public static string Reverse(byte[] sharedSecret, byte[] rqAuthenticator, byte[] requestPassword)
{
var passwordBuffLength = requestPassword.Length;
var authData = new byte[16];
var currentPasswordBlock = new byte[16];
var outPasswordBuffer = new byte[requestPassword.Length];
var passwordBlocks = passwordBuffLength / 16;
Buffer.BlockCopy(rqAuthenticator, 0, authData, 0, 16);
for (var i = 0; i < passwordBlocks; i++)
{
Buffer.BlockCopy(requestPassword, i * 16, currentPasswordBlock, 0, 16);
PapAuthenticator.PAPEncryptBlock(sharedSecret, authData, currentPasswordBlock);
Buffer.BlockCopy(currentPasswordBlock, i * 16, outPasswordBuffer, 0, 16);
Buffer.BlockCopy(currentPasswordBlock, 0, authData, 0, 16);
}
var outPassword = Encoding.ASCII.GetString(outPasswordBuffer).TrimEnd('\0');
return(outPassword);
}
public bool Authenticate(string username, string password)
{
Random pRandonNumber = new Random();
var RA = GenerateRA();
var requestPacket = new RadiusPacket()
{
CodeType = RadiusCodeType.AccessRequest,
Identifier = Convert.ToByte(pRandonNumber.Next(0, 32000) % 256),
Authenticator = RA
};
requestPacket.Attributes.Add(new RadiusAttribute(RadiusAttributeType.UserName, username));
requestPacket.Attributes.Add(new RadiusAttribute(RadiusAttributeType.UserPassword, PapAuthenticator.GeneratePAPPassword(password, _Secret, RA)));
requestPacket.Serialize(secretBytes);
if (requestPacket.Parse() == RadiusPacket.ParseError.None)
{
try
{
using (var server = new UdpClient())
{
server.Client.SendTimeout = pUDPTimeout;
server.Client.ReceiveTimeout = pUDPTimeout;
server.Client.Ttl = UDP_TTL;
server.Connect(_Server, _Port);
server.Send(requestPacket.Data, requestPacket.DataLength);
var RemoteIpEndPoint = new System.Net.IPEndPoint(System.Net.IPAddress.Any, 0);
var response = server.Receive(ref RemoteIpEndPoint);
server.Close();
var result = new RadiusPacket()
{
Data = response, DataLength = response.Length
};
return(result.Parse() == RadiusPacket.ParseError.None && result.CodeType == RadiusCodeType.AccessAccept);
}
}
catch (Exception ex)
{
EventLoger.Log.Write(MethodInfo.GetCurrentMethod(), ex);
}
}
return(false);
}
public async Task Start()
{
listen = true;
using (var udpServer = new UdpClient(new IPEndPoint(_IP, _Port)))
{
while (listen)
{
try
{
var result = await udpServer.ReceiveAsync();
var packet = new RadiusPacket()
{
DataLength = result.Buffer.Length,
Data = result.Buffer
};
if (packet.Parse() == RadiusPacket.ParseError.None && packet.CodeType == RadiusCodeType.AccessRequest)
{
var secretBytes = Encoding.Default.GetBytes(_Secret);
var responsePacket = new RadiusPacket()
{
Identifier = packet.Identifier,
CodeType = RadiusCodeType.AccessReject,
Authenticator = packet.Authenticator
};
foreach (var attr in packet.Attributes)
{
responsePacket.Attributes.Add(attr);
}
var falts = packet.ValidateRfcComplianceOnReceive();
if (falts != null)
{
responsePacket.Attributes.Add(falts);
}
else
{
var userNameAttrib = packet.Attributes.Find(RadiusAttributeType.UserName);
var passwordAttrib = packet.Attributes.Find(RadiusAttributeType.UserPassword);
var username = userNameAttrib.TextValue;
var password = PapAuthenticator.Reverse(secretBytes, packet.Authenticator, passwordAttrib.StringValue);
if (Validator == null || Validator.IsValid(username, password))
{
responsePacket.CodeType = RadiusCodeType.AccessAccept;
}
}
responsePacket.Serialize(secretBytes);
udpServer.Send(responsePacket.Data, responsePacket.Length, result.RemoteEndPoint);
}
}
catch (Exception ex)
{
EventLoger.Log.Write(MethodInfo.GetCurrentMethod(), ex);
}
}
}
}