public void RadiusServer_Nas_HostRefresh() { // Verify that the server refreshes NAS host name to IP address mappings. // I'm going to do this by specifying a NAS host name that does not // exist, verify that an authentication fails, then add the host name // to the HOSTS file, wait a bit for the server to refresh the mappings // and then verify that this worked by making sure that an authentication // attempt succeeds. RadiusServer server = new RadiusServer(); RadiusServerSettings serverSettings = new RadiusServerSettings(); RadiusClient client = new RadiusClient(); RadiusClientSettings clientSettings = new RadiusClientSettings(Local_RADIUS, "hello"); serverSettings.RealmFormat = RealmFormat.Email; serverSettings.DnsRefreshInterval = TimeSpan.FromSeconds(10); serverSettings.BkTaskInterval = TimeSpan.FromSeconds(2); serverSettings.Devices.Add(new RadiusNasInfo("nas.test.lilltek.com", "hello")); clientSettings.RealmFormat = RealmFormat.Email; clientSettings.PortCount = 1; clientSettings.MaxTransmissions = 1; clientSettings.RetryInterval = TimeSpan.FromSeconds(2); try { server.Start(serverSettings); server.LoadAccountsFromString(@" // This is a comment line r1;jeff;password123 r2;jeff;passwordXXX r1;jane;bigfish "); client.Open(clientSettings); try { client.Authenticate("r1", "jeff", "password123"); Assert.Fail(); } catch (Exception e) { Assert.IsInstanceOfType(e, typeof(TimeoutException)); } EnhancedDns.AddHost("nas.test.lilltek.com", NetHelper.GetActiveAdapter()); Thread.Sleep(serverSettings.DnsRefreshInterval + serverSettings.BkTaskInterval); Assert.IsTrue(client.Authenticate("r1", "jeff", "password123")); } finally { EnhancedDns.RemoveHosts(); server.Stop(); client.Close(); } }
public void RadiusClient_MultiPort() { // Verify that a multiport enable client actually works by running a bunch // of authentications throught the client and then counting the number of // source UDP ports we received packets from and verifying that this equals // the number of client ports requested. RadiusServer server = new RadiusServer(); RadiusServerSettings serverSettings = new RadiusServerSettings(); RadiusClient client = new RadiusClient(); RadiusClientSettings clientSettings = new RadiusClientSettings(Local_RADIUS, "hello"); RadiusServerDeelie deelie; serverSettings.RealmFormat = RealmFormat.Email; serverSettings.Devices.Add(new RadiusNasInfo(IPAddress.Loopback, "hello")); serverSettings.Devices.Add(new RadiusNasInfo(NetHelper.GetActiveAdapter(), "hello")); clientSettings.RealmFormat = RealmFormat.Email; clientSettings.PortCount = 5; clientSettings.MaxTransmissions = 1; try { server.Start(serverSettings); server.LoadAccountsFromString(@" // This is a comment line r1;jeff;password123 r2;jeff;passwordXXX r1;jane;bigfish "); client.Open(clientSettings); deelie = new RadiusServerDeelie(server, RadiusServerDeelie.Mode.Normal); for (int i = 0; i < 555; i++) { Assert.IsTrue(client.Authenticate("r1", "jeff", "password123")); } Dictionary <int, RadiusPacket> packetsByPort = new Dictionary <int, RadiusPacket>(); foreach (RadiusPacket packet in deelie.Packets) { if (!packetsByPort.ContainsKey(packet.SourceEP.Port)) { packetsByPort.Add(packet.SourceEP.Port, packet); } } Assert.AreEqual(5, packetsByPort.Count); } finally { server.Stop(); client.Close(); } }
public void RadiusServer_Bad_NasDevice() { // Verify that the server detects an unknown NAS device. RadiusServer server = new RadiusServer(); RadiusServerSettings serverSettings = new RadiusServerSettings(); RadiusClient client = new RadiusClient(); RadiusClientSettings clientSettings = new RadiusClientSettings(Local_RADIUS, "hello"); RadiusServerDeelie deelie; serverSettings.RealmFormat = RealmFormat.Slash; clientSettings.RealmFormat = RealmFormat.Slash; clientSettings.PortCount = 1; clientSettings.MaxTransmissions = 1; try { server.Start(serverSettings); server.LoadAccountsFromString(@" // This is a comment line r1;jeff;password123 r2;jeff;passwordXXX r1;jane;bigfish "); client.Open(clientSettings); deelie = new RadiusServerDeelie(server, RadiusServerDeelie.Mode.Normal); try { client.Authenticate("r1", "jeff", "password123"); Assert.Fail("TimeoutException expected"); } catch (TimeoutException) { // Expecting a timeout since the server should ignore this packet } catch (Exception e) { Assert.IsInstanceOfType(e, typeof(TimeoutException)); } Assert.IsTrue(deelie.Log.Count > 0); Assert.AreEqual(RadiusLogEntryType.UnknownNas, deelie.Log[0].EntryType); Assert.IsFalse(deelie.Log[0].Success); } finally { server.Stop(); client.Close(); } }
