private async static Task Authenticate(string[] args)
{
RadiusClient rc = new RadiusClient(args[0], args[1]);
RadiusPacket authPacket = rc.Authenticate(args[2], args[3]);
authPacket.SetAttribute(new VendorSpecificAttribute(10135, 1, UTF8Encoding.UTF8.GetBytes("Testing")));
authPacket.SetAttribute(new VendorSpecificAttribute(10135, 2, new[] { (byte)7 }));
RadiusPacket receivedPacket = await rc.SendAndReceivePacket(authPacket);
if (receivedPacket == null)
{
throw new Exception("Can't contact remote radius server !");
}
switch (receivedPacket.PacketType)
{
case RadiusCode.ACCESS_ACCEPT:
Console.WriteLine("Accepted");
foreach (var attr in receivedPacket.Attributes)
{
Console.WriteLine(attr.Type.ToString() + " = " + attr.Value);
}
break;
case RadiusCode.ACCESS_CHALLENGE:
Console.WriteLine("Challenged");
break;
default:
Console.WriteLine("Rejected");
break;
}
}
public void RadiusServer_Nas_HostRefresh()
{
// Verify that the server refreshes NAS host name to IP address mappings.
// I'm going to do this by specifying a NAS host name that does not
// exist, verify that an authentication fails, then add the host name
// to the HOSTS file, wait a bit for the server to refresh the mappings
// and then verify that this worked by making sure that an authentication
// attempt succeeds.
RadiusServer server = new RadiusServer();
RadiusServerSettings serverSettings = new RadiusServerSettings();
RadiusClient client = new RadiusClient();
RadiusClientSettings clientSettings = new RadiusClientSettings(Local_RADIUS, "hello");
serverSettings.RealmFormat = RealmFormat.Email;
serverSettings.DnsRefreshInterval = TimeSpan.FromSeconds(10);
serverSettings.BkTaskInterval = TimeSpan.FromSeconds(2);
serverSettings.Devices.Add(new RadiusNasInfo("nas.test.lilltek.com", "hello"));
clientSettings.RealmFormat = RealmFormat.Email;
clientSettings.PortCount = 1;
clientSettings.MaxTransmissions = 1;
clientSettings.RetryInterval = TimeSpan.FromSeconds(2);
try
{
server.Start(serverSettings);
server.LoadAccountsFromString(@"
// This is a comment line
r1;jeff;password123
r2;jeff;passwordXXX
r1;jane;bigfish
");
client.Open(clientSettings);
try
{
client.Authenticate("r1", "jeff", "password123");
Assert.Fail();
}
catch (Exception e)
{
Assert.IsInstanceOfType(e, typeof(TimeoutException));
}
EnhancedDns.AddHost("nas.test.lilltek.com", NetHelper.GetActiveAdapter());
Thread.Sleep(serverSettings.DnsRefreshInterval + serverSettings.BkTaskInterval);
Assert.IsTrue(client.Authenticate("r1", "jeff", "password123"));
}
finally
{
EnhancedDns.RemoveHosts();
server.Stop();
client.Close();
}
}
public void RadiusClient_MultiPort()
{
// Verify that a multiport enable client actually works by running a bunch
// of authentications throught the client and then counting the number of
// source UDP ports we received packets from and verifying that this equals
// the number of client ports requested.
RadiusServer server = new RadiusServer();
RadiusServerSettings serverSettings = new RadiusServerSettings();
RadiusClient client = new RadiusClient();
RadiusClientSettings clientSettings = new RadiusClientSettings(Local_RADIUS, "hello");
RadiusServerDeelie deelie;
serverSettings.RealmFormat = RealmFormat.Email;
serverSettings.Devices.Add(new RadiusNasInfo(IPAddress.Loopback, "hello"));
serverSettings.Devices.Add(new RadiusNasInfo(NetHelper.GetActiveAdapter(), "hello"));
clientSettings.RealmFormat = RealmFormat.Email;
clientSettings.PortCount = 5;
clientSettings.MaxTransmissions = 1;
try
{
server.Start(serverSettings);
server.LoadAccountsFromString(@"
// This is a comment line
r1;jeff;password123
r2;jeff;passwordXXX
r1;jane;bigfish
");
client.Open(clientSettings);
deelie = new RadiusServerDeelie(server, RadiusServerDeelie.Mode.Normal);
for (int i = 0; i < 555; i++)
{
Assert.IsTrue(client.Authenticate("r1", "jeff", "password123"));
}
Dictionary <int, RadiusPacket> packetsByPort = new Dictionary <int, RadiusPacket>();
foreach (RadiusPacket packet in deelie.Packets)
{
if (!packetsByPort.ContainsKey(packet.SourceEP.Port))
{
packetsByPort.Add(packet.SourceEP.Port, packet);
}
}
Assert.AreEqual(5, packetsByPort.Count);
}
finally
{
server.Stop();
client.Close();
}
}
static int Main()
{
var username = Environment.GetEnvironmentVariable("username");
var password = Environment.GetEnvironmentVariable("password");
if (String.IsNullOrEmpty(username) || String.IsNullOrEmpty(password))
{
Console.WriteLine("environment variables username or password undefined");
return(1);
}
if (Config.Settings == null)
{
Console.WriteLine("Config is empty/unreadable");
return(1);
}
if (Config.Settings.Servers == null || Config.Settings.Servers.Count == 0)
{
Console.WriteLine("No servers found in config");
return(1);
}
var res = Parallel.ForEach(Config.Settings.Servers.Cast <ServerElement>(), (server, state) =>
{
// Console.WriteLine("server.name = {0}, sharedsecret={1}, retries={2}, wait={3}, authport={4}", server.Name, server.sharedsecret, server.retries, server.wait, server.authport);
var rc = new RadiusClient(server.Name, server.sharedsecret, server.wait * 1000, server.authport);
try
{
var authPacket = rc.Authenticate(username, password);
if (Config.Settings.NAS_IDENTIFIER != null)
{
authPacket.SetAttribute(new RadiusAttribute(RadiusAttributeType.NAS_IDENTIFIER, Encoding.ASCII.GetBytes(Config.Settings.NAS_IDENTIFIER)));
}
authPacket.SetAttribute(new RadiusAttribute(RadiusAttributeType.NAS_PORT_TYPE, BitConverter.GetBytes((int)NasPortType.ASYNC)));
var receivedPacket = rc.SendAndReceivePacket(authPacket, server.retries).Result;
if (receivedPacket != null && receivedPacket.PacketType == RadiusCode.ACCESS_ACCEPT)
{
state.Stop();
}
}catch (Exception) {}
});
if (res.IsCompleted)
{
Console.WriteLine("Auth failed for: '{0}'", username);
return(1);
}
else
{
Console.WriteLine("Auth Ok");
return(0);
}
}
public void RadiusServer_Bad_NasDevice()
{
// Verify that the server detects an unknown NAS device.
