diff options
Diffstat (limited to 'roles/space_server/files')
| -rwxr-xr-x | roles/space_server/files/radius/assha.py | 50 | ||||
| -rw-r--r-- | roles/space_server/files/radius/freeradius-assha-3.0.15-1.fc26.x86_64.rpm | bin | 1112554 -> 0 bytes | |||
| -rw-r--r-- | roles/space_server/files/radius/freeradius-assha-3.0.15-3.fc27.x86_64.rpm | bin | 1140764 -> 0 bytes | |||
| -rw-r--r-- | roles/space_server/files/radius/mods-available/python-assha | 17 | ||||
| -rw-r--r-- | roles/space_server/files/radius/sites-available/labitat | 3 | ||||
| -rw-r--r-- | roles/space_server/files/radius/sites-available/labitat-inner | 3 | 
6 files changed, 69 insertions, 4 deletions
| diff --git a/roles/space_server/files/radius/assha.py b/roles/space_server/files/radius/assha.py new file mode 100755 index 0000000..e34c382 --- /dev/null +++ b/roles/space_server/files/radius/assha.py @@ -0,0 +1,50 @@ +#!/usr/bin/env python + +import radiusd +import hashlib +import re + +USERS = '/etc/raddb/mods-config/files/authorize' +REXP = re.compile('^([^ ]+) ASSHA-Password := "(.*)"$') + +def authorize(p): +    #radiusd.radlog(radiusd.L_INFO, '*** radlog call in authorize ***') +    reply = ( ('Reply-Message', 'Welcome to Labitat!'), ) +    config = ( ('Auth-Type', 'python'), ) +    return (radiusd.RLM_MODULE_OK, reply, config) + +def load_users(): +    users = {} +    with open(USERS) as fp: +        for line in fp: +            match = REXP.match(line) +            if match: +                users[match.group(1)] = match.group(2) + +    return users + +def check_pwd(user, pw): +    users = load_users() +    if user not in users: +        return False +    assha = users[user] +    crypted = assha[:40] +    salt = assha[40:] +    h = hashlib.sha1('--%s--%s--' % (salt, pw)).hexdigest() +    return h == crypted + +def authenticate(p): +    #radiusd.radlog(radiusd.L_INFO, '*** radlog call in authenticate *** ') +    user = None +    pw = None +    for (attr, value) in p: +        if attr == 'User-Name': +            user = value +        if attr == 'User-Password': +            pw = value + +    # check password +    if user != None and pw != None and check_pwd(user, pw): +        return radiusd.RLM_MODULE_OK + +    return radiusd.RLM_MODULE_REJECT diff --git a/roles/space_server/files/radius/freeradius-assha-3.0.15-1.fc26.x86_64.rpm b/roles/space_server/files/radius/freeradius-assha-3.0.15-1.fc26.x86_64.rpmBinary files differ deleted file mode 100644 index 145191c..0000000 --- a/roles/space_server/files/radius/freeradius-assha-3.0.15-1.fc26.x86_64.rpm +++ /dev/null diff --git a/roles/space_server/files/radius/freeradius-assha-3.0.15-3.fc27.x86_64.rpm b/roles/space_server/files/radius/freeradius-assha-3.0.15-3.fc27.x86_64.rpmBinary files differ deleted file mode 100644 index d69ef22..0000000 --- a/roles/space_server/files/radius/freeradius-assha-3.0.15-3.fc27.x86_64.rpm +++ /dev/null diff --git a/roles/space_server/files/radius/mods-available/python-assha b/roles/space_server/files/radius/mods-available/python-assha new file mode 100644 index 0000000..fa48e01 --- /dev/null +++ b/roles/space_server/files/radius/mods-available/python-assha @@ -0,0 +1,17 @@ +python { +	python_path="/usr/lib/python27.zip:/usr/lib64/python2.7:/usr/lib64/python2.7/plat-linux2:/usr/lib64/python2.7/lib-tk:/usr/lib64/python2.7/lib-old:/usr/lib64/python2.7/lib-dynload:/usr/lib64/python2.7/site-packages:/usr/lib/python2.7/site-packages:/etc/raddb/mods-config/python/" + +	module = assha + +	#mod_instantiate = ${.module} +	#func_instantiate = instantiate + +	#mod_detach = ${.module} +	#func_detach = instantiate + +	mod_authorize = ${.module} +	func_authorize = authorize + +	mod_authenticate = ${.module} +	func_authenticate = authenticate +} diff --git a/roles/space_server/files/radius/sites-available/labitat b/roles/space_server/files/radius/sites-available/labitat index fcdbda7..6deb993 100644 --- a/roles/space_server/files/radius/sites-available/labitat +++ b/roles/space_server/files/radius/sites-available/labitat @@ -21,8 +21,6 @@ server labitat {  			ok = return  		} -		files -  		expiration  		logintime  		pap @@ -40,7 +38,6 @@ server labitat {  		preprocess  		acct_unique  		suffix -		files  	}  	accounting { diff --git a/roles/space_server/files/radius/sites-available/labitat-inner b/roles/space_server/files/radius/sites-available/labitat-inner index 94d5643..8c099fc 100644 --- a/roles/space_server/files/radius/sites-available/labitat-inner +++ b/roles/space_server/files/radius/sites-available/labitat-inner @@ -13,7 +13,7 @@ server labitat-inner {  			ok = return  		} -		files +		python  		expiration  		logintime  		pap @@ -24,6 +24,7 @@ server labitat-inner {  			pap  		} +		python  		eap  	} | 