public void RadiusServer_Auth_Log() { // Verify that authentication events are logged RadiusServer server = new RadiusServer(); RadiusServerSettings serverSettings = new RadiusServerSettings(); RadiusClient client = new RadiusClient(); RadiusClientSettings clientSettings = new RadiusClientSettings(Local_RADIUS, "hello"); RadiusServerDeelie deelie; serverSettings.RealmFormat = RealmFormat.Slash; serverSettings.Devices.Add(new RadiusNasInfo(IPAddress.Loopback, "hello")); serverSettings.Devices.Add(new RadiusNasInfo(NetHelper.GetActiveAdapter(), "hello")); clientSettings.RealmFormat = RealmFormat.Slash; clientSettings.PortCount = 1; clientSettings.MaxTransmissions = 1; try { server.Start(serverSettings); server.LoadAccountsFromString(@" // This is a comment line r1;jeff;password123 r2;jeff;passwordXXX r1;jane;bigfish "); client.Open(clientSettings); deelie = new RadiusServerDeelie(server, RadiusServerDeelie.Mode.Normal); Assert.IsTrue(client.Authenticate("r1", "jeff", "password123")); Assert.IsFalse(client.Authenticate("r1", "jeff", "PASSWORD123")); Assert.AreEqual(2, deelie.Log.Count); Assert.IsTrue(deelie.Log[0].Success); Assert.AreEqual(RadiusLogEntryType.Authentication, deelie.Log[0].EntryType); Assert.AreEqual("r1", deelie.Log[0].Realm); Assert.AreEqual("jeff", deelie.Log[0].Account); Assert.IsFalse(deelie.Log[1].Success); Assert.AreEqual(RadiusLogEntryType.Authentication, deelie.Log[1].EntryType); Assert.AreEqual("r1", deelie.Log[1].Realm); Assert.AreEqual("jeff", deelie.Log[1].Account); } finally { server.Stop(); client.Close(); } }
public void RadiusClient_ID_WrapAround() { // Verify that a single port client instance will wrap request IDs // properly after ID=255 RadiusServer server = new RadiusServer(); RadiusServerSettings serverSettings = new RadiusServerSettings(); RadiusClient client = new RadiusClient(); RadiusClientSettings clientSettings = new RadiusClientSettings(Local_RADIUS, "hello"); RadiusServerDeelie deelie; serverSettings.RealmFormat = RealmFormat.Email; serverSettings.Devices.Add(new RadiusNasInfo(IPAddress.Loopback, "hello")); serverSettings.Devices.Add(new RadiusNasInfo(NetHelper.GetActiveAdapter(), "hello")); clientSettings.RealmFormat = RealmFormat.Email; clientSettings.PortCount = 1; clientSettings.MaxTransmissions = 1; try { server.Start(serverSettings); server.LoadAccountsFromString(@" // This is a comment line r1;jeff;password123 r2;jeff;passwordXXX r1;jane;bigfish "); client.Open(clientSettings); deelie = new RadiusServerDeelie(server, RadiusServerDeelie.Mode.Normal); for (int i = 0; i < 555; i++) { Assert.IsTrue(client.Authenticate("r1", "jeff", "password123")); } // We should have 555 packets in the deelie with ordered IDs. Assert.AreEqual(555, deelie.Packets.Count); for (int i = 0; i < 555; i++) { Assert.AreEqual((byte)i, deelie.Packets[i].Identifier); } } finally { server.Stop(); client.Close(); } }
public void RadiusServer_Auth_Parallel_Delay() { // Verify that we can perform multiple parallel authentications with // a brief delay. RadiusServer server = new RadiusServer(); RadiusServerSettings serverSettings = new RadiusServerSettings(); RadiusClient client = new RadiusClient(); RadiusClientSettings clientSettings = new RadiusClientSettings(Local_RADIUS, "hello"); IAsyncResult[] ar = new IAsyncResult[255]; RadiusServerDeelie deelie; serverSettings.RealmFormat = RealmFormat.Slash; serverSettings.Devices.Add(new RadiusNasInfo(IPAddress.Loopback, "hello")); serverSettings.Devices.Add(new RadiusNasInfo(NetHelper.GetActiveAdapter(), "hello")); clientSettings.RealmFormat = RealmFormat.Slash; clientSettings.PortCount = 1; clientSettings.MaxTransmissions = 1; try { server.Start(serverSettings); server.LoadAccountsFromString(@" // This is a comment line r1;jeff;password123 r2;jeff;passwordXXX r1;jane;bigfish "); client.Open(clientSettings); deelie = new RadiusServerDeelie(server, RadiusServerDeelie.Mode.AuthShortDelay); for (int i = 0; i < ar.Length; i++) { ar[i] = client.BeginAuthenticate("r1", "jeff", "password123", null, null); } for (int i = 0; i < ar.Length; i++) { Assert.IsTrue(client.EndAuthenticate(ar[i])); } } finally { server.Stop(); client.Close(); } }
