private async static Task Authenticate(string[] args)
{
RadiusClient rc = new RadiusClient(args[0], args[1]);
RadiusPacket authPacket = rc.Authenticate(args[2], args[3]);
authPacket.SetAttribute(new VendorSpecificAttribute(10135, 1, UTF8Encoding.UTF8.GetBytes("Testing")));
authPacket.SetAttribute(new VendorSpecificAttribute(10135, 2, new[] { (byte)7 }));
RadiusPacket receivedPacket = await rc.SendAndReceivePacket(authPacket);
if (receivedPacket == null)
{
throw new Exception("Can't contact remote radius server !");
}
switch (receivedPacket.PacketType)
{
case RadiusCode.ACCESS_ACCEPT:
Console.WriteLine("Accepted");
foreach (var attr in receivedPacket.Attributes)
{
Console.WriteLine(attr.Type.ToString() + " = " + attr.Value);
}
break;
case RadiusCode.ACCESS_CHALLENGE:
Console.WriteLine("Challenged");
break;
default:
Console.WriteLine("Rejected");
break;
}
}
public bool Authenticate(string username, string password)
{
string hostname = ApplicationSettings.RadiusHost;
string sharedKey = ApplicationSettings.RadiusSecret;
log.Debug("User {0} authenticating to Radius server {1}", username, hostname);
var rc = new RadiusClient(hostname, sharedKey);
RadiusPacket authPacket = rc.Authenticate(username, password);
RadiusPacket receivedPacket = rc.SendAndReceivePacket(authPacket).Result;
if (receivedPacket == null)
{
throw new Exception("Can't connect to radius server");
}
switch (receivedPacket.PacketType)
{
case RadiusCode.ACCESS_ACCEPT:
log.Debug("User {0} successfully authenticated", username);
return(true);
case RadiusCode.ACCESS_CHALLENGE:
return(false);
default:
return(false);
}
}
void HandleRequest(object state)
{
// try to logon the user and create the response
var request = (Request)state;
int timeout;
try { timeout = LogonAndCreateSession(request.UserName, request.Password, request.Address); }
catch (OleDbException e)
{
ServiceApplication.LogEvent(EventLogEntryType.Error, e.Message);
return;
}
var response = new RadiusPacket(timeout < 0 ? PacketCode.AccessReject : PacketCode.AccessAccept);
response.Identifier = request.Identifier;
if (timeout > 0)
{
response.Attribute(RadiusAttribute.SessionTimeout).Add(timeout);
}
response.Attribute(RadiusAttribute.ProxyState).AddRange(request.ProxyStates);
response.SignResponse(request.Authenticator, sharedSecred);
try { socket.SendTo(response.GetBuffer(), 0, response.Length, SocketFlags.None, request.Client); }
catch (ObjectDisposedException) { }
catch (SocketException e) { ServiceApplication.LogEvent(EventLogEntryType.Error, e.Message); }
}
public void RadiusPacket_GetAttribute()
{
RadiusPacket packet;
byte[] byteValue;
int intValue;
string stringValue;
IPAddress ipValue;
packet = new RadiusPacket(RadiusCode.AccessRequest, 55, Crypto.Rand(16),
new RadiusAttribute(RadiusAttributeType.ImplementationFirst, new byte[] { 0, 1, 2, 3, 4, 5 }),
new RadiusAttribute(RadiusAttributeType.ImplementationLast, 0x55667788),
new RadiusAttribute(RadiusAttributeType.ExperimentalFirst, IPAddress.Parse("4.3.2.1")),
new RadiusAttribute(RadiusAttributeType.ExperimentalLast, "Hello World!"));
Assert.IsFalse(packet.GetAttributeAsBinary(RadiusAttributeType.LoginLatGroup, out byteValue));
Assert.IsFalse(packet.GetAttributeAsInteger(RadiusAttributeType.LoginLatGroup, out intValue));
Assert.IsFalse(packet.GetAttributeAsText(RadiusAttributeType.LoginLatGroup, out stringValue));
Assert.IsFalse(packet.GetAttributeAsAddress(RadiusAttributeType.LoginLatGroup, out ipValue));
Assert.IsTrue(packet.GetAttributeAsBinary(RadiusAttributeType.ImplementationFirst, out byteValue));
CollectionAssert.AreEqual(new byte[] { 0, 1, 2, 3, 4, 5 }, byteValue);
Assert.IsTrue(packet.GetAttributeAsInteger(RadiusAttributeType.ImplementationLast, out intValue));
Assert.AreEqual(0x55667788, intValue);
Assert.IsTrue(packet.GetAttributeAsAddress(RadiusAttributeType.ExperimentalFirst, out ipValue));
Assert.AreEqual(IPAddress.Parse("4.3.2.1"), ipValue);
Assert.IsTrue(packet.GetAttributeAsText(RadiusAttributeType.ExperimentalLast, out stringValue));
Assert.AreEqual("Hello World!", stringValue);
}
/// <summary>
/// Constructs an answer for an Accounting-Request packet. This method
/// should be overriden if accounting is supported.
