public void RadiusServer_Nas_HostRefresh()
{
// Verify that the server refreshes NAS host name to IP address mappings.
// I'm going to do this by specifying a NAS host name that does not
// exist, verify that an authentication fails, then add the host name
// to the HOSTS file, wait a bit for the server to refresh the mappings
// and then verify that this worked by making sure that an authentication
// attempt succeeds.
RadiusServer server = new RadiusServer();
RadiusServerSettings serverSettings = new RadiusServerSettings();
RadiusClient client = new RadiusClient();
RadiusClientSettings clientSettings = new RadiusClientSettings(Local_RADIUS, "hello");
serverSettings.RealmFormat = RealmFormat.Email;
serverSettings.DnsRefreshInterval = TimeSpan.FromSeconds(10);
serverSettings.BkTaskInterval = TimeSpan.FromSeconds(2);
serverSettings.Devices.Add(new RadiusNasInfo("nas.test.lilltek.com", "hello"));
clientSettings.RealmFormat = RealmFormat.Email;
clientSettings.PortCount = 1;
clientSettings.MaxTransmissions = 1;
clientSettings.RetryInterval = TimeSpan.FromSeconds(2);
try
{
server.Start(serverSettings);
server.LoadAccountsFromString(@"
// This is a comment line
r1;jeff;password123
r2;jeff;passwordXXX
r1;jane;bigfish
");
client.Open(clientSettings);
try
{
client.Authenticate("r1", "jeff", "password123");
Assert.Fail();
}
catch (Exception e)
{
Assert.IsInstanceOfType(e, typeof(TimeoutException));
}
EnhancedDns.AddHost("nas.test.lilltek.com", NetHelper.GetActiveAdapter());
Thread.Sleep(serverSettings.DnsRefreshInterval + serverSettings.BkTaskInterval);
Assert.IsTrue(client.Authenticate("r1", "jeff", "password123"));
}
finally
{
EnhancedDns.RemoveHosts();
server.Stop();
client.Close();
}
}
public void RadiusClient_MultiPort()
{
// Verify that a multiport enable client actually works by running a bunch
// of authentications throught the client and then counting the number of
// source UDP ports we received packets from and verifying that this equals
// the number of client ports requested.
RadiusServer server = new RadiusServer();
RadiusServerSettings serverSettings = new RadiusServerSettings();
RadiusClient client = new RadiusClient();
RadiusClientSettings clientSettings = new RadiusClientSettings(Local_RADIUS, "hello");
RadiusServerDeelie deelie;
serverSettings.RealmFormat = RealmFormat.Email;
serverSettings.Devices.Add(new RadiusNasInfo(IPAddress.Loopback, "hello"));
serverSettings.Devices.Add(new RadiusNasInfo(NetHelper.GetActiveAdapter(), "hello"));
clientSettings.RealmFormat = RealmFormat.Email;
clientSettings.PortCount = 5;
clientSettings.MaxTransmissions = 1;
try
{
server.Start(serverSettings);
server.LoadAccountsFromString(@"
// This is a comment line
r1;jeff;password123
r2;jeff;passwordXXX
r1;jane;bigfish
");
client.Open(clientSettings);
deelie = new RadiusServerDeelie(server, RadiusServerDeelie.Mode.Normal);
for (int i = 0; i < 555; i++)
{
Assert.IsTrue(client.Authenticate("r1", "jeff", "password123"));
}
Dictionary <int, RadiusPacket> packetsByPort = new Dictionary <int, RadiusPacket>();
foreach (RadiusPacket packet in deelie.Packets)
{
if (!packetsByPort.ContainsKey(packet.SourceEP.Port))
{
packetsByPort.Add(packet.SourceEP.Port, packet);
}
}
Assert.AreEqual(5, packetsByPort.Count);
}
finally
{
server.Stop();
client.Close();
}
}
public void RadiusServer_Bad_NasDevice()
{
// Verify that the server detects an unknown NAS device.