public void RadiusClient_Timeout() { // Verify that the client detects timeouts. RadiusServer server = new RadiusServer(); RadiusServerSettings serverSettings = new RadiusServerSettings(); RadiusClient client = new RadiusClient(); RadiusClientSettings clientSettings = new RadiusClientSettings(Local_RADIUS, "hello"); RadiusServerDeelie deelie; serverSettings.RealmFormat = RealmFormat.Email; serverSettings.Devices.Add(new RadiusNasInfo(IPAddress.Loopback, "hello")); serverSettings.Devices.Add(new RadiusNasInfo(NetHelper.GetActiveAdapter(), "hello")); clientSettings.RealmFormat = RealmFormat.Email; clientSettings.PortCount = 1; clientSettings.MaxTransmissions = 1; try { server.Start(serverSettings); server.LoadAccountsFromString(@" // This is a comment line r1;jeff;password123 r2;jeff;passwordXXX r1;jane;bigfish "); client.Open(clientSettings); deelie = new RadiusServerDeelie(server, RadiusServerDeelie.Mode.IgnoreAllPackets); try { client.Authenticate("r1", "jeff", "password123"); Assert.Fail("Expected a timeout"); } catch (Exception e) { Assert.IsInstanceOfType(e, typeof(TimeoutException)); } } finally { server.Stop(); client.Close(); } }
/// <summary> /// Establishes a session with the authentication extension. /// </summary> /// <param name="args">The extension specific arguments (see the remarks).</param> /// <param name="query">Ignored for this extension.</param> /// <param name="perfCounters">The application's performance counter set (or <c>null</c>).</param> /// <param name="perfPrefix">The string to prefix any performance counter names (or <c>null</c>).</param> /// <remarks> /// <para> /// This extension recognises the following arguments: /// </para> /// <list type="table"> /// <item> /// <term>Servers</term> /// <description> /// Specifies the list of RADIUS server network bindings specifying the /// IP address or host name of the server as well as the port number /// or well-known port name. Each server binding is formatted as /// described by <see cref="NetworkBinding.Parse" /> and the server /// bindings are separated by commas. This argument must be present. /// </description> /// </item> /// <item> /// <term>Secret</term> /// <description> /// The shared secret to be used to secure RADIUS packets delivered /// between this client and the any of the RADIUS servers. This /// string may include any valid characters besides semi-colons. /// This argument must be present. /// </description> /// </item> /// <item> /// <term>SocketBuffer</term> /// <description> /// Byte size of the client socket's send and receive buffers. Default /// value is 32K. /// </description> /// </item> /// <item> /// <term>NetworkBinding</term> /// <description> /// <para> /// Specifies the IP address of the network card the client is /// and port bindings. Use an IP address of ANY to bind to /// all network interfaces. ANY is suitable for single homed machines. /// Machines that are actually connected to multiple networks should /// specify a specific network binding here to ensure that the NAS-IP-Address /// of RADIUS authentication packets are initialized properly. /// </para> /// <para> /// A specific port number may be selected or 0 can be specified, /// indicating that the operating system should select a free port. /// </para> /// <para> /// Default value is ANY:0. /// </para> /// </description> /// </item> /// <item> /// <term>PortCount</term> /// <description> /// The number of RADIUS client UDP ports to