RadiusServer server = new RadiusServer();
RadiusServerSettings serverSettings = new RadiusServerSettings();
RadiusClient client = new RadiusClient();
RadiusClientSettings clientSettings = new RadiusClientSettings(Local_RADIUS, "hello");
RadiusServerDeelie deelie;
serverSettings.RealmFormat = RealmFormat.Slash;
clientSettings.RealmFormat = RealmFormat.Slash;
clientSettings.PortCount = 1;
clientSettings.MaxTransmissions = 1;
try
{
server.Start(serverSettings);
server.LoadAccountsFromString(@"
// This is a comment line
r1;jeff;password123
r2;jeff;passwordXXX
r1;jane;bigfish
");
client.Open(clientSettings);
deelie = new RadiusServerDeelie(server, RadiusServerDeelie.Mode.Normal);
try
{
client.Authenticate("r1", "jeff", "password123");
Assert.Fail("TimeoutException expected");
}
catch (TimeoutException)
{
// Expecting a timeout since the server should ignore this packet
}
catch (Exception e)
{
Assert.IsInstanceOfType(e, typeof(TimeoutException));
}
Assert.IsTrue(deelie.Log.Count > 0);
Assert.AreEqual(RadiusLogEntryType.UnknownNas, deelie.Log[0].EntryType);
Assert.IsFalse(deelie.Log[0].Success);
}
finally
{
server.Stop();
client.Close();
}
}
public void RadiusServer_Auth_Log()
{
// Verify that authentication events are logged
RadiusServer server = new RadiusServer();
RadiusServerSettings serverSettings = new RadiusServerSettings();
RadiusClient client = new RadiusClient();
RadiusClientSettings clientSettings = new RadiusClientSettings(Local_RADIUS, "hello");
RadiusServerDeelie deelie;
serverSettings.RealmFormat = RealmFormat.Slash;
serverSettings.Devices.Add(new RadiusNasInfo(IPAddress.Loopback, "hello"));
serverSettings.Devices.Add(new RadiusNasInfo(NetHelper.GetActiveAdapter(), "hello"));
clientSettings.RealmFormat = RealmFormat.Slash;
clientSettings.PortCount = 1;
clientSettings.MaxTransmissions = 1;
try
{
server.Start(serverSettings);
server.LoadAccountsFromString(@"
// This is a comment line
r1;jeff;password123
r2;jeff;passwordXXX
r1;jane;bigfish
");
client.Open(clientSettings);
deelie = new RadiusServerDeelie(server, RadiusServerDeelie.Mode.Normal);
Assert.IsTrue(client.Authenticate("r1", "jeff", "password123"));
Assert.IsFalse(client.Authenticate("r1", "jeff", "PASSWORD123"));
Assert.AreEqual(2, deelie.Log.Count);
Assert.IsTrue(deelie.Log[0].Success);
Assert.AreEqual(RadiusLogEntryType.Authentication, deelie.Log[0].EntryType);
Assert.AreEqual("r1", deelie.Log[0].Realm);
Assert.AreEqual("jeff", deelie.Log[0].Account);
Assert.IsFalse(deelie.Log[1].Success);
Assert.AreEqual(RadiusLogEntryType.Authentication, deelie.Log[1].EntryType);
Assert.AreEqual("r1", deelie.Log[1].Realm);
Assert.AreEqual("jeff", deelie.Log[1].Account);
}
finally
{
server.Stop();
client.Close();
}
}
public void RadiusClient_ID_WrapAround()
{
// Verify that a single port client instance will wrap request IDs
// properly after ID=255
RadiusServer server = new RadiusServer();
RadiusServerSettings serverSettings = new RadiusServerSettings();
RadiusClient client = new RadiusClient();
RadiusClientSettings clientSettings = new RadiusClientSettings(Local_RADIUS, "hello");
RadiusServerDeelie deelie;
serverSettings.RealmFormat = RealmFormat.Email;
serverSettings.Devices.Add(new RadiusNasInfo(IPAddress.Loopback, "hello"));
serverSettings.Devices.Add(new RadiusNasInfo(NetHelper.GetActiveAdapter(), "hello"));
clientSettings.RealmFormat = RealmFormat.Email;
clientSettings.PortCount = 1;
clientSettings.MaxTransmissions = 1;
try
{
server.Start(serverSettings);
server.LoadAccountsFromString(@"
// This is a comment line
r1;jeff;password123
r2;jeff;passwordXXX
r1;jane;bigfish
");
client.Open(clientSettings);
deelie = new RadiusServerDeelie(server, RadiusServerDeelie.Mode.Normal);
for (int i = 0; i < 555; i++)
{
Assert.IsTrue(client.Authenticate("r1", "jeff", "password123"));
}
// We should have 555 packets in the deelie with ordered IDs.
