aboutsummaryrefslogtreecommitdiffstats
path: root/roles/space_server/files/radius
diff options
context:
space:
mode:
authorEmil Renner Berthing <esmil@labitat.dk>2018-10-27 22:41:40 +0200
committerEmil Renner Berthing <esmil@labitat.dk>2018-10-27 22:44:14 +0200
commit2441baf2870a296ccd77b5e903ffa450a0418b9b (patch)
tree8824dc069009bae3484d70652031c2525c363169 /roles/space_server/files/radius
parent060a041a7bf07960877099081554065bba155b4e (diff)
downloadlabitat-ansible-2441baf2870a296ccd77b5e903ffa450a0418b9b.tar.gz
labitat-ansible-2441baf2870a296ccd77b5e903ffa450a0418b9b.tar.xz
labitat-ansible-2441baf2870a296ccd77b5e903ffa450a0418b9b.zip
space_server: radius: use python for ASSHA auth
..rather than our own patched radiusd
Diffstat (limited to 'roles/space_server/files/radius')
-rwxr-xr-xroles/space_server/files/radius/assha.py50
-rw-r--r--roles/space_server/files/radius/freeradius-assha-3.0.15-1.fc26.x86_64.rpmbin1112554 -> 0 bytes
-rw-r--r--roles/space_server/files/radius/freeradius-assha-3.0.15-3.fc27.x86_64.rpmbin1140764 -> 0 bytes
-rw-r--r--roles/space_server/files/radius/mods-available/python-assha17
-rw-r--r--roles/space_server/files/radius/sites-available/labitat3
-rw-r--r--roles/space_server/files/radius/sites-available/labitat-inner3
6 files changed, 69 insertions, 4 deletions
diff --git a/roles/space_server/files/radius/assha.py b/roles/space_server/files/radius/assha.py
new file mode 100755
index 0000000..e34c382
--- /dev/null
+++ b/roles/space_server/files/radius/assha.py
@@ -0,0 +1,50 @@
+#!/usr/bin/env python
+
+import radiusd
+import hashlib
+import re
+
+USERS = '/etc/raddb/mods-config/files/authorize'
+REXP = re.compile('^([^ ]+) ASSHA-Password := "(.*)"$')
+
+def authorize(p):
+ #radiusd.radlog(radiusd.L_INFO, '*** radlog call in authorize ***')
+ reply = ( ('Reply-Message', 'Welcome to Labitat!'), )
+ config = ( ('Auth-Type', 'python'), )
+ return (radiusd.RLM_MODULE_OK, reply, config)
+
+def load_users():
+ users = {}
+ with open(USERS) as fp:
+ for line in fp:
+ match = REXP.match(line)
+ if match:
+ users[match.group(1)] = match.group(2)
+
+ return users
+
+def check_pwd(user, pw):
+ users = load_users()
+ if user not in users:
+ return False
+ assha = users[user]
+ crypted = assha[:40]
+ salt = assha[40:]
+ h = hashlib.sha1('--%s--%s--' % (salt, pw)).hexdigest()
+ return h == crypted
+
+def authenticate(p):
+ #radiusd.radlog(radiusd.L_INFO, '*** radlog call in authenticate *** ')
+ user = None
+ pw = None
+ for (attr, value) in p:
+ if attr == 'User-Name':
+ user = value
+ if attr == 'User-Password':
+ pw = value
+
+ # check password
+ if user != None and pw != None and check_pwd(user, pw):
+ return radiusd.RLM_MODULE_OK
+
+ return radiusd.RLM_MODULE_REJECT
diff --git a/roles/space_server/files/radius/freeradius-assha-3.0.15-1.fc26.x86_64.rpm b/roles/space_server/files/radius/freeradius-assha-3.0.15-1.fc26.x86_64.rpm
deleted file mode 100644
index 145191c..0000000
--- a/roles/space_server/files/radius/freeradius-assha-3.0.15-1.fc26.x86_64.rpm
+++ /dev/null
Binary files differ
diff --git a/roles/space_server/files/radius/freeradius-assha-3.0.15-3.fc27.x86_64.rpm b/roles/space_server/files/radius/freeradius-assha-3.0.15-3.fc27.x86_64.rpm
deleted file mode 100644
index d69ef22..0000000
--- a/roles/space_server/files/radius/freeradius-assha-3.0.15-3.fc27.x86_64.rpm
+++ /dev/null
Binary files differ
diff --git a/roles/space_server/files/radius/mods-available/python-assha b/roles/space_server/files/radius/mods-available/python-assha
new file mode 100644
index 0000000..fa48e01
--- /dev/null
+++ b/roles/space_server/files/radius/mods-available/python-assha
@@ -0,0 +1,17 @@
+python {
+ python_path="/usr/lib/python27.zip:/usr/lib64/python2.7:/usr/lib64/python2.7/plat-linux2:/usr/lib64/python2.7/lib-tk:/usr/lib64/python2.7/lib-old:/usr/lib64/python2.7/lib-dynload:/usr/lib64/python2.7/site-packages:/usr/lib/python2.7/site-packages:/etc/raddb/mods-config/python/"
+
+ module = assha
+
+ #mod_instantiate = ${.module}
+ #func_instantiate = instantiate
+
+ #mod_detach = ${.module}
+ #func_detach = instantiate
+
+ mod_authorize = ${.module}
+ func_authorize = authorize
+
+ mod_authenticate = ${.module}
+ func_authenticate = authenticate
+}
diff --git a/roles/space_server/files/radius/sites-available/labitat b/roles/space_server/files/radius/sites-available/labitat
index fcdbda7..6deb993 100644
--- a/roles/space_server/files/radius/sites-available/labitat
+++ b/roles/space_server/files/radius/sites-available/labitat
@@ -21,8 +21,6 @@ server labitat {
ok = return
}
- files
-
expiration
logintime
pap
@@ -40,7 +38,6 @@ server labitat {
preprocess
acct_unique
suffix
- files
}
accounting {
diff --git a/roles/space_server/files/radius/sites-available/labitat-inner b/roles/space_server/files/radius/sites-available/labitat-inner
index 94d5643..8c099fc 100644
--- a/roles/space_server/files/radius/sites-available/labitat-inner
+++ b/roles/space_server/files/radius/sites-available/labitat-inner
@@ -13,7 +13,7 @@ server labitat-inner {
ok = return
}
- files
+ python
expiration
logintime
pap
@@ -24,6 +24,7 @@ server labitat-inner {
pap
}
+ python
eap
}