//Returns the client instantiated based on registry settings
private RADIUSClient GetClient(string sessionId)
{
string[] servers = Regex.Split(Settings.Store.Server.Trim(), @"\s+");
int authport = Settings.Store.AuthPort;
int acctport = Settings.Store.AcctPort;
string sharedKey = Settings.Store.GetEncryptedSetting("SharedSecret");
int timeout = Settings.Store.Timeout;
int retry = Settings.Store.Retry;
MachineIdentifier mid = (MachineIdentifier)((int)Settings.Store.MachineIdentifier);
byte[] ipAddr = null;
string machineName = null;
if (mid == MachineIdentifier.Machine_Name || mid == MachineIdentifier.Both)
{
machineName = Environment.MachineName;
}
if (mid == MachineIdentifier.IP_Address || mid == MachineIdentifier.Both)
{
ipAddr = getIPAddress();
}
RADIUSClient client = new RADIUSClient(servers, authport, acctport, sharedKey, timeout, retry, sessionId, ipAddr, machineName);
return(client);
}
//Returns the client instantiated based on registry settings
private RADIUSClient GetClient(string sessionId = null)
{
string[] servers = Regex.Split(Settings.Store.Server.Trim(), @"\s+");
int authport = Settings.Store.AuthPort;
int acctport = Settings.Store.AcctPort;
string sharedKey = Settings.Store.GetEncryptedSetting("SharedSecret");
int timeout = Settings.Store.Timeout;
int retry = Settings.Store.Retry;
byte[] ipAddr = null;
string nasIdentifier = null;
string calledStationId = null;
if ((bool)Settings.Store.SendNASIPAddress)
{
ipAddr = getNetworkInfo().Item1;
}
if ((bool)Settings.Store.SendNASIdentifier)
{
nasIdentifier = Settings.Store.NASIdentifier;
nasIdentifier = nasIdentifier.Contains('%') ? replaceSymbols(nasIdentifier) : nasIdentifier;
}
if ((bool)Settings.Store.SendCalledStationID)
{
calledStationId = (String)Settings.Store.CalledStationID;
calledStationId = calledStationId.Contains('%') ? replaceSymbols(calledStationId) : calledStationId;
}
RADIUSClient client = new RADIUSClient(servers, authport, acctport, sharedKey, timeout, retry, sessionId, ipAddr, nasIdentifier, calledStationId);
return(client);
}
public Session(Guid Id, string username, RADIUSClient client) //string username,
{
this.id = Id;
this.username = username;
this.client = client;
active = true;
}
//string username,
public Session(Guid Id, string username, RADIUSClient client)
{
this.id = Id;
this.username = username;
this.client = client;
active = true;
}
//Authenticates user
BooleanResult IPluginAuthentication.AuthenticateUser(SessionProperties properties)
{
m_logger.DebugFormat("AuthenticateUser({0})", properties.Id.ToString());
// Get user info
UserInformation userInfo = properties.GetTrackedSingle <UserInformation>();
try
{
RADIUSClient client = GetClient(null); //No session ID is required for auth, only accounting
bool result = client.Authenticate(userInfo.Username, userInfo.Password);
if (result)
{
return new BooleanResult()
{
Success = result
}
}
;
return(new BooleanResult()
{
Success = result, Message = "Invalid username or password."
});
}
catch (RADIUSException re)
{
m_logger.Error("An error occurred during while authenticating.", re);
return(new BooleanResult()
{
Success = false, Message = re.Message
});
}
catch (Exception e)
{
m_logger.Error("An unexpected error occurred while authenticating.", e);
throw e;
}
}
//Authenticates user
BooleanResult IPluginAuthentication.AuthenticateUser(SessionProperties properties)
{
m_logger.DebugFormat("AuthenticateUser({0})", properties.Id.ToString());
if (!(bool)Settings.Store.EnableAuth)
{
m_logger.Debug("Authentication stage set on RADIUS plugin but authentication is not enabled in plugin settings.");
return(new BooleanResult()
{
Success = false
});
}
// Get user info
UserInformation userInfo = properties.GetTrackedSingle <UserInformation>();
if (String.IsNullOrEmpty(userInfo.Username) || String.IsNullOrEmpty(userInfo.Password))
{
return new BooleanResult()
{
Success = false, Message = "Username and password must be provided."