Assert.AreEqual(555, deelie.Packets.Count);
for (int i = 0; i < 555; i++)
{
Assert.AreEqual((byte)i, deelie.Packets[i].Identifier);
}
}
finally
{
server.Stop();
client.Close();
}
}
public void RadiusServer_Auth_Parallel_Delay()
{
// Verify that we can perform multiple parallel authentications with
// a brief delay.
RadiusServer server = new RadiusServer();
RadiusServerSettings serverSettings = new RadiusServerSettings();
RadiusClient client = new RadiusClient();
RadiusClientSettings clientSettings = new RadiusClientSettings(Local_RADIUS, "hello");
IAsyncResult[] ar = new IAsyncResult[255];
RadiusServerDeelie deelie;
serverSettings.RealmFormat = RealmFormat.Slash;
serverSettings.Devices.Add(new RadiusNasInfo(IPAddress.Loopback, "hello"));
serverSettings.Devices.Add(new RadiusNasInfo(NetHelper.GetActiveAdapter(), "hello"));
clientSettings.RealmFormat = RealmFormat.Slash;
clientSettings.PortCount = 1;
clientSettings.MaxTransmissions = 1;
try
{
server.Start(serverSettings);
server.LoadAccountsFromString(@"
// This is a comment line
r1;jeff;password123
r2;jeff;passwordXXX
r1;jane;bigfish
");
client.Open(clientSettings);
deelie = new RadiusServerDeelie(server, RadiusServerDeelie.Mode.AuthShortDelay);
for (int i = 0; i < ar.Length; i++)
{
ar[i] = client.BeginAuthenticate("r1", "jeff", "password123", null, null);
}
for (int i = 0; i < ar.Length; i++)
{
Assert.IsTrue(client.EndAuthenticate(ar[i]));
}
}
finally
{
server.Stop();
client.Close();
}
}
public void RadiusClient_Timeout()
{
// Verify that the client detects timeouts.
RadiusServer server = new RadiusServer();
RadiusServerSettings serverSettings = new RadiusServerSettings();
RadiusClient client = new RadiusClient();
RadiusClientSettings clientSettings = new RadiusClientSettings(Local_RADIUS, "hello");
RadiusServerDeelie deelie;
serverSettings.RealmFormat = RealmFormat.Email;
serverSettings.Devices.Add(new RadiusNasInfo(IPAddress.Loopback, "hello"));
serverSettings.Devices.Add(new RadiusNasInfo(NetHelper.GetActiveAdapter(), "hello"));
clientSettings.RealmFormat = RealmFormat.Email;
clientSettings.PortCount = 1;
clientSettings.MaxTransmissions = 1;
try
{
server.Start(serverSettings);
server.LoadAccountsFromString(@"
// This is a comment line
r1;jeff;password123
r2;jeff;passwordXXX
r1;jane;bigfish
");
client.Open(clientSettings);
deelie = new RadiusServerDeelie(server, RadiusServerDeelie.Mode.IgnoreAllPackets);
try
{
client.Authenticate("r1", "jeff", "password123");
Assert.Fail("Expected a timeout");
}
catch (Exception e)
{
Assert.IsInstanceOfType(e, typeof(TimeoutException));
}
}
finally
{
server.Stop();
client.Close();
}
}
public void RadiusClient_Interop_AD_IAS()
{
if (EnvironmentVars.Get("LT_TESTBIN") == null)
{
Assert.Inconclusive("[LT_TESTBIN] environment variable does not exist.");
}
if (EnvironmentVars.Get("LT_TEST_AD") == null)
{
Assert.Inconclusive("[LT_TEST_AD] environment variable does not exist.");
}
var ad = new ADTestSettings();
if (ad.NasSecret == string.Empty)
{
Assert.Inconclusive("AD/IAS Testing is disabled");
return;
}
// Verify that RADIUS client works against AD/IAS. This requires that
// the LT_TEST_AD environment variable be set properly as described
// in the LillTek DevInstall.doc document. The IAS server must also
// be manually configured with the NAS shared secret for this client.
RadiusClient client = new RadiusClient();
NetworkBinding serverEP = new NetworkBinding(EnhancedDns.GetHostByName(ad.Servers[0]).AddressList.IPv4Only()[0], NetworkPort.RADIUS);
RadiusClientSettings clientSettings = new RadiusClientSettings(serverEP, ad.NasSecret);
clientSettings.RealmFormat = RealmFormat.Email;
clientSettings.PortCount = 1;
try
{
client.Open(clientSettings);
Assert.IsTrue(client.Authenticate(ad.Domain, ad.Account, ad.Password));
Assert.IsFalse(client.Authenticate(ad.Domain + "x", ad.Account, ad.Password));
Assert.IsFalse(client.Authenticate(ad.Domain, ad.Account + "x", ad.Password));
Assert.IsFalse(client.Authenticate(ad.Domain, ad.Account, ad.Password + "x"));
}
finally
{
client.Close();
}
}
public void RadiusServer_RealmFmt_Slash()
{
// Test the client against the server using RealmFormat.Slash.