RadiusServer server = new RadiusServer();
RadiusServerSettings serverSettings = new RadiusServerSettings();
RadiusClient client = new RadiusClient();
RadiusClientSettings clientSettings = new RadiusClientSettings(Local_RADIUS, "hello");
RadiusServerDeelie deelie;
serverSettings.RealmFormat = RealmFormat.Slash;
clientSettings.RealmFormat = RealmFormat.Slash;
clientSettings.PortCount = 1;
clientSettings.MaxTransmissions = 1;
try
{
server.Start(serverSettings);
server.LoadAccountsFromString(@"
// This is a comment line
r1;jeff;password123
r2;jeff;passwordXXX
r1;jane;bigfish
");
client.Open(clientSettings);
deelie = new RadiusServerDeelie(server, RadiusServerDeelie.Mode.Normal);
try
{
client.Authenticate("r1", "jeff", "password123");
Assert.Fail("TimeoutException expected");
}
catch (TimeoutException)
{
// Expecting a timeout since the server should ignore this packet
}
catch (Exception e)
{
Assert.IsInstanceOfType(e, typeof(TimeoutException));
}
Assert.IsTrue(deelie.Log.Count > 0);
Assert.AreEqual(RadiusLogEntryType.UnknownNas, deelie.Log[0].EntryType);
Assert.IsFalse(deelie.Log[0].Success);
}
finally
{
server.Stop();
client.Close();
}
}
public void RadiusServer_Auth_Log()
{
// Verify that authentication events are logged
RadiusServer server = new RadiusServer();
RadiusServerSettings serverSettings = new RadiusServerSettings();
RadiusClient client = new RadiusClient();
RadiusClientSettings clientSettings = new RadiusClientSettings(Local_RADIUS, "hello");
RadiusServerDeelie deelie;
serverSettings.RealmFormat = RealmFormat.Slash;
serverSettings.Devices.Add(new RadiusNasInfo(IPAddress.Loopback, "hello"));
serverSettings.Devices.Add(new RadiusNasInfo(NetHelper.GetActiveAdapter(), "hello"));
clientSettings.RealmFormat = RealmFormat.Slash;
clientSettings.PortCount = 1;
clientSettings.MaxTransmissions = 1;
try
{
server.Start(serverSettings);
server.LoadAccountsFromString(@"
// This is a comment line
r1;jeff;password123
r2;jeff;passwordXXX
r1;jane;bigfish
");
client.Open(clientSettings);
deelie = new RadiusServerDeelie(server, RadiusServerDeelie.Mode.Normal);
Assert.IsTrue(client.Authenticate("r1", "jeff", "password123"));
Assert.IsFalse(client.Authenticate("r1", "jeff", "PASSWORD123"));
Assert.AreEqual(2, deelie.Log.Count);
Assert.IsTrue(deelie.Log[0].Success);
Assert.AreEqual(RadiusLogEntryType.Authentication, deelie.Log[0].EntryType);
Assert.AreEqual("r1", deelie.Log[0].Realm);
Assert.AreEqual("jeff", deelie.Log[0].Account);
Assert.IsFalse(deelie.Log[1].Success);
Assert.AreEqual(RadiusLogEntryType.Authentication, deelie.Log[1].EntryType);
Assert.AreEqual("r1", deelie.Log[1].Realm);
Assert.AreEqual("jeff", deelie.Log[1].Account);
}
finally
{
server.Stop();
client.Close();
}
}
public void RadiusClient_ID_WrapAround()
{
// Verify that a single port client instance will wrap request IDs
// properly after ID=255
RadiusServer server = new RadiusServer();
RadiusServerSettings serverSettings = new RadiusServerSettings();
RadiusClient client = new RadiusClient();
RadiusClientSettings clientSettings = new RadiusClientSettings(Local_RADIUS, "hello");
RadiusServerDeelie deelie;
serverSettings.RealmFormat = RealmFormat.Email;
serverSettings.Devices.Add(new RadiusNasInfo(IPAddress.Loopback, "hello"));
serverSettings.Devices.Add(new RadiusNasInfo(NetHelper.GetActiveAdapter(), "hello"));
clientSettings.RealmFormat = RealmFormat.Email;
clientSettings.PortCount = 1;
clientSettings.MaxTransmissions = 1;
try
{
server.Start(serverSettings);
server.LoadAccountsFromString(@"
// This is a comment line
r1;jeff;password123
r2;jeff;passwordXXX
r1;jane;bigfish
");
client.Open(clientSettings);
deelie = new RadiusServerDeelie(server, RadiusServerDeelie.Mode.Normal);
for (int i = 0; i < 555; i++)
{
Assert.IsTrue(client.Authenticate("r1", "jeff", "password123"));
}
// We should have 555 packets in the deelie with ordered IDs.
Assert.AreEqual(555, deelie.Packets.Count);
for (int i = 0; i < 555; i++)
{
Assert.AreEqual((byte)i, deelie.Packets[i].Identifier);
}
}
finally
{
server.Stop();
client.Close();
}
}
public void RadiusServer_Auth_Parallel_Delay()
{
// Verify that we can perform multiple parallel authentications with
// a brief delay.