}
}
;
try
{
RADIUSClient client = GetClient();
bool result = client.Authenticate(userInfo.Username, userInfo.Password);
if (result)
{
Session session = new Session(properties.Id, userInfo.Username, client);
Packet p = client.lastReceievedPacket;
//Check for session timeout
if ((bool)Settings.Store.AllowSessionTimeout && p.containsAttribute(Packet.AttributeType.Session_Timeout))
{
int seconds = client.lastReceievedPacket.getFirstIntAttribute(Packet.AttributeType.Session_Timeout);
session.SetSessionTimeout(seconds, SessionTimeoutCallback);
//m_logger.DebugFormat("Setting timeout for {0} to {1} seconds.", userInfo.Username, seconds);
}
if (p.containsAttribute(Packet.AttributeType.Idle_Timeout))
{
int seconds = client.lastReceievedPacket.getFirstIntAttribute(Packet.AttributeType.Idle_Timeout);
}
if (p.containsAttribute(Packet.AttributeType.Vendor_Specific))
{
foreach (byte[] val in p.getByteArrayAttributes(Packet.AttributeType.Vendor_Specific))
{
//m_logger.DebugFormat("Vendor ID: {0:D}, Type: {1:D}, Value: {2}", Packet.VSA_vendorID(val), Packet.VSA_VendorType(val), Packet.VSA_valueAsString(val));
if ((bool)Settings.Store.WisprSessionTerminate && Packet.VSA_vendorID(val) == (int)Packet.VSA_WISPr.Vendor_ID &&
Packet.VSA_VendorType(val) == (int)Packet.VSA_WISPr.WISPr_Session_Terminate_Time)
{
try
{
//Value is in format "2014-03-11T23:59:59"
string sdt = Packet.VSA_valueAsString(val);
DateTime dt = DateTime.ParseExact(sdt, "yyyy-MM-dd'T'HH:mm:ss", System.Globalization.CultureInfo.InvariantCulture);
if (dt > DateTime.Now)
{
session.Set_Session_Terminate(dt, SessionTerminateCallback);
}
else
{
m_logger.DebugFormat("The timestamp provided for WisperSessionTerminate time value has passed.");
}
}
catch (FormatException e)
{
m_logger.DebugFormat("Unable to parse timestamp: {0}", Packet.VSA_valueAsString(val));
}
}
}
}
//Check for interim-update
if ((bool)Settings.Store.SendInterimUpdates)
{
int seconds = 0;
if (p.containsAttribute(Packet.AttributeType.Acct_Interim_Interval))
{
seconds = client.lastReceievedPacket.getFirstIntAttribute(Packet.AttributeType.Acct_Interim_Interval);
}
//Check to see if plugin is set to send interim updates more frequently
if ((bool)Settings.Store.ForceInterimUpdates)
{
int forceTime = (int)Settings.Store.InterimUpdateTime;
if (forceTime > 0)
{
seconds = forceTime;
}
}
//Set interim update
if (seconds > 0)
{
session.SetInterimUpdate(seconds, InterimUpdatesCallback);
m_logger.DebugFormat("Setting interim update interval for {0} to {1} seconds.", userInfo.Username, seconds);
}
else
{
m_logger.DebugFormat("Interim Updates are enabled, but no update interval was provided by the server or user.");
}
}
lock (m_sessionManager)
{
//m_logger.DebugFormat("Adding session to m_sessionManager. ID: {0}, session: {1}", session.id, session);
m_sessionManager.Add(session.id, session);
}
string message = null;
if (p.containsAttribute(Packet.AttributeType.Reply_Message))
{
message = p.getFirstStringAttribute(Packet.AttributeType.Reply_Message);
}
return(new BooleanResult()
{
Success = result, Message = message
});
}
//Failure
string msg = "Unable to validate username or password.";
if (client.lastReceievedPacket == null)
{
msg = msg + " No response from server.";
}
else if (client.lastReceievedPacket.containsAttribute(Packet.AttributeType.Reply_Message))
{
msg = client.lastReceievedPacket.getFirstStringAttribute(Packet.AttributeType.Reply_Message);
}
else if (client.lastReceievedPacket.code == Packet.Code.Access_Reject)
{
msg = msg + String.Format(" Access Rejected.");
}
return(new BooleanResult()
{
Success = result, Message = msg
});
}
catch (RADIUSException re)
{
m_logger.Error("An error occurred during while authenticating.", re);
return(new BooleanResult()
{
Success = false, Message = re.Message
});
}
catch (Exception e)
{
m_logger.Error("An unexpected error occurred while authenticating.", e);
throw e;
}
}
//Processes accounting on logon/logoff
public void SessionChange(System.ServiceProcess.SessionChangeDescription changeDescription, pGina.Shared.Types.SessionProperties properties)
{
if (changeDescription.Reason != System.ServiceProcess.SessionChangeReason.SessionLogon &&
changeDescription.Reason != System.ServiceProcess.SessionChangeReason.SessionLogoff)
{
//m_logger.DebugFormat("Not logging on or off for this session change call ({0})... exiting.", changeDescription.Reason);
return;
}
if (properties == null)
{
//m_logger.DebugFormat("No session properties available. This account does not appear to be managed by pGina. Exiting SessionChange()");
return;
}
if (!(bool)Settings.Store.EnableAcct)
{
m_logger.Debug("Session Change stage set on RADIUS plugin but accounting is not enabled in plugin settings.");
return;
}
//Determine username (may change depending on value of UseModifiedName setting)
string username = null;
UserInformation ui = properties.GetTrackedSingle <UserInformation>();
if (ui == null)
{
//m_logger.DebugFormat("No userinformation for this session logoff... exiting...");
return;
}
if ((bool)Settings.Store.UseModifiedName)
{
username = ui.Username;
}
else
{
username = ui.OriginalUsername;
}
Session session = null;
//User is logging on
if (changeDescription.Reason == System.ServiceProcess.SessionChangeReason.SessionLogon)
{
lock (m_sessionManager)
{
//Check if session information is already available for this id
if (!m_sessionManager.Keys.Contains(properties.Id))
{
//No session info - must have authed with something other than RADIUS.
