public override RadiusPacket AccessRequestReceived(AccessRequest accessRequest, IPEndPoint client) { try { string ip = GetIP(accessRequest); string macAddr = GetMacAddress(ip); RadiusPacket answer; if (ServiceCfg.Instance.TinyConfig.ValidateByLdap) { Logger.InfoFormat("尝试通过Ldap检查用户,账户:{0},密码:{1},Mac:{2},IP:{3}", accessRequest.UserName, accessRequest.Password, macAddr, ip); if (ServiceCfg.Instance.TinyConfig.LdapSetting.IsAuthenticated(accessRequest.UserName, accessRequest.Password)) { Logger.InfoFormat("Ldap登录成功,账户:{0},密码:{1},Mac:{2},IP:{3}", accessRequest.UserName, accessRequest.Password, macAddr, ip); Logger.InfoFormat("{0} login by Ldap success.", accessRequest.UserName); answer = new RadiusPacket(RadiusPacket.AccessAccept, accessRequest.Identifier); CopyProxyState(accessRequest, answer); return answer; } Logger.InfoFormat("Ldap登录失败,账户:{0},密码:{1},Mac:{2},IP:{3}", accessRequest.UserName, accessRequest.Password, macAddr, ip); } if (ServiceCfg.Instance.TinyConfig.ValidateByDatabase) { Logger.InfoFormat("通过本地数据库检查Mac地址,账户:{0},密码:{1},Mac:{2},IP:{3}", accessRequest.UserName, accessRequest.Password, macAddr, ip); Logger.Debug("检查Mac地址"); if (!IsMacCorrect(accessRequest.UserName, macAddr)) { Logger.InfoFormat("Mac地址不正确,账户:{0},密码:{1},Mac:{2},IP:{3}", accessRequest.UserName, accessRequest.Password, macAddr, ip); answer = new RadiusPacket(RadiusPacket.AccessReject, accessRequest.Identifier); CopyProxyState(accessRequest, answer); return answer; } return base.AccessRequestReceived(accessRequest, client); } answer = new RadiusPacket(RadiusPacket.AccessReject, accessRequest.Identifier); CopyProxyState(accessRequest, answer); return answer; } catch (Exception ex) { Logger.Error("some error happend.", ex); return new RadiusPacket(RadiusPacket.AccessReject, accessRequest.Identifier); } }
public override RadiusPacket AccessRequestReceived(AccessRequest accessRequest, IPEndPoint client) { /*if (ServiceCfg.Instance.TinyConfig.ValidateByLdap) { string struser = accessRequest.UserName; string strpwd = accessRequest.Password; string path = ServiceCfg.Instance.TinyConfig.LdapSetting.Path; int type = RadiusPacket.AccessReject; var auth = new LdapAuthentication(path); if (auth.IsAuthenticated(ServiceCfg.Instance.TinyConfig.LdapSetting.DomainName, struser, strpwd)) { type = RadiusPacket.AccessAccept; } if (type == RadiusPacket.AccessAccept) { var answer = new RadiusPacket(type, accessRequest.Identifier); CopyProxyState(accessRequest, answer); return answer; } }*/ string struser = accessRequest.UserName; string strpwd = accessRequest.Password; this.Logger.InfoFormat("通过Ldap检查用户,用户{0},密码{1}", struser, strpwd); if (!LdapAuthentication.IsAuthenticated(struser, strpwd)) { this.Logger.InfoFormat("用户(账户{0},密码{1})Ldap登录失败,尝试本地数据库登陆", struser, strpwd); return base.AccessRequestReceived(accessRequest, client); } else { this.Logger.InfoFormat("用户(账户{0},密码{1})Ldap登录成功.", struser, strpwd); const int type = RadiusPacket.AccessAccept; var answer = new RadiusPacket(type, accessRequest.Identifier); CopyProxyState(accessRequest, answer); return answer; } }
/** * Radius command line client. * <br/>Usage: TestClient <i>hostName sharedSecret userName password</i> * @param args arguments * @throws Exception */ public static void main(String[] args) { if (args.Length != 4) { System.Console.WriteLine("Usage: TestClient hostName sharedSecret userName password"); return; } String host = args[0]; String shared = args[1]; String user = args[2]; String pass = args[3]; var rc = new RadiusClient(IPAddress.Parse(host), shared); // 1. Send Access-Request var ar = new AccessRequest(user, pass); ar.AuthProtocol = AuthenticationType.pap; // or AUTH_CHAP ar.AddAttribute("NAS-Identifier", "this.is.my.nas-identifier.de"); ar.AddAttribute("NAS-IP-Address", "192.168.0.100"); ar.AddAttribute("Service-Type", "Login-User"); ar.AddAttribute("WISPr-Redirection-URL", "http://www.sourceforge.net/"); ar.AddAttribute("WISPr-Location-ID", "net.sourceforge.ap1"); System.Console.WriteLine("Packet before it is sent\n" + ar + "\n"); RadiusPacket response = rc.Authenticate(ar); System.Console.WriteLine("Packet after it was sent\n" + ar + "\n"); System.Console.WriteLine("Response\n" + response + "\n"); // 2. Send Accounting-Request var acc = new AccountingRequest("mw", AccountingRequest.ACCT_STATUS_TYPE_START); acc.AddAttribute("Acct-Session-Id", "1234567890"); acc.AddAttribute("NAS-Identifier", "this.is.my.nas-identifier.de"); acc.AddAttribute("NAS-Port", "0"); System.Console.WriteLine(acc + "\n"); response = rc.Account(acc); System.Console.WriteLine("Response: " + response); rc.Close(); }