open. Multiple ports may /// be required under high authentication loads. Default value is 4. /// </description> /// </item> /// <item> /// <term>RetryInterval</term> /// <description> /// Maximum time to wait for a response packet from a RADIUS before retransmitting /// an authentication request. Default is 5 seconds. /// </description> /// </item> /// <item> /// <term></term> /// <description> /// </description> /// </item> /// <item> /// <term>BkTaskInterval</term> /// <description> /// The interval at which background tasks such as retransmitting /// a request should be processed. Default is 1 second. /// </description> /// </item> /// <item> /// <term>MaxTransmissions</term> /// <description> /// The maximum number of authentication transmission attempts before aborting /// with an authentication with a timeout. Default is 4. /// </description> /// </item> /// <item> /// <term>RealmFormat</term> /// <description> /// Specifies how user names are to be generated from the /// <b>realm</b> and <b>account</b> components. See /// <see cref="RealmFormat" /> for more information. /// The possible values are: <b>Slash</b> and <b>Email</b>. /// Default is <b>Email</b>. /// </description> /// </item> /// <item> /// <term>MaxCacheTime</term> /// <description> /// Specifies the maximum time clients should retain authentication information. /// This is expressed in the same format as timespans parsed by <see cref="Config.Parse(string,TimeSpan)" />. /// This argument defaults to "5m". /// </description> /// </item> /// <item> /// <term>LockoutCount</term> /// <description> /// Specifies the limiting failed authentication count. Accounts /// will be locked when the fail count reaches this number. /// </description> /// </item> /// <item> /// <term>LockoutThreshold</term> /// <description> /// The period of time that can elapse between failed authentication /// attempts where the failed attempts will <b>not</b> be counted against the /// <b>LockoutCount</b>. Set this to <see cref="TimeSpan.Zero" /> /// to disable account lockout for the realm. /// </description> /// </item> /// <item> /// <term>LockoutTime</term> /// <description> /// The period of time an account will remain locked after being locked /// out due to too many failed authentication attempts. /// </description> /// </item> /// </list> /// <note> /// All calls to <see cref="Open" /> must be matched with a call /// to <see cref="Close" /> or <see cref="Dispose" />. /// </note> /// </remarks> public void Open(ArgCollection args, string query, PerfCounterSet perfCounters, string perfPrefix) { RadiusClientSettings settings; string[] rawBindings; List <NetworkBinding> bindings; string secret; using (TimedLock.Lock(this)) { if (IsOpen) { throw new AuthenticationException("Authentication extension is already open."); } perf = new Perf(perfCounters, perfPrefix); rawBindings = args.Get("servers", string.Empty).Split(new char[] { ',' }, StringSplitOptions.RemoveEmptyEntries); if (rawBindings.Length == 0) { throw new AuthenticationException("RADUIS authentication extension requires at least one server network binding."); } bindings = new List <NetworkBinding>(rawBindings.Length); for (int i = 0; i < rawBindings.Length; i++) { bindings.Add(NetworkBinding.Parse(rawBindings[i])); } secret = args.Get("secret", (string)null); if (secret == null || secret.Length == 0) { throw new AuthenticationException("RADIUS authentication extension requires a shared NAS secret."); } settings = new RadiusClientSettings(bindings.ToArray(), secret); settings.SocketBuffer = args.Get("SocketBuffer", settings.SocketBuffer); settings.NetworkBinding = args.Get("NetworkBinding", settings.NetworkBinding); settings.PortCount = args.Get("PortCount", settings.PortCount); settings.RetryInterval = args.Get("RetryInterval", settings.RetryInterval); settings.BkTaskInterval = args.Get("BkTaskInterval", settings.BkTaskInterval); settings.MaxTransmissions = args.Get("settings.MaxTransmissions", settings.MaxTransmissions); settings.RealmFormat = args.Get <RealmFormat>("RealmFormat", settings.RealmFormat); maxCacheTime = args.Get("MaxCacheTime", TimeSpan.FromMinutes(5)); radiusClient.Open(settings); } }