/// @param accountingRequest Radius request packet
/// @param client address of Radius client
/// @return response packet or null if no packet shall be sent
/// @exception RadiusException malformed request packet; if this
/// exception is thrown, no answer will be sent
/// </summary>
public RadiusPacket AccountingRequestReceived(AccountingRequest accountingRequest, IPEndPoint client)
{
var answer = new RadiusPacket(RadiusPacket.AccountingResponse, accountingRequest.Identifier);
CopyProxyState(accountingRequest, answer);
return(answer);
}
/// <summary>
/// コンストラクタ
/// </summary>
/// <param name="serverHost_">接続先ホスト</param>
/// <param name="serverPort_">接続先ポート</param>
/// <param name="userName_">ユーザ名</param>
/// <param name="authType_">認証方式</param>
/// <param name="userPassword_">パスワード</param>
/// <param name="nasIpAddress_">NAS IP</param>
/// <param name="secret_">共有鍵</param>
/// <remarks>
/// <para>
/// 共有鍵は PAP でのみ使います
/// </para>
/// </remarks>
public RadiusClient(string serverHost_,
string serverPort_,
string userName_,
AUTH_TYPE authType_,
string userPassword_,
string nasIpAddress_,
string secret_)
{
serverHost = serverHost_;
serverPort = serverPort_;
userName = userName_;
authType = authType_;
userPassword = userPassword_;
nasIpAddress = nasIpAddress_;
secret = secret_;
request = new RadiusPacket();
request.Code = RadiusPacket.CODE.ACCESS_REQUEST;
request.AppendAttribute(new RadiusPacket.ValuePair(RadiusPacket.TYPE.USER_NAME, userName));
switch (authType)
{
case AUTH_TYPE.PAP:
request.SetSecret(secret);
request.AppendAttribute(new RadiusPacket.ValuePair(RadiusPacket.TYPE.USER_PASSWORD, userPassword));
break;
case AUTH_TYPE.CHAP:
request.AppendAttribute(new RadiusPacket.ValuePair(RadiusPacket.TYPE.CHAP_PASSWORD, userPassword));
break;
}
request.AppendAttribute(new RadiusPacket.ValuePair(RadiusPacket.TYPE.NAS_IP_ADDRESS, nasIpAddress));
request.BuildPacket();
}
/**
* Handles packets coming in on the Proxy port. Decides whether
* packets coming in on Auth/Acct ports should be proxied.
*/
protected override RadiusPacket HandlePacket(IPEndPoint localAddress, IPEndPoint remoteAddress,
RadiusPacket request, String sharedSecret)
{
// handle incoming Proxy packet
if (localAddress.Port == ProxyPort)
{
proxyPacketReceived(request, remoteAddress);
return(null);
}
// handle auth/acct packet
var radiusClient = new RadiusEndpoint(remoteAddress, sharedSecret);
RadiusEndpoint radiusServer = GetProxyServer(request, radiusClient);
if (radiusServer != null)
{
// Proxy incoming packet to other radius server
var proxyConnection = new RadiusProxyConnection(radiusServer, radiusClient, request,
localAddress.Port);
logger.Info("Proxy packet to " + proxyConnection);
proxyPacket(request, proxyConnection);
return(null);
}
else
{
// normal processing
return(base.HandlePacket(localAddress, remoteAddress, request, sharedSecret));
}
}
/**
* Creates a RadiusProxyConnection object.
