radpwtst.c

RADIUS协议的认证计费服务

			else if (strcasecmp (*argv, "arades") == 0)
			{
				data.ustype = PW_FRAMED;
				data.fptype = ASCEND_ARA;
				data.arades = 1;
			}
#endif	/* ASCEND */

			else if (strcasecmp (*argv, "challenge") == 0)
			{
				data.challenge = 1;	/* Challenge/response */
			}
			else if (strcasecmp (*argv, "chap") == 0)
			{
				data.ustype = 255;	/* for testing chap */
				data.fptype = PW_PPP;
			}
			else if (strcasecmp (*argv, "dumb") == 0)
			{
				data.ustype = PW_LOGIN;
			}
			else if (strcasecmp (*argv, "slip") == 0)
			{
				data.ustype = PW_FRAMED;
				data.fptype = PW_SLIP;
			}
			else if (strcasecmp (*argv, "ppp") == 0)
			{
				data.ustype = PW_FRAMED;
				data.fptype = PW_PPP;
			}
			else if (strcasecmp (*argv, "dbdumb") == 0)
			{
				data.ustype = PW_CALLBACK_LOGIN;
			}
			else if (strcasecmp (*argv, "dbslip") == 0)
			{
				data.ustype = PW_CALLBACK_FRAMED;
				data.fptype = PW_SLIP;
			}
			else if (strcasecmp (*argv, "dbppp") == 0)
			{
				data.ustype = PW_CALLBACK_FRAMED;
				data.fptype = PW_PPP;
			}
			else if (strcasecmp (*argv, "outbound") == 0)
			{
				data.ustype = PW_OUTBOUND_USER;
			}
			else if (strcasecmp (*argv, "admin") == 0)
			{
				data.ustype = PW_ADMINISTRATIVE_USER;
			}
			else if (strcasecmp (*argv, "exec") == 0)
			{
				data.ustype = PW_SHELL_USER;
			}
			else if (strcasecmp (*argv, "dbadmin") == 0)
			{
				data.ustype = PW_CALLBACK_ADMIN_USER;
			}
			else
			{
				radpwtst_usage ();
			}
			break;

		    case 'v':	/* version */
			if (*ptr == '\0')
			{
				if (--argc == 0)
				{
					fprintf (stderr,
						"Version %s\n", verinfo (2));
					radpwtst_usage ();
				}
				argv++;
				ptr = *argv;
			}
			if (strcmp (ptr, "2") == 0)
			{
				data.version = 2;
			}
			else if (strcmp (ptr, "1") == 0)
			{
				data.version = 1;
			}
			else
			{
				radpwtst_usage ();
			}
				
			break;

		    case 'w':	/* password */
			if (--argc == 0)
			{
				radpwtst_usage ();
				printf ("password\n");
			}
			argv++;
			clear_pw = *argv;
			break;

		    case 'X':
			debug_flag++;
			ddt = stderr;
			msgfd = fdopen (dup (fileno (stderr)), "w");
			file_logging = 1;
			break;

		    case 'x':
			debug_flag++;
			ddt = stderr;
			break;

		    case ':':		/* Send arbirary A/V pairs */
			*vpnext = (string_list *) malloc (sizeof (string_list));
			(*vpnext)->str = *argv + 2;
			(*vpnext)->next = (string_list *) NULL;
			vpnext = &((*vpnext)->next);
			break;

		    case '0':
			zero = 1;
			break;

		    default:
			fprintf (stderr, "%s: Invalid option, '%s'\n",
				progname, *argv);
			radpwtst_usage ();
		}
	}

	if (zero == 0)
	{
		printf ("Merit AAA server %s, licensed software\n", verinfo (2));
		printf ("COPYRIGHT 1992, 1993, 1994, 1995, 1996, 1997, 1998\n");
		printf ("THE REGENTS OF THE UNIVERSITY OF MICHIGAN\n");
		printf ("ALL RIGHTS RESERVED\n");
		printf ("\n");