RadiusServer server = new RadiusServer();
RadiusServerSettings serverSettings = new RadiusServerSettings();
RadiusClient client = new RadiusClient();
RadiusClientSettings clientSettings = new RadiusClientSettings(Local_RADIUS, "hello");
IAsyncResult[] ar = new IAsyncResult[255];
RadiusServerDeelie deelie;
serverSettings.RealmFormat = RealmFormat.Slash;
serverSettings.Devices.Add(new RadiusNasInfo(IPAddress.Loopback, "hello"));
serverSettings.Devices.Add(new RadiusNasInfo(NetHelper.GetActiveAdapter(), "hello"));
clientSettings.RealmFormat = RealmFormat.Slash;
clientSettings.PortCount = 1;
clientSettings.MaxTransmissions = 1;
try
{
server.Start(serverSettings);
server.LoadAccountsFromString(@"
// This is a comment line
r1;jeff;password123
r2;jeff;passwordXXX
r1;jane;bigfish
");
client.Open(clientSettings);
deelie = new RadiusServerDeelie(server, RadiusServerDeelie.Mode.AuthShortDelay);
for (int i = 0; i < ar.Length; i++)
{
ar[i] = client.BeginAuthenticate("r1", "jeff", "password123", null, null);
}
for (int i = 0; i < ar.Length; i++)
{
Assert.IsTrue(client.EndAuthenticate(ar[i]));
}
}
finally
{
server.Stop();
client.Close();
}
}
public void RadiusClient_Timeout()
{
// Verify that the client detects timeouts.
RadiusServer server = new RadiusServer();
RadiusServerSettings serverSettings = new RadiusServerSettings();
RadiusClient client = new RadiusClient();
RadiusClientSettings clientSettings = new RadiusClientSettings(Local_RADIUS, "hello");
RadiusServerDeelie deelie;
serverSettings.RealmFormat = RealmFormat.Email;
serverSettings.Devices.Add(new RadiusNasInfo(IPAddress.Loopback, "hello"));
serverSettings.Devices.Add(new RadiusNasInfo(NetHelper.GetActiveAdapter(), "hello"));
clientSettings.RealmFormat = RealmFormat.Email;
clientSettings.PortCount = 1;
clientSettings.MaxTransmissions = 1;
try
{
server.Start(serverSettings);
server.LoadAccountsFromString(@"
// This is a comment line
r1;jeff;password123
r2;jeff;passwordXXX
r1;jane;bigfish
");
client.Open(clientSettings);
deelie = new RadiusServerDeelie(server, RadiusServerDeelie.Mode.IgnoreAllPackets);
try
{
client.Authenticate("r1", "jeff", "password123");
Assert.Fail("Expected a timeout");
}
catch (Exception e)
{
Assert.IsInstanceOfType(e, typeof(TimeoutException));
}
}
finally
{
server.Stop();
client.Close();
}
}
/// <summary>
/// Establishes a session with the authentication extension.
/// </summary>
/// <param name="args">The extension specific arguments (see the remarks).</param>
/// <param name="query">Ignored for this extension.</param>
/// <param name="perfCounters">The application's performance counter set (or <c>null</c>).</param>
/// <param name="perfPrefix">The string to prefix any performance counter names (or <c>null</c>).</param>
/// <remarks>
/// <para>
/// This extension recognises the following arguments:
/// </para>
/// <list type="table">
/// <item>
/// <term>Servers</term>
/// <description>
/// Specifies the list of RADIUS server network bindings specifying the
/// IP address or host name of the server as well as the port number
/// or well-known port name. Each server binding is formatted as
/// described by <see cref="NetworkBinding.Parse" /> and the server
/// bindings are separated by commas. This argument must be present.
/// </description>
/// </item>
/// <item>
/// <term>Secret</term>
/// <description>
/// The shared secret to be used to secure RADIUS packets delivered
/// between this client and the any of the RADIUS servers. This
/// string may include any valid characters besides semi-colons.
/// This argument must be present.
/// </description>
/// </item>
/// <item>
/// <term>SocketBuffer</term>
/// <description>
/// Byte size of the client socket's send and receive buffers. Default
/// value is 32K.
/// </description>
/// </item>
/// <item>
/// <term>NetworkBinding</term>
/// <description>
/// <para>
/// Specifies the IP address of the network card the client is
/// and port bindings. Use an IP address of ANY to bind to
/// all network interfaces. ANY is suitable for single homed machines.
/// Machines that are actually connected to multiple networks should
/// specify a specific network binding here to ensure that the NAS-IP-Address
/// of RADIUS authentication packets are initialized properly.
/// </para>
/// <para>
/// A specific port number may be selected or 0 can be specified,
/// indicating that the operating system should select a free port.
/// </para>
/// <para>
/// Default value is ANY:0.
/// </para>
/// </description>
/// </item>
/// <item>
/// <term>PortCount</term>
/// <description>
/// The number of RADIUS client UDP ports to open. Multiple ports may
/// be required under high authentication loads. Default value is 4.
/// </description>
/// </item>
/// <item>
/// <term>RetryInterval</term>
/// <description>
/// Maximum time to wait for a response packet from a RADIUS before retransmitting
/// an authentication request. Default is 5 seconds.
