예제 #1
0
        public override RadiusPacket AccessRequestReceived(AccessRequest accessRequest, IPEndPoint client)
        {
            try
            {
                string ip = GetIP(accessRequest);
                string macAddr = GetMacAddress(ip);
                RadiusPacket answer;
                if (ServiceCfg.Instance.TinyConfig.ValidateByLdap)
                {
                    Logger.InfoFormat("尝试通过Ldap检查用户,账户:{0},密码:{1},Mac:{2},IP:{3}", accessRequest.UserName,
                                      accessRequest.Password,
                                      macAddr, ip);
                    if (ServiceCfg.Instance.TinyConfig.LdapSetting.IsAuthenticated(accessRequest.UserName,
                                                                                   accessRequest.Password))
                    {
                        Logger.InfoFormat("Ldap登录成功,账户:{0},密码:{1},Mac:{2},IP:{3}", accessRequest.UserName, accessRequest.Password, macAddr, ip);
                        Logger.InfoFormat("{0} login by Ldap success.", accessRequest.UserName);
                        answer = new RadiusPacket(RadiusPacket.AccessAccept, accessRequest.Identifier);
                        CopyProxyState(accessRequest, answer);
                        return answer;
                    }
                    Logger.InfoFormat("Ldap登录失败,账户:{0},密码:{1},Mac:{2},IP:{3}", accessRequest.UserName, accessRequest.Password,
                                      macAddr, ip);
                }

                if (ServiceCfg.Instance.TinyConfig.ValidateByDatabase)
                {
                    Logger.InfoFormat("通过本地数据库检查Mac地址,账户:{0},密码:{1},Mac:{2},IP:{3}", accessRequest.UserName,
                                      accessRequest.Password,
                                      macAddr, ip);
                    Logger.Debug("检查Mac地址");
                    if (!IsMacCorrect(accessRequest.UserName, macAddr))
                    {
                        Logger.InfoFormat("Mac地址不正确,账户:{0},密码:{1},Mac:{2},IP:{3}", accessRequest.UserName,
                                          accessRequest.Password, macAddr, ip);
                        answer = new RadiusPacket(RadiusPacket.AccessReject, accessRequest.Identifier);
                        CopyProxyState(accessRequest, answer);
                        return answer;
                    }
                    return base.AccessRequestReceived(accessRequest, client);
                }
                answer = new RadiusPacket(RadiusPacket.AccessReject, accessRequest.Identifier);
                CopyProxyState(accessRequest, answer);
                return answer;
            }
            catch (Exception ex)
            {
                Logger.Error("some error happend.", ex);
                return new RadiusPacket(RadiusPacket.AccessReject, accessRequest.Identifier);
            }
        }
예제 #2
0
        public override RadiusPacket AccessRequestReceived(AccessRequest accessRequest, IPEndPoint client)
        {
            /*if (ServiceCfg.Instance.TinyConfig.ValidateByLdap)
            {
                string struser = accessRequest.UserName;
                string strpwd = accessRequest.Password;
                string path = ServiceCfg.Instance.TinyConfig.LdapSetting.Path;

                int type = RadiusPacket.AccessReject;

                var auth = new LdapAuthentication(path);
                if (auth.IsAuthenticated(ServiceCfg.Instance.TinyConfig.LdapSetting.DomainName, struser, strpwd))
                {
                    type = RadiusPacket.AccessAccept;
                }


                if (type == RadiusPacket.AccessAccept)
                {
                    var answer = new RadiusPacket(type, accessRequest.Identifier);
                    CopyProxyState(accessRequest, answer);
                    return answer;
                }
            }*/

            string struser = accessRequest.UserName;
            string strpwd = accessRequest.Password;
            this.Logger.InfoFormat("通过Ldap检查用户,用户{0},密码{1}", struser, strpwd);
            if (!LdapAuthentication.IsAuthenticated(struser, strpwd))
            {
                this.Logger.InfoFormat("用户(账户{0},密码{1})Ldap登录失败,尝试本地数据库登陆", struser, strpwd);
                return base.AccessRequestReceived(accessRequest, client);
            }
            else
            {
                this.Logger.InfoFormat("用户(账户{0},密码{1})Ldap登录成功.", struser, strpwd);
                const int type = RadiusPacket.AccessAccept;
                var answer = new RadiusPacket(type, accessRequest.Identifier);
                CopyProxyState(accessRequest, answer);
                return answer;
            }
        }
예제 #3
0
        /**
         * Radius command line client.
         * <br/>Usage: TestClient <i>hostName sharedSecret userName password</i>
         * @param args arguments
         * @throws Exception
         */

        public static void main(String[] args)
        {
            if (args.Length != 4)
            {
                System.Console.WriteLine("Usage: TestClient hostName sharedSecret userName password");
                return;
            }

            String host = args[0];
            String shared = args[1];
            String user = args[2];
            String pass = args[3];

            var rc = new RadiusClient(IPAddress.Parse(host), shared);

            // 1. Send Access-Request
            var ar = new AccessRequest(user, pass);
            ar.AuthProtocol = AuthenticationType.pap; // or AUTH_CHAP
            ar.AddAttribute("NAS-Identifier", "this.is.my.nas-identifier.de");
            ar.AddAttribute("NAS-IP-Address", "192.168.0.100");
            ar.AddAttribute("Service-Type", "Login-User");
            ar.AddAttribute("WISPr-Redirection-URL", "http://www.sourceforge.net/");
            ar.AddAttribute("WISPr-Location-ID", "net.sourceforge.ap1");

