL,
1403
1404 .path = NULL,
1405 .filename = NULL,
1406
1407 .async = true,
1408 };
1409
1410 /*
1411 * Initialize the client configuration.
1412 */
1414 .log = &default_log,
1415 .verify = {
1416 .require_message_authenticator = false,
1417 .max_attributes = RADIUS_MAX_ATTRIBUTES,
1418 .max_packet_size = 4096,
1419 },
1420 };
1421
1422 /***********************************************************************
1423 *
1424 * Parse command-line options.
1425 *
1426 ***********************************************************************/
1427
1428 while ((c = getopt(argc, argv, "46A:c:C:d:D:f:Fi:ho:p:P:r:sS:t:vx")) != -1) switch (c) {
1429 case '4':
1430 fd_config.dst_ipaddr.af = AF_INET;
1431 break;
1432
1433 case '6':
1434 fd_config.dst_ipaddr.af = AF_INET6;
1435 break;
1436
1437 case 'A':
1438 attr_coa_filter_name = optarg;
1439 break;
1440
1441 case 'c':
1442 if (!isdigit((uint8_t) *optarg)) usage();
1443
1444 resend_count = atoi(optarg);
1445
1446 if (resend_count < 1) usage();
1447 break;
1448
1449 case 'C':
1450 {
1451 int tmp;
1452
1453 if (strchr(optarg, ':')) {
1455 optarg, -1, AF_UNSPEC, true, false) < 0) {
1456 fr_perror("Failed parsing source address");
1457 fr_exit_now(EXIT_FAILURE);
1458 }
1459 break;
1460 }
1461
1462 tmp = atoi(optarg);
1463 if (tmp < 1 || tmp > 65535) usage();
1464
1466 }
1467 break;
1468
1469 case 'D':
1470 dict_dir = optarg;
1471 break;
1472
1473 case 'd':
1474 confdir = optarg;
1475 break;
1476
1477 /*
1478 * packet,filter
1479 */
1480 case 'f':
1481 {
1482 char const *p;
1483 rc_file_pair_t *files;
1484
1485 MEM(files = talloc_zero(talloc_autofree_context(), rc_file_pair_t));
1486
1487 /*
1488 * Commas are nicer than colons.
1489 */
1490 c = ':';
1491
1492 p = strchr(optarg, c);
1493 if (!p) {
1494 c = ',';
1495 p = strchr(optarg, c);
1496 }
1497 if (!p) {
1498 files->packets = optarg;
1499 files->filters = NULL;
1500 } else {
1501 MEM(files->packets = talloc_strndup(files, optarg, p - optarg));
1502 files->filters = p + 1;
1503 }
1504 fr_dlist_insert_tail(&filenames, files);
1505 }
1506 break;
1507
1508 case 'F':
1509 print_filename = true;
1510 break;
1511
1512 case 'i':
1513 if (!isdigit((uint8_t) *optarg)) {
1514 usage();
1515 }
1516 forced_id = atoi(optarg);
1517 if ((forced_id < 0) || (forced_id > 255)) {
1518 usage();
1519 }
1520 break;
1521
1522 case 'o':
1523 coa_port = atoi(optarg);
1524 if (!coa_port || (coa_port > 65535)) usage();
1525 break;
1526
1527 /*
1528 * Note that sending MANY requests in
1529 * parallel can over-run the kernel
1530 * queues, and Linux will happily discard
1531 * packets. So even if the server responds,
1532 * the client may not see the reply.
1533 */
1534 case 'p':
1535 parallel = strtoul(optarg, &end, 10);
1536 if (*end) usage();
1537 if (parallel > 65536) usage();
1538 break;
1539
1540 case 'P':
1541 if (!strcmp(optarg, "tcp")) {
1542 fd_config.socket_type = SOCK_STREAM;
1543 ipproto = IPPROTO_TCP;
1544 } else if (!strcmp(optarg, "udp")) {
1545 fd_config.socket_type = SOCK_DGRAM;
1546 ipproto = IPPROTO_UDP;
1547 } else {
1548 usage();
1549 }
1550 break;
1551
1552 case 'r':
1553 if (!isdigit((uint8_t) *optarg)) usage();
1554 retries = atoi(optarg);
1555 if ((retries == 0) || (retries > 1000)) usage();
1556 break;
1557
1558 case 's':
1559 do_summary = true;
1560 break;
1561
1562 case 'S':
1563 {
1564 char *p;
1565 fp = fopen(optarg, "r");
1566 if (!fp) {
1567 ERROR("Error opening %s: %s", optarg, fr_syserror(errno));
1568 fr_exit_now(EXIT_FAILURE);
1569 }
1570 if (fgets(filesecret, sizeof(filesecret), fp) == NULL) {
1571 ERROR("Error reading %s: %s", optarg, fr_syserror(errno));
1572 fr_exit_now(EXIT_FAILURE);
1573 }
1574 fclose(fp);
1575
1576 /* truncate newline */
1577 p = filesecret + strlen(filesecret) - 1;
1578 while ((p >= filesecret) &&
1579 (*p < ' ')) {
1580 *p = '\0';
1581 --p;
1582 }
1583