/// </description>
/// </item>
/// <item>
/// <term></term>
/// <description>
/// </description>
/// </item>
/// <item>
/// <term>BkTaskInterval</term>
/// <description>
/// The interval at which background tasks such as retransmitting
/// a request should be processed. Default is 1 second.
/// </description>
/// </item>
/// <item>
/// <term>MaxTransmissions</term>
/// <description>
/// The maximum number of authentication transmission attempts before aborting
/// with an authentication with a timeout. Default is 4.
/// </description>
/// </item>
/// <item>
/// <term>RealmFormat</term>
/// <description>
/// Specifies how user names are to be generated from the
/// <b>realm</b> and <b>account</b> components. See
/// <see cref="RealmFormat" /> for more information.
/// The possible values are: <b>Slash</b> and <b>Email</b>.
/// Default is <b>Email</b>.
/// </description>
/// </item>
/// <item>
/// <term>MaxCacheTime</term>
/// <description>
/// Specifies the maximum time clients should retain authentication information.
/// This is expressed in the same format as timespans parsed by <see cref="Config.Parse(string,TimeSpan)" />.
/// This argument defaults to "5m".
/// </description>
/// </item>
/// <item>
/// <term>LockoutCount</term>
/// <description>
/// Specifies the limiting failed authentication count. Accounts
/// will be locked when the fail count reaches this number.
/// </description>
/// </item>
/// <item>
/// <term>LockoutThreshold</term>
/// <description>
/// The period of time that can elapse between failed authentication
/// attempts where the failed attempts will <b>not</b> be counted against the
/// <b>LockoutCount</b>. Set this to <see cref="TimeSpan.Zero" />
/// to disable account lockout for the realm.
/// </description>
/// </item>
/// <item>
/// <term>LockoutTime</term>
/// <description>
/// The period of time an account will remain locked after being locked
/// out due to too many failed authentication attempts.
/// </description>
/// </item>
/// </list>
/// <note>
/// All calls to <see cref="Open" /> must be matched with a call
/// to <see cref="Close" /> or <see cref="Dispose" />.
/// </note>
/// </remarks>
public void Open(ArgCollection args, string query, PerfCounterSet perfCounters, string perfPrefix)
{
RadiusClientSettings settings;
string[] rawBindings;
List <NetworkBinding> bindings;
string secret;
using (TimedLock.Lock(this))
{
if (IsOpen)
{
throw new AuthenticationException("Authentication extension is already open.");
}
perf = new Perf(perfCounters, perfPrefix);
rawBindings = args.Get("servers", string.Empty).Split(new char[] { ',' }, StringSplitOptions.RemoveEmptyEntries);
if (rawBindings.Length == 0)
{
throw new AuthenticationException("RADUIS authentication extension requires at least one server network binding.");
}
bindings = new List <NetworkBinding>(rawBindings.Length);
for (int i = 0; i < rawBindings.Length; i++)
{
bindings.Add(NetworkBinding.Parse(rawBindings[i]));
}
secret = args.Get("secret", (string)null);
if (secret == null || secret.Length == 0)
{
throw new AuthenticationException("RADIUS authentication extension requires a shared NAS secret.");
}
settings = new RadiusClientSettings(bindings.ToArray(), secret);
settings.SocketBuffer = args.Get("SocketBuffer", settings.SocketBuffer);
settings.NetworkBinding = args.Get("NetworkBinding", settings.NetworkBinding);
settings.PortCount = args.Get("PortCount", settings.PortCount);
settings.RetryInterval = args.Get("RetryInterval", settings.RetryInterval);
settings.BkTaskInterval = args.Get("BkTaskInterval", settings.BkTaskInterval);
settings.MaxTransmissions = args.Get("settings.MaxTransmissions", settings.MaxTransmissions);
settings.RealmFormat = args.Get <RealmFormat>("RealmFormat", settings.RealmFormat);
maxCacheTime = args.Get("MaxCacheTime", TimeSpan.FromMinutes(5));
radiusClient.Open(settings);
}
}
public void RadiusClient_Interop_AD_IAS()
{
if (EnvironmentVars.Get("LT_TESTBIN") == null)
{
Assert.Inconclusive("[LT_TESTBIN] environment variable does not exist.");
}
if (EnvironmentVars.Get("LT_TEST_AD") == null)
{
Assert.Inconclusive("[LT_TEST_AD] environment variable does not exist.");
}
var ad = new ADTestSettings();
if (ad.NasSecret == string.Empty)
{
Assert.Inconclusive("AD/IAS Testing is disabled");
return;
}
// Verify that RADIUS client works against AD/IAS. This requires that
// the LT_TEST_AD environment variable be set properly as described
// in the LillTek DevInstall.doc document. The IAS server must also
// be manually configured with the NAS shared secret for this client.