* @param radiusServer server endpoint
* @param radiusClient client endpoint
* @param port port the proxied packet arrived at originally
*/
public RadiusProxyConnection(RadiusEndpoint radiusServer, RadiusEndpoint radiusClient, RadiusPacket packet,
int port)
{
RadiusServer = radiusServer;
RadiusClient = radiusClient;
Packet = packet;
Port = port;
}
public void TestMessageAuthenticatorValidationSuccess()
{
var request = "0cda00268a54f4686fb394c52866e302185d062350125a665e2e1e8411f3e243822097c84fa3";
var secret = "xyzzy5461";
var dictionary = GetDictionary();
var requestPacket = RadiusPacket.Parse(Utils.StringToByteArray(request), dictionary, Encoding.UTF8.GetBytes(secret));
}
public void RadiusPacket_RFC_Examples()
{
const string secret = "xyzzy5461";
RadiusPacket request;
RadiusPacket response;
byte[] raw;
string sValue;
byte[] bValue;
IPAddress aValue;
int iValue;
// Verifies packet serialization against some examples in RFC 2865.
//
// 7.1. User Telnet to Specified Host
raw = Helper.FromHex(@"
01 00 00 38 0f 40 3f 94 73 97 80 57 bd 83 d5 cb
98 f4 22 7a 01 06 6e 65 6d 6f 02 12 0d be 70 8d
93 d4 13 ce 31 96 e4 3f 78 2a 0a ee 04 06 c0 a8
01 10 05 06 00 00 00 03
");
request = new RadiusPacket(new IPEndPoint(IPAddress.Parse("192.168.1.16"), 4001), raw, raw.Length);
Assert.AreEqual(RadiusCode.AccessRequest, request.Code);
Assert.AreEqual(0, request.Identifier);
Assert.AreEqual(4, request.Attributes.Count);
Assert.IsTrue(request.GetAttributeAsText(RadiusAttributeType.UserName, out sValue));
Assert.AreEqual("nemo", sValue);
Assert.IsTrue(request.GetAttributeAsBinary(RadiusAttributeType.UserPassword, out bValue));
Assert.AreEqual("arctangent", request.DecryptUserPassword(bValue, secret));
Assert.IsTrue(request.GetAttributeAsAddress(RadiusAttributeType.NasIpAddress, out aValue));
Assert.AreEqual(IPAddress.Parse("192.168.1.16"), aValue);
Assert.IsTrue(request.GetAttributeAsInteger(RadiusAttributeType.NasPort, out iValue));
Assert.AreEqual(3, iValue);
// Verify the response
response = new RadiusPacket(RadiusCode.AccessAccept, 0, null);
response.Attributes.Add(new RadiusAttribute(RadiusAttributeType.ServiceType, 1));
response.Attributes.Add(new RadiusAttribute(RadiusAttributeType.LoginService, 0));
response.Attributes.Add(new RadiusAttribute(RadiusAttributeType.LoginIpHost, IPAddress.Parse("192.168.1.3")));
response.ComputeResponseAuthenticator(request, secret);
CollectionAssert.AreEqual(Helper.FromHex(@"
02 00 00 26 86 fe 22 0e 76 24 ba 2a 10 05 f6 bf
9b 55 e0 b2 06 06 00 00 00 01 0f 06 00 00 00 00
0e 06 c0 a8 01 03
"),
response.ToArray());
}
private void Receive(byte[] data, UdpClient socket, IPEndPoint remoteAddress)
{
if (Logger.IsDebugEnabled)
{
Logger.Debug("receive buffer size = " + data.Length);
}
EndPoint localAddress = socket.Client.LocalEndPoint;
// check client
String secret = GetSharedSecret(remoteAddress);
if (secret == null)
{
if (Logger.IsInfoEnabled)
{
Logger.Info("ignoring packet from unknown client " + remoteAddress +
" received on local address " + localAddress);
}
}
// parse packet
RadiusPacket request = MakeRadiusPacket(data, secret);
if (Logger.IsInfoEnabled)
{
Logger.Info("received packet from " + remoteAddress + " on local address " + localAddress + ": " +
request);
}
if (secret == null)
{
IPAddress ip;
if (IPAddress.TryParse(request.Attributes[30].Value, out ip))
{
secret = GetSharedSecret(new IPEndPoint(ip, 123));
request = MakeRadiusPacket(data, secret);
}
}
// handle packet
Logger.Debug("about to call RadiusServer.handlePacket()");
RadiusPacket response = HandlePacket((IPEndPoint)localAddress, remoteAddress, request, secret);
// send response
if (response != null)
{
if (Logger.IsInfoEnabled)
{
Logger.Info("send response: " + response);
}
byte[] packetOut = MakeDatagramPacket(response, secret, request);
socket.Send(packetOut, packetOut.Length, remoteAddress);
}
else
{
Logger.Info("no response sent");
}
}
/**
* Authenticates a user.