1584 if (strlen(filesecret) < 2) {
1585 ERROR("Secret in %s is too short", optarg);
1586 fr_exit_now(EXIT_FAILURE);
1587 }
1588 secret = talloc_strdup(autofree, filesecret);
1591 }
1592 break;
1593
1594 case 't':
1595 if (fr_time_delta_from_str(&timeout, optarg, strlen(optarg), FR_TIME_RES_SEC) < 0) {
1596 fr_perror("Failed parsing timeout value");
1597 fr_exit_now(EXIT_FAILURE);
1598 }
1599 break;
1600
1601 case 'v':
1602 fr_debug_lvl = 1;
1603 DEBUG("%s", radclient_version);
1604 fr_exit_now(0);
1605
1606 case 'x':
1607 fr_debug_lvl++;
1608 if (fr_debug_lvl > 1) default_log.print_level = true;
1609 break;
1610
1611 case 'h':
1612 default:
1613 usage();
1614 }
1615 argc -= (optind - 1);
1616 argv += (optind - 1);
1617
1618 if ((argc < 3) || ((secret == NULL) && (argc < 4))) {
1619 ERROR("Insufficient arguments");
1620 usage();
1621 }
1622
1623 /*
1624 * Get the request type
1625 */
1626 if (!isdigit((uint8_t) argv[2][0])) {
1628 if (packet_code == -2) {
1629 ERROR("Unrecognised request type \"%s\"", argv[2]);
1630 usage();
1631 }
1632 } else {
1633 packet_code = atoi(argv[2]);
1634 }
1635
1636 fr_assert(packet_code != 0);
1638
1639 /*
1640 * Initialize the retry configuration for this type of packet.
1641 */
1644
1646 .irt = timeout,
1647 .mrt = fr_time_delta_from_sec(16),
1648 .mrd = (retries == 1) ? timeout : fr_time_delta_from_sec(30),
1649 .mrc = retries,
1650 };
1652
1653 /*
1654 * Resolve hostname.
1655 */
1656 if (strcmp(argv[1], "-") != 0) {
1657 if (fr_inet_pton_port(&fd_config.dst_ipaddr, &fd_config.dst_port, argv[1], -1, fd_config.dst_ipaddr.af, true, true) < 0) {
1658 fr_perror("radclient");
1659 fr_exit_now(EXIT_FAILURE);
1660 }
1661
1662 /*
1663 * Work backwards from the port to determine the packet type
1664 */
1666 }
1668
1669 /*
1670 * Add the secret.
1671 */
1672 if (argv[3]) {
1673 secret = talloc_strdup(autofree, argv[3]);
1676 }
1677
1678 /***********************************************************************
1679 *
1680 * We're done parsing command-line options, bootstrap the various libraries, etc.
1681 *
1682 ***********************************************************************/
1683
1685 fr_perror("radclient");
1686 fr_exit_now(EXIT_FAILURE);
1687 }
1688
1689 if (!fr_dict_global_ctx_init(NULL, true, dict_dir)) {
1690 fr_perror("radclient");
1691 fr_exit_now(EXIT_FAILURE);
1692 }
1693
1694 if (fr_radius_global_init() < 0) {
1695 fr_perror("radclient");
1696 fr_exit_now(EXIT_FAILURE);
1697 }
1698
1699 if (fr_dict_autoload(radclient_dict) < 0) {
1700 fr_perror("radclient");
1701 exit(EXIT_FAILURE);
1702 }
1703
1705 fr_perror("radclient");
1706 exit(EXIT_FAILURE);
1707 }
1708
1710 fr_log_perror(&default_log, L_ERR, __FILE__, __LINE__, NULL,
1711 "Failed to initialize the dictionaries");
1712 exit(EXIT_FAILURE);
1713 }
1714
1715 if (do_coa) {
1717 if (!attr_coa_match_attr) {
1718 ERROR("Unknown or invalid CoA filter attribute %s", optarg);
1719 fr_exit_now(EXIT_FAILURE);
1720 }
1721
1722 /*
1723 * If there's no attribute given to match CoA to requests, use User-Name
1724 */
1726
1728 }
1730
1731 openssl3_init();
1732
1734
1735 /***********************************************************************
1736 *
1737 * We're done bootstrapping the libraries and dictionaries, read the input files.
1738 *
1739 ***********************************************************************/
1740
1741 /*
1742 * If no '-f' is specified, then we are reading from stdin.
1743 */
1744 if (fr_dlist_num_elements(&filenames) == 0) {
1745 rc_file_pair_t *files;
1746
1747 files = talloc_zero(talloc_autofree_context(), rc_file_pair_t);
1748 files->packets = "-";
1749 if (radclient_init(files, files) < 0) fr_exit_now(EXIT_FAILURE);
1750 }
1751
1752 if ((forced_id >= 0) && (fr_dlist_num_elements(&filenames) > 1)) {
1753 usage();
1754 }
1755
1756 /*
1757 * Walk over the list of filenames, creating the requests.