RadiusServer server = new RadiusServer();
RadiusServerSettings serverSettings = new RadiusServerSettings();
RadiusClient client = new RadiusClient();
RadiusClientSettings clientSettings = new RadiusClientSettings(Local_RADIUS, "hello");
serverSettings.RealmFormat = RealmFormat.Slash;
serverSettings.Devices.Add(new RadiusNasInfo(IPAddress.Loopback, "hello"));
serverSettings.Devices.Add(new RadiusNasInfo(NetHelper.GetActiveAdapter(), "hello"));
clientSettings.RealmFormat = RealmFormat.Slash;
clientSettings.PortCount = 1;
clientSettings.MaxTransmissions = 1;
try
{
server.Start(serverSettings);
server.LoadAccountsFromString(@"
// This is a comment line
r1;jeff;password123
r2;jeff;passwordXXX
r1;jane;bigfish
");
client.Open(clientSettings);
Assert.IsTrue(client.Authenticate("r1", "jeff", "password123"));
Assert.IsTrue(client.Authenticate("r2", "jeff", "passwordXXX"));
Assert.IsTrue(client.Authenticate("r1", "jane", "bigfish"));
Assert.IsFalse(client.Authenticate("r1", "jeff", "PASSWORD123"));
Assert.IsFalse(client.Authenticate("", "jeff", "password123"));
Assert.IsFalse(client.Authenticate(null, "jeff", "password123"));
Assert.IsFalse(client.Authenticate("r3", "jeff", "password123"));
}
finally
{
server.Stop();
client.Close();
}
}
public void RadiusServer_DefaultSecret()
{
// Verify that the default secret will be used if the NAS device
// is not specified.
RadiusServer server = new RadiusServer();
RadiusServerSettings serverSettings = new RadiusServerSettings();
RadiusClient client = new RadiusClient();
RadiusClientSettings clientSettings = new RadiusClientSettings(Local_RADIUS, "hello");
serverSettings.RealmFormat = RealmFormat.Slash;
serverSettings.DefaultSecret = "hello";
clientSettings.RealmFormat = RealmFormat.Slash;
clientSettings.PortCount = 1;
clientSettings.MaxTransmissions = 1;
try
{
server.Start(serverSettings);
server.LoadAccountsFromString(@"
// This is a comment line
r1;jeff;password123
r2;jeff;passwordXXX
r1;jane;bigfish
");
client.Open(clientSettings);
Assert.IsTrue(client.Authenticate("r1", "jeff", "password123"));
Assert.IsTrue(client.Authenticate("r2", "jeff", "passwordXXX"));
Assert.IsTrue(client.Authenticate("r1", "jane", "bigfish"));
Assert.IsFalse(client.Authenticate("r1", "jeff", "PASSWORD123"));
Assert.IsFalse(client.Authenticate("", "jeff", "password123"));
Assert.IsFalse(client.Authenticate(null, "jeff", "password123"));
Assert.IsFalse(client.Authenticate("r3", "jeff", "password123"));
}
finally
{
server.Stop();
client.Close();
}
}
public void RadiusServer_Nas_HostName()
{
// Verify that the server can handle NAS devices specified by DNS host name.
RadiusServer server = new RadiusServer();
RadiusServerSettings serverSettings = new RadiusServerSettings();
RadiusClient client = new RadiusClient();
RadiusClientSettings clientSettings = new RadiusClientSettings(Local_RADIUS, "hello");
serverSettings.RealmFormat = RealmFormat.Email;
serverSettings.Devices.Add(new RadiusNasInfo(Helper.MachineName, "hello"));
clientSettings.RealmFormat = RealmFormat.Email;
clientSettings.PortCount = 1;
clientSettings.MaxTransmissions = 1;
try
{
server.Start(serverSettings);
server.LoadAccountsFromString(@"
// This is a comment line
r1;jeff;password123
r2;jeff;passwordXXX
r1;jane;bigfish
");
client.Open(clientSettings);
Assert.IsTrue(client.Authenticate("r1", "jeff", "password123"));
Assert.IsTrue(client.Authenticate("r2", "jeff", "passwordXXX"));
Assert.IsTrue(client.Authenticate("r1", "jane", "bigfish"));
Assert.IsFalse(client.Authenticate("r1", "jeff", "PASSWORD123"));
Assert.IsFalse(client.Authenticate("", "jeff", "password123"));
Assert.IsFalse(client.Authenticate(null, "jeff", "password123"));
Assert.IsFalse(client.Authenticate("r3", "jeff", "password123"));
}
finally
{
server.Stop();
client.Close();
}
}
private static void Main(string[] args)
{
if (args.Length != 4)
{
ShowUsage();
return;
}
try
{
RadiusClient rc = new RadiusClient(args[0], args[1]);
RadiusPacket authPacket = rc.Authenticate(args[2], args[3]);
authPacket.SetAttribute(new VendorSpecificAttribute(10135, 1, UTF8Encoding.UTF8.GetBytes("Testing")));
authPacket.SetAttribute(new VendorSpecificAttribute(10135, 2, new[] { (byte)7 }));
RadiusPacket receivedPacket = rc.SendAndReceivePacket(authPacket).Result;
if (receivedPacket == null)
{
throw new Exception("Can't contact remote radius server !");
}
switch (receivedPacket.PacketType)
{
case RadiusCode.ACCESS_ACCEPT:
Console.WriteLine("Accepted");
foreach (var attr in receivedPacket.Attributes)
{
Console.WriteLine(attr.Type.ToString() + " = " + attr.Value);
}
break;
case RadiusCode.ACCESS_CHALLENGE:
Console.WriteLine("Challenged");
break;
default:
Console.WriteLine("Rejected");
break;
}
}
catch (Exception e)
{
Console.WriteLine("Error : " + e.Message);
}
Console.ReadLine();
}
public async Task AuthenticationFail_2_Test()
{
server = RadiusFactory.CreateTestServer(1812, "secret", "test", "12345", RadiusServerType.Accounting);
server.Start();
client = RadiusFactory.CreateTestClient(1824);
var packet = new RadiusPacket(PacketCode.AccessRequest, 0, "secret");
packet.AddAttribute("User-Name", "test");
packet.AddAttribute("User-Password", "1234");
packet.AddAttribute("NAS-IP-Address", IPAddress.Parse("192.168.0.100"));
packet.AddAttribute("NAS-Port", 3);
var response = await client.SendPacketAsync(packet, new IPEndPoint(IPAddress.Parse("127.0.0.1"), 1812));
Assert.AreEqual(PacketCode.AccessReject, response.Code);
}
/// <summary>
/// Called whenever the Authentication Provider is loaded into the
/// AD FS pipeline
/// </summary>
/// <param name="configData"></param>
public void OnAuthenticationPipelineLoad(IAuthenticationMethodConfigData configData)
{
appConfig = new AppConfigurationReg();
radiusClient = new RadiusClient(appConfig.Server, appConfig.SharedSecret, appConfig.TimeOut,
appConfig.AuthenticationPort, appConfig.AccountingPort);
debugLogging = appConfig.Debug;
if (this.debugLogging)
{
Logging.LogMessage(
"Currently using the following configuration:" + Environment.NewLine +
"Server: " + appConfig.Server + Environment.NewLine +
"Authentication port: " + appConfig.AuthenticationPort + Environment.NewLine +
"Accounting port: " + appConfig.AccountingPort + Environment.NewLine +
"Shared secret: " + appConfig.SharedSecret + Environment.NewLine +
"Timeout: " + appConfig.TimeOut);
}
}
public void RadiusClient_Retry()
{
// Verify that the client actually retries sending request packets and
// that it used the same ID for both.
RadiusServer server = new RadiusServer();
RadiusServerSettings serverSettings = new RadiusServerSettings();
RadiusClient client = new RadiusClient();
RadiusClientSettings clientSettings = new RadiusClientSettings(Local_RADIUS, "hello");
RadiusServerDeelie deelie;
serverSettings.RealmFormat = RealmFormat.Email;
serverSettings.Devices.Add(new RadiusNasInfo(IPAddress.Loopback, "hello"));
serverSettings.Devices.Add(new RadiusNasInfo(NetHelper.GetActiveAdapter(), "hello"));
clientSettings.RealmFormat = RealmFormat.Email;
clientSettings.PortCount = 1;
clientSettings.MaxTransmissions = 2;
try
{
server.Start(serverSettings);
server.LoadAccountsFromString(@"
// This is a comment line
r1;jeff;password123
r2;jeff;passwordXXX
r1;jane;bigfish
");
client.Open(clientSettings);
deelie = new RadiusServerDeelie(server, RadiusServerDeelie.Mode.IgnoreFirstPacket);
Assert.IsTrue(client.Authenticate("r1", "jeff", "password123"));
Assert.AreEqual(2, deelie.Packets.Count);
Assert.AreEqual(deelie.Packets[0].Identifier, deelie.Packets[1].Identifier);
}
finally
{
server.Stop();
client.Close();
}
}
private static void Main(string[] args)
{
if (args.Length != 4)
{
System.Console.WriteLine("Usage: TestClient hostName sharedSecret userName password");
return;
}
String host = args[0];
String shared = args[1];
String user = args[2];
String pass = args[3];
var rc = new RadiusClient(IPAddress.Parse(host), shared);
// 1. Send Access-Request
var ar = new AccessRequest(user, pass);
ar.AuthProtocol = AuthenticationType.pap; // or AUTH_CHAP
ar.AddAttribute("NAS-Identifier", "this.is.my.nas-identifier.de");
ar.AddAttribute("NAS-IP-Address", "192.168.0.100");
ar.AddAttribute("Service-Type", "Login-User");
ar.AddAttribute("WISPr-Redirection-URL", "http://www.sourceforge.net/");
ar.AddAttribute("WISPr-Location-ID", "net.sourceforge.ap1");
System.Console.WriteLine("Packet before it is sent\n" + ar + "\n");
RadiusPacket response = rc.Authenticate(ar);
System.Console.WriteLine("Packet after it was sent\n" + ar + "\n");
System.Console.WriteLine("Response\n" + response + "\n");
// 2. Send Accounting-Request
var acc = new AccountingRequest("mw", AccountingRequest.ACCT_STATUS_TYPE_START);
acc.AddAttribute("Acct-Session-Id", "1234567890");
acc.AddAttribute("NAS-Identifier", "this.is.my.nas-identifier.de");
acc.AddAttribute("NAS-Port", "0");
System.Console.WriteLine(acc + "\n");
response = rc.Account(acc);
System.Console.WriteLine("Response: " + response);
rc.Close();
}
public void RadiusClient_Interop()
{
if (EnvironmentVars.Get("LT_TESTBIN") == null)
{
Assert.Inconclusive("[LT_TESTBIN] environment variable does not exist.");
}
// Verify that my RADIUS client code can work against a server from
// another vendor.