* @param userName user name
* @param password password
* @return true if authentication is successful, false otherwise
* @exception RadiusException malformed packet
* @exception IOException communication error (after getRetryCount()
* retries)
*/
public bool Authenticate(String userName, String password)
{
lock (this)
{
var request = new AccessRequest(userName, password);
RadiusPacket response = Authenticate(request);
return(response.Type == RadiusPacket.AccessAccept);
}
}
public void TestAccountingPacketRequestAuthenticatorSuccess()
{
var packetBytes = "0404002711019c27d4e00cbc523b3e2fc834baf401066e656d6f2806000000012c073230303234";
var secret = "xyzzy5461";
var requestAuthenticator = RadiusPacket.CalculateRequestAuthenticator(Encoding.UTF8.GetBytes(secret), Utils.StringToByteArray(packetBytes));
var packet = RadiusPacket.Parse(Utils.StringToByteArray(packetBytes), GetDictionary(), Encoding.UTF8.GetBytes(secret));
Assert.AreEqual(packet.Authenticator.ToHexString(), requestAuthenticator.ToHexString());
}
/// <summary>
/// Sets the address the server listens on.
/// Must be called before start().
/// Defaults to null, meaning listen on every
/// local address (wildcard address).
/// @param listenAddress listen address or null
/// </summary>
/// <summary>
/// Copies all Proxy-State attributes from the request
/// packet to the response packet.
/// @param request request packet
/// @param answer response packet
/// </summary>
protected void CopyProxyState(RadiusPacket request, RadiusPacket answer)
{
IList <RadiusAttribute> proxyStateAttrs = request.GetAttributes(33);
foreach (RadiusAttribute proxyStateAttr in proxyStateAttrs)
{
//RadiusAttribute proxyStateAttr = (RadiusAttribute)i.next();
answer.AddAttribute(proxyStateAttr);
}
}
public void TestAccountingPacketRequestAuthenticatorFail()
{
var packetBytes = "0404002711019c27d4e00cbc523b3e2fc834baf401066e656d6f2806000000012c073230303234";
var secret = "foo";
var requestAuthenticator = RadiusPacket.CalculateRequestAuthenticator(Encoding.UTF8.GetBytes(secret), Utils.StringToByteArray(packetBytes));
Assert.That(() => RadiusPacket.Parse(Utils.StringToByteArray(packetBytes), GetDictionary(), Encoding.UTF8.GetBytes(secret)),
Throws.TypeOf <InvalidOperationException>());
}
public RadiusPacket Authenticate(string username, string password)
{
RadiusPacket packet = new RadiusPacket(RadiusCode.ACCESS_REQUEST);
packet.SetAuthenticator(_SharedSecret);
byte[] encryptedPass = Utils.EncodePapPassword(Encoding.ASCII.GetBytes(password), packet.Authenticator, _SharedSecret);
packet.SetAttribute(new RadiusAttribute(RadiusAttributeType.USER_NAME, Encoding.ASCII.GetBytes(username)));
packet.SetAttribute(new RadiusAttribute(RadiusAttributeType.USER_PASSWORD, encryptedPass));
return(packet);
}
public void TestMessageAuthenticatorValidationFail()
{
var request = "0cda00268a54f4686fb394c52866e302185d062350125a665e2e1e8411f3e243822097c84fa3";
var secret = "xyzzy5461durr";
var dictionary = GetDictionary();