1758 */
1759 fr_dlist_foreach(&filenames, rc_file_pair_t, files) {
1760 if (radclient_init(files, files)) {
1761 ERROR("Failed parsing input files");
1762 fr_exit_now(EXIT_FAILURE);
1763 }
1764 }
1765
1766 /*
1767 * No packets were read. Die.
1768 */
1769 if (!rc_request_list_num_elements(&rc_request_list)) {
1770 ERROR("Nothing to send");
1771 fr_exit_now(EXIT_FAILURE);
1772 }
1773
1774 /***********************************************************************
1775 *
1776 * We're done reading files, open the socket, event loop, and start sending packets.
1777 *
1778 ***********************************************************************/
1779
1781 (fr_debug_lvl >= 2) ? _loop_status : NULL,
1782 NULL);
1783 if (!client_config.el) {
1784 ERROR("Failed opening event list: %s", fr_strerror());
1785 fr_exit_now(EXIT_FAILURE);
1786 }
1788
1789 /*
1790 * Set callbacks so that the socket is automatically
1791 * paused or resumed when the socket becomes writeable.
1792 */
1795 .failed = client_bio_failed,
1796
1797 .write_blocked = client_bio_write_pause,
1798 .write_resume = client_bio_write_resume,
1799
1800 .retry = (fr_debug_lvl > 0) ? client_packet_retry_log : NULL,
1801 .release = client_packet_release,
1802 };
1803
1804#ifdef STATIC_ANALYZER
1805 if (!autofree) fr_exit_now(EXIT_FAILURE);
1806#endif
1807
1808 /*
1809 * Open the RADIUS client bio, and then get the information associated with it.
1810 */
1812 if (!client_bio) {
1813 ERROR("Failed opening socket: %s", fr_strerror());
1814 fr_exit_now(EXIT_FAILURE);
1815 }
1816
1818 fr_assert(client_info != NULL);
1819
1820 if (forced_id >= 0) {
1822 fr_perror("radclient");
1823 fr_exit_now(EXIT_FAILURE);
1824 }
1825 }
1826
1827 if (do_coa) {
1828 // allocate a dedup server bio
1829 }
1830
1831 /*
1832 * Walk over the list of packets, updating to use the correct addresses, and sanity checking them.
1833 */
1834 rc_request_list_foreach(&rc_request_list, this) {
1835 if (radclient_sane(this) < 0) {
1836 fr_exit_now(EXIT_FAILURE);
1837 }
1838 }
1839
1840 /*
1841 * Always bounce through a connect(), even if we don't need it.
1842 *
1843 * Once the connect() passes, we start reading from the request list, and processing packets.
1844 */
1847 fr_perror("radclient");
1848 fr_exit_now(EXIT_FAILURE);
1849 }
1850
1851 /***********************************************************************
1852 *
1853 * Run the main event loop until we either see an error, or we have sent (and received) all of the packets.
1854 *
1855 ***********************************************************************/
1857
1858 /***********************************************************************
1859 *
1860 * We are done the event loop. Start cleaning things up.
1861 *
1862 ***********************************************************************/
1863 rc_request_list_talloc_free(&rc_request_list);
1864
1866
1868
1869 if (fr_dict_autofree(radclient_dict) < 0) {
1870 fr_perror("radclient");
1871 ret = EXIT_FAILURE;
1872 }
1873
1875
1877
1878 if (do_summary) {
1879 fr_perror("Packet summary:\n"
1880 "\tAccepted : %" PRIu64 "\n"
1881 "\tRejected : %" PRIu64 "\n"
1882 "\tLost : %" PRIu64 "\n"
1883 "\tPassed filter : %" PRIu64 "\n"
1884 "\tFailed filter : %" PRIu64,
1887 stats.lost,
1888 stats.passed,
1890 );
1891 }
1892
1893 /*
1894 * Ensure our atexit handlers run before any other
1895 * atexit handlers registered by third party libraries.
1896 */
1898
1899 openssl3_free();
1900
1901 if ((stats.lost > 0) || (stats.failed > 0)) return EXIT_FAILURE;
1902
1903 return ret;
1904}
static int const char char buffer[256]
Definition acutest.h:576
int fr_atexit_global_setup(void)
Setup the atexit handler, should be called at the start of a program's execution.
Definition atexit.c:179
int fr_atexit_global_trigger_all(void)
Cause all global free triggers to fire.
Definition atexit.c:308
#define fr_bio_error(_x)
Definition base.h:200
static int fr_bio_packet_read(fr_bio_packet_t *my, void **pctx_p, fr_packet_t **packet_p, TALLOC_CTX *out_ctx, fr_pair_list_t *out)
Read a packet from a packet BIO.
Definition packet.h:119
fr_bio_packet_callback_t connected
Definition packet.h:71
static int fr_bio_packet_write(fr_bio_packet_t *my, void *pctx, fr_packet_t *packet, fr_pair_list_t *list)
Write a packet to a packet BIO.
Definition packet.h:138
fr_event_list_t * el
event list
Definition retry.h:51
fr_retry_config_t retry_config
base retry config
Definition retry.h:47
fr_event_list_t * el
event list
Definition retry.h:45
#define RCSID(id)
Definition build.h:512
#define NEVER_RETURNS
Should be placed before the function return type.
