diff options
author | Emil Renner Berthing <esmil@labitat.dk> | 2018-10-27 22:41:40 +0200 |
---|---|---|
committer | Emil Renner Berthing <esmil@labitat.dk> | 2018-10-27 22:44:14 +0200 |
commit | 2441baf2870a296ccd77b5e903ffa450a0418b9b (patch) | |
tree | 8824dc069009bae3484d70652031c2525c363169 /roles/space_server/files/radius/assha.py | |
parent | 060a041a7bf07960877099081554065bba155b4e (diff) | |
download | labitat-ansible-2441baf2870a296ccd77b5e903ffa450a0418b9b.tar.gz labitat-ansible-2441baf2870a296ccd77b5e903ffa450a0418b9b.tar.xz labitat-ansible-2441baf2870a296ccd77b5e903ffa450a0418b9b.zip |
space_server: radius: use python for ASSHA auth
..rather than our own patched radiusd
Diffstat (limited to 'roles/space_server/files/radius/assha.py')
-rwxr-xr-x | roles/space_server/files/radius/assha.py | 50 |
1 files changed, 50 insertions, 0 deletions
diff --git a/roles/space_server/files/radius/assha.py b/roles/space_server/files/radius/assha.py new file mode 100755 index 0000000..e34c382 --- /dev/null +++ b/roles/space_server/files/radius/assha.py @@ -0,0 +1,50 @@ +#!/usr/bin/env python + +import radiusd +import hashlib +import re + +USERS = '/etc/raddb/mods-config/files/authorize' +REXP = re.compile('^([^ ]+) ASSHA-Password := "(.*)"$') + +def authorize(p): + #radiusd.radlog(radiusd.L_INFO, '*** radlog call in authorize ***') + reply = ( ('Reply-Message', 'Welcome to Labitat!'), ) + config = ( ('Auth-Type', 'python'), ) + return (radiusd.RLM_MODULE_OK, reply, config) + +def load_users(): + users = {} + with open(USERS) as fp: + for line in fp: + match = REXP.match(line) + if match: + users[match.group(1)] = match.group(2) + + return users + +def check_pwd(user, pw): + users = load_users() + if user not in users: + return False + assha = users[user] + crypted = assha[:40] + salt = assha[40:] + h = hashlib.sha1('--%s--%s--' % (salt, pw)).hexdigest() + return h == crypted + +def authenticate(p): + #radiusd.radlog(radiusd.L_INFO, '*** radlog call in authenticate *** ') + user = None + pw = None + for (attr, value) in p: + if attr == 'User-Name': + user = value + if attr == 'User-Password': + pw = value + + # check password + if user != None and pw != None and check_pwd(user, pw): + return radiusd.RLM_MODULE_OK + + return radiusd.RLM_MODULE_REJECT |