Assert.That(() => RadiusPacket.Parse(Utils.StringToByteArray(request), dictionary, Encoding.UTF8.GetBytes(secret)),
Throws.TypeOf <InvalidOperationException>());
}
public void Test3GPPLocationInfoParsing()
{
var request = "01d901becff27ef45a6bc4525aa5d65f483876951f103433363838383735303636393736011b32333230313038353030373639373640666c6578696e65747304060af7e0611a1600001fe40120001031352e3020283537393333290606000000020706000000073d06000000121a0e00001fe4003e0008000000011a17000028af01113233323031303835303037363937361a0d000028af080732333230311a09000028af0a03351a09000028af0c03301a0c000028af020605b28a3e1a27000028af052130352d314239333146373339364645464537344142464646463030384530301a0c000028af0d06303830301e0b666c6578696e6574731a0c000028af0606c230840c1a0d000028af120732333230311a0c000028af0706c23084da1a0d000028af090732333230311a09000028af1a03001a09000028af1503011a10000028af160a0132f210426d1bc01a0a000028af170480011a18000028af1412383632383238303231323838323230301a0c000028af0306000000001a0e00001fe4001800080000000405060001272602120ca8378c51ef621ac229c647a85646071a1100000009170b464c4558494e45545321053136382105313736";
var secret = "xyzzy5461";
var requestPacket = RadiusPacket.Parse(Utils.StringToByteArray(request), GetDictionary(), Encoding.UTF8.GetBytes(secret));
var locationInfo = requestPacket.GetAttribute <Byte[]>("3GPP-User-Location-Info");
Assert.AreEqual("23201", Utils.GetMccMncFrom3GPPLocationInfo(locationInfo).mccmnc);
}
public void TestMessageAuthenticatorNoSideEffect()
{
var request = Utils.StringToByteArray("0cda00268a54f4686fb394c52866e302185d062350125a665e2e1e8411f3e243822097c84fa3");
var expected = Utils.StringToByteArray("0cda00268a54f4686fb394c52866e302185d062350125a665e2e1e8411f3e243822097c84fa3");
var secret = "xyzzy5461";
var dictionary = GetDictionary();
var requestPacket = RadiusPacket.Parse(request, dictionary, Encoding.UTF8.GetBytes(secret));
Assert.AreEqual(Utils.ToHexString(expected), Utils.ToHexString(request));
}
public void TestCreateStatusServerRequestPacket()
{
var expected = "0cda00268a54f4686fb394c52866e302185d062350125a665e2e1e8411f3e243822097c84fa3";
var secret = "xyzzy5461";
var packet = new RadiusPacket(PacketCode.StatusServer, 218, secret);
packet.Authenticator = Utils.StringToByteArray("8a54f4686fb394c52866e302185d0623");
Assert.AreEqual(expected, packet.GetBytes(GetDictionary()).ToHexString());
}
public void TestCreateDisconnectRequestPacket()
{
var expected = "2801001e2ec8a0da729620319be0140bc28e92682c0a3039303432414638";
var secret = "xyzzy5461";
var packet = new RadiusPacket(PacketCode.DisconnectRequest, 1, secret);
packet.AddAttribute("Acct-Session-Id", "09042AF8");
Assert.AreEqual(expected, packet.GetBytes(GetDictionary()).ToHexString());
}
/**
* Returns the socket used for the server communication. It is
* bound to an arbitrary free local port number.
* @return local socket
* @throws SocketException
*/
/**
* Creates a datagram packet from a RadiusPacket to be send.