//m_logger.DebugFormat("RADIUS Accounting Logon: Unable to find session for {0} with GUID {1}", username, properties.Id);
if (!(bool)Settings.Store.AcctingForAllUsers)
{
//m_logger.Debug("Accounting for non-RADIUS users is disabled. Exiting.");
return;
}
RADIUSClient client = GetClient();
session = new Session(properties.Id, username, client);
m_sessionManager.Add(properties.Id, session);
//Check forced interim-update setting
if ((bool)Settings.Store.SendInterimUpdates && (bool)Settings.Store.ForceInterimUpdates)
{
int interval = (int)Settings.Store.InterimUpdateTime;
session.SetInterimUpdate(interval, InterimUpdatesCallback);
}
}
else
{
session = m_sessionManager[properties.Id];
}
}
//Determine which plugin authenticated the user (if any)
PluginActivityInformation pai = properties.GetTrackedSingle <PluginActivityInformation>();
Packet.Acct_Authentic authSource = Packet.Acct_Authentic.Not_Specified;
IEnumerable <Guid> authPlugins = pai.GetAuthenticationPlugins();
Guid LocalMachinePluginGuid = new Guid("{12FA152D-A2E3-4C8D-9535-5DCD49DFCB6D}");
foreach (Guid guid in authPlugins)
{
if (pai.GetAuthenticationResult(guid).Success)
{
if (guid == SimpleUuid)
{
authSource = Packet.Acct_Authentic.RADIUS;
}
else if (guid == LocalMachinePluginGuid)
{
authSource = Packet.Acct_Authentic.Local;
}
else //Not RADIUS, not Local, must be some other auth plugin
{
authSource = Packet.Acct_Authentic.Remote;
}
break;
}
}
//We can finally start the accounting process
try
{
lock (session)
{
session.windowsSessionId = changeDescription.SessionId; //Grab session ID now that we're authenticated
session.username = username; //Accting username may have changed depending on 'Use Modified username for accounting option'
session.client.startAccounting(username, authSource);
//m_logger.DebugFormat("Successfully completed accounting start process...");
}
}
catch (Exception e)
{
m_logger.Error("Error occurred while starting accounting.", e);
}
}
//User is logging off
else if (changeDescription.Reason == System.ServiceProcess.SessionChangeReason.SessionLogoff)
{
lock (m_sessionManager)
{
if (m_sessionManager.Keys.Contains(properties.Id))
{
session = m_sessionManager[properties.Id];
}
else
{
//m_logger.DebugFormat("Users {0} is logging off, but no RADIUS session information is available for session ID {1}.", username, properties.Id);
return;
}
//Remove the session from the session manager
m_sessionManager.Remove(properties.Id);
}
lock (session)
{
//Disbale any active callbacks for this session
session.disableCallbacks();
session.active = false;
//Assume normal logout if no other terminate reason is listed.