#ifdef BASIC_SERVER
		printf (
"PERMISSION IS GRANTED TO USE, COPY AND REDISTRIBUTE THIS VERSION OF THE MERIT\n");
		printf (
"BASIC AAA SERVER, SO LONG AS NO FEE IS CHARGED FOR THIS SOFTWARE, AND SO LONG\n");
		printf (
"AS THE COPYRIGHT NOTICE ABOVE, THIS GRANT OF PERMISSION, AND THE DISCLAIMER\n");
		printf (
"BELOW APPEAR IN ALL COPIES MADE; AND SO LONG AS THE NAME OF THE UNIVERSITY OF\n");
		printf (
"MICHIGAN OR MERIT NETWORK IS NOT USED IN ANY ADVERTISING OR PUBLICITY\n");
		printf (
"PERTAINING TO THE USE OR DISTRIBUTION OF THIS SOFTWARE WITHOUT SPECIFIC,\n");
		printf (
"WRITTEN PRIOR AUTHORIZATION.\n");
		printf ("\n");
		printf (
"NO RIGHTS ARE GRANTED HEREUNDER FOR ANY RECIPIENT TO MODIFY, DISASSEMBLE,\n");
		printf (
"DECOMPILE, REVERSE ENGINEER OR OTHERWISE CREATE DERIVATIVE WORKS OF THIS\n");
		printf (
"SOFTWARE.\n");
		printf ("\n");
		printf (
"THIS SOFTWARE IS PROVIDED AS IS, WITHOUT REPRESENTATION FROM THE UNIVERSITY\n");
		printf (
"OF MICHIGAN AS TO ITS FITNESS FOR ANY PURPOSE, AND WITHOUT WARRANTY BY THE\n");
		printf (
"UNIVERSITY OF MICHIGAN OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING\n");
		printf (
"WITHOUT LIMITATION THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR\n");
		printf (
"A PARTICULAR PURPOSE.  THE REGENTS OF THE UNIVERSITY OF MICHIGAN SHALL NOT BE\n");
		printf (
"LIABLE FOR ANY DAMAGES, INCLUDING SPECIAL, INDIRECT, INCIDENTAL, OR\n");
		printf (
"CONSEQUENTIAL DAMAGES, WITH RESPECT TO ANY CLAIM ARISING OUT OF OR IN\n");
		printf (
"CONNECTION WITH THE USE OF THE SOFTWARE, EVEN IF IT HAS BEEN OR IS HEREAFTER\n");
		printf (
"ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.\n");
		printf ("\n");
		printf (
"FOR FURTHER INFORMATION ABOUT THE ENHANCED MERIT AAA SERVER, SEND EMAIL TO:\n");
		printf (
"aaa.license@merit OR, VISIT THE WWW SITE:  www.merit.edu/aaa/\n");
		printf ("\n");
#endif	/* BASIC_SERVER */

	}

	/* Plain authentication request ==> PW_AUTHENTICATE_ONLY */
	if (data.ustype == 0)
	{
		if (new_old == 1) /* new style */
		{
			data.ustype = PW_AUTHENTICATE_ONLY;
		}
		else /* old style */
		{
			data.ustype = PW_OUTBOUND_USER;
		}
	}

	/* Get the user name */
	if (argc == 1)
	{
		data.user_name = argv[0];
	}
	else
	{
		radpwtst_usage ();
	}

	dir_init ();

	if (dict_init () != 0)
	{
		exit (-1);
	}

	/* Process saved A/V pairs. */
	for ( ; vplist ; vplist = vplist->next)
	{
		if (pair_parse (vplist->str, &data.send_pairs,
				(VALUE_PAIR **) NULL) != 0)
		{
			fprintf (stderr,
				"%s: Invalid attribute-value pair, '%s'\n",
				progname, vplist->str);
			radpwtst_usage ();
		}
	}

	if (data.code == PW_ACCOUNTING_REQUEST)
	{
		data.password = "";
	}
	else /* get a password from somewhere */
	{
		if (clear_pw == (char *) NULL) /* Get the password */
		{
			if ((clear_pw = rad_getpass ("Password:"))
							== (char *) NULL)
			{
				exit (-1);
			}

			strncpy (passwd, clear_pw, sizeof (passwd));
			data.password = passwd;
		}
		else /* Use the password from the command line (-w) */
		{
			data.password = clear_pw;
		}
	}

	srand (time (0));	/* Use random sequence number in request */
	data.seq_nbr = (u_short) rand ();

