summaryrefslogtreecommitdiff
path: root/kvmd
diff options
context:
space:
mode:
Diffstat (limited to 'kvmd')
-rw-r--r--kvmd/plugins/auth/radius.py89
1 files changed, 62 insertions, 27 deletions
diff --git a/kvmd/plugins/auth/radius.py b/kvmd/plugins/auth/radius.py
index 532dafa2..3283f40b 100644
--- a/kvmd/plugins/auth/radius.py
+++ b/kvmd/plugins/auth/radius.py
@@ -19,26 +19,55 @@
# #
# ========================================================================== #
-#
-# For some reason this needs the two following files in /
-# https://raw.githubusercontent.com/AndrewAubury/kvmd/master/kvmd/plugins/auth/radius.py
-# https://github.com/pyradius/pyrad/raw/master/example/dictionary.freeradius
-#
+
+import io
+import textwrap
from typing import Dict
+import pyrad.client
+import pyrad.packet
+import pyrad.dictionary
+
from ...yamlconf import Option
-from ...validators.os import valid_abs_file
from ...validators.net import valid_port
from ...validators.net import valid_ip_or_host
from ...validators.basic import valid_int_f1
+from ...logging import get_logger
+
+from ... import aiotools
+
from . import BaseAuthService
-from pyrad.client import Client
-from pyrad.dictionary import Dictionary
-import pyrad.packet
+
+# =====
+_FREERADUIS_DICT = textwrap.dedent("""
+ # https://github.com/pyradius/pyrad/raw/master/example/dictionary.freeradius
+
+ VENDOR FreeRADIUS 11344
+ BEGIN-VENDOR FreeRADIUS
+
+ ATTRIBUTE FreeRADIUS-Statistics-Type 127 integer
+
+ VALUE FreeRADIUS-Statistics-Type None 0
+ VALUE FreeRADIUS-Statistics-Type Authentication 1
+ VALUE FreeRADIUS-Statistics-Type Accounting 2
+ VALUE FreeRADIUS-Statistics-Type Proxy-Authentication 4
+ VALUE FreeRADIUS-Statistics-Type Proxy-Accounting 8
+ VALUE FreeRADIUS-Statistics-Type Internal 0x10
+ VALUE FreeRADIUS-Statistics-Type Client 0x20
+ VALUE FreeRADIUS-Statistics-Type Server 0x40
+ VALUE FreeRADIUS-Statistics-Type Home-Server 0x80
+
+ VALUE FreeRADIUS-Statistics-Type Auth-Acct 0x03
+ VALUE FreeRADIUS-Statistics-Type Proxy-Auth-Acct 0x0c
+
+ VALUE FreeRADIUS-Statistics-Type All 0x1f
+
+ END-VENDOR FreeRADIUS
+""")
# =====
@@ -48,37 +77,43 @@ class Plugin(BaseAuthService):
host: str,
port: int,
secret: str,
- user: str,
- passwd: str,
- timeout: int,
+ timeout: float,
) -> None:
self.__host = host
self.__port = port
self.__secret = secret
- self.__user = user
- self.__passwd = passwd
self.__timeout = timeout
@classmethod
def get_plugin_options(cls) -> Dict:
return {
- "host": Option("localhost",type=valid_ip_or_host),
- "port": Option(1812,type=valid_port),
+ "host": Option("localhost", type=valid_ip_or_host),
+ "port": Option(1812, type=valid_port),
"secret": Option(""),
- "user": Option(""),
- "passwd": Option(""),
- "timeout": Option(5,type=valid_int_f1),
+ "timeout": Option(5, type=valid_int_f1),
}
async def authorize(self, user: str, passwd: str) -> bool:
- user = user.strip()
+ return (await aiotools.run_async(self.__inner_authorize, user, passwd))
+
+ def __inner_authorize(self, user: str, passwd: str) -> bool:
+ assert user == user.strip()
+ assert user
try:
- srv = Client(server=self.__host, secret=self.__secret.encode('ascii'), timeout=self.__timeout, dict=Dictionary("dictionary"))
- req = srv.CreateAuthPacket(code=pyrad.packet.AccessRequest, User_Name=user)
- req["User-Password"] = req.PwCrypt(passwd)
- # send request
- reply = srv.SendPacket(req)
- return (reply.code == pyrad.packet.AccessAccept)
- except:
+ with io.StringIO(_FREERADUIS_DICT) as dct_file:
+ dct = pyrad.dictionary.Dictionary(dct_file)
+ client = pyrad.client.Client(
+ server=self.__host,
+ authport=self.__port,
+ secret=self.__secret.encode("ascii"),
+ timeout=self.__timeout,
+ dict=dct,
+ )
+ request = client.CreateAuthPacket(code=pyrad.packet.AccessRequest, User_Name=user)
+ request["User-Password"] = request.PwCrypt(passwd)
+ response = client.SendPacket(request)
+ return (response.code == pyrad.packet.AccessAccept)
+ except Exception:
+ get_logger().exception("Failed RADIUS auth request for user %r", user)
return False