/// <summary> /// Creates a RadiusPacket object. Depending on the passed type, the /// appropiate successor is chosen. Sets the type, but does not touch /// the packet identifier. /// @param type packet type /// @return RadiusPacket object /// </summary> public static RadiusPacket CreateRadiusPacket(int type) { RadiusPacket rp; switch (type) { case AccessRequest: rp = new AccessRequest(); break; case AccountingRequest: rp = new AccountingRequest(); break; case AccessAccept: case AccessReject: case AccountingResponse: default: rp = new RadiusPacket(); break; } rp.Type = type; return(rp); }
/// <summary> /// Constructs an answer for an Access-Request packet. Either this /// method or isUserAuthenticated should be overriden. /// @param accessRequest Radius request packet /// @param client address of Radius client /// @return response packet or null if no packet shall be sent /// @exception RadiusException malformed request packet; if this /// exception is thrown, no answer will be sent /// </summary> public virtual RadiusPacket AccessRequestReceived(AccessRequest accessRequest, IPEndPoint client) { String plaintext = GetUserPassword(accessRequest.UserName); int type = RadiusPacket.AccessReject; if (plaintext != null && accessRequest.VerifyPassword(plaintext)) type = RadiusPacket.AccessAccept; var answer = new RadiusPacket(type, accessRequest.Identifier); CopyProxyState(accessRequest, answer); return answer; }
/// <summary> /// Creates a RadiusPacket object. Depending on the passed type, the /// appropiate successor is chosen. Sets the type, but does not touch /// the packet identifier. /// @param type packet type /// @return RadiusPacket object /// </summary> public static RadiusPacket CreateRadiusPacket(int type) { RadiusPacket rp; switch (type) { case AccessRequest: rp = new AccessRequest(); break; case AccountingRequest: rp = new AccountingRequest(); break; case AccessAccept: case AccessReject: case AccountingResponse: default: rp = new RadiusPacket(); break; } rp.Type = type; return rp; }
/** * Sends an Access-Request packet and receives a response * packet. * @param request request packet * @return Radius response packet * @exception RadiusException malformed packet * @exception IOException communication error (after getRetryCount() * retries) */ public RadiusPacket Authenticate(AccessRequest request) { lock (this) { if (logger.IsInfoEnabled) logger.Info("send Access-Request packet: " + request); RadiusPacket response = Communicate(request, AuthPort); if (logger.IsInfoEnabled) logger.Info("received packet: " + response); return response; } }
/** * Authenticates a user. * @param userName user name * @param password password * @return true if authentication is successful, false otherwise * @exception RadiusException malformed packet * @exception IOException communication error (after getRetryCount() * retries) */ public bool Authenticate(String userName, String password) { lock (this) { var request = new AccessRequest(userName, password); RadiusPacket response = Authenticate(request); return response.Type == RadiusPacket.AccessAccept; } }
public override RadiusPacket AccessRequestReceived(AccessRequest accessRequest, IPEndPoint client) { System.Console.WriteLine("Received Access-Request:\n" + accessRequest); RadiusPacket packet = base.AccessRequestReceived(accessRequest, client); if (packet.Type == RadiusPacket.AccessAccept) packet.AddAttribute("Reply-Message", "Welcome " + accessRequest.UserName + "!"); if (packet == null) System.Console.WriteLine("Ignore packet."); else System.Console.WriteLine("Answer:\n" + packet); return packet; }
protected string GetIP(AccessRequest accessRequest) { foreach (RadiusAttribute attr in accessRequest.Attributes) { if (attr.Type == 31) { return attr.Value; } } return null; }