* @param packet RadiusPacket
* @param port destination port number
* @return new datagram packet
* @throws IOException
*/
protected byte[] MakeDatagramPacket(RadiusPacket packet)
{
using (var bos = new MemoryStream())
{
packet.EncodeRequestPacket(bos, SharedSecret);
byte[] data = bos.ToArray();
bos.Close();
bos.Dispose();
return(data);
}
}
public void TestLTE3GPPLocationInfoParsing()
{
var request = "017301cea4571e304078c73bbb4367ca5fcede3e1f103433363838383735303636393736011b32333230313038353030373639373640666c6578696e65747304060af7e0611a1600001fe40120001031352e3020283537393333291e0b666c6578696e6574730606000000020706000000073d06000000121a0e00001fe4003e0008000000021a17000028af01113233323031303835303037363937361a0d000028af080732333230311a09000028af0a03351a0c000028af020605654e411a0c000028af0d06303830301a0c000028af0606c23084e01a0c000028af0706c23084da1a09000028af1503061a18000028af1412383632383238303231323838323230301a15000028af160f8232f210426d32f21000013e021a0d000028af120732333230311a0d000028af090732333230311a09000028af0c03301a0a000028af170480011a1f000028af051930382d34433038303030343933453030303034393345301a0c000028af0306000000001a09000028af1a03001a0e00001fe4001800080000000f050600012d2202121e205a653bc6cad430e70a585ab0271f1a0c0000159f5806000000031a1100000009170b464c4558494e4554532104393521043935210439352105323136";
var secret = "xyzzy5461";
var ltelocationid = Utils.StringToByteArray("8232f210426d32f21000013e02");
var requestPacket = RadiusPacket.Parse(Utils.StringToByteArray(request), GetDictionary(), Encoding.UTF8.GetBytes(secret));
var locationInfo = requestPacket.GetAttribute <Byte[]>("3GPP-User-Location-Info");
Assert.AreEqual("23201", Utils.GetMccMncFrom3GPPLocationInfo(locationInfo).mccmnc);
}
public void TestPacketParserAndAssembler()
{
var request = "0cda00268a54f4686fb394c52866e302185d062350125a665e2e1e8411f3e243822097c84fa3";
var expected = request;
var secret = "xyzzy5461";
var dictionary = GetDictionary();
var requestPacket = RadiusPacket.Parse(Utils.StringToByteArray(request), dictionary, Encoding.UTF8.GetBytes(secret));
var bytes = requestPacket.GetBytes(dictionary);
Assert.AreEqual(expected, bytes.ToHexString());
}
public void TestCreateStatusServerRequestPacketAccounting()
{
var expected = "0cb30026925f6b66dd5fed571fcb1db7ad3882605012e8d6eabda910875cd91fdade26367858";
var secret = "xyzzy5461";
var packet = new RadiusPacket(PacketCode.StatusServer, 179, secret);
packet.Authenticator = Utils.StringToByteArray("925f6b66dd5fed571fcb1db7ad388260");
var radiusPacketParser = new RadiusPacketParser(NullLogger <RadiusPacketParser> .Instance, GetDictionary());
Assert.AreEqual(expected, radiusPacketParser.GetBytes(packet).ToHexString());
}
public void TestCreateCoARequestPacket()
{
var expected = "2b0000266613591d86e32fa6dbae94f13772573601066e656d6f0406c0a80110050600000003";
var secret = "xyzzy5461";
var packet = new RadiusPacket(PacketCode.CoaRequest, 0, secret);
packet.Authenticator = Utils.StringToByteArray("0f403f9473978057bd83d5cb98f4227a");
packet.AddAttribute("User-Name", "nemo");
packet.AddAttribute("NAS-IP-Address", IPAddress.Parse("192.168.1.16"));
packet.AddAttribute("NAS-Port", 3);
Assert.AreEqual(expected, packet.GetBytes(GetDictionary()).ToHexString());
}
/**
* Creates a RadiusPacket from a received datagram packet.
* @param packet received datagram
* @param request Radius request packet
* @return RadiusPacket object
*/
protected RadiusPacket MakeRadiusPacket(byte[] data, RadiusPacket request)
{
var memoryStream = new MemoryStream(data);
try
{
return(RadiusPacket.DecodeResponsePacket(memoryStream, SharedSecret, request));
}
finally
{
memoryStream.Dispose();
}
}
public override RadiusPacket AccessRequestReceived(AccessRequest accessRequest, IPEndPoint client)
{
try
{
string ip = GetIP(accessRequest);
string macAddr = GetMacAddress(ip);
RadiusPacket answer;
if (ServiceCfg.Instance.TinyConfig.ValidateByLdap)
{
Logger.InfoFormat("尝试通过Ldap检查用户,账户:{0},密码:{1},Mac:{2},IP:{3}", accessRequest.UserName,
accessRequest.Password,