Definition build.h:334
#define UNUSED
Definition build.h:336
void fr_chap_encode(uint8_t out[static 1+FR_CHAP_CHALLENGE_LENGTH], uint8_t id, uint8_t const *challenge, size_t challenge_len, char const *password, size_t password_len)
Encode a CHAP password.
Definition chap.c:34
TALLOC_CTX * autofree
Definition common.c:29
int fr_fault_setup(TALLOC_CTX *ctx, char const *cmd, char const *program)
Registers signal handlers to execute panic_action on fatal signal.
Definition debug.c:1071
#define MEM(x)
Definition debug.h:36
#define fr_exit_now(_x)
Exit without calling atexit() handlers, producing a log message in debug builds.
Definition debug.h:226
fr_radius_packet_code_t
RADIUS packet codes.
Definition defs.h:31
@ FR_RADIUS_CODE_ACCESS_CHALLENGE
RFC2865 - Access-Challenge.
Definition defs.h:43
@ FR_RADIUS_CODE_ACCESS_REQUEST
RFC2865 - Access-Request.
Definition defs.h:33
@ FR_RADIUS_CODE_DISCONNECT_REQUEST
RFC3575/RFC5176 - Disconnect-Request.
Definition defs.h:46
@ FR_RADIUS_CODE_MAX
Maximum possible protocol code.
Definition defs.h:53
@ FR_RADIUS_CODE_DISCONNECT_ACK
RFC3575/RFC5176 - Disconnect-Ack (positive)
Definition defs.h:47
@ FR_RADIUS_CODE_STATUS_SERVER
RFC2865/RFC5997 - Status Server (request)
Definition defs.h:44
@ FR_RADIUS_CODE_COA_REQUEST
RFC3575/RFC5176 - CoA-Request.
Definition defs.h:49
@ FR_RADIUS_CODE_ACCESS_ACCEPT
RFC2865 - Access-Accept.
Definition defs.h:34
@ FR_RADIUS_CODE_ACCOUNTING_RESPONSE
RFC2866 - Accounting-Response.
Definition defs.h:37
@ FR_RADIUS_CODE_COA_NAK
RFC3575/RFC5176 - CoA-Nak (not willing to perform)
Definition defs.h:51
@ FR_RADIUS_CODE_UNDEFINED
Packet code has not been set.
Definition defs.h:32
@ FR_RADIUS_CODE_COA_ACK
RFC3575/RFC5176 - CoA-Ack (positive)
Definition defs.h:50
@ FR_RADIUS_CODE_DISCONNECT_NAK
RFC3575/RFC5176 - Disconnect-Nak (not willing to perform)
Definition defs.h:48
@ FR_RADIUS_CODE_ACCOUNTING_REQUEST
RFC2866 - Accounting-Request.
Definition defs.h:36
@ FR_RADIUS_CODE_ACCESS_REJECT
RFC2865 - Access-Reject.
Definition defs.h:35
#define FR_COA_UDP_PORT
Definition defs.h:63
#define FR_AUTH_UDP_PORT
Definition defs.h:57
#define FR_ACCT_UDP_PORT_ALT
Definition defs.h:60
#define FR_AUTH_UDP_PORT_ALT
Definition defs.h:58
#define FR_POD_UDP_PORT
Definition defs.h:61
#define FR_ACCT_UDP_PORT
Definition defs.h:59
#define ERROR(fmt,...)
Definition dhcpclient.c:40
static fr_dict_t const * dict_freeradius
Definition dhcpclient.c:78
static int retries
Definition dhcpclient.c:52
#define DEBUG(fmt,...)
Definition dhcpclient.c:38
fr_dict_t * fr_dict_unconst(fr_dict_t const *dict)
Coerce to non-const.
Definition dict_util.c:4880
#define fr_dict_autofree(_to_free)
Definition dict.h:915
fr_dict_attr_t const * fr_dict_attr_by_name(fr_dict_attr_err_t *err, fr_dict_attr_t const *parent, char const *attr))
Locate a fr_dict_attr_t by its name.
Definition dict_util.c:3505
fr_dict_attr_t const * fr_dict_root(fr_dict_t const *dict)
Return the root attribute of a dictionary.
Definition dict_util.c:2639
fr_dict_attr_t const ** out
Where to write a pointer to the resolved fr_dict_attr_t.
Definition dict.h:292
fr_dict_t const ** out
Where to write a pointer to the loaded/resolved fr_dict_t.
Definition dict.h:305
int fr_dict_read(fr_dict_t *dict, char const *dict_dir, char const *filename))
Read supplementary attribute definitions into an existing dictionary.
int fr_dict_attr_autoload(fr_dict_attr_autoload_t const *to_load)
Process a dict_attr_autoload element to load/verify a dictionary attribute.
Definition dict_util.c:4372
#define fr_dict_autoload(_to_load)
Definition dict.h:912
#define DICT_AUTOLOAD_TERMINATOR
Definition dict.h:311
fr_dict_gctx_t * fr_dict_global_ctx_init(TALLOC_CTX *ctx, bool free_at_exit, char const *dict_dir))
Initialise the global protocol hashes.
