Python is_valid_ip Examples

Example #1

File: radius_server.py Project: slayer/duoauthproxy-freebsd

def validate_radius_server_config(config):
    """
    Check the configuration of a radius_server module:
      Make sure required keys are present (ikey, skey or skey_protected, api_host, radius_ip_1, radius_secret_1)
      All radius_ip entries are valid IPs.

    Args:
        config: the ConfigDict for the module

    Returns:
        ConfigCheckResult with any config problems

    """
    problems = []

    for required_key in ['ikey', 'api_host']:
        if required_key not in config:
            problems.append(MissingConfigKeyProblem(required_key))

    if not ('skey' in config or 'skey_protected' in config):
        problems.append(MissingConfigKeyProblem('skey / skey_protected'))

    for radius_ip_key in [x for x in config.keys() if x.lower().startswith('radius_ip')]:
        radius_ip_value = config[radius_ip_key]
        if not ip_util.is_valid_ip(radius_ip_value):
            problems.append(InvalidConfigKeyProblem(radius_ip_key, radius_ip_value))

    return ConfigCheckResult(problems)

Example #2

File: duo_server.py Project: slayer/duoauthproxy-freebsd

    def duo_auth_only(self, request, factor):
        """
        duo_auth and return its result.  On failure, generate an appropriate
        response based on the configured failmode.
        """
        try:
            client_ip = request.client_ip
            if not ip_util.is_valid_ip(client_ip):
                client_ip = None
            auth_res = yield self.client.auth(request.username, factor,
                                              client_ip)
        except duo_async.DuoAPIError as e:
            log.err(None, 'Duo auth call failed')
            if duo_async.should_server_fail_open(self.failmode, e.fail_open):
                msg = duo_async.get_fail_open_msg()
                self.log_request(request, msg)
                log.auth_standard(msg=msg,
                                  username=request.username,
                                  auth_stage=log.AUTH_SECONDARY,
                                  status=log.AUTH_ALLOW,
                                  client_ip=request.client_ip,
                                  server_section=self.server_section_name,
                                  server_section_ikey=self.server_section_ikey)
                ret = {'result': duo_async.API_RESULT_ALLOW, 'status': msg}
                defer.returnValue(ret)
            else:
                msg = duo_async.FAILMODE_SECURE_MSG
                self.log_request(request, msg)
                log.auth_standard(msg=msg,
                                  username=request.username,
                                  auth_stage=log.AUTH_SECONDARY,
                                  status=log.AUTH_ERROR,
                                  client_ip=request.client_ip,
                                  server_section=self.server_section_name,
                                  server_section_ikey=self.server_section_ikey)
                ret = {'result': duo_async.API_RESULT_DENY, 'status': msg}
                defer.returnValue(ret)

        if auth_res['result'] == duo_async.API_RESULT_ALLOW:
            log.auth_standard(msg=auth_res['status'],
                              username=request.username,
                              auth_stage=log.AUTH_SECONDARY,
                              status=log.AUTH_ALLOW,
                              client_ip=request.client_ip,
                              server_section=self.server_section_name,
                              server_section_ikey=self.server_section_ikey)
        else:
            log.auth_standard(msg=auth_res['status'],
                              username=request.username,
                              auth_stage=log.AUTH_SECONDARY,
                              status=log.AUTH_REJECT,
                              client_ip=request.client_ip,
                              server_section=self.server_section_name,
                              server_section_ikey=self.server_section_ikey)

        defer.returnValue(auth_res)

Example #3

File: config_toolbox.py Project: slayer/duoauthproxy-freebsd

 def test_ip_range(self, config, ip_range_key):
     """ Test that a value is an IP range in 1 of 4 formats
     Args:
         config (ConfigDict): the section config to test
         ip_range_key (str): Formats are single, range, cidr, and IP/netmask
     Returns:
     bool
     """
     ip = config.get(ip_range_key)
     return all(ip_util.is_valid_ip(ip) for ip in util.parse_delimited_set(ip))

Example #4

File: config_toolbox.py Project: slayer/duoauthproxy-freebsd

    def test_is_valid_ip(self, config, ip_key):
        """
        Check the validity of an ip address in the config

        Args:
            config (ConfigDict): the section config to check
            ip_key(str): key to an ip range. Formats are single, range, cidr, and IP/netmask

        Returns:
            Bool: whether or not the ip range is well formatted
        """
        ip_range = config.get(ip_key)
        return ip_util.is_valid_ip(ip_range)

Example #5

File: http_proxy.py Project: slayer/duoauthproxy-freebsd

def get_allowed_ip_networks(config):
    """
    Determine the list of allowed IP Networks from the given configuration, where there may be a 'client_ip' section
    with a comma-separated list, each item being either
        A single IP address
        An IP address range
        A CIDR-style IP range

    Args:
        config (ConfigDict): the section config

    Returns:
        [IPNetwork]: The allowed IP Networks from the config
    """
    client_ips = []

    for ip_string in util.parse_delimited_set(config.get_str("client_ip", "")):
        if ip_util.is_valid_ip(ip_string):
            client_ips.extend(ip_util.get_ip_networks(ip_string))

    return client_ips

Example #6

def validate_http_proxy_config(config):
    """
    Validate an 'http_proxy' configuration, checking that
    1) All required values are present (currently only 'api_host' is required)
    2) Any IPs provided in 'client_ip' are valid

    Args:
        config: A ConfigDict for an http_proxy module

    Returns:
        ConfigCheckResult with any config problems
    """

    problems = []

    if "api_host" not in config:
        problems.append(MissingConfigKeyProblem("api_host"))

    for client_ip in util.parse_delimited_set(config.get_str("client_ip", "")):
        is_valid = ip_util.is_valid_ip(client_ip)
        if not is_valid:
            problems.append(InvalidConfigKeyProblem("client_ip", client_ip))

    return ConfigCheckResult(problems)