Date: Sun, 03 Jan 1999 02:03:12 -0400 From: Luis Munoz <lem@cantv.net> To: freebsd-isp@FreeBSD.ORG Subject: RADIUS Command line query tool (was Re: How to check...) Message-ID: <3.0.6.32.19990103020312.0088cc80@pop.cantv.net>
next in thread | raw e-mail | index | archive | help
Hi there:
Since a lot of people has asked for this tool, I'm posting
it to the list. You can use it as you wish. In particular,
probably it's a good start to write a simpler tool to auto
test the RADIUS servers.
Good luck and happy new year :)
-lem
8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---
#!/usr/local/bin/perl
#
# authclient: Perform basic authentication test against a given host.
#
# Options:
#
# -s <secret> Shared secret
# -h <host> Host to authenticate against
# -p <port> Port to use in authentication
# -v Verbose
# -d <dictionary> Dictionary to use
# -i <identifier> 1-Byte RADIUS identifier
# -a <Authenticator> 16-Byte RADIUS authenticator
# -l <limit> Number of requests to attempt
# -t <timeout> Timeout for a RADIUS transaction
#
# a login and password must follow, after these flags.
#
# lem@cantv.net 19981028: Initial release
#
###########
use RADIUS::Packet;
use RADIUS::Dictionary;
use IO::Socket;
use IO::Select;
use Time::HiRes qw( gettimeofday tv_interval );
use Getopt::Std;
##########
## Configuration stuff
##########
$timeout = 30; # How much to wait for an answer
$opts = "s:h:p:vd:i:a:l:t:"; # Options to accept
##########
## End of config stuff
##########
getopts($opts); # Get options
die "Must include -h <host>\n" unless $opt_h;
die "Must indicate secret with -s <secret>\n" unless $opt_s;
$opt_l = 5 unless $opt_l;
$dictionary = $opt_d ? $opt_d : "/var/radius/dictionary";
$port = $opt_p ? $opt_p : 1645;
$opt_t = 5 unless $opt_t =~ /^[0-9]+$/;
$opt_i = "0" unless $opt_i;
$opt_a = int(rand(256) * rand(256)) . int(rand(9))x15 unless $opt_a;
if (length($opt_a) < 16) {
die "Authenticator too long. Must be 16 chars or less.\n";
}
$opt_a = substr($opt_a, 0, 16);
$opt_i = substr($opt_i, 0, 1);
$login = shift @ARGV;
$password = shift @ARGV;
die "Syntax: client [flags] <login> <password>\n" unless
$login and $password;
$d = new RADIUS::Dictionary $dictionary;
die "Cannot init the RADIUS dictionary $dictionary: $!\n" unless $d;
# Create a suitable socket
$socket = IO::Socket::INET->new('PeerAddr' => $opt_h,
'PeerPort' => $port,
'Proto' => "udp");
die "Cannot create socket: $!\n" unless $socket;
$p = new RADIUS::Packet $d;
die "Cannot create RADIUS packet: $!\n" unless $p;
$p->set_code("Access-Request");
$p->set_identifier($opt_i);
$p->set_authenticator($opt_a);
$p->set_attr('User-Name', $login);
$p->set_attr('Password', $password);
$p->set_attr('Password', $p->password($opt_s));
print "Outgoing packet:\n" if $opt_v;
$p->dump if $opt_v;
my $packet = $p->pack;
$sel = new IO::Select $socket;
$tries = 1;
$secs = 0;
PACKET_LOOP:
while ($tries < $opt_l) {
$t0 = gettimeofday;
die "Cannot send() to host $opt_h/$port: $!"
unless $socket->send($packet);
print STDERR
"[Try $tries] Sending request to server $opt_h:$port\n"
if $opt_v;
if ($sel->can_read($opt_t)) {
die "Cannot recv()\n" unless $l = $socket->recv($resp, 1024);
$secs = sprintf("%03.3f", gettimeofday - $t0);
}
else {
print STDERR "*** Timeout. Trying again\n";
$tries++;
next PACKET_LOOP;
}
$r = new RADIUS::Packet $d, $resp;
die "Cannot decode packet.\n" unless $r;
print "*** Response packet in ", $secs, " secs:\n";
$r->dump;
exit;
}
8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3.0.6.32.19990103020312.0088cc80>