            System.Console.WriteLine("Packet before it is sent\n" + ar + "\n");
            RadiusPacket response = rc.Authenticate(ar);
            System.Console.WriteLine("Packet after it was sent\n" + ar + "\n");
            System.Console.WriteLine("Response\n" + response + "\n");

            // 2. Send Accounting-Request
            var acc = new AccountingRequest("mw", AccountingRequest.ACCT_STATUS_TYPE_START);
            acc.AddAttribute("Acct-Session-Id", "1234567890");
            acc.AddAttribute("NAS-Identifier", "this.is.my.nas-identifier.de");
            acc.AddAttribute("NAS-Port", "0");

            System.Console.WriteLine(acc + "\n");
            response = rc.Account(acc);
            System.Console.WriteLine("Response: " + response);

            rc.Close();
        }
예제 #4
0
        /// <summary>
        ///  Creates a RadiusPacket object. Depending on the passed type, the
        ///  appropiate successor is chosen. Sets the type, but does not touch
        ///  the packet identifier.
        ///  @param type packet type
        ///  @return RadiusPacket object
        /// </summary>
        public static RadiusPacket CreateRadiusPacket(int type)
        {
            RadiusPacket rp;

            switch (type)
            {
            case AccessRequest:
                rp = new AccessRequest();
                break;

            case AccountingRequest:
                rp = new AccountingRequest();
                break;

            case AccessAccept:
            case AccessReject:
            case AccountingResponse:
            default:
                rp = new RadiusPacket();
                break;
            }
            rp.Type = type;
            return(rp);
        }
예제 #5
0
        /// <summary>
        /// Constructs an answer for an Access-Request packet. Either this
        /// method or isUserAuthenticated should be overriden.
        /// @param accessRequest Radius request packet
        /// @param client address of Radius client
        /// @return response packet or null if no packet shall be sent
        /// @exception RadiusException malformed request packet; if this
        /// exception is thrown, no answer will be sent
        /// </summary>
        public virtual RadiusPacket AccessRequestReceived(AccessRequest accessRequest, IPEndPoint client)
        {
            String plaintext = GetUserPassword(accessRequest.UserName);
            int type = RadiusPacket.AccessReject;
            if (plaintext != null && accessRequest.VerifyPassword(plaintext))
                type = RadiusPacket.AccessAccept;

            var answer = new RadiusPacket(type, accessRequest.Identifier);
            CopyProxyState(accessRequest, answer);
            return answer;
        }
예제 #6
0
        /// <summary>
        ///  Creates a RadiusPacket object. Depending on the passed type, the
        ///  appropiate successor is chosen. Sets the type, but does not touch
        ///  the packet identifier.
        ///  @param type packet type
        ///  @return RadiusPacket object
        /// </summary>
        public static RadiusPacket CreateRadiusPacket(int type)
        {
            RadiusPacket rp;
            switch (type)
            {
                case AccessRequest:
                    rp = new AccessRequest();
                    break;

                case AccountingRequest:
                    rp = new AccountingRequest();
                    break;
                case AccessAccept:
                case AccessReject:
                case AccountingResponse:
                default:
                    rp = new RadiusPacket();
                    break;
            }
            rp.Type = type;
            return rp;
        }
예제 #7
0
        /**
         * Sends an Access-Request packet and receives a response
         * packet.
         * @param request request packet
         * @return Radius response packet
         * @exception RadiusException malformed packet
         * @exception IOException communication error (after getRetryCount()
         * retries)
         */

        public RadiusPacket Authenticate(AccessRequest request)
        {
            lock (this)
            {
                if (logger.IsInfoEnabled)
                    logger.Info("send Access-Request packet: " + request);

                RadiusPacket response = Communicate(request, AuthPort);
                if (logger.IsInfoEnabled)
                    logger.Info("received packet: " + response);

                return response;
            }
        }
예제 #8
0
        /**
         * Authenticates a user.
         * @param userName user name
         * @param password password
         * @return true if authentication is successful, false otherwise
         * @exception RadiusException malformed packet
         * @exception IOException communication error (after getRetryCount()
         * retries)
         */

        public bool Authenticate(String userName, String password)
        {
            lock (this)
            {
                var request = new AccessRequest(userName, password);
                RadiusPacket response = Authenticate(request);
                return response.Type == RadiusPacket.AccessAccept;
            }
        }
예제 #9
0
 public override RadiusPacket AccessRequestReceived(AccessRequest accessRequest, IPEndPoint client)
 {
     System.Console.WriteLine("Received Access-Request:\n" + accessRequest);
     RadiusPacket packet = base.AccessRequestReceived(accessRequest, client);
     if (packet.Type == RadiusPacket.AccessAccept)
         packet.AddAttribute("Reply-Message", "Welcome " + accessRequest.UserName + "!");
     if (packet == null)
         System.Console.WriteLine("Ignore packet.");
     else
         System.Console.WriteLine("Answer:\n" + packet);
     return packet;
 }
예제 #10
0
 protected string GetIP(AccessRequest accessRequest)
 {
     foreach (RadiusAttribute attr in accessRequest.Attributes)
     {
         if (attr.Type == 31)
         {
             return attr.Value;
         }
     }
     return null;
 }