RadiusClient client = new RadiusClient();
NetworkBinding serverEP = new NetworkBinding(EnhancedDns.GetHostByName(ad.Servers[0]).AddressList.IPv4Only()[0], NetworkPort.RADIUS);
RadiusClientSettings clientSettings = new RadiusClientSettings(serverEP, ad.NasSecret);
clientSettings.RealmFormat = RealmFormat.Email;
clientSettings.PortCount = 1;
try
{
client.Open(clientSettings);
Assert.IsTrue(client.Authenticate(ad.Domain, ad.Account, ad.Password));
Assert.IsFalse(client.Authenticate(ad.Domain + "x", ad.Account, ad.Password));
Assert.IsFalse(client.Authenticate(ad.Domain, ad.Account + "x", ad.Password));
Assert.IsFalse(client.Authenticate(ad.Domain, ad.Account, ad.Password + "x"));
}
finally
{
client.Close();
}
}
public void RadiusServer_DefaultSecret()
{
// Verify that the default secret will be used if the NAS device
// is not specified.
RadiusServer server = new RadiusServer();
RadiusServerSettings serverSettings = new RadiusServerSettings();
RadiusClient client = new RadiusClient();
RadiusClientSettings clientSettings = new RadiusClientSettings(Local_RADIUS, "hello");
serverSettings.RealmFormat = RealmFormat.Slash;
serverSettings.DefaultSecret = "hello";
clientSettings.RealmFormat = RealmFormat.Slash;
clientSettings.PortCount = 1;
clientSettings.MaxTransmissions = 1;
try
{
server.Start(serverSettings);
server.LoadAccountsFromString(@"
// This is a comment line
r1;jeff;password123
r2;jeff;passwordXXX
r1;jane;bigfish
");
client.Open(clientSettings);
Assert.IsTrue(client.Authenticate("r1", "jeff", "password123"));
Assert.IsTrue(client.Authenticate("r2", "jeff", "passwordXXX"));
Assert.IsTrue(client.Authenticate("r1", "jane", "bigfish"));
Assert.IsFalse(client.Authenticate("r1", "jeff", "PASSWORD123"));
Assert.IsFalse(client.Authenticate("", "jeff", "password123"));
Assert.IsFalse(client.Authenticate(null, "jeff", "password123"));
Assert.IsFalse(client.Authenticate("r3", "jeff", "password123"));
}
finally
{
server.Stop();
client.Close();
}
}
public void RadiusServer_RealmFmt_Slash()
{
// Test the client against the server using RealmFormat.Slash.
RadiusServer server = new RadiusServer();
RadiusServerSettings serverSettings = new RadiusServerSettings();
RadiusClient client = new RadiusClient();
RadiusClientSettings clientSettings = new RadiusClientSettings(Local_RADIUS, "hello");
serverSettings.RealmFormat = RealmFormat.Slash;
serverSettings.Devices.Add(new RadiusNasInfo(IPAddress.Loopback, "hello"));
serverSettings.Devices.Add(new RadiusNasInfo(NetHelper.GetActiveAdapter(), "hello"));
clientSettings.RealmFormat = RealmFormat.Slash;
clientSettings.PortCount = 1;
clientSettings.MaxTransmissions = 1;
try
{
server.Start(serverSettings);
server.LoadAccountsFromString(@"
// This is a comment line
r1;jeff;password123
r2;jeff;passwordXXX
r1;jane;bigfish
");
client.Open(clientSettings);
Assert.IsTrue(client.Authenticate("r1", "jeff", "password123"));
Assert.IsTrue(client.Authenticate("r2", "jeff", "passwordXXX"));
Assert.IsTrue(client.Authenticate("r1", "jane", "bigfish"));
Assert.IsFalse(client.Authenticate("r1", "jeff", "PASSWORD123"));
Assert.IsFalse(client.Authenticate("", "jeff", "password123"));
Assert.IsFalse(client.Authenticate(null, "jeff", "password123"));
Assert.IsFalse(client.Authenticate("r3", "jeff", "password123"));
}
finally
{
server.Stop();
client.Close();
}
}
public void RadiusServer_Nas_HostName()
{
// Verify that the server can handle NAS devices specified by DNS host name.