#ifdef	SVR4
	if (sysinfo (SI_HOSTNAME, ourhostname, sizeof (ourhostname)) < 0)
	{
		perror ("SI_HOSTNAME");
		exit (-1);
	}
#else	/* Assume BSD */
	if (gethostname (ourhostname, sizeof (ourhostname)) < 0)
	{
		perror ("gethostname");
		exit (-1);
	}
#endif	/* SVR4 */

	if (client_name == (char *) NULL)
	{
		if (data.client_id == 0)
		{
			if ((data.client_id = get_ipaddr (ourhostname)) == 0)
			{
				printf ("%s: Couldn't get own IP address!\n",
					progname);
				data.client_id = 0;
			}
		}
	}
	else /* use name from -i command line option */
	{
		data.client_id = get_ipaddr (client_name);
	}

	if ((data.user_file != (char *) NULL) && (data.group == (char *) NULL))
	{
		data.group = "DEFAULT";
	}

	if (data.svc_port == 0)
	{
		switch (data.code)
		{
		    case PW_ACCESS_REQUEST:
		    default:
			data.svc_port = PW_AUTH_UDP_PORT;
			break;

		    case PW_ACCOUNTING_REQUEST:
			data.svc_port = PW_ACCT_UDP_PORT;
			break;
		}
	}

	msg[0] = '\0';

	do
	{
		list_free (data.receive_pairs);
		data.receive_pairs = NULL_VP;
		result = send_server (&data, &retries, msg);
		sleep (data.timeout);
	} while (acks-- > 0);

	if (result == OK_RC)
	{
		if (data.result == PW_ACCESS_CHALLENGE)
		{
			printf ("ACCESS_CHALLENGE received\n");
			if (msg[0])
			{
				printf ("%s\n", msg);
				msg[0] = '\0';
			}

			if ((clear_pw = rad_getpass ("Challenge response: "))
							== (char *) NULL)
			{
				exit (-1);
			}

			strncpy (passwd, clear_pw, sizeof (passwd));
			data.password = passwd;

			msg[0] = '\0';
			data.code = PW_ACCESS_REQUEST;
			data.challenge = 0;	/* Leave current state intact */
			avpair_del(&data.send_pairs, PW_REPLY_MESSAGE, 0);
			data.seq_nbr++;
			result = send_server (&data, &retries, msg);
			printf ("Data.result: %d\n", data.result);
		}

#ifdef ASCEND
		if (data.result == PW_PASSWORD_EXPIRED)
		{
			printf ("'%s' authentication failed expired password",
				data.user_name);
		}
		else
#endif	/* ASCEND */

		{
			if (data.result == PW_ACCESS_REJECT)
			{
				printf ("'%s' authentication failed",
					data.user_name);
				
			}
			else
			{
				printf ("'%s' authentication OK",
					data.user_name);
			}
		}
	}
	else
	{
		printf ("'%s' authentication failed", data.user_name);
		if (result != BADRESP_RC)
		{
			printf ("(RC=%i)", result);
		}
	}

	send_server_done ();

	if (msg[0])
	{
		printf (": %s", msg);
	}

	putchar('\n');
	exit (result);
} /* end of main () */

static void
radpwtst_usage ()

{
	printf ("Usage: %s [-a ACKs] [-c code] [-d directory] [-f file]\n",
		progname);
	printf ("\t[-g group] [-h] [-i client-id] [-l async port] [-n]\n");
	printf ("\t[-p UDP-port] [-r retries] [-s server] [-t timeout]\n");
	printf ("\t[-u type] [-v version] [-w password] [-x] accessID\n");
	printf ("Codes: Access-Request = 1\n");
	printf ("       Accounting-Request = 4\n");
	printf ("       Password = 7\n");
	printf ("       Status-Server = 12\n");
	printf ("Types: challenge, chap, dumb, slip, ppp, arades, dbdumb,\n");
	printf ("       dpslip, dbppp, outbound, admin, exec, dbadmin\n");
	exit (-1);
} /* end of radpwtst_usage () */