public void RadiusClient_Interop_AD_IAS()
{
if (EnvironmentVars.Get("LT_TESTBIN") == null)
{
Assert.Inconclusive("[LT_TESTBIN] environment variable does not exist.");
}
if (EnvironmentVars.Get("LT_TEST_AD") == null)
{
Assert.Inconclusive("[LT_TEST_AD] environment variable does not exist.");
}
var ad = new ADTestSettings();
if (ad.NasSecret == string.Empty)
{
Assert.Inconclusive("AD/IAS Testing is disabled");
return;
}
// Verify that RADIUS client works against AD/IAS. This requires that
// the LT_TEST_AD environment variable be set properly as described
// in the LillTek DevInstall.doc document. The IAS server must also
// be manually configured with the NAS shared secret for this client.
RadiusClient client = new RadiusClient();
NetworkBinding serverEP = new NetworkBinding(EnhancedDns.GetHostByName(ad.Servers[0]).AddressList.IPv4Only()[0], NetworkPort.RADIUS);
RadiusClientSettings clientSettings = new RadiusClientSettings(serverEP, ad.NasSecret);
clientSettings.RealmFormat = RealmFormat.Email;
clientSettings.PortCount = 1;
try
{
client.Open(clientSettings);
Assert.IsTrue(client.Authenticate(ad.Domain, ad.Account, ad.Password));
Assert.IsFalse(client.Authenticate(ad.Domain + "x", ad.Account, ad.Password));
Assert.IsFalse(client.Authenticate(ad.Domain, ad.Account + "x", ad.Password));
Assert.IsFalse(client.Authenticate(ad.Domain, ad.Account, ad.Password + "x"));
}
finally
{
client.Close();
}
}
public void Initialize()
{
Helper.InitializeApp(Assembly.GetExecutingAssembly());
this.ADSettings = new ADTestSettings();
this.DB = SqlTestDatabase.Create();
this.AuthFilePath = Path.GetTempFileName();
//-------------------------------------------------------------
// Initialize file authentication
Helper.WriteToFile(this.AuthFilePath, @"
file.com;file1;file-password1
file.com;file2;file-password2
");
this.Accounts.Add(new AuthTestAccount(AuthTestExtensionType.File, "file.com", "file1", "file-password1"));
this.Accounts.Add(new AuthTestAccount(AuthTestExtensionType.File, "file.com", "file2", "file-password2"));
//-------------------------------------------------------------
// Initialize RADIUS authentication
RadiusServerSettings radiusSettings = new RadiusServerSettings();
radiusSettings.NetworkBinding = NetworkBinding.Parse("ANY:52111");
radiusSettings.Devices.Add(new RadiusNasInfo(IPAddress.Loopback, this.RadiusSecret));
radiusSettings.Devices.Add(new RadiusNasInfo(NetHelper.GetActiveAdapter(), this.RadiusSecret));
this.RadiusServer = new RadiusServer();
this.RadiusServer.Start(radiusSettings);
this.RadiusServer.LoadAccountsFromString(@"
radius.com;radius1;radius-password1
radius.com;radius2;radius-password2
");
this.Accounts.Add(new AuthTestAccount(AuthTestExtensionType.Radius, "radius.com", "radius1", "radius-password1"));
this.Accounts.Add(new AuthTestAccount(AuthTestExtensionType.Radius, "radius.com", "radius2", "radius-password2"));
//-------------------------------------------------------------
// Initialize config authentication
Config.SetConfig(@"
Accounts[0] = config.com;config1;config-password1
Accounts[1] = config.com;config2;config-password2
");
this.Accounts.Add(new AuthTestAccount(AuthTestExtensionType.Config, "config.com", "config1", "config-password1"));
this.Accounts.Add(new AuthTestAccount(AuthTestExtensionType.Config, "config.com", "config2", "config-password2"));
#if TEST_AD
//-------------------------------------------------------------
// Initialize active directory authentication
#if !TEST_AD_LDAP
if (ADSettings.NasSecret != string.Empty) // Disable the test if the NAS secret is blank
#endif
this.Accounts.Add(new AuthTestAccount(AuthTestExtensionType.Ldap, ADSettings.Domain, ADSettings.Account, ADSettings.Password));
#endif
//-------------------------------------------------------------
// Initalize ODBC authentication
SqlConnection sqlCon = null;
SqlScriptRunner scriptRunner;
MacroProcessor processor;
string initScript =
@"
create table Accounts (
Realm varchar(64),
Account varchar(64),
Password varchar(64),
MD5 varbinary(128),
SHA1 varbinary(128),
SHA256 varbinary(128),
SHA512 varbinary(128)
)
go
insert into Accounts(Realm,Account,Password,MD5,SHA1,SHA256,SHA512)
values ('odbc.com','odbc1','odbc-password1',$(md5-1),$(sha1-1),$(sha256-1),$(sha512-1))
insert into Accounts(Realm,Account,Password,MD5,SHA1,SHA256,SHA512)
values ('odbc.com','odbc2','odbc-password2',$(md5-2),$(sha1-2),$(sha256-2),$(sha512-2))
go
";
try
{
processor = new MacroProcessor();
processor.Add("md5-1", SqlHelper.Literal(MD5Hasher.Compute("odbc-password1")));
processor.Add("sha1-1", SqlHelper.Literal(SHA1Hasher.Compute("odbc-password1")));
processor.Add("sha256-1", SqlHelper.Literal(SHA256Hasher.Compute("odbc-password1")));
processor.Add("sha512-1", SqlHelper.Literal(SHA512Hasher.Compute("odbc-password1")));
processor.Add("md5-2", SqlHelper.Literal(MD5Hasher.Compute("odbc-password2")));
processor.Add("sha1-2", SqlHelper.Literal(SHA1Hasher.Compute("odbc-password2")));
processor.Add("sha256-2", SqlHelper.Literal(SHA256Hasher.Compute("odbc-password2")));
processor.Add("sha512-2", SqlHelper.Literal(SHA512Hasher.Compute("odbc-password2")));
initScript = processor.Expand(initScript);
sqlCon = DB.OpenConnection();
scriptRunner = new SqlScriptRunner(initScript);
scriptRunner.Run(sqlCon);
this.Accounts.Add(new AuthTestAccount(AuthTestExtensionType.Odbc, "odbc.com", "odbc1", "odbc-password1"));
this.Accounts.Add(new AuthTestAccount(AuthTestExtensionType.Odbc, "odbc.com", "odbc2", "odbc-password2"));
}
finally
{
if (sqlCon != null)
{
sqlCon.Close();
}
}
}