Definition dict_util.c:4690
Specifies an attribute which must be present for the module to function.
Definition dict.h:291
Specifies a dictionary which must be loaded/loadable for the module to function.
Definition dict.h:304
#define fr_dlist_foreach(_list_head, _type, _iter)
Iterate over the contents of a list.
Definition dlist.h:98
static unsigned int fr_dlist_num_elements(fr_dlist_head_t const *head)
Return the number of elements in the dlist.
Definition dlist.h:921
static int fr_dlist_insert_tail(fr_dlist_head_t *list_head, void *ptr)
Insert an item into the tail of a list.
Definition dlist.h:360
#define FR_DLIST_HEAD(_name)
Expands to the type name used for the head wrapper structure.
Definition dlist.h:1104
#define fr_dlist_talloc_init(_head, _type, _field)
Initialise the head structure of a doubly linked list.
Definition dlist.h:257
Head of a doubly linked list.
Definition dlist.h:51
#define fr_event_fd_insert(...)
Definition event.h:247
@ FR_EVENT_FILTER_IO
Combined filter for read/write functions/.
Definition event.h:83
#define fr_event_filter_update(...)
Definition event.h:239
#define FR_EVENT_RESUME(_s, _f)
Re-add the filter for a func from kevent.
Definition event.h:131
#define FR_EVENT_SUSPEND(_s, _f)
Temporarily remove the filter for a func from kevent.
Definition event.h:115
Callbacks for the FR_EVENT_FILTER_IO filter.
Definition event.h:188
Structure describing a modification to a filter's state.
Definition event.h:96
fr_socket_t socket
as connected socket
Definition fd.h:132
uint16_t src_port
our port
Definition fd.h:91
@ FR_BIO_FD_CONNECTED
connected client sockets (UDP or TCP)
Definition fd.h:68
fr_ipaddr_t dst_ipaddr
their IP address
Definition fd.h:89
fr_bio_fd_type_t type
accept, connected, unconnected, etc.
Definition fd.h:81
int socket_type
SOCK_STREAM or SOCK_DGRAM.
Definition fd.h:83
uint16_t dst_port
their port
Definition fd.h:92
fr_ipaddr_t src_ipaddr
our IP address
Definition fd.h:88
Configuration for sockets.
Definition fd.h:80
talloc_free(hp)
int fr_inet_pton_port(fr_ipaddr_t *out, uint16_t *port_out, char const *value, ssize_t inlen, int af, bool resolve, bool mask)
Parses IPv4/6 address + port, to fr_ipaddr_t and integer (port)
Definition inet.c:944
int af
Address family.
Definition inet.h:63
IPv4/6 prefix.
char const * fr_bio_strerror(ssize_t error)
Definition base.c:161
int packet_global_init(void)
Initialises the Net.
Definition packet.c:200
void fr_packet_net_from_pairs(fr_packet_t *packet, fr_pair_list_t const *list)
Convert pairs to information in a packet.
Definition packet.c:154
#define fr_time()
Definition event.c:60
fr_event_list_t * fr_event_list_alloc(TALLOC_CTX *ctx, fr_event_status_cb_t status, void *status_uctx)
Initialise a new event list.
Definition event.c:2516
void fr_event_loop_exit(fr_event_list_t *el, int code)
Signal an event loop exit with the specified code.
Definition event.c:2365
int fr_event_fd_delete(fr_event_list_t *el, int fd, fr_event_filter_t filter)
Remove a file descriptor from the event loop.
Definition event.c:1203
int fr_event_loop(fr_event_list_t *el)
Run an event loop.
Definition event.c:2387
Stores all information relating to an event list.
Definition event.c:377
int fr_debug_lvl
Definition log.c:41
FILE * fr_log_fp
Definition log.c:40
fr_log_t default_log
Definition log.c:306
void fr_log_perror(fr_log_t const *log, fr_log_type_t type, char const *file, int line, fr_log_perror_format_t const *rules, char const *fmt,...)
Drain any outstanding messages from the fr_strerror buffers.
Definition log.c:742
void fr_log(fr_log_t const *log, fr_log_type_t type, char const *file, int line, char const *fmt,...)
Send a server log message to its destination.
Definition log.c:616
@ L_DST_STDOUT
Log to stdout.
Definition log.h:75
@ L_ERR
Error message.
Definition log.h:53
@ L_DBG
Only displayed when debugging is enabled.
Definition log.h:56
fr_packet_t * fr_packet_alloc(TALLOC_CTX *ctx, bool new_vector)
Allocate a new fr_packet_t.
Definition packet.c:38
void fr_packet_free(fr_packet_t **packet_p)
Free a fr_packet_t.
Definition packet.c:89
unsigned short uint16_t
@ FR_TYPE_STRING
String of printable characters.
@ FR_TYPE_UINT32
32 Bit unsigned integer.
@ FR_TYPE_OCTETS
Raw octets.
unsigned char uint8_t
int mschap_nt_password_hash(uint8_t out[static NT_DIGEST_LENGTH], char const *password)
Converts Unicode password to 16-byte NT hash with MD4.