RadiusTestServer server = new RadiusTestServer();
Dictionary <string, string> users;
Dictionary <IPAddress, string> devices;
RadiusClient client = new RadiusClient();
RadiusClientSettings clientSettings = new RadiusClientSettings(Local_AAA, "secret");
clientSettings.RealmFormat = RealmFormat.Email;
clientSettings.PortCount = 1;
users = new Dictionary <string, string>();
users.Add("jeff", "password1");
users.Add("joe", "password2");
devices = new Dictionary <IPAddress, string>();
devices.Add(IPAddress.Loopback, "secret");
devices.Add(NetHelper.GetActiveAdapter(), "secret");
try
{
server.Start(users, devices);
client.Open(clientSettings);
Assert.IsTrue(client.Authenticate("", "jeff", "password1"));
Assert.IsTrue(client.Authenticate("", "joe", "password2"));
Assert.IsFalse(client.Authenticate("", "jeff", "passwordX"));
Assert.IsFalse(client.Authenticate("", "billy", "x"));
}
finally
{
client.Close();
server.Stop();
}
}
private static int AuthRadius(string server, string secret, string userid, string password)
{
RadiusClient client = new RadiusClient();
string realm;
string account;
int pos;
pos = userid.IndexOfAny(new char[] { '/', '\\' });
if (pos == -1)
{
realm = string.Empty;
account = userid;
}
else
{
realm = userid.Substring(0, pos);
account = userid.Substring(pos + 1);
}
client.Open(new RadiusClientSettings(new NetworkBinding(server), secret));
try
{
Program.Output("Authenticating...");
if (client.Authenticate(realm, account, password))
{
Program.Output("Success");
return(0);
}
else
{
Program.Output("Failure");
return(1);
}
}
catch (Exception e)
{
Program.Error("Error[{0}]: {1}", e.GetType().Name, e.Message);
return(1);
}
finally
{
client.Close();
}
}
/// <summary>
/// メインメソッド
/// </summary>
/// <param name="args"></param>
/// <example>tanedius.exe User-Name User-Password NAS-IP-Address Server [secret]</example>
static void Main(string[] args)
{
RadiusClient rc;
switch (args.Length)
{
case 5:
rc = new RadiusClient(args[0], args[1], args[2], RadiusClient.AUTH_TYPE.CHAP, args[3], args[4], "");
if (rc.Auth())
{
System.Console.WriteLine("認証成功");
}
else
{
System.Console.WriteLine("認証失敗");
}
break;
case 6:
rc = new RadiusClient(args[0], args[1], args[2], RadiusClient.AUTH_TYPE.PAP, args[3], args[4], args[5]);
if (rc.Auth())
{
System.Console.WriteLine("認証成功");
}
else
{
System.Console.WriteLine("認証失敗");
}
break;
default:
break;
}
System.Console.ReadKey();
System.Environment.Exit(0);
}
/// <summary>
/// Entry point
/// </summary>
/// <returns></returns>
public static int Main()
{
_defaultLogFolder = Settings.Default.LogFolder;
if (string.IsNullOrEmpty(_defaultLogFolder))
{
return(5);
}
InitLogger();
var username = Environment.GetEnvironmentVariable("username");
var password = Environment.GetEnvironmentVariable("password");
if (string.IsNullOrEmpty(username))
{
Log.ErrorLog.WriteLine("environment variable 'username' is undefined undefined");
return(1);
}
if (string.IsNullOrEmpty(password))
{
Log.ErrorLog.WriteLine("environment variable 'password' is undefined undefined");
return(1);
}
if (Config.Settings == null)
{
Log.ErrorLog.WriteLine("Config is empty/unreadable");
return(2);
}
if (Config.Settings.Servers == null || Config.Settings.Servers.Count == 0)
{
Log.ErrorLog.WriteLine("No servers found in config");
return(3);
}
var res = Parallel.ForEach(Config.Settings.Servers.Cast <ServerElement>(), (server, state) =>
{
Log.InformationLog.WriteLine(string.Format("server name = {0} , retries = {1}, wait = {2}, autport = {3}",
server.Name, server.retries, server.wait, server.authport));
var rc = new RadiusClient(server.Name, server.sharedsecret, server.wait * 1000, server.authport);
Log.InformationLog.WriteLine("Radius client initializated");
try
{
var authPacket = rc.Authenticate(username, password);
if (Config.Settings.NAS_IDENTIFIER != null)
{
authPacket.SetAttribute(new RadiusAttribute(RadiusAttributeType.NAS_IDENTIFIER, Encoding.ASCII.GetBytes(Config.Settings.NAS_IDENTIFIER)));
}
authPacket.SetAttribute(new RadiusAttribute(RadiusAttributeType.NAS_PORT_TYPE, BitConverter.GetBytes((int)NasPortType.ASYNC)));
var receivedPacket = rc.SendAndReceivePacket(authPacket, server.retries).Result;
if (receivedPacket != null && receivedPacket.PacketType == RadiusCode.ACCESS_ACCEPT)
{
state.Stop();
}
}
catch (Exception ex)
{
Log.ErrorLog.WriteLine(ex);
}
});
if (res.IsCompleted)
{
//On a parcouru tous les srveurs et on n'a rien trouvé
Log.ErrorLog.WriteLine(string.Format("Authentication failed for: {0}", username));
return(4);
}
else
{
Log.SuccessLog.WriteLine(string.Format("Authentication success for user {0}", username));
return(0);
}
}
public void RadiusClient_ID_Exhaustion_MultiPort()
{
// Verify that the client throws an exception when it is asked to
// manage more than 256 parallel authentication requests.