RadiusServer server = new RadiusServer();
RadiusServerSettings serverSettings = new RadiusServerSettings();
RadiusClient client = new RadiusClient();
RadiusClientSettings clientSettings = new RadiusClientSettings(Local_RADIUS, "hello");
serverSettings.RealmFormat = RealmFormat.Email;
serverSettings.Devices.Add(new RadiusNasInfo(Helper.MachineName, "hello"));
clientSettings.RealmFormat = RealmFormat.Email;
clientSettings.PortCount = 1;
clientSettings.MaxTransmissions = 1;
try
{
server.Start(serverSettings);
server.LoadAccountsFromString(@"
// This is a comment line
r1;jeff;password123
r2;jeff;passwordXXX
r1;jane;bigfish
");
client.Open(clientSettings);
Assert.IsTrue(client.Authenticate("r1", "jeff", "password123"));
Assert.IsTrue(client.Authenticate("r2", "jeff", "passwordXXX"));
Assert.IsTrue(client.Authenticate("r1", "jane", "bigfish"));
Assert.IsFalse(client.Authenticate("r1", "jeff", "PASSWORD123"));
Assert.IsFalse(client.Authenticate("", "jeff", "password123"));
Assert.IsFalse(client.Authenticate(null, "jeff", "password123"));
Assert.IsFalse(client.Authenticate("r3", "jeff", "password123"));
}
finally
{
server.Stop();
client.Close();
}
}
public void RadiusClient_Interop()
{
if (EnvironmentVars.Get("LT_TESTBIN") == null)
{
Assert.Inconclusive("[LT_TESTBIN] environment variable does not exist.");
}
// Verify that my RADIUS client code can work against a server from
// another vendor.
RadiusTestServer server = new RadiusTestServer();
Dictionary <string, string> users;
Dictionary <IPAddress, string> devices;
RadiusClient client = new RadiusClient();
RadiusClientSettings clientSettings = new RadiusClientSettings(Local_AAA, "secret");
clientSettings.RealmFormat = RealmFormat.Email;
clientSettings.PortCount = 1;
users = new Dictionary <string, string>();
users.Add("jeff", "password1");
users.Add("joe", "password2");
devices = new Dictionary <IPAddress, string>();
devices.Add(IPAddress.Loopback, "secret");
devices.Add(NetHelper.GetActiveAdapter(), "secret");
try
{
server.Start(users, devices);
client.Open(clientSettings);
Assert.IsTrue(client.Authenticate("", "jeff", "password1"));
Assert.IsTrue(client.Authenticate("", "joe", "password2"));
Assert.IsFalse(client.Authenticate("", "jeff", "passwordX"));
Assert.IsFalse(client.Authenticate("", "billy", "x"));
}
finally
{
client.Close();
server.Stop();
}
}
public void RadiusClient_Retry()
{
// Verify that the client actually retries sending request packets and
// that it used the same ID for both.
RadiusServer server = new RadiusServer();
RadiusServerSettings serverSettings = new RadiusServerSettings();
RadiusClient client = new RadiusClient();
RadiusClientSettings clientSettings = new RadiusClientSettings(Local_RADIUS, "hello");
RadiusServerDeelie deelie;
serverSettings.RealmFormat = RealmFormat.Email;
serverSettings.Devices.Add(new RadiusNasInfo(IPAddress.Loopback, "hello"));
serverSettings.Devices.Add(new RadiusNasInfo(NetHelper.GetActiveAdapter(), "hello"));
clientSettings.RealmFormat = RealmFormat.Email;
clientSettings.PortCount = 1;
clientSettings.MaxTransmissions = 2;
try
{
server.Start(serverSettings);
server.LoadAccountsFromString(@"
// This is a comment line
r1;jeff;password123
r2;jeff;passwordXXX
r1;jane;bigfish
");
client.Open(clientSettings);
deelie = new RadiusServerDeelie(server, RadiusServerDeelie.Mode.IgnoreFirstPacket);
Assert.IsTrue(client.Authenticate("r1", "jeff", "password123"));
Assert.AreEqual(2, deelie.Packets.Count);
Assert.AreEqual(deelie.Packets[0].Identifier, deelie.Packets[1].Identifier);
}
finally
{
server.Stop();
client.Close();
}
}
private static int AuthRadius(string server, string secret, string userid, string password)
{
RadiusClient client = new RadiusClient();
string realm;
string account;
int pos;
pos = userid.IndexOfAny(new char[] { '/', '\\' });
if (pos == -1)
{
realm = string.Empty;
account = userid;
}
else
{
realm = userid.Substring(0, pos);
account = userid.Substring(pos + 1);
}
client.Open(new RadiusClientSettings(new NetworkBinding(server), secret));
try
{
Program.Output("Authenticating...");
if (client.Authenticate(realm, account, password))
{
Program.Output("Success");
return(0);
}
else
{
Program.Output("Failure");
return(1);
}
}
catch (Exception e)
{
Program.Error("Error[{0}]: {1}", e.GetType().Name, e.Message);
return(1);
}
finally
{
client.Close();
}
}
public void RadiusClient_ID_Exhaustion_MultiPort()
{
// Verify that the client throws an exception when it is asked to
// manage more than 256 parallel authentication requests.