Definition mschap.c:52
#define RADIUS_AUTH_VECTOR_LENGTH
Definition net.h:89
int fr_pair_value_memdup(fr_pair_t *vp, uint8_t const *src, size_t len, bool tainted)
Copy data into an "octets" data type.
Definition pair.c:2962
void fr_pair_validate_debug(fr_pair_t const *failed[2])
Write an error to the library errorbuff detailing the mismatch.
Definition pair.c:2096
fr_pair_t * fr_pair_find_by_da_nested(fr_pair_list_t const *list, fr_pair_t const *prev, fr_dict_attr_t const *da)
Find a pair with a matching fr_dict_attr_t, by walking the nested fr_dict_attr_t tree.
Definition pair.c:784
fr_pair_t * fr_pair_find_by_da(fr_pair_list_t const *list, fr_pair_t const *prev, fr_dict_attr_t const *da)
Find the first pair with a matching da.
Definition pair.c:707
int fr_pair_append(fr_pair_list_t *list, fr_pair_t *to_add)
Add a VP to the end of the list.
Definition pair.c:1352
int fr_pair_delete_by_da(fr_pair_list_t *list, fr_dict_attr_t const *da)
Delete matching pairs from the specified list.
Definition pair.c:1696
fr_pair_t * fr_pair_afrom_da(TALLOC_CTX *ctx, fr_dict_attr_t const *da)
Dynamically allocate a new attribute and assign a fr_dict_attr_t.
Definition pair.c:290
bool fr_pair_validate(fr_pair_t const *failed[2], fr_pair_list_t *filter, fr_pair_list_t *list)
Uses fr_pair_cmp to verify all fr_pair_ts in list match the filter defined by check.
Definition pair.c:2131
void fr_pair_list_init(fr_pair_list_t *list)
Initialise a pair list header.
Definition pair.c:46
int fr_pair_value_bstrndup(fr_pair_t *vp, char const *src, size_t len, bool tainted)
Copy data into a "string" type value pair.
Definition pair.c:2812
int fr_pair_delete(fr_pair_list_t *list, fr_pair_t *vp)
Remove fr_pair_t from a list and free.
Definition pair.c:1833
int8_t fr_pair_cmp_by_da(void const *a, void const *b)
Order attributes by their da, and tag.
Definition pair.c:1851
int fr_pair_value_memdup_buffer_shallow(fr_pair_t *vp, uint8_t const *src, bool tainted)
Assign a talloced buffer to a "octets" type value pair.
Definition pair.c:3037
int fr_pair_list_afrom_file(TALLOC_CTX *ctx, fr_dict_t const *dict, fr_pair_list_t *out, FILE *fp, bool *pfiledone, bool allow_exec)
Read valuepairs from the fp up to End-Of-File.
int fr_radius_global_init(void)
Definition base.c:1313
void fr_radius_global_free(void)
Definition base.c:1337
fr_table_num_sorted_t const fr_radius_request_name_table[]
Definition base.c:104
char const * fr_radius_packet_name[FR_RADIUS_CODE_MAX]
Definition base.c:115
int fr_radius_allow_reply(int code, bool allowed[static FR_RADIUS_CODE_MAX])
Definition base.c:230
uint8_t const * secret
Definition bio.h:34
bool allowed[FR_RADIUS_CODE_MAX]
allowed outgoing packet types
Definition bio.h:40
size_t secret_len
Definition bio.h:35
fr_radius_bio_verify_t verify
Definition client.h:38
fr_event_list_t * el
Definition client.h:35
fr_bio_retry_info_t const * retry_info
Definition client.h:67
fr_bio_retry_config_t retry_cfg
Definition client.h:40
fr_retry_config_t retry[FR_RADIUS_CODE_MAX]
default retry configuration for each packet type
Definition client.h:51
fr_bio_fd_info_t const * fd_info
Definition client.h:57
fr_bio_packet_cb_funcs_t packet_cb_cfg
Definition client.h:42
bool outgoing[FR_RADIUS_CODE_MAX]
allowed outgoing packet types
Definition client.h:49
void fr_radius_packet_log(fr_log_t const *log, fr_packet_t *packet, fr_pair_list_t *list, bool received)
Definition packet.c:478
#define fr_assert(_expr)
Definition rad_assert.h:37
static fr_rb_tree_t * coa_tree
static fr_dict_attr_t const * attr_packet_type
static fr_dict_attr_t const * attr_request_authenticator
static int send_one_packet(fr_bio_packet_t *client, rc_request_t *request)
static fr_dict_attr_t const * attr_user_password
static bool paused
static int getport(char const *name)
static void client_packet_release(fr_bio_packet_t *client, fr_packet_t *packet)
static int _rc_request_free(rc_request_t *request)
static void client_read(fr_event_list_t *el, int fd, UNUSED int flags, void *uctx)
static int radclient_sane(rc_request_t *request)
static fr_bio_fd_config_t fd_config
static fr_dict_attr_t const * attr_coa_match_attr
static fr_bio_packet_t * client_bio
int main(int argc, char **argv)
static fr_dict_attr_t const * attr_chap_password
static fr_radius_client_config_t client_config
static int forced_id
static int resend_count
static fr_radius_client_bio_info_t const * client_info