public void RadiusClient_Interop_AD_IAS() { if (EnvironmentVars.Get("LT_TESTBIN") == null) { Assert.Inconclusive("[LT_TESTBIN] environment variable does not exist."); } if (EnvironmentVars.Get("LT_TEST_AD") == null) { Assert.Inconclusive("[LT_TEST_AD] environment variable does not exist."); } var ad = new ADTestSettings(); if (ad.NasSecret == string.Empty) { Assert.Inconclusive("AD/IAS Testing is disabled"); return; } // Verify that RADIUS client works against AD/IAS. This requires that // the LT_TEST_AD environment variable be set properly as described // in the LillTek DevInstall.doc document. The IAS server must also // be manually configured with the NAS shared secret for this client. RadiusClient client = new RadiusClient(); NetworkBinding serverEP = new NetworkBinding(EnhancedDns.GetHostByName(ad.Servers[0]).AddressList.IPv4Only()[0], NetworkPort.RADIUS); RadiusClientSettings clientSettings = new RadiusClientSettings(serverEP, ad.NasSecret); clientSettings.RealmFormat = RealmFormat.Email; clientSettings.PortCount = 1; try { client.Open(clientSettings); Assert.IsTrue(client.Authenticate(ad.Domain, ad.Account, ad.Password)); Assert.IsFalse(client.Authenticate(ad.Domain + "x", ad.Account, ad.Password)); Assert.IsFalse(client.Authenticate(ad.Domain, ad.Account + "x", ad.Password)); Assert.IsFalse(client.Authenticate(ad.Domain, ad.Account, ad.Password + "x")); } finally { client.Close(); } }
public void RadiusServer_DefaultSecret() { // Verify that the default secret will be used if the NAS device // is not specified. RadiusServer server = new RadiusServer(); RadiusServerSettings serverSettings = new RadiusServerSettings(); RadiusClient client = new RadiusClient(); RadiusClientSettings clientSettings = new RadiusClientSettings(Local_RADIUS, "hello"); serverSettings.RealmFormat = RealmFormat.Slash; serverSettings.DefaultSecret = "hello"; clientSettings.RealmFormat = RealmFormat.Slash; clientSettings.PortCount = 1; clientSettings.MaxTransmissions = 1; try { server.Start(serverSettings); server.LoadAccountsFromString(@" // This is a comment line r1;jeff;password123 r2;jeff;passwordXXX r1;jane;bigfish "); client.Open(clientSettings); Assert.IsTrue(client.Authenticate("r1", "jeff", "password123")); Assert.IsTrue(client.Authenticate("r2", "jeff", "passwordXXX")); Assert.IsTrue(client.Authenticate("r1", "jane", "bigfish")); Assert.IsFalse(client.Authenticate("r1", "jeff", "PASSWORD123")); Assert.IsFalse(client.Authenticate("", "jeff", "password123")); Assert.IsFalse(client.Authenticate(null, "jeff", "password123")); Assert.IsFalse(client.Authenticate("r3", "jeff", "password123")); } finally { server.Stop(); client.Close(); } }
public void RadiusServer_RealmFmt_Slash() { // Test the client against the server using RealmFormat.Slash. RadiusServer server = new RadiusServer(); RadiusServerSettings serverSettings = new RadiusServerSettings(); RadiusClient client = new RadiusClient(); RadiusClientSettings clientSettings = new RadiusClientSettings(Local_RADIUS, "hello"); serverSettings.RealmFormat = RealmFormat.Slash; serverSettings.Devices.Add(new RadiusNasInfo(IPAddress.Loopback, "hello")); serverSettings.Devices.Add(new RadiusNasInfo(NetHelper.GetActiveAdapter(), "hello")); clientSettings.RealmFormat = RealmFormat.Slash; clientSettings.PortCount = 1; clientSettings.MaxTransmissions = 1; try { server.Start(serverSettings); server.LoadAccountsFromString(@" // This is a comment line r1;jeff;password123 r2;jeff;passwordXXX r1;jane;bigfish "); client.Open(clientSettings); Assert.IsTrue(client.Authenticate("r1", "jeff", "password123")); Assert.IsTrue(client.Authenticate("r2", "jeff", "passwordXXX")); Assert.IsTrue(client.Authenticate("r1", "jane", "bigfish")); Assert.IsFalse(client.Authenticate("r1", "jeff", "PASSWORD123")); Assert.IsFalse(client.Authenticate("", "jeff", "password123")); Assert.IsFalse(client.Authenticate(null, "jeff", "password123")); Assert.IsFalse(client.Authenticate("r3", "jeff", "password123")); } finally { server.Stop(); client.Close(); } }
