summaryrefslogtreecommitdiff
path: root/kvmd/plugins/auth/radiussrv.py
diff options
context:
space:
mode:
authorAndrew Aubury <[email protected]>2022-03-26 23:57:57 +0000
committerGitHub <[email protected]>2022-03-27 02:57:57 +0300
commit346c9f753d4dfe2c5cdba5b5aa3c9b9bc4529d89 (patch)
tree2d459eda9a8ed80b1c5f3ea17ad4159f4838ef88 /kvmd/plugins/auth/radiussrv.py
parentb3844f24da37ce80b931a2b74e9ab747df18a090 (diff)
Add radius authentication support (#83)
Diffstat (limited to 'kvmd/plugins/auth/radiussrv.py')
-rw-r--r--kvmd/plugins/auth/radiussrv.py83
1 files changed, 83 insertions, 0 deletions
diff --git a/kvmd/plugins/auth/radiussrv.py b/kvmd/plugins/auth/radiussrv.py
new file mode 100644
index 00000000..1c2326bb
--- /dev/null
+++ b/kvmd/plugins/auth/radiussrv.py
@@ -0,0 +1,83 @@
+# ========================================================================== #
+# #
+# KVMD - The main PiKVM daemon. #
+# #
+# Copyright (C) 2018-2022 Maxim Devaev <[email protected]> #
+# #
+# This program is free software: you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation, either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# This program is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with this program. If not, see <https://www.gnu.org/licenses/>. #
+# #
+# ========================================================================== #
+
+#
+# For some reason this needs the two following files in /
+# https://raw.githubusercontent.com/AndrewAubury/kvmd/master/kvmd/plugins/auth/radius.py
+# https://github.com/pyradius/pyrad/raw/master/example/dictionary.freeradius
+#
+
+from typing import Dict
+
+from ...yamlconf import Option
+
+from ...validators.os import valid_abs_file
+from ...validators.net import valid_port
+from ...validators.net import valid_ip_or_host
+from ...validators.basic import valid_int_f1
+
+from . import BaseAuthService
+
+from pyrad.client import Client
+from pyrad.dictionary import Dictionary
+import pyrad.packet
+
+# =====
+class Plugin(BaseAuthService):
+ def __init__( # pylint: disable=super-init-not-called
+ self,
+ host: str,
+ port: int,
+ secret: str,
+ user: str,
+ passwd: str,
+ timeout: int,
+ ) -> None:
+
+ self.__host = host
+ self.__port = port
+ self.__secret = secret
+ self.__user = user
+ self.__passwd = passwd
+ self.__timeout = timeout
+
+ @classmethod
+ def get_plugin_options(cls) -> Dict:
+ return {
+ "host": Option("localhost",type=valid_ip_or_host),
+ "port": Option(1812,type=valid_port),
+ "secret": Option(""),
+ "user": Option(""),
+ "passwd": Option(""),
+ "timeout": Option(5,type=valid_int_f1),
+ }
+
+ async def authorize(self, user: str, passwd: str) -> bool:
+ user = user.strip()
+ try:
+ srv = Client(server=self.__host, secret=self.__secret.encode('ascii'), timeout=self.__timeout, dict=Dictionary("dictionary"))
+ req = srv.CreateAuthPacket(code=pyrad.packet.AccessRequest, User_Name=user)
+ req["User-Password"] = req.PwCrypt(passwd)
+ # send request
+ reply = srv.SendPacket(req)
+ return (reply.code == pyrad.packet.AccessAccept)
+ except:
+ return False