RadiusServer server = new RadiusServer();
RadiusServerSettings serverSettings = new RadiusServerSettings();
RadiusClient client = new RadiusClient();
RadiusClientSettings clientSettings = new RadiusClientSettings(Local_RADIUS, "hello");
RadiusServerDeelie deelie;
IAsyncResult[] ar;
serverSettings.RealmFormat = RealmFormat.Email;
serverSettings.Devices.Add(new RadiusNasInfo(IPAddress.Loopback, "hello"));
serverSettings.Devices.Add(new RadiusNasInfo(NetHelper.GetActiveAdapter(), "hello"));
clientSettings.RealmFormat = RealmFormat.Email;
clientSettings.PortCount = 2;
clientSettings.MaxTransmissions = 1;
try
{
server.Start(serverSettings);
server.LoadAccountsFromString(@"
// This is a comment line
r1;jeff;password123
r2;jeff;passwordXXX
r1;jane;bigfish
");
client.Open(clientSettings);
deelie = new RadiusServerDeelie(server, RadiusServerDeelie.Mode.AuthLongDelay);
ar = new IAsyncResult[clientSettings.PortCount * 256 + 1];
try
{
for (int i = 0; i < ar.Length; i++)
{
ar[i] = client.BeginAuthenticate("r1", "jeff", "password123", null, null);
}
for (int i = 0; i < ar.Length; i++)
{
if (ar[i] != null)
{
client.EndAuthenticate(ar[i]);
}
}
Assert.Fail("Expected a RadiusException");
}
catch (Exception e)
{
Assert.IsInstanceOfType(e, typeof(RadiusException));
}
}
finally
{
server.Stop();
client.Close();
}
}
public void RadiusClient_LoadBalance_MultiPort()
{
// Verify that the client actually distributes packets across multiple
// RADIUS servers with a multi port client.
RadiusServer server1 = new RadiusServer();
RadiusServer server2 = new RadiusServer();
RadiusServerSettings server1Settings = new RadiusServerSettings();
RadiusServerSettings server2Settings = new RadiusServerSettings();
RadiusClient client = new RadiusClient();
RadiusClientSettings clientSettings = new RadiusClientSettings(new NetworkBinding[] { Local_RADIUS, Local_AAA }, "hello");
RadiusServerDeelie deelie1;
RadiusServerDeelie deelie2;
server1Settings.RealmFormat = RealmFormat.Email;
server1Settings.Devices.Add(new RadiusNasInfo(IPAddress.Loopback, "hello"));
server1Settings.Devices.Add(new RadiusNasInfo(NetHelper.GetActiveAdapter(), "hello"));
server1Settings.NetworkBinding = new IPEndPoint(IPAddress.Any, NetworkPort.RADIUS);
server2Settings.RealmFormat = RealmFormat.Email;
server2Settings.Devices.Add(new RadiusNasInfo(IPAddress.Loopback, "hello"));
server2Settings.Devices.Add(new RadiusNasInfo(NetHelper.GetActiveAdapter(), "hello"));
server2Settings.NetworkBinding = new IPEndPoint(IPAddress.Any, NetworkPort.AAA);
clientSettings.RealmFormat = RealmFormat.Email;
clientSettings.PortCount = 4;
clientSettings.MaxTransmissions = 1;
try
{
string accountInfo = @"
// This is a comment line
r1;jeff;password123
r2;jeff;passwordXXX
r1;jane;bigfish
";
server1.Start(server1Settings);
server1.LoadAccountsFromString(accountInfo);
deelie1 = new RadiusServerDeelie(server1, RadiusServerDeelie.Mode.Normal);
server2.Start(server2Settings);
server2.LoadAccountsFromString(accountInfo);
deelie2 = new RadiusServerDeelie(server2, RadiusServerDeelie.Mode.Normal);
client.Open(clientSettings);
for (int i = 0; i < 20; i++)
{
Assert.IsTrue(client.Authenticate("r1", "jeff", "password123"));
}
Assert.IsTrue(deelie1.Packets.Count > 0);
Assert.IsTrue(deelie2.Packets.Count > 0);
}
finally
{
server1.Stop();
server2.Stop();
client.Close();
}
}
public void RadiusClient_FailOver_MultiPort()
{
// Verify that the client actually fails over to alternate
// RADIUS servers with a multi port client.