public void RadiusServer_Nas_HostName() { // Verify that the server can handle NAS devices specified by DNS host name. RadiusServer server = new RadiusServer(); RadiusServerSettings serverSettings = new RadiusServerSettings(); RadiusClient client = new RadiusClient(); RadiusClientSettings clientSettings = new RadiusClientSettings(Local_RADIUS, "hello"); serverSettings.RealmFormat = RealmFormat.Email; serverSettings.Devices.Add(new RadiusNasInfo(Helper.MachineName, "hello")); clientSettings.RealmFormat = RealmFormat.Email; clientSettings.PortCount = 1; clientSettings.MaxTransmissions = 1; try { server.Start(serverSettings); server.LoadAccountsFromString(@" // This is a comment line r1;jeff;password123 r2;jeff;passwordXXX r1;jane;bigfish "); client.Open(clientSettings); Assert.IsTrue(client.Authenticate("r1", "jeff", "password123")); Assert.IsTrue(client.Authenticate("r2", "jeff", "passwordXXX")); Assert.IsTrue(client.Authenticate("r1", "jane", "bigfish")); Assert.IsFalse(client.Authenticate("r1", "jeff", "PASSWORD123")); Assert.IsFalse(client.Authenticate("", "jeff", "password123")); Assert.IsFalse(client.Authenticate(null, "jeff", "password123")); Assert.IsFalse(client.Authenticate("r3", "jeff", "password123")); } finally { server.Stop(); client.Close(); } }
public void RadiusClient_Interop() { if (EnvironmentVars.Get("LT_TESTBIN") == null) { Assert.Inconclusive("[LT_TESTBIN] environment variable does not exist."); } // Verify that my RADIUS client code can work against a server from // another vendor. RadiusTestServer server = new RadiusTestServer(); Dictionary <string, string> users; Dictionary <IPAddress, string> devices; RadiusClient client = new RadiusClient(); RadiusClientSettings clientSettings = new RadiusClientSettings(Local_AAA, "secret"); clientSettings.RealmFormat = RealmFormat.Email; clientSettings.PortCount = 1; users = new Dictionary <string, string>(); users.Add("jeff", "password1"); users.Add("joe", "password2"); devices = new Dictionary <IPAddress, string>(); devices.Add(IPAddress.Loopback, "secret"); devices.Add(NetHelper.GetActiveAdapter(), "secret"); try { server.Start(users, devices); client.Open(clientSettings); Assert.IsTrue(client.Authenticate("", "jeff", "password1")); Assert.IsTrue(client.Authenticate("", "joe", "password2")); Assert.IsFalse(client.Authenticate("", "jeff", "passwordX")); Assert.IsFalse(client.Authenticate("", "billy", "x")); } finally { client.Close(); server.Stop(); } }
public void RadiusClient_Retry() { // Verify that the client actually retries sending request packets and // that it used the same ID for both. RadiusServer server = new RadiusServer(); RadiusServerSettings serverSettings = new RadiusServerSettings(); RadiusClient client = new RadiusClient(); RadiusClientSettings clientSettings = new RadiusClientSettings(Local_RADIUS, "hello"); RadiusServerDeelie deelie; serverSettings.RealmFormat = RealmFormat.Email; serverSettings.Devices.Add(new RadiusNasInfo(IPAddress.Loopback, "hello")); serverSettings.Devices.Add(new RadiusNasInfo(NetHelper.GetActiveAdapter(), "hello")); clientSettings.RealmFormat = RealmFormat.Email; clientSettings.PortCount = 1; clientSettings.MaxTransmissions = 2; try { server.Start(serverSettings); server.LoadAccountsFromString(@" // This is a comment line r1;jeff;password123 r2;jeff;passwordXXX r1;jane;bigfish "); client.Open(clientSettings); deelie = new RadiusServerDeelie(server, RadiusServerDeelie.Mode.IgnoreFirstPacket); Assert.IsTrue(client.Authenticate("r1", "jeff", "password123")); Assert.AreEqual(2, deelie.Packets.Count); Assert.AreEqual(deelie.Packets[0].Identifier, deelie.Packets[1].Identifier); } finally { server.Stop(); client.Close(); } }
