From 2441baf2870a296ccd77b5e903ffa450a0418b9b Mon Sep 17 00:00:00 2001 From: Emil Renner Berthing Date: Sat, 27 Oct 2018 22:41:40 +0200 Subject: space_server: radius: use python for ASSHA auth ..rather than our own patched radiusd --- roles/space_server/files/radius/assha.py | 50 ++++++++++++++++++++++++++++++++ 1 file changed, 50 insertions(+) create mode 100755 roles/space_server/files/radius/assha.py (limited to 'roles/space_server/files/radius/assha.py') diff --git a/roles/space_server/files/radius/assha.py b/roles/space_server/files/radius/assha.py new file mode 100755 index 0000000..e34c382 --- /dev/null +++ b/roles/space_server/files/radius/assha.py @@ -0,0 +1,50 @@ +#!/usr/bin/env python + +import radiusd +import hashlib +import re + +USERS = '/etc/raddb/mods-config/files/authorize' +REXP = re.compile('^([^ ]+) ASSHA-Password := "(.*)"$') + +def authorize(p): + #radiusd.radlog(radiusd.L_INFO, '*** radlog call in authorize ***') + reply = ( ('Reply-Message', 'Welcome to Labitat!'), ) + config = ( ('Auth-Type', 'python'), ) + return (radiusd.RLM_MODULE_OK, reply, config) + +def load_users(): + users = {} + with open(USERS) as fp: + for line in fp: + match = REXP.match(line) + if match: + users[match.group(1)] = match.group(2) + + return users + +def check_pwd(user, pw): + users = load_users() + if user not in users: + return False + assha = users[user] + crypted = assha[:40] + salt = assha[40:] + h = hashlib.sha1('--%s--%s--' % (salt, pw)).hexdigest() + return h == crypted + +def authenticate(p): + #radiusd.radlog(radiusd.L_INFO, '*** radlog call in authenticate *** ') + user = None + pw = None + for (attr, value) in p: + if attr == 'User-Name': + user = value + if attr == 'User-Password': + pw = value + + # check password + if user != None and pw != None and check_pwd(user, pw): + return radiusd.RLM_MODULE_OK + + return radiusd.RLM_MODULE_REJECT -- cgit v1.2.1