RadiusServer server1 = new RadiusServer();
RadiusServer server2 = new RadiusServer();
RadiusServerSettings server1Settings = new RadiusServerSettings();
RadiusServerSettings server2Settings = new RadiusServerSettings();
RadiusClient client = new RadiusClient();
RadiusClientSettings clientSettings = new RadiusClientSettings(new NetworkBinding[] { Local_AAA, NetworkBinding.Parse("192.168.255.1:1645") }, "hello");
RadiusServerDeelie deelie1;
RadiusServerDeelie deelie2;
server1Settings.RealmFormat = RealmFormat.Email;
server1Settings.Devices.Add(new RadiusNasInfo(IPAddress.Loopback, "hello"));
server1Settings.Devices.Add(new RadiusNasInfo(NetHelper.GetActiveAdapter(), "hello"));
server1Settings.NetworkBinding = new IPEndPoint(IPAddress.Any, NetworkPort.RADIUS);
server2Settings.RealmFormat = RealmFormat.Email;
server2Settings.Devices.Add(new RadiusNasInfo(IPAddress.Loopback, "hello"));
server2Settings.Devices.Add(new RadiusNasInfo(NetHelper.GetActiveAdapter(), "hello"));
server2Settings.NetworkBinding = new IPEndPoint(IPAddress.Any, NetworkPort.AAA);
clientSettings.RealmFormat = RealmFormat.Email;
clientSettings.PortCount = 4;
clientSettings.MaxTransmissions = 10;
clientSettings.RetryInterval = TimeSpan.FromSeconds(0.5);
try
{
string accountInfo = @"
// This is a comment line
r1;jeff;password123
r2;jeff;passwordXXX
r1;jane;bigfish
";
server1.Start(server1Settings);
server1.LoadAccountsFromString(accountInfo);
deelie1 = new RadiusServerDeelie(server1, RadiusServerDeelie.Mode.IgnoreAlternatePackets);
server2.Start(server2Settings);
server2.LoadAccountsFromString(accountInfo);
deelie2 = new RadiusServerDeelie(server2, RadiusServerDeelie.Mode.IgnoreAlternatePackets);
client.Open(clientSettings);
for (int i = 0; i < 10; i++)
{
Assert.IsTrue(client.Authenticate("r1", "jeff", "password123"));
}
}
finally
{
server1.Stop();
server2.Stop();
client.Close();
}
}
public void RadiusClient_Blast()
{
// Send a bunch of queries to multiple servers from multiple client ports.
RadiusServer server1 = new RadiusServer();
RadiusServer server2 = new RadiusServer();
RadiusServerSettings server1Settings = new RadiusServerSettings();
RadiusServerSettings server2Settings = new RadiusServerSettings();
RadiusClient client = new RadiusClient();
RadiusClientSettings clientSettings = new RadiusClientSettings(new NetworkBinding[] { Local_RADIUS, Local_AAA }, "hello");
RadiusServerDeelie deelie1;
RadiusServerDeelie deelie2;
IAsyncResult[] ar;
server1Settings.RealmFormat = RealmFormat.Email;
server1Settings.Devices.Add(new RadiusNasInfo(IPAddress.Loopback, "hello"));
server1Settings.Devices.Add(new RadiusNasInfo(NetHelper.GetActiveAdapter(), "hello"));
server1Settings.NetworkBinding = new IPEndPoint(IPAddress.Any, NetworkPort.RADIUS);
server2Settings.RealmFormat = RealmFormat.Email;
server2Settings.Devices.Add(new RadiusNasInfo(IPAddress.Loopback, "hello"));
server2Settings.Devices.Add(new RadiusNasInfo(NetHelper.GetActiveAdapter(), "hello"));
server2Settings.NetworkBinding = new IPEndPoint(IPAddress.Any, NetworkPort.AAA);
clientSettings.RealmFormat = RealmFormat.Email;
clientSettings.PortCount = 4;
clientSettings.MaxTransmissions = 3;
try
{
string accountInfo = @"
// This is a comment line
r1;jeff;password123
r2;jeff;passwordXXX
r1;jane;bigfish
";
server1.Start(server1Settings);
server1.LoadAccountsFromString(accountInfo);
deelie1 = new RadiusServerDeelie(server1, RadiusServerDeelie.Mode.Normal);
server2.Start(server2Settings);
server2.LoadAccountsFromString(accountInfo);
deelie2 = new RadiusServerDeelie(server2, RadiusServerDeelie.Mode.Normal);
client.Open(clientSettings);
ar = new IAsyncResult[clientSettings.PortCount * 256];
for (int i = 0; i < ar.Length; i++)
{
ar[i] = client.BeginAuthenticate("r1", "jeff", "password123", null, null);
}
for (int i = 0; i < ar.Length; i++)
{
Assert.IsTrue(client.EndAuthenticate(ar[i]));
}
Assert.IsTrue(deelie1.Packets.Count > 0);
Assert.IsTrue(deelie2.Packets.Count > 0);
}
finally
{
server1.Stop();
server2.Stop();
client.Close();
}
}