blob: 6d81be12a55165833e14fa0036f33cd6bcb08c5c (
plain) (
tree)
|
|
#!/usr/bin/env python
import radiusd
import hashlib
import re
USERS = '/etc/raddb/mods-config/files/authorize'
REXP = re.compile('^([^ ]+) ASSHA-Password := "(.*)"$')
def authorize(p):
#radiusd.radlog(radiusd.L_INFO, '*** radlog call in authorize ***')
reply = ( ('Reply-Message', 'Welcome to Labitat!'), )
config = ( ('Auth-Type', 'python3'), )
return (radiusd.RLM_MODULE_OK, reply, config)
def load_users():
users = {}
with open(USERS) as fp:
for line in fp:
match = REXP.match(line)
if match:
users[match.group(1)] = match.group(2)
return users
def check_pwd(user, pw):
users = load_users()
if user not in users:
return False
assha = users[user]
crypted = assha[:40]
salt = assha[40:]
h = hashlib.sha1('--{}--{}--'.format(salt, pw).encode('utf-8')).hexdigest()
return h == crypted
def authenticate(p):
#radiusd.radlog(radiusd.L_INFO, '*** radlog call in authenticate *** ')
user = None
pw = None
for (attr, value) in p:
if attr == 'User-Name':
user = value
if attr == 'User-Password':
pw = value
# check password
if user != None and pw != None and check_pwd(user, pw):
return radiusd.RLM_MODULE_OK
return radiusd.RLM_MODULE_REJECT
|