static int client_bio_write_pause(fr_bio_packet_t *bio)
static rc_stats_t stats
static fr_dict_attr_t const * attr_ms_chap_response
static fr_event_update_t const resume_write[]
static fr_dict_attr_t const * attr_ms_chap_challenge
static NEVER_RETURNS void client_bio_failed(fr_bio_packet_t *bio)
static size_t parallel
static int packet_code
static fr_dict_attr_t const * attr_chap_challenge
static void client_bio_connected(fr_bio_packet_t *client)
static bool do_output
#define openssl3_free()
static int _loop_status(UNUSED fr_time_t now, fr_time_delta_t wake, UNUSED void *ctx)
static int ipproto
fr_dict_attr_autoload_t radclient_dict_attr[]
static fr_dict_attr_t const * attr_cleartext_password
static int client_bio_write_resume(fr_bio_packet_t *bio)
static bool print_filename
static bool do_coa
#define openssl3_init()
static fr_dict_attr_t const * attr_radclient_test_name
static int radclient_init(TALLOC_CTX *ctx, rc_file_pair_t *files)
static void client_packet_retry_log(UNUSED fr_bio_packet_t *client, fr_packet_t *packet)
static fr_dict_attr_t const * attr_radclient_coa_filename
static NEVER_RETURNS void client_error(UNUSED fr_event_list_t *el, UNUSED int fd, UNUSED int flags, int fd_errno, void *uctx)
static int mschapv1_encode(fr_packet_t *packet, fr_pair_list_t *list, char const *password)
static bool already_hex(fr_pair_t *vp)
static fr_dict_attr_t const * attr_user_name
static void client_write(fr_event_list_t *el, int fd, UNUSED int flags, void *uctx)
static char * secret
static void radclient_get_port(fr_radius_packet_code_t type, uint16_t *port)
static fr_dict_attr_t const * attr_ms_chap_password
#define pair_update_request(_attr, _da)
static int8_t request_cmp(void const *one, void const *two)
static int coa_port
static const char * attr_coa_filter_name
static fr_dict_attr_t const * attr_radclient_coa_filter
static fr_event_update_t const pause_write[]
static NEVER_RETURNS void usage(void)
static fr_radius_packet_code_t radclient_get_code(uint16_t port)
static int coa_init(rc_request_t *parent, FILE *coa_reply, char const *reply_filename, bool *coa_reply_done, FILE *coa_filter, char const *filter_filename, bool *coa_filter_done)
Read one CoA reply and potentially a filter.
#define REDEBUG(fmt,...)
#define RDEBUG(fmt,...)
#define rc_request_list_foreach(_list_head, _iter)
#define WARN(fmt,...)
uint64_t accepted
Requests to which we received a accept.
uint64_t rejected
Requests to which we received a reject.
uint64_t lost
Requests to which we received no response.
uint64_t failed
Requests which failed a filter.
char const * coa_filter
file containing the CoA filter we want to match
uint64_t passed
Requests which passed a filter.
char const * filters
The file containing the definition of the packet we want to match.
char const * coa_reply
file containing the CoA reply we want to send
char const * packets
The file containing the request packet.
#define RADIUS_MAX_ATTRIBUTES
Definition radius.h:39
#define FR_RADIUS_PACKET_CODE_VALID(_x)
Definition radius.h:51
static fr_dict_t const * dict_radius
Definition radsniff.c:93
static bool cleanup
Definition radsniff.c:59
uint32_t fr_rand(void)
Return a 32-bit random number.
Definition rand.c:104
void fr_rand_buffer(void *start, size_t length)
Definition rand.c:124
bool fr_rb_insert(fr_rb_tree_t *tree, void const *data)
Insert data into a tree.
Definition rb.c:626
bool fr_rb_delete(fr_rb_tree_t *tree, void const *data)
Remove node and free data (if a free function was specified)
Definition rb.c:741
#define fr_rb_talloc_alloc(_ctx, _type, _data_cmp, _data_free)
Allocs a red black that verifies elements are of a specific talloc type.
Definition rb.h:203
The main red black tree structure.
Definition rb.h:71
fr_packet_t * reply
Outgoing response.
Definition request.h:254
char const *fr_packet_t * packet
< Module the request is currently being processed by.
Definition request.h:253
#define reply_pairs
Convenience macro for accessing the reply list.
Definition request.h:129
static char const * name
void smbdes_mschap(uint8_t const win_password[16], uint8_t const *challenge, uint8_t *response)
Definition smbdes.c:339
void fr_radius_client_bio_connect(NDEBUG_UNUSED fr_event_list_t *el, NDEBUG_UNUSED int fd, UNUSED int flags, void *uctx)
Definition client.c:690
int fr_radius_client_fd_bio_cancel(fr_bio_packet_t *bio, fr_packet_t *packet)
Cancel one packet.
