-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy patheduroam-test.cgi
136 lines (98 loc) · 3.13 KB
/
eduroam-test.cgi
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
#!/bin/bash
###### Adjust to your local environment #####
RADIUS_SERVER=127.0.0.1
CLIENT_SECRET=mysecret
#####
# Read GET variables
saveIFS=$IFS
IFS='=&'
param=($QUERY_STRING)
IFS=$saveIFS
LOGIN=${param[1]}
PASS=${param[3]}
# Print form when login and password has not been provided
if [ -e $LOGIN -a -e $PASS ]; then
echo -n -e "Content-Type: text/html\n\n"
echo "<html><head><title>eduroam test</title></head><body>"
echo '<h2>eduroam test</h2>'
echo '<p>Provide just <b>TEST</b> credentials, do not entry credentials of real accounts.</p>'
echo '<p>Test tries EAP-PEAP MSCHAPv2 and EAP-TTLS PAP authentication.</p>'
echo '<p>No results and login/passwords are stored.</p>'
echo '<form action="eduroam-test.cgi" method="GET">'
echo 'Login: <input type="text" name="login"><br>'
echo 'Password: <input type="text" name="password"><br>'
echo '<input type="submit" value="Submit">'
echo '</form>'
echo '<p>Supported by CHAIN-REDS project and CESNET</p>'
printf '</body></html>'
exit
fi
# We have login and password, so do the test
printf "Content-Type: text/html\n\n"
printf "<html><head><title>eduroam test</title></head><body>"
printf '<a href="#mschapv2">EAP-PEAP MSCHAPv2 results</a><br>'
printf '<a href="#pap">EAP-TTLS PAP results</a><br>'
# Unscape GET variables
LOGIN="$(perl -MURI::Escape -e 'print uri_unescape($ARGV[0]);' "$LOGIN")"
PASS="$(perl -MURI::Escape -e 'print uri_unescape($ARGV[0]);' "$PASS")"
printf '<a id="mschapv2"><h2>Testing EAP-PEAP MSCHAPv2</h2></a>'
TEMPLATE="network={\n
ssid=\"eduroam\"\n
key_mgmt=WPA-EAP\n
eap=PEAP\n
identity=\"$LOGIN\"\n
anonymous_identity=\"$LOGIN\"\n
password=\"$PASS\"\n
phase2=\"autheap=MSCHAPV2\"\n
}"
TMP_FILE=`mktemp --tmpdir=/dev/shm/`
echo -n -e $TEMPLATE > $TMP_FILE
printf "<h3>Configuration file used</h3>"
printf "<pre>\n"
cat $TMP_FILE
printf "</pre>\n"
TMP_OUT=`mktemp --tmpdir=/dev/shm/`
OUT=`/usr/local/bin/eapol_test -c $TMP_FILE -s $CLIENT_SECRET -a $RADIUS_SERVER 2>&1 >/${TMP_OUT}`
RET=$?
if [ $RET -ne 0 ] ;then
RES='<span style="color: red;">FAILURE</span>'
else
RES='<span style="color: green;">OK</span>'
fi
printf "<h3>Results of the test: $RES</h3>"
printf "<pre>\n"
cat $TMP_OUT
printf "</pre>\n"
rm $TMP_OUT
rm $TMP_FILE
printf '<a id="pap"><h2>Testing EAP-TTLS PAP</h2></a>'
TEMPLATE="network={\n
ssid=\"eduroam\"\n
key_mgmt=WPA-EAP\n
eap=TTLS\n
identity=\"$LOGIN\"\n
anonymous_identity=\"$LOGIN\"\n
password=\"$PASS\"\n
phase2=\"auth=PAP\"\n
}"
TMP_FILE=`mktemp --tmpdir=/dev/shm/`
echo -n -e $TEMPLATE > $TMP_FILE
printf "<h3>Configuration file used</h3>"
printf "<pre>\n"
cat $TMP_FILE
printf "</pre>\n"
TMP_OUT=`mktemp --tmpdir=/dev/shm/`
OUT=`/usr/local/bin/eapol_test -c $TMP_FILE -s $CLIENT_SECRET -a $RADIUS_SERVER 2>&1 >/${TMP_OUT}`
RET=$?
if [ $RET -ne 0 ] ;then
RES='<span style="color: red;">FAILURE</span>'
else
RES='<span style="color: green;">OK</span>'
fi
printf "<h3>Results of the test: $RES</h3>"
printf "<pre>\n"
cat $TMP_OUT
printf "</pre>\n"
rm $TMP_OUT
rm $TMP_FILE
printf '</body></html>'