def process_request(data, address, secret): error_message = None pkt = AuthPacket(packet=data, secret=secret, dict={}) reply_pkt = pkt.CreateReply() reply_pkt.code = AccessReject try: username = pkt.get(1)[0] try: password = pkt.PwDecrypt(pkt.get(2)[0]) except UnicodeDecodeError: logger.error( "Error decrypting password -- probably incorrect secret") reply_pkt.code = AccessReject return reply_pkt.ReplyPacket() auth_status = auth_with_foxpass(username, password) and two_factor(username) if auth_status: logger.info('Successful auth') reply_pkt.code = AccessAccept return reply_pkt.ReplyPacket() logger.info('Incorrect password') error_message = 'Incorrect password' except Exception as e: logger.exception(e) error_message = 'Unknown error' if error_message: reply_pkt.AddAttribute(18, error_message) return reply_pkt.ReplyPacket()
def process_request(data, address, secret): error_message = None pkt = AuthPacket(packet=data, secret=secret, dict=Dictionary(io.StringIO(DICTIONARY_DATA))) reply_pkt = pkt.CreateReply() reply_pkt.code = AccessReject try: # [0] is needed because pkt.get returns a list pkt_username = pkt.get('User-Name')[0] logger.info("Auth attempt for '%s'" % (pkt_username, )) try: password = pkt.get('Password') if not password: logger.error("No password field in request") reply_pkt.code = AccessReject return reply_pkt.ReplyPacket() # [0] is needed because pkt.get returns a list password = pkt.PwDecrypt(password[0]) except UnicodeDecodeError: logger.error( "Error decrypting password -- probably incorrect secret") reply_pkt.code = AccessReject return reply_pkt.ReplyPacket() (auth_status, username) = auth_with_foxpass(pkt_username, password) auth_status = auth_status and group_match(username) and two_factor( username) if auth_status: logger.info("Successful auth for '%s'" % (pkt_username, )) reply_pkt.code = AccessAccept return reply_pkt.ReplyPacket() logger.info("Authentication failed for '%s'" % (pkt_username, )) error_message = 'Authentication failed' except Exception as e: logger.exception(e) error_message = str(e) if error_message: reply_pkt.AddAttribute('Reply-Message', error_message) return reply_pkt.ReplyPacket()
def _create_reply(self, request_packet: packet.AuthPacket, success: bool) -> AuthResult: """ Creates an AuthResult as a reply the given request_packet Args: request_packet: The request to create a reply to success: True if the reply should have code AccessAccept, false for AccessReject """ pass_through_attrs = copy.copy(self.pass_through_radius_attrs) reply = request_packet.CreateReply() reply.code = packet.AccessAccept if success else packet.AccessReject reply.authenticator = request_packet.authenticator reply.AddAttribute("Reply-Message", "Hello") # If it's an MS-CHAPv2 request, add the MS-MPPE-Send-Key and MS-MPPE-Recv-Key if ("MS-CHAP-Challenge" in request_packet or "MS-CHAP2-Response" in request_packet): mppe.add_mppe( reply, self.ms_mppe_send_key, self.ms_mppe_recv_key, self.secret.encode(), request_packet.authenticator, ) # Include error info in response, if it's MS-CHAP2 and an error if not success and self.chap_challenge: pass_through_attrs["MS-CHAP-Error"] = [b"\x00E=691 R=0 V=3"] if request_packet.get("MS-CHAP2-Response") == [ self.chap2_response_expired.encode() ]: pass_through_attrs["MS-CHAP-Error"] = [b"\x00E=648 R=0 V=3"] add_packet_attributes(reply, pass_through_attrs) # Wrap the reply in an AuthResult pass_through_attr_names = (list(pass_through_attrs.keys()) + MS_CHAP2_RESPONSE_ATTRS) auth_result = AuthResult.from_radius_packet(reply, pass_through_attr_names) return auth_result