Definition client.c:555
fr_bio_packet_t * fr_radius_client_bio_alloc(TALLOC_CTX *ctx, fr_radius_client_config_t *cfg, fr_bio_fd_config_t const *fd_cfg)
Definition client.c:50
int fr_radius_client_bio_force_id(fr_bio_packet_t *bio, int code, int id)
Definition client.c:660
size_t fr_radius_client_bio_outstanding(fr_bio_packet_t *bio)
Definition client.c:640
fr_radius_client_bio_info_t const * fr_radius_client_bio_info(fr_bio_packet_t *bio)
Definition client.c:652
fr_aka_sim_id_type_t type
fr_pair_t * vp
fr_log_dst_t dst
Log destination.
Definition log.h:94
int fd
File descriptor to write messages to.
Definition log.h:109
bool print_level
sometimes we don't want log levels printed
Definition log.h:103
uint64_t num
The number (within the file) of the request were reading.
fr_packet_t * reply
The incoming response.
fr_pair_t * password
Password.Cleartext.
char const * name
Test name (as specified in the request).
rc_file_pair_t * files
Request and response file names.
fr_packet_t * packet
The outgoing request.
fr_pair_list_t request_pairs
fr_rb_node_t node
rbtree node data for CoA
bool done
Whether the request is complete.
fr_pair_list_t filter
If the reply passes the filter, then the request passes.
fr_pair_list_t reply_pairs
fr_radius_packet_code_t filter_code
Expected code of the response packet.
fr_time_t timestamp
Stores an attribute, a value and various bits of other data.
Definition pair.h:68
fr_dict_attr_t const *_CONST da
Dictionary attribute defines the attribute number, vendor and type of the pair.
Definition pair.h:69
char const * fr_syserror(int num)
Guaranteed to be thread-safe version of strerror.
Definition syserror.c:243
#define fr_table_value_by_str(_table, _name, _def)
Convert a string to a value using a sorted or ordered table.
Definition table.h:685
#define talloc_strndup(_ctx, _str, _len)
Definition talloc.h:150
#define talloc_autofree_context
The original function is deprecated, so replace it with our version.
Definition talloc.h:55
#define talloc_strdup(_ctx, _str)
Definition talloc.h:149
static size_t talloc_strlen(char const *s)
Returns the length of a talloc array containing a string.
Definition talloc.h:143
fr_slen_t fr_time_delta_from_str(fr_time_delta_t *out, char const *in, size_t inlen, fr_time_res_t hint)
Create fr_time_delta_t from a string.
Definition time.c:412
int fr_time_start(void)
Initialize the local time.
Definition time.c:150
static int64_t fr_time_delta_unwrap(fr_time_delta_t time)
Definition time.h:154
static fr_time_delta_t fr_time_delta_from_sec(int64_t sec)
Definition time.h:590
@ FR_TIME_RES_SEC
Definition time.h:50
#define NSEC
Definition time.h:379
A time delta, a difference in time measured in nanoseconds.
Definition time.h:80
"server local" time.
Definition time.h:69
static fr_event_list_t * el
#define FR_DICTIONARY_FILE
Definition conf.h:7
void * uctx
Definition packet.h:79
unsigned int code
Packet code (type).
Definition packet.h:61
fr_socket_t socket
This packet was received on.
Definition packet.h:57
int id
Packet ID (used to link requests/responses).
Definition packet.h:60
uint8_t * data
Packet data (body).
Definition packet.h:63
uint8_t vector[RADIUS_AUTH_VECTOR_LENGTH]
RADIUS authentication vector.
Definition packet.h:69
bool fr_pair_list_empty(fr_pair_list_t const *list)
Is a valuepair list empty.
void fr_pair_list_sort(fr_pair_list_t *list, fr_cmp_t cmp)
Sort a doubly linked list of fr_pair_ts using merge sort.
fr_pair_t * fr_pair_list_next(fr_pair_list_t const *list, fr_pair_t const *item))
Get the next item in a valuepair list after a specific entry.
Definition pair_inline.c:69
fr_pair_t * fr_pair_list_head(fr_pair_list_t const *list)
Get the head of a valuepair list.
Definition pair_inline.c:42
static fr_slen_t parent
Definition pair.h:858
fr_time_delta_t irt
Initial transmission time.
Definition retry.h:33
int af
AF_INET, AF_INET6, or AF_UNIX.
Definition socket.h:75
int fd
File descriptor if this is a live socket.
Definition socket.h:78
char const * fr_strerror(void)
Get the last library error.
Definition strerror.c:558
void fr_perror(char const *fmt,...)
Print the current error to stderr with a prefix.
Definition strerror.c:737
void fr_strerror_clear(void)
Clears all pending messages from the talloc pools.
Definition strerror.c:581
int fr_check_lib_magic(uint64_t magic)
Check if the application linking to the library has the correct magic number.
Definition version.c:40
#define RADIUSD_VERSION_BUILD(_x)
Create a version string for a utility in the suite of FreeRADIUS utilities.
Definition version.h:58
#define RADIUSD_MAGIC_NUMBER
Definition version.h:81
int8_t fr_value_box_cmp(fr_value_box_t const *a, fr_value_box_t const *b)
Compare two values.
Definition value.c:748
#define fr_box_time_delta(_val)
Definition value.h:366