RadiusServer server = new RadiusServer();
RadiusServerSettings serverSettings = new RadiusServerSettings();
RadiusClient client = new RadiusClient();
RadiusClientSettings clientSettings = new RadiusClientSettings(Local_RADIUS, "hello");
RadiusServerDeelie deelie;
IAsyncResult[] ar;
serverSettings.RealmFormat = RealmFormat.Email;
serverSettings.Devices.Add(new RadiusNasInfo(IPAddress.Loopback, "hello"));
serverSettings.Devices.Add(new RadiusNasInfo(NetHelper.GetActiveAdapter(), "hello"));
clientSettings.RealmFormat = RealmFormat.Email;
clientSettings.PortCount = 2;
clientSettings.MaxTransmissions = 1;
try
{
server.Start(serverSettings);
server.LoadAccountsFromString(@"
// This is a comment line
r1;jeff;password123
r2;jeff;passwordXXX
r1;jane;bigfish
");
client.Open(clientSettings);
deelie = new RadiusServerDeelie(server, RadiusServerDeelie.Mode.AuthLongDelay);
ar = new IAsyncResult[clientSettings.PortCount * 256 + 1];
try
{
for (int i = 0; i < ar.Length; i++)
{
ar[i] = client.BeginAuthenticate("r1", "jeff", "password123", null, null);
}
for (int i = 0; i < ar.Length; i++)
{
if (ar[i] != null)
{
client.EndAuthenticate(ar[i]);
}
}
Assert.Fail("Expected a RadiusException");
}
catch (Exception e)
{
Assert.IsInstanceOfType(e, typeof(RadiusException));
}
}
finally
{
server.Stop();
client.Close();
}
}
public void RadiusClient_LoadBalance_MultiPort()
{
// Verify that the client actually distributes packets across multiple
// RADIUS servers with a multi port client.
RadiusServer server1 = new RadiusServer();
RadiusServer server2 = new RadiusServer();
RadiusServerSettings server1Settings = new RadiusServerSettings();
RadiusServerSettings server2Settings = new RadiusServerSettings();
RadiusClient client = new RadiusClient();
RadiusClientSettings clientSettings = new RadiusClientSettings(new NetworkBinding[] { Local_RADIUS, Local_AAA }, "hello");
RadiusServerDeelie deelie1;
RadiusServerDeelie deelie2;
server1Settings.RealmFormat = RealmFormat.Email;
server1Settings.Devices.Add(new RadiusNasInfo(IPAddress.Loopback, "hello"));
server1Settings.Devices.Add(new RadiusNasInfo(NetHelper.GetActiveAdapter(), "hello"));
server1Settings.NetworkBinding = new IPEndPoint(IPAddress.Any, NetworkPort.RADIUS);
server2Settings.RealmFormat = RealmFormat.Email;
server2Settings.Devices.Add(new RadiusNasInfo(IPAddress.Loopback, "hello"));
server2Settings.Devices.Add(new RadiusNasInfo(NetHelper.GetActiveAdapter(), "hello"));
server2Settings.NetworkBinding = new IPEndPoint(IPAddress.Any, NetworkPort.AAA);
clientSettings.RealmFormat = RealmFormat.Email;
clientSettings.PortCount = 4;
clientSettings.MaxTransmissions = 1;
try
{
string accountInfo = @"
// This is a comment line
r1;jeff;password123
r2;jeff;passwordXXX
r1;jane;bigfish
";
server1.Start(server1Settings);
server1.LoadAccountsFromString(accountInfo);
deelie1 = new RadiusServerDeelie(server1, RadiusServerDeelie.Mode.Normal);
server2.Start(server2Settings);
server2.LoadAccountsFromString(accountInfo);
deelie2 = new RadiusServerDeelie(server2, RadiusServerDeelie.Mode.Normal);
client.Open(clientSettings);
for (int i = 0; i < 20; i++)
{
Assert.IsTrue(client.Authenticate("r1", "jeff", "password123"));
}
Assert.IsTrue(deelie1.Packets.Count > 0);
Assert.IsTrue(deelie2.Packets.Count > 0);
}
finally
{
server1.Stop();
server2.Stop();
client.Close();
}
}
public void RadiusClient_FailOver_MultiPort()
{
// Verify that the client actually fails over to alternate
// RADIUS servers with a multi port client.
RadiusServer server1 = new RadiusServer();
RadiusServer server2 = new RadiusServer();
RadiusServerSettings server1Settings = new RadiusServerSettings();
RadiusServerSettings server2Settings = new RadiusServerSettings();
RadiusClient client = new RadiusClient();
RadiusClientSettings clientSettings = new RadiusClientSettings(new NetworkBinding[] { Local_AAA, NetworkBinding.Parse("192.168.255.1:1645") }, "hello");
RadiusServerDeelie deelie1;
RadiusServerDeelie deelie2;
server1Settings.RealmFormat = RealmFormat.Email;
server1Settings.Devices.Add(new RadiusNasInfo(IPAddress.Loopback, "hello"));
server1Settings.Devices.Add(new RadiusNasInfo(NetHelper.GetActiveAdapter(), "hello"));
server1Settings.NetworkBinding = new IPEndPoint(IPAddress.Any, NetworkPort.RADIUS);
server2Settings.RealmFormat = RealmFormat.Email;
server2Settings.Devices.Add(new RadiusNasInfo(IPAddress.Loopback, "hello"));
server2Settings.Devices.Add(new RadiusNasInfo(NetHelper.GetActiveAdapter(), "hello"));
server2Settings.NetworkBinding = new IPEndPoint(IPAddress.Any, NetworkPort.AAA);
clientSettings.RealmFormat = RealmFormat.Email;
clientSettings.PortCount = 4;
clientSettings.MaxTransmissions = 10;
clientSettings.RetryInterval = TimeSpan.FromSeconds(0.5);
try
{
string accountInfo = @"
// This is a comment line
r1;jeff;password123
r2;jeff;passwordXXX
r1;jane;bigfish
";
server1.Start(server1Settings);
server1.LoadAccountsFromString(accountInfo);
deelie1 = new RadiusServerDeelie(server1, RadiusServerDeelie.Mode.IgnoreAlternatePackets);
server2.Start(server2Settings);
server2.LoadAccountsFromString(accountInfo);
deelie2 = new RadiusServerDeelie(server2, RadiusServerDeelie.Mode.IgnoreAlternatePackets);
client.Open(clientSettings);
for (int i = 0; i < 10; i++)
{
Assert.IsTrue(client.Authenticate("r1", "jeff", "password123"));
}
}
finally
{
server1.Stop();
server2.Stop();
client.Close();
}
}
public void RadiusClient_Blast()
{
// Send a bunch of queries to multiple servers from multiple client ports.