private static int AuthRadius(string server, string secret, string userid, string password) { RadiusClient client = new RadiusClient(); string realm; string account; int pos; pos = userid.IndexOfAny(new char[] { '/', '\\' }); if (pos == -1) { realm = string.Empty; account = userid; } else { realm = userid.Substring(0, pos); account = userid.Substring(pos + 1); } client.Open(new RadiusClientSettings(new NetworkBinding(server), secret)); try { Program.Output("Authenticating..."); if (client.Authenticate(realm, account, password)) { Program.Output("Success"); return(0); } else { Program.Output("Failure"); return(1); } } catch (Exception e) { Program.Error("Error[{0}]: {1}", e.GetType().Name, e.Message); return(1); } finally { client.Close(); } }
public void RadiusClient_ID_Exhaustion_MultiPort() { // Verify that the client throws an exception when it is asked to // manage more than 256 parallel authentication requests. RadiusServer server = new RadiusServer(); RadiusServerSettings serverSettings = new RadiusServerSettings(); RadiusClient client = new RadiusClient(); RadiusClientSettings clientSettings = new RadiusClientSettings(Local_RADIUS, "hello"); RadiusServerDeelie deelie; IAsyncResult[] ar; serverSettings.RealmFormat = RealmFormat.Email; serverSettings.Devices.Add(new RadiusNasInfo(IPAddress.Loopback, "hello")); serverSettings.Devices.Add(new RadiusNasInfo(NetHelper.GetActiveAdapter(), "hello")); clientSettings.RealmFormat = RealmFormat.Email; clientSettings.PortCount = 2; clientSettings.MaxTransmissions = 1; try { server.Start(serverSettings); server.LoadAccountsFromString(@" // This is a comment line r1;jeff;password123 r2;jeff;passwordXXX r1;jane;bigfish "); client.Open(clientSettings); deelie = new RadiusServerDeelie(server, RadiusServerDeelie.Mode.AuthLongDelay); ar = new IAsyncResult[clientSettings.PortCount * 256 + 1]; try { for (int i = 0; i < ar.Length; i++) { ar[i] = client.BeginAuthenticate("r1", "jeff", "password123", null, null); } for (int i = 0; i < ar.Length; i++) { if (ar[i] != null) { client.EndAuthenticate(ar[i]); } } Assert.Fail("Expected a RadiusException"); } catch (Exception e) { Assert.IsInstanceOfType(e, typeof(RadiusException)); } } finally { server.Stop(); client.Close(); } }
public void RadiusClient_LoadBalance_MultiPort() { // Verify that the client actually distributes packets across multiple // RADIUS servers with a multi port client. RadiusServer server1 = new RadiusServer(); RadiusServer server2 = new RadiusServer(); RadiusServerSettings server1Settings = new RadiusServerSettings(); RadiusServerSettings server2Settings = new RadiusServerSettings(); RadiusClient client = new RadiusClient(); RadiusClientSettings clientSettings = new RadiusClientSettings(new NetworkBinding[] { Local_RADIUS, Local_AAA }, "hello"); RadiusServerDeelie deelie1; RadiusServerDeelie deelie2; server1Settings.RealmFormat = RealmFormat.Email; server1Settings.Devices.Add(new RadiusNasInfo(IPAddress.Loopback, "hello")); server1Settings.Devices.Add(new RadiusNasInfo(NetHelper.GetActiveAdapter(), "hello")); server1Settings.NetworkBinding = new IPEndPoint(IPAddress.Any, NetworkPort.RADIUS); server2Settings.RealmFormat = RealmFormat.Email; server2Settings.Devices.Add(new RadiusNasInfo(IPAddress.Loopback, "hello")); server2Settings.Devices.Add(new RadiusNasInfo(NetHelper.GetActiveAdapter(), "hello")); server2Settings.NetworkBinding = new IPEndPoint(IPAddress.Any, NetworkPort.AAA); clientSettings.RealmFormat = RealmFormat.Email; clientSettings.PortCount = 4; clientSettings.MaxTransmissions = 1; try { string accountInfo = @" // This is a comment line r1;jeff;password123 r2;jeff;passwordXXX r1;jane;bigfish "; server1.Start(server1Settings); server1.LoadAccountsFromString(accountInfo); deelie1 = new RadiusServerDeelie(server1, RadiusServerDeelie.Mode.Normal); server2.Start(server2Settings); server2.LoadAccountsFromString(accountInfo); deelie2 = new RadiusServerDeelie(server2, RadiusServerDeelie.Mode.Normal); client.Open(clientSettings); for (int i = 0; i < 20; i++) { Assert.IsTrue(client.Authenticate("r1", "jeff", "password123")); } Assert.IsTrue(deelie1.Packets.Count > 0); Assert.IsTrue(deelie2.Packets.Count > 0); } finally { server1.Stop(); server2.Stop(); client.Close(); } }
