Date: Sun, 03 Jan 1999 02:03:12 -0400 From: Luis Munoz <lem@cantv.net> To: freebsd-isp@FreeBSD.ORG Subject: RADIUS Command line query tool (was Re: How to check...) Message-ID: <3.0.6.32.19990103020312.0088cc80@pop.cantv.net>
next in thread | raw e-mail | index | archive | help
Hi there: Since a lot of people has asked for this tool, I'm posting it to the list. You can use it as you wish. In particular, probably it's a good start to write a simpler tool to auto test the RADIUS servers. Good luck and happy new year :) -lem 8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<--- #!/usr/local/bin/perl # # authclient: Perform basic authentication test against a given host. # # Options: # # -s <secret> Shared secret # -h <host> Host to authenticate against # -p <port> Port to use in authentication # -v Verbose # -d <dictionary> Dictionary to use # -i <identifier> 1-Byte RADIUS identifier # -a <Authenticator> 16-Byte RADIUS authenticator # -l <limit> Number of requests to attempt # -t <timeout> Timeout for a RADIUS transaction # # a login and password must follow, after these flags. # # lem@cantv.net 19981028: Initial release # ########### use RADIUS::Packet; use RADIUS::Dictionary; use IO::Socket; use IO::Select; use Time::HiRes qw( gettimeofday tv_interval ); use Getopt::Std; ########## ## Configuration stuff ########## $timeout = 30; # How much to wait for an answer $opts = "s:h:p:vd:i:a:l:t:"; # Options to accept ########## ## End of config stuff ########## getopts($opts); # Get options die "Must include -h <host>\n" unless $opt_h; die "Must indicate secret with -s <secret>\n" unless $opt_s; $opt_l = 5 unless $opt_l; $dictionary = $opt_d ? $opt_d : "/var/radius/dictionary"; $port = $opt_p ? $opt_p : 1645; $opt_t = 5 unless $opt_t =~ /^[0-9]+$/; $opt_i = "0" unless $opt_i; $opt_a = int(rand(256) * rand(256)) . int(rand(9))x15 unless $opt_a; if (length($opt_a) < 16) { die "Authenticator too long. Must be 16 chars or less.\n"; } $opt_a = substr($opt_a, 0, 16); $opt_i = substr($opt_i, 0, 1); $login = shift @ARGV; $password = shift @ARGV; die "Syntax: client [flags] <login> <password>\n" unless $login and $password; $d = new RADIUS::Dictionary $dictionary; die "Cannot init the RADIUS dictionary $dictionary: $!\n" unless $d; # Create a suitable socket $socket = IO::Socket::INET->new('PeerAddr' => $opt_h, 'PeerPort' => $port, 'Proto' => "udp"); die "Cannot create socket: $!\n" unless $socket; $p = new RADIUS::Packet $d; die "Cannot create RADIUS packet: $!\n" unless $p; $p->set_code("Access-Request"); $p->set_identifier($opt_i); $p->set_authenticator($opt_a); $p->set_attr('User-Name', $login); $p->set_attr('Password', $password); $p->set_attr('Password', $p->password($opt_s)); print "Outgoing packet:\n" if $opt_v; $p->dump if $opt_v; my $packet = $p->pack; $sel = new IO::Select $socket; $tries = 1; $secs = 0; PACKET_LOOP: while ($tries < $opt_l) { $t0 = gettimeofday; die "Cannot send() to host $opt_h/$port: $!" unless $socket->send($packet); print STDERR "[Try $tries] Sending request to server $opt_h:$port\n" if $opt_v; if ($sel->can_read($opt_t)) { die "Cannot recv()\n" unless $l = $socket->recv($resp, 1024); $secs = sprintf("%03.3f", gettimeofday - $t0); } else { print STDERR "*** Timeout. Trying again\n"; $tries++; next PACKET_LOOP; } $r = new RADIUS::Packet $d, $resp; die "Cannot decode packet.\n" unless $r; print "*** Response packet in ", $secs, " secs:\n"; $r->dump; exit; } 8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<--- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3.0.6.32.19990103020312.0088cc80>