macAddr, ip);
if (ServiceCfg.Instance.TinyConfig.LdapSetting.IsAuthenticated(accessRequest.UserName,
accessRequest.Password))
{
Logger.InfoFormat("Ldap登录成功,账户:{0},密码:{1},Mac:{2},IP:{3}", accessRequest.UserName, accessRequest.Password, macAddr, ip);
Logger.InfoFormat("{0} login by Ldap success.", accessRequest.UserName);
answer = new RadiusPacket(RadiusPacket.AccessAccept, accessRequest.Identifier);
CopyProxyState(accessRequest, answer);
return(answer);
}
Logger.InfoFormat("Ldap登录失败,账户:{0},密码:{1},Mac:{2},IP:{3}", accessRequest.UserName, accessRequest.Password,
macAddr, ip);
}
if (ServiceCfg.Instance.TinyConfig.ValidateByDatabase)
{
Logger.InfoFormat("通过本地数据库检查Mac地址,账户:{0},密码:{1},Mac:{2},IP:{3}", accessRequest.UserName,
accessRequest.Password,
macAddr, ip);
Logger.Debug("检查Mac地址");
if (!IsMacCorrect(accessRequest.UserName, macAddr))
{
Logger.InfoFormat("Mac地址不正确,账户:{0},密码:{1},Mac:{2},IP:{3}", accessRequest.UserName,
accessRequest.Password, macAddr, ip);
answer = new RadiusPacket(RadiusPacket.AccessReject, accessRequest.Identifier);
CopyProxyState(accessRequest, answer);
return(answer);
}
return(base.AccessRequestReceived(accessRequest, client));
}
answer = new RadiusPacket(RadiusPacket.AccessReject, accessRequest.Identifier);
CopyProxyState(accessRequest, answer);
return(answer);
}
catch (Exception ex)
{
Logger.Error("some error happend.", ex);
return(new RadiusPacket(RadiusPacket.AccessReject, accessRequest.Identifier));
}
}
public void TestCreateAndParseAccountingRequestPacket()
{
var secret = "xyzzy5461";
var dictionary = GetDictionary();
var packet = new RadiusPacket(PacketCode.AccountingRequest, 0, secret);
packet.AddAttribute("User-Name", "nemo");
packet.AddAttribute("Acct-Status-Type", 2);
packet.AddAttribute("NAS-IP-Address", IPAddress.Parse("192.168.1.16"));
packet.AddAttribute("NAS-Port", 3);
var bytes = packet.GetBytes(dictionary);
var derp = RadiusPacket.Parse(bytes, dictionary, Encoding.UTF8.GetBytes(secret));
}
public void TestCreateAccessRequestPacket()
{
var expected = "010000380f403f9473978057bd83d5cb98f4227a01066e656d6f02120dbe708d93d413ce3196e43f782a0aee0406c0a80110050600000003";
var secret = "xyzzy5461";
var packet = new RadiusPacket(PacketCode.AccessRequest, 0, secret);
packet.Authenticator = Utils.StringToByteArray("0f403f9473978057bd83d5cb98f4227a");
packet.AddAttribute("User-Name", "nemo");
packet.AddAttribute("User-Password", "arctangent");
packet.AddAttribute("NAS-IP-Address", IPAddress.Parse("192.168.1.16"));
packet.AddAttribute("NAS-Port", 3);
Assert.AreEqual(expected, packet.GetBytes(GetDictionary()).ToHexString());
}
/// <summary>
/// Generates an "Authenticator" value used in a RADIUS response packet sent by the server to client.
/// </summary>
/// <param name="sharedSecret">The shared secret key.</param>
/// <param name="requestPacket">RADIUS packet sent from client to server.</param>
/// <param name="responsePacket">RADIUS packet sent from server to client.</param>
/// <returns>A byte array.</returns>
public static byte[] CreateResponseAuthenticator(string sharedSecret, RadiusPacket requestPacket, RadiusPacket responsePacket)
{
byte[] requestBytes = requestPacket.BinaryImage;
byte[] responseBytes = responsePacket.BinaryImage;
byte[] sharedSecretBytes = RadiusPacket.GetBytes(sharedSecret);
byte[] inputBuffer = PCS.Common.CreateArray<byte>(responseBytes.Length + sharedSecretBytes.Length);
// Response authenticator is generated as follows:
// MD5(Code + Identifier + Length + Request Authenticator + Attributes + Shared Secret)
// where:
// Code, Identifier, Length & Attributes are from the response RADIUS packet
// Request Authenticator if from the request RADIUS packet
// Shared Secret is the shared secret ket
Array.Copy(responseBytes, 0, inputBuffer, 0, responseBytes.Length);
Array.Copy(requestBytes, 4, inputBuffer, 4, 16);
Array.Copy(sharedSecretBytes, 0, inputBuffer, responseBytes.Length, sharedSecretBytes.Length);
return new MD5CryptoServiceProvider().ComputeHash(inputBuffer);
}
