From owner-freebsd-isp Sat Jan 2 22:10:56 1999 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id WAA16740 for freebsd-isp-outgoing; Sat, 2 Jan 1999 22:10:56 -0800 (PST) (envelope-from owner-freebsd-isp@FreeBSD.ORG) Received: from rs1s2.datacenter.cha.cantv.net (rs1s2.datacenter.cha.cantv.net [200.44.32.51]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id WAA16735 for ; Sat, 2 Jan 1999 22:10:53 -0800 (PST) (envelope-from lem@cantv.net) Received: from lg (tc4r9-026.ras.cha.cantv.net [200.44.10.26]) by rs1s2.datacenter.cha.cantv.net (8.9.1a/8.9.1/1.0) with SMTP id CAA05770 for ; Sun, 3 Jan 1999 02:10:27 -0400 (VET) Message-Id: <3.0.6.32.19990103020312.0088cc80@pop.cantv.net> X-Sender: lem@pop.cantv.net X-Mailer: QUALCOMM Windows Eudora Light Version 3.0.6 (32) Date: Sun, 03 Jan 1999 02:03:12 -0400 To: freebsd-isp@FreeBSD.ORG From: Luis Munoz Subject: RADIUS Command line query tool (was Re: How to check...) Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi there: Since a lot of people has asked for this tool, I'm posting it to the list. You can use it as you wish. In particular, probably it's a good start to write a simpler tool to auto test the RADIUS servers. Good luck and happy new year :) -lem 8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<--- #!/usr/local/bin/perl # # authclient: Perform basic authentication test against a given host. # # Options: # # -s Shared secret # -h Host to authenticate against # -p Port to use in authentication # -v Verbose # -d Dictionary to use # -i 1-Byte RADIUS identifier # -a 16-Byte RADIUS authenticator # -l Number of requests to attempt # -t Timeout for a RADIUS transaction # # a login and password must follow, after these flags. # # lem@cantv.net 19981028: Initial release # ########### use RADIUS::Packet; use RADIUS::Dictionary; use IO::Socket; use IO::Select; use Time::HiRes qw( gettimeofday tv_interval ); use Getopt::Std; ########## ## Configuration stuff ########## $timeout = 30; # How much to wait for an answer $opts = "s:h:p:vd:i:a:l:t:"; # Options to accept ########## ## End of config stuff ########## getopts($opts); # Get options die "Must include -h \n" unless $opt_h; die "Must indicate secret with -s \n" unless $opt_s; $opt_l = 5 unless $opt_l; $dictionary = $opt_d ? $opt_d : "/var/radius/dictionary"; $port = $opt_p ? $opt_p : 1645; $opt_t = 5 unless $opt_t =~ /^[0-9]+$/; $opt_i = "0" unless $opt_i; $opt_a = int(rand(256) * rand(256)) . int(rand(9))x15 unless $opt_a; if (length($opt_a) < 16) { die "Authenticator too long. Must be 16 chars or less.\n"; } $opt_a = substr($opt_a, 0, 16); $opt_i = substr($opt_i, 0, 1); $login = shift @ARGV; $password = shift @ARGV; die "Syntax: client [flags] \n" unless $login and $password; $d = new RADIUS::Dictionary $dictionary; die "Cannot init the RADIUS dictionary $dictionary: $!\n" unless $d; # Create a suitable socket $socket = IO::Socket::INET->new('PeerAddr' => $opt_h, 'PeerPort' => $port, 'Proto' => "udp"); die "Cannot create socket: $!\n" unless $socket; $p = new RADIUS::Packet $d; die "Cannot create RADIUS packet: $!\n" unless $p; $p->set_code("Access-Request"); $p->set_identifier($opt_i); $p->set_authenticator($opt_a); $p->set_attr('User-Name', $login); $p->set_attr('Password', $password); $p->set_attr('Password', $p->password($opt_s)); print "Outgoing packet:\n" if $opt_v; $p->dump if $opt_v; my $packet = $p->pack; $sel = new IO::Select $socket; $tries = 1; $secs = 0; PACKET_LOOP: while ($tries < $opt_l) { $t0 = gettimeofday; die "Cannot send() to host $opt_h/$port: $!" unless $socket->send($packet); print STDERR "[Try $tries] Sending request to server $opt_h:$port\n" if $opt_v; if ($sel->can_read($opt_t)) { die "Cannot recv()\n" unless $l = $socket->recv($resp, 1024); $secs = sprintf("%03.3f", gettimeofday - $t0); } else { print STDERR "*** Timeout. Trying again\n"; $tries++; next PACKET_LOOP; } $r = new RADIUS::Packet $d, $resp; die "Cannot decode packet.\n" unless $r; print "*** Response packet in ", $secs, " secs:\n"; $r->dump; exit; } 8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<--- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message