def test_challenge(self):
"""Test sending a message and receiving an challenge reply."""
def _reply_to_client():
"""Thread to act as server."""
data, addr = self.sock.recvfrom(radius.PACKET_MAX)
m1 = radius.Message.unpack(TEST_SECRET, data)
m2 = create_reply(m1,
radius.CODE_ACCESS_CHALLENGE,
attributes={
'Reply-Message': b'Message one',
'State': b'Indiana',
})
self.sock.sendto(m2.pack(), addr)
t = threading.Thread(target=_reply_to_client)
t.daemon = True
t.start()
r = radius.Radius(TEST_SECRET, host='localhost', port=self.port)
try:
r.authenticate('username', 'password')
except radius.ChallengeResponse as e:
self.assertEqual(1, len(e.messages))
self.assertEqual([b'Message one'], e.messages)
self.assertEqual(b'Indiana', e.state)
else:
self.fail('ChallengeResponse not raised')
def post(self):
password_form = forms.ChangePasswordForm()
username = request.form.get('username')
password = request.form.get('password')
confirm_pwd = request.form.get('confirm')
code = request.form.get('code')
google_auth = configs.get_configs('google_auth')
if not username:
# TODO: Check username syntax.
return "Username incorrect"
elif not password or not confirm_pwd:
return "Password cannot left blank"
elif not code:
return "Google Authenticator Code not found"
elif password != confirm_pwd:
return "Password not match"
r = radius.Radius(google_auth['secret'], google_auth['host'])
if r.authenticate(username, code):
if not ldap.list_users(user=username):
return "User Not Exist"
ldap.change_passwd(username=username,
password=password.encode('utf-8'))
return "Reset Password Success"
return "Identify Authentication Failed"
def test_invalid_proto(self):
"""Test that exception is raised if specifying an invalid protocol"""
r = radius.Radius(TEST_SECRET,
host='localhost',
port=self.tcp_port,
proto="invalid_proto")
self.assertRaises(radius.RadiusException, r.connect)
def test_connect(self):
"""Test connecting."""
r = radius.Radius(TEST_SECRET, host='localhost', port=self.port)
with r.connect() as c:
c.send(b'hello?')
self.assertEqual(b'hello?', self.sock.recv(32))
def __checkRAD(self):
r = radius.Radius(RAD_SECRET, host='127.0.0.1', port=1812)
try:
if r.authenticate(RAD_USER, RAD_PASS):
LOG.info("Authentication successful!")
return 'Success'
else:
LOG.error("RADIUS is UP but cannot authenticate!!!")
return 'Failure'
except radius.SocketError as e:
LOG.error("Cannot connect to RADIUS: "+ str(e) )
return 'Failure'
def check_radius(mac, address, server, secret):
r = radius.Radius(secret, host=server)
attrs = {'Framed-IP-Address': binascii.unhexlify(address)}
try:
if r.authenticate(mac, mac, attributes=attrs):
return 'True'
else:
return 'False'
except:
return 'Error'
def test_success(self):
"""Test sending a message and receiving an accept reply."""
def _reply_to_client():
"""Thread to act as server."""
data, addr = self.sock.recvfrom(radius.PACKET_MAX)
m1 = radius.Message.unpack(TEST_SECRET, data)
m2 = create_reply(m1, radius.CODE_ACCESS_ACCEPT)
self.sock.sendto(m2.pack(), addr)
self.startServer(_reply_to_client)
r = radius.Radius(TEST_SECRET, host='localhost', port=self.port)
self.assertTrue(r.authenticate('username', 'password'))
def success(self, bind):
"""Generic test sending a message and receiving an accept reply."""
def handler(sock):
"""Thread to act as server."""
data, addr = sock.recvfrom(radius.PACKET_MAX)
m1 = radius.Message.unpack(TEST_SECRET, data)
m2 