public static string Reverse(byte[] sharedSecret, byte[] rqAuthenticator, byte[] requestPassword)
        {
            var passwordBuffLength   = requestPassword.Length;
            var authData             = new byte[16];
            var currentPasswordBlock = new byte[16];

            var outPasswordBuffer = new byte[requestPassword.Length];
            var passwordBlocks    = passwordBuffLength / 16;

            Buffer.BlockCopy(rqAuthenticator, 0, authData, 0, 16);

            for (var i = 0; i < passwordBlocks; i++)
            {
                Buffer.BlockCopy(requestPassword, i * 16, currentPasswordBlock, 0, 16);

                PapAuthenticator.PAPEncryptBlock(sharedSecret, authData, currentPasswordBlock);

                Buffer.BlockCopy(currentPasswordBlock, i * 16, outPasswordBuffer, 0, 16);

                Buffer.BlockCopy(currentPasswordBlock, 0, authData, 0, 16);
            }

            var outPassword = Encoding.ASCII.GetString(outPasswordBuffer).TrimEnd('\0');

            return(outPassword);
        }
Beispiel #2
0
        public bool Authenticate(string username, string password)
        {
            Random pRandonNumber = new Random();
            var    RA            = GenerateRA();

            var requestPacket = new RadiusPacket()
            {
                CodeType      = RadiusCodeType.AccessRequest,
                Identifier    = Convert.ToByte(pRandonNumber.Next(0, 32000) % 256),
                Authenticator = RA
            };

            requestPacket.Attributes.Add(new RadiusAttribute(RadiusAttributeType.UserName, username));
            requestPacket.Attributes.Add(new RadiusAttribute(RadiusAttributeType.UserPassword, PapAuthenticator.GeneratePAPPassword(password, _Secret, RA)));
            requestPacket.Serialize(secretBytes);

            if (requestPacket.Parse() == RadiusPacket.ParseError.None)
            {
                try
                {
                    using (var server = new UdpClient())
                    {
                        server.Client.SendTimeout    = pUDPTimeout;
                        server.Client.ReceiveTimeout = pUDPTimeout;
                        server.Client.Ttl            = UDP_TTL;
                        server.Connect(_Server, _Port);
                        server.Send(requestPacket.Data, requestPacket.DataLength);

                        var RemoteIpEndPoint = new System.Net.IPEndPoint(System.Net.IPAddress.Any, 0);
                        var response         = server.Receive(ref RemoteIpEndPoint);
                        server.Close();

                        var result = new RadiusPacket()
                        {
                            Data = response, DataLength = response.Length
                        };
                        return(result.Parse() == RadiusPacket.ParseError.None && result.CodeType == RadiusCodeType.AccessAccept);
                    }
                }
                catch (Exception ex)
                {
                    EventLoger.Log.Write(MethodInfo.GetCurrentMethod(), ex);
                }
            }

            return(false);
        }
Beispiel #3
0
        public async Task Start()
        {
            listen = true;

            using (var udpServer = new UdpClient(new IPEndPoint(_IP, _Port)))
            {
                while (listen)
                {
                    try
                    {
                        var result = await udpServer.ReceiveAsync();

                        var packet = new RadiusPacket()
                        {
                            DataLength = result.Buffer.Length,
                            Data       = result.Buffer
                        };

                        if (packet.Parse() == RadiusPacket.ParseError.None && packet.CodeType == RadiusCodeType.AccessRequest)
                        {
                            var secretBytes = Encoding.Default.GetBytes(_Secret);

                            var responsePacket = new RadiusPacket()
                            {
                                Identifier    = packet.Identifier,
                                CodeType      = RadiusCodeType.AccessReject,
                                Authenticator = packet.Authenticator
                            };

                            foreach (var attr in packet.Attributes)
                            {
                                responsePacket.Attributes.Add(attr);
                            }

                            var falts = packet.ValidateRfcComplianceOnReceive();
                            if (falts != null)
                            {
                                responsePacket.Attributes.Add(falts);
                            }
                            else
                            {
                                var userNameAttrib = packet.Attributes.Find(RadiusAttributeType.UserName);
                                var passwordAttrib = packet.Attributes.Find(RadiusAttributeType.UserPassword);
                                var username       = userNameAttrib.TextValue;
                                var password       = PapAuthenticator.Reverse(secretBytes, packet.Authenticator, passwordAttrib.StringValue);

                                if (Validator == null || Validator.IsValid(username, password))
                                {
                                    responsePacket.CodeType = RadiusCodeType.AccessAccept;
                                }
                            }

                            responsePacket.Serialize(secretBytes);
                            udpServer.Send(responsePacket.Data, responsePacket.Length, result.RemoteEndPoint);
                        }
                    }
                    catch (Exception ex)
                    {
                        EventLoger.Log.Write(MethodInfo.GetCurrentMethod(), ex);
                    }
                }
            }
        }