if (session.terminate_cause == null)
{
session.terminate_cause = Packet.Acct_Terminate_Cause.User_Request;
}
try
{
//m_logger.DebugFormat("About to send accounting stop packet. Session has been active {0} seconds.", (DateTime.Now - session.client.accountingStartTime).TotalSeconds);
session.client.stopAccounting(session.username, session.terminate_cause);
}
catch (RADIUSException re)
{
m_logger.DebugFormat("Unable to send accounting stop message for user {0} with ID {1}. Message: {2}", session.username, session.id, re.Message);
}
}
}
}
//Returns the client instantiated based on registry settings
private RADIUSClient GetClient(string sessionId = null)
{
string[] servers = Regex.Split(Settings.Store.Server.Trim(), @"\s+");
int authport = Settings.Store.AuthPort;
int acctport = Settings.Store.AcctPort;
string sharedKey = Settings.Store.GetEncryptedSetting("SharedSecret");
int timeout = Settings.Store.Timeout;
int retry = Settings.Store.Retry;
byte[] ipAddr = null;
string nasIdentifier = null;
string calledStationId = null;
if((bool)Settings.Store.SendNASIPAddress)
ipAddr = getNetworkInfo().Item1;
if((bool)Settings.Store.SendNASIdentifier){
nasIdentifier = Settings.Store.NASIdentifier;
nasIdentifier = nasIdentifier.Contains('%') ? replaceSymbols(nasIdentifier) : nasIdentifier;
}
if ((bool)Settings.Store.SendCalledStationID)
{
calledStationId = (String)Settings.Store.CalledStationID;
calledStationId = calledStationId.Contains('%') ? replaceSymbols(calledStationId) : calledStationId;
}
RADIUSClient client = new RADIUSClient(servers, authport, acctport, sharedKey, timeout, retry, sessionId, ipAddr, nasIdentifier, calledStationId);
return client;
}
//Processes accounting on logon/logoff
public void SessionChange(System.ServiceProcess.SessionChangeDescription changeDescription, pGina.Shared.Types.SessionProperties properties)
{
m_logger.DebugFormat("SessionChange({0})", properties.Id.ToString());
string username = null;
if ((bool)Settings.Store.UseModifiedName)
{
username = properties.GetTrackedSingle <UserInformation>().Username;
}
else
{
username = properties.GetTrackedSingle <UserInformation>().OriginalUsername;
}
if (changeDescription.Reason == System.ServiceProcess.SessionChangeReason.SessionLogon)
{
//Create a new unique id for this accounting session and store it
String sessionId = Guid.NewGuid().ToString();
lock (sessionIDLock)
{
sessionIDs.Add(username, sessionId);
}
//Determine which plugin authenticated the user (if any)
PluginActivityInformation pai = properties.GetTrackedSingle <PluginActivityInformation>();
Packet.Acct_AuthenticType authSource = Packet.Acct_AuthenticType.Not_Specified;
IEnumerable <Guid> authPlugins = pai.GetAuthenticationPlugins();
Guid LocalMachinePluginGuid = new Guid("{12FA152D-A2E3-4C8D-9535-5DCD49DFCB6D}");
foreach (Guid guid in authPlugins)
{
if (pai.GetAuthenticationResult(guid).Success)
{
if (guid == SimpleUuid)
{
authSource = Packet.Acct_AuthenticType.RADIUS;
}
else if (guid == LocalMachinePluginGuid)
{
authSource = Packet.Acct_AuthenticType.Local;
}
else
{
authSource = Packet.Acct_AuthenticType.Remote;
}
break;
}
}
try
{
RADIUSClient client = GetClient(sessionId);
client.startAccounting(username, authSource);
}
catch (Exception e)
{
m_logger.Error("Error occurred while starting accounting.", e);
}
}
else if (changeDescription.Reason == System.ServiceProcess.SessionChangeReason.SessionLogoff)
{
//Check if guid was stored from accounting start request (if not, no point in sending a stop request)
string sessionId = null;
lock (sessionIDLock)
{
sessionId = sessionIDs.ContainsKey(username) ? sessionIDs[username] : null;
if (sessionId == null)
{
m_logger.ErrorFormat("Error sending accounting stop request. No guid available for {0}", username);
return;
} //Remove the session id since we're logging off
sessionIDs.Remove(username);
}
try
{
RADIUSClient client = GetClient(sessionId);
client.stopAccounting(username, Packet.Acct_Terminate_CauseType.User_Request);
}
catch (Exception e)
{
m_logger.Error("Error occurred while stopping accounting.", e);
return;
}
}
}
//Returns the client instantiated based on registry settings
private RADIUSClient GetClient(string sessionId)
{
string server = Settings.Store.Server;
int authport = Settings.Store.AuthPort;
int acctport = Settings.Store.AcctPort;
string sharedKey = Settings.Store.GetEncryptedSetting("SharedSecret");
int timeout = Settings.Store.Timeout;
int retry = Settings.Store.Retry;
MachineIdentifier mid = (MachineIdentifier)((int)Settings.Store.MachineIdentifier);
byte[] ipAddr = null;
string machineName = null;
if(mid == MachineIdentifier.Machine_Name || mid == MachineIdentifier.Both)
machineName = Environment.MachineName;
if(mid == MachineIdentifier.IP_Address || mid == MachineIdentifier.Both)
ipAddr = getIPAddress();
RADIUSClient client = new RADIUSClient(server, authport, acctport, sharedKey, timeout, retry, sessionId, ipAddr, machineName);
return client;
}