public void RadiusClient_FailOver_MultiPort() { // Verify that the client actually fails over to alternate // RADIUS servers with a multi port client. RadiusServer server1 = new RadiusServer(); RadiusServer server2 = new RadiusServer(); RadiusServerSettings server1Settings = new RadiusServerSettings(); RadiusServerSettings server2Settings = new RadiusServerSettings(); RadiusClient client = new RadiusClient(); RadiusClientSettings clientSettings = new RadiusClientSettings(new NetworkBinding[] { Local_AAA, NetworkBinding.Parse("192.168.255.1:1645") }, "hello"); RadiusServerDeelie deelie1; RadiusServerDeelie deelie2; server1Settings.RealmFormat = RealmFormat.Email; server1Settings.Devices.Add(new RadiusNasInfo(IPAddress.Loopback, "hello")); server1Settings.Devices.Add(new RadiusNasInfo(NetHelper.GetActiveAdapter(), "hello")); server1Settings.NetworkBinding = new IPEndPoint(IPAddress.Any, NetworkPort.RADIUS); server2Settings.RealmFormat = RealmFormat.Email; server2Settings.Devices.Add(new RadiusNasInfo(IPAddress.Loopback, "hello")); server2Settings.Devices.Add(new RadiusNasInfo(NetHelper.GetActiveAdapter(), "hello")); server2Settings.NetworkBinding = new IPEndPoint(IPAddress.Any, NetworkPort.AAA); clientSettings.RealmFormat = RealmFormat.Email; clientSettings.PortCount = 4; clientSettings.MaxTransmissions = 10; clientSettings.RetryInterval = TimeSpan.FromSeconds(0.5); try { string accountInfo = @" // This is a comment line r1;jeff;password123 r2;jeff;passwordXXX r1;jane;bigfish "; server1.Start(server1Settings); server1.LoadAccountsFromString(accountInfo); deelie1 = new RadiusServerDeelie(server1, RadiusServerDeelie.Mode.IgnoreAlternatePackets); server2.Start(server2Settings); server2.LoadAccountsFromString(accountInfo); deelie2 = new RadiusServerDeelie(server2, RadiusServerDeelie.Mode.IgnoreAlternatePackets); client.Open(clientSettings); for (int i = 0; i < 10; i++) { Assert.IsTrue(client.Authenticate("r1", "jeff", "password123")); } } finally { server1.Stop(); server2.Stop(); client.Close(); } }
public void RadiusClient_Blast() { // Send a bunch of queries to multiple servers from multiple client ports. RadiusServer server1 = new RadiusServer(); RadiusServer server2 = new RadiusServer(); RadiusServerSettings server1Settings = new RadiusServerSettings(); RadiusServerSettings server2Settings = new RadiusServerSettings(); RadiusClient client = new RadiusClient(); RadiusClientSettings clientSettings = new RadiusClientSettings(new NetworkBinding[] { Local_RADIUS, Local_AAA }, "hello"); RadiusServerDeelie deelie1; RadiusServerDeelie deelie2; IAsyncResult[] ar; server1Settings.RealmFormat = RealmFormat.Email; server1Settings.Devices.Add(new RadiusNasInfo(IPAddress.Loopback, "hello")); server1Settings.Devices.Add(new RadiusNasInfo(NetHelper.GetActiveAdapter(), "hello")); server1Settings.NetworkBinding = new IPEndPoint(IPAddress.Any, NetworkPort.RADIUS); server2Settings.RealmFormat = RealmFormat.Email; server2Settings.Devices.Add(new RadiusNasInfo(IPAddress.Loopback, "hello")); server2Settings.Devices.Add(new RadiusNasInfo(NetHelper.GetActiveAdapter(), "hello")); server2Settings.NetworkBinding = new IPEndPoint(IPAddress.Any, NetworkPort.AAA); clientSettings.RealmFormat = RealmFormat.Email; clientSettings.PortCount = 4; clientSettings.MaxTransmissions = 3; try { string accountInfo = @" // This is a comment line r1;jeff;password123 r2;jeff;passwordXXX r1;jane;bigfish "; server1.Start(server1Settings); server1.LoadAccountsFromString(accountInfo); deelie1 = new RadiusServerDeelie(server1, RadiusServerDeelie.Mode.Normal); server2.Start(server2Settings); server2.LoadAccountsFromString(accountInfo); deelie2 = new RadiusServerDeelie(server2, RadiusServerDeelie.Mode.Normal); client.Open(clientSettings); ar = new IAsyncResult[clientSettings.PortCount * 256]; for (int i = 0; i < ar.Length; i++) { ar[i] = client.BeginAuthenticate("r1", "jeff", "password123", null, null); } for (int i = 0; i < ar.Length; i++) { Assert.IsTrue(client.EndAuthenticate(ar[i])); } Assert.IsTrue(deelie1.Packets.Count > 0); Assert.IsTrue(deelie2.Packets.Count > 0); } finally { server1.Stop(); server2.Stop(); client.Close(); } }