refactoring

author: Maxim Devaev <[email protected]> 2022-03-27 03:50:11 +0300
committer: Maxim Devaev <[email protected]> 2022-03-27 03:50:11 +0300
commit: 6dc1b758b525581f1ee1caa0a013a1018b62915e (patch)
tree: 6738cae2ee41404591ef14818913ed1e92c6bb3f
parent: be5f57e03f1e6fb2a677f88bac5c432ab87aa80a (diff)
3 files changed, 64 insertions, 28 deletions
diff --git a/PKGBUILD b/PKGBUILD
index 81ade71e..85a28512 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -62,7 +62,7 @@ depends=(
 	python-xlib
 	python-hidapi
 	python-six
-	python-radius
+	python-pyrad
 	libgpiod
 	freetype2
 	"v4l-utils>=1.22.1-1"
diff --git a/kvmd/plugins/auth/radius.py b/kvmd/plugins/auth/radius.py
index 532dafa2..3283f40b 100644
--- a/kvmd/plugins/auth/radius.py
+++ b/kvmd/plugins/auth/radius.py
@@ -19,26 +19,55 @@
 #                                                                            #
 # ========================================================================== #
 
-#
-# For some reason this needs the two following files in /
-#  https://raw.githubusercontent.com/AndrewAubury/kvmd/master/kvmd/plugins/auth/radius.py
-#  https://github.com/pyradius/pyrad/raw/master/example/dictionary.freeradius
-#
+
+import io
+import textwrap
 
 from typing import Dict
 
+import pyrad.client
+import pyrad.packet
+import pyrad.dictionary
+
 from ...yamlconf import Option
 
-from ...validators.os import valid_abs_file
 from ...validators.net import valid_port
 from ...validators.net import valid_ip_or_host
 from ...validators.basic import valid_int_f1
 
+from ...logging import get_logger
+
+from ... import aiotools
+
 from . import BaseAuthService
 
-from pyrad.client import Client
-from pyrad.dictionary import Dictionary
-import pyrad.packet 
+
+# =====
+_FREERADUIS_DICT = textwrap.dedent("""
+    # https://github.com/pyradius/pyrad/raw/master/example/dictionary.freeradius
+
+    VENDOR			FreeRADIUS			11344
+    BEGIN-VENDOR	FreeRADIUS
+
+    ATTRIBUTE	FreeRADIUS-Statistics-Type		127	integer
+
+    VALUE	FreeRADIUS-Statistics-Type	None					0
+    VALUE	FreeRADIUS-Statistics-Type	Authentication			1
+    VALUE	FreeRADIUS-Statistics-Type	Accounting				2
+    VALUE	FreeRADIUS-Statistics-Type	Proxy-Authentication	4
+    VALUE	FreeRADIUS-Statistics-Type	Proxy-Accounting		8
+    VALUE	FreeRADIUS-Statistics-Type	Internal				0x10
+    VALUE	FreeRADIUS-Statistics-Type	Client					0x20
+    VALUE	FreeRADIUS-Statistics-Type	Server					0x40
+    VALUE	FreeRADIUS-Statistics-Type	Home-Server				0x80
+
+    VALUE	FreeRADIUS-Statistics-Type	Auth-Acct				0x03
+    VALUE	FreeRADIUS-Statistics-Type	Proxy-Auth-Acct			0x0c
+
+    VALUE	FreeRADIUS-Statistics-Type	All						0x1f
+
+    END-VENDOR FreeRADIUS
+""")
 
 
 # =====
@@ -48,37 +77,43 @@ class Plugin(BaseAuthService):
         host: str,
         port: int,
         secret: str,
-        user: str,
-        passwd: str,
-        timeout: int,
+        timeout: float,
     ) -> None:
 
         self.__host = host
         self.__port = port
         self.__secret = secret
-        self.__user = user
-        self.__passwd = passwd
         self.__timeout = timeout
 
     @classmethod
     def get_plugin_options(cls) -> Dict:
         return {
-            "host":     Option("localhost",type=valid_ip_or_host),
-            "port":  Option(1812,type=valid_port),
+            "host":    Option("localhost", type=valid_ip_or_host),
+            "port":    Option(1812, type=valid_port),
             "secret":  Option(""),
-            "user":    Option(""),
-            "passwd":  Option(""),
-            "timeout": Option(5,type=valid_int_f1),
+            "timeout": Option(5, type=valid_int_f1),
         }
 
     async def authorize(self, user: str, passwd: str) -> bool:
-        user = user.strip()
+        return (await aiotools.run_async(self.__inner_authorize, user, passwd))
+
+    def __inner_authorize(self, user: str, passwd: str) -> bool:
+        assert user == user.strip()
+        assert user
         try:
-            srv = Client(server=self.__host, secret=self.__secret.encode('ascii'), timeout=self.__timeout, dict=Dictionary("dictionary"))
-            req = srv.CreateAuthPacket(code=pyrad.packet.AccessRequest, User_Name=user)
-            req["User-Password"] = req.PwCrypt(passwd)
-            # send request
-            reply = srv.SendPacket(req)
-            return (reply.code == pyrad.packet.AccessAccept)
-        except:
+            with io.StringIO(_FREERADUIS_DICT) as dct_file:
+                dct = pyrad.dictionary.Dictionary(dct_file)
+            client = pyrad.client.Client(
+                server=self.__host,
+                authport=self.__port,
+                secret=self.__secret.encode("ascii"),
+                timeout=self.__timeout,
+                dict=dct,
+            )
+            request = client.CreateAuthPacket(code=pyrad.packet.AccessRequest, User_Name=user)
+            request["User-Password"] = request.PwCrypt(passwd)
+            response = client.SendPacket(request)
+            return (response.code == pyrad.packet.AccessAccept)
+        except Exception:
+            get_logger().exception("Failed RADIUS auth request for user %r", user)
             return False
diff --git a/testenv/requirements.txt b/testenv/requirements.txt
index 3d5e89d9..69085a65 100644
--- a/testenv/requirements.txt
+++ b/testenv/requirements.txt
@@ -1,4 +1,5 @@
 pyghmi
 spidev
+pyrad
 types-PyYAML
 types-aiofiles
author	Maxim Devaev <[email protected]>	2022-03-27 03:50:11 +0300
committer	Maxim Devaev <[email protected]>	2022-03-27 03:50:11 +0300
commit	6dc1b758b525581f1ee1caa0a013a1018b62915e (patch)
tree	6738cae2ee41404591ef14818913ed1e92c6bb3f
parent	be5f57e03f1e6fb2a677f88bac5c432ab87aa80a (diff)