RadiusServer server1 = new RadiusServer();
RadiusServer server2 = new RadiusServer();
RadiusServerSettings server1Settings = new RadiusServerSettings();
RadiusServerSettings server2Settings = new RadiusServerSettings();
RadiusClient client = new RadiusClient();
RadiusClientSettings clientSettings = new RadiusClientSettings(new NetworkBinding[] { Local_RADIUS, Local_AAA }, "hello");
RadiusServerDeelie deelie1;
RadiusServerDeelie deelie2;
IAsyncResult[] ar;
server1Settings.RealmFormat = RealmFormat.Email;
server1Settings.Devices.Add(new RadiusNasInfo(IPAddress.Loopback, "hello"));
server1Settings.Devices.Add(new RadiusNasInfo(NetHelper.GetActiveAdapter(), "hello"));
server1Settings.NetworkBinding = new IPEndPoint(IPAddress.Any, NetworkPort.RADIUS);
server2Settings.RealmFormat = RealmFormat.Email;
server2Settings.Devices.Add(new RadiusNasInfo(IPAddress.Loopback, "hello"));
server2Settings.Devices.Add(new RadiusNasInfo(NetHelper.GetActiveAdapter(), "hello"));
server2Settings.NetworkBinding = new IPEndPoint(IPAddress.Any, NetworkPort.AAA);
clientSettings.RealmFormat = RealmFormat.Email;
clientSettings.PortCount = 4;
clientSettings.MaxTransmissions = 3;
try
{
string accountInfo = @"
// This is a comment line
r1;jeff;password123
r2;jeff;passwordXXX
r1;jane;bigfish
";
server1.Start(server1Settings);
server1.LoadAccountsFromString(accountInfo);
deelie1 = new RadiusServerDeelie(server1, RadiusServerDeelie.Mode.Normal);
server2.Start(server2Settings);
server2.LoadAccountsFromString(accountInfo);
deelie2 = new RadiusServerDeelie(server2, RadiusServerDeelie.Mode.Normal);
client.Open(clientSettings);
ar = new IAsyncResult[clientSettings.PortCount * 256];
for (int i = 0; i < ar.Length; i++)
{
ar[i] = client.BeginAuthenticate("r1", "jeff", "password123", null, null);
}
for (int i = 0; i < ar.Length; i++)
{
Assert.IsTrue(client.EndAuthenticate(ar[i]));
}
Assert.IsTrue(deelie1.Packets.Count > 0);
Assert.IsTrue(deelie2.Packets.Count > 0);
}
finally
{
server1.Stop();
server2.Stop();
client.Close();
}
}
public static string AuthenticateRadius(string strHostName, uint nPort, string strSharedSecret, string strUserName, string strPassword, string strStateAttribut)
{
//strStateAttribut = "30-34-30-61-33-66-39-34-2D-65-39-39-36-2D-34-32-38-62-2D-38-32-65-63-2D-30-63-64-32-63-32-64-66-36-35-31-31";
//strStateAttribut = "040a3f94-e996-428b-82ec-0cd2c2df6511";
RadiusClient rc = new RadiusClient(strHostName, strSharedSecret, authPort: nPort);
RadiusPacket authPacket = rc.Authenticate(strUserName, strPassword);
if (strStateAttribut != "")
{
//string buffer = String.Join("", strStateAttribut.Split('-'));
byte[] data = Encoding.UTF8.GetBytes(strStateAttribut);
authPacket.SetAttribute(new RadiusAttribute(RadiusAttributeType.STATE, data));
}
else
{
authPacket.SetAttribute(new VendorSpecificAttribute(10135, 1, UTF8Encoding.UTF8.GetBytes("Testing")));
authPacket.SetAttribute(new VendorSpecificAttribute(10135, 2, new[] { (byte)7 }));
}
RadiusPacket receivedPacket = rc.SendAndReceivePacket(authPacket);
if (receivedPacket == null)
{
throw new SmartException(9901, "Can't contact remote radius server !");
}
StringBuilder sbDebug = new StringBuilder();
StringBuilder sbRetour = new StringBuilder();
switch (receivedPacket.PacketType)
{
case RadiusCode.ACCESS_ACCEPT:
sbRetour.Append("2#");
sbDebug.AppendLine("Access-Accept");
foreach (var attr in receivedPacket.Attributes)
{
sbDebug.AppendLine(attr.Type.ToString() + " = " + attr.Value);
}
break;
case RadiusCode.ACCESS_CHALLENGE:
sbRetour.Append("11#");
sbDebug.AppendLine("Access-Challenge");
foreach (var attr in receivedPacket.Attributes)
{
sbDebug.AppendLine(attr.Type.ToString() + " = " + attr.Value);
if (attr.Type == RadiusAttributeType.STATE)
{
sbRetour.Append(attr.Value);
}
}
break;
case RadiusCode.ACCESS_REJECT:
sbRetour.Append("3#");
sbDebug.AppendLine("Access-Reject");
if (!rc.VerifyAuthenticator(authPacket, receivedPacket))
{
sbDebug.AppendLine("Authenticator check failed: Check your secret");
}
break;
default:
sbRetour.Append("0#");
sbDebug.AppendLine("Rejected");
break;
}
//return sbDebug.ToString();
return(sbRetour.ToString());
}