def process_request(data, address, secret): error_message = None pkt = AuthPacket(packet=data, secret=secret, dict={}) reply_pkt = pkt.CreateReply() reply_pkt.code = AccessReject try: username = pkt.get(1)[0] try: password = pkt.PwDecrypt(pkt.get(2)[0]) except UnicodeDecodeError: logger.error( "Error decrypting password -- probably incorrect secret") reply_pkt.code = AccessReject return reply_pkt.ReplyPacket() auth_status = auth_with_foxpass(username, password) and two_factor(username) if auth_status: logger.info('Successful auth') reply_pkt.code = AccessAccept return reply_pkt.ReplyPacket() logger.info('Incorrect password') error_message = 'Incorrect password' except Exception as e: logger.exception(e) error_message = 'Unknown error' if error_message: reply_pkt.AddAttribute(18, error_message) return reply_pkt.ReplyPacket()
def process_request(data, address, secret): error_message = None pkt = AuthPacket(packet=data, secret=secret, dict={}) reply_pkt = pkt.CreateReply() reply_pkt.code = AccessReject try: username = pkt.get(1)[0] try: password = pkt.PwDecrypt(pkt.get(2)[0]) except UnicodeDecodeError: logger.error("Error decrypting password -- probably incorrect secret") reply_pkt.code = AccessReject return reply_pkt.ReplyPacket() auth_status = auth_with_foxpass(username, password) and two_factor(username) if auth_status: logger.info('Successful auth') reply_pkt.code = AccessAccept return reply_pkt.ReplyPacket() logger.info('Incorrect password') error_message = 'Incorrect password' except Exception as e: logger.exception(e) error_message = 'Unknown error' if error_message: reply_pkt.AddAttribute(18, error_message) return reply_pkt.ReplyPacket()
def HandleAuthPacket(self:server.Server, pkt:packet.AuthPacket): print(vars()) print("Auth request: ") print(pkt) reply = self.CreateReplyPacket(pkt, **{"Service-Type": "Framed-User", "Framed-IP-Address": pkt['Framed-IP-Address'][0]}) # type: packet.AuthPacket print(dir(reply)) reply.code = packet.AccessReject for attr in pkt.keys(): print("%s: %s" % (attr, pkt[attr])) if "User-Password" in pkt.keys(): print("Checking Password") print(pkt.secret) pkt.dict passwd = pkt.PwDecrypt(pkt.get(2)[0]) print(passwd) # Remove expired vouchers before authenticating GuestServer.removeExpiredVouchers() # Auth against current tokens print(list(map(lambda v: str(v), GuestServer.vouchers))) if GuestServer.vouchers and reduce(lambda a, b: a or b, map(lambda v: v.authenticate(passwd), GuestServer.vouchers)): print("Auth Success") reply.code = packet.AccessAccept else: print("Auth Failed") self.SendReplyPacket(pkt.fd, reply)
def process_request(data, address, secret): error_message = None pkt = AuthPacket(packet=data, secret=secret, dict=Dictionary(io.StringIO(DICTIONARY_DATA))) reply_pkt = pkt.CreateReply() reply_pkt.code = AccessReject try: # [0] is needed because pkt.get returns a list pkt_username = pkt.get('User-Name')[0] logger.info("Auth attempt for '%s'" % (pkt_username, )) try: password = pkt.get('Password') if not password: logger.error("No password field in request") reply_pkt.code = AccessReject return reply_pkt.ReplyPacket() # [0] is needed because pkt.get returns a list password = pkt.PwDecrypt(password[0]) except UnicodeDecodeError: logger.error( "Error decrypting password -- probably incorrect secret") reply_pkt.code = AccessReject return reply_pkt.ReplyPacket() (auth_status, username) = auth_with_foxpass(pkt_username, password) auth_status = auth_status and group_match(username) and two_factor( username) if auth_status: logger.info("Successful auth for '%s'" % (pkt_username, )) reply_pkt.code = AccessAccept return reply_pkt.ReplyPacket() logger.info("Authentication failed for '%s'" % (pkt_username, )) error_message = 'Authentication failed' except Exception as e: logger.exception(e) error_message = str(e) if error_message: reply_pkt.AddAttribute('Reply-Message', error_message) return reply_pkt.ReplyPacket()
def process_request(data, address, secret): error_message = None pkt = AuthPacket(packet=data, secret=secret, dict={}) reply_pkt = pkt.CreateReply() reply_pkt.code = AccessReject try: username = pkt.get(1)[0] logger.info("Auth attempt for '%s'" % (username,)) try: password = pkt.get(2) if not password: logger.error("No password field in request") reply_pkt.code = AccessReject return reply_pkt.ReplyPacket() password = pkt.PwDecrypt(password[0]) except UnicodeDecodeError: logger.error("Error decrypting password -- probably incorrect secret") reply_pkt.code = AccessReject return reply_pkt.ReplyPacket() auth_status = auth_with_foxpass(username, password) and group_match(username) and two_factor(username) if auth_status: logger.info("Successful auth for '%s'" % (username,)) reply_pkt.code = AccessAccept return reply_pkt.ReplyPacket() logger.info("Authentication failed for '%s'" % (username,)) error_message = 'Authentication failed' except Exception as e: logger.exception(e) error_message = str(e) if error_message: reply_pkt.AddAttribute(18, error_message) return reply_pkt.ReplyPacket()
def _create_reply(self, request_packet: packet.AuthPacket, success: bool) -> AuthResult: """ Creates an AuthResult as a reply the given request_packet Args: request_packet: The request to create a reply to success: True if the reply should have code AccessAccept, false for AccessReject """ pass_through_attrs = copy.copy(self.pass_through_radius_attrs) reply = request_packet.CreateReply() reply.code = packet.AccessAccept if success else packet.AccessReject reply.authenticator = request_packet.authenticator reply.AddAttribute("Reply-Message", "Hello") # If it's an MS-CHAPv2 request, add the MS-MPPE-Send-Key and MS-MPPE-Recv-Key if ("MS-CHAP-Challenge" in request_packet or "MS-CHAP2-Response" in request_packet): mppe.add_mppe( reply, self.ms_mppe_send_key, self.ms_mppe_recv_key, self.secret.encode(), request_packet.authenticator, ) # Include error info in response, if it's MS-CHAP2 and an error if not success and self.chap_challenge: pass_through_attrs["MS-CHAP-Error"] = [b"\x00E=691 R=0 V=3"] if request_packet.get("MS-CHAP2-Response") == [ self.chap2_response_expired.encode() ]: pass_through_attrs["MS-CHAP-Error"] = [b"\x00E=648 R=0 V=3"] add_packet_attributes(reply, pass_through_attrs) # Wrap the reply in an AuthResult pass_through_attr_names = (list(pass_through_attrs.keys()) + MS_CHAP2_RESPONSE_ATTRS) auth_result = AuthResult.from_radius_packet(reply, pass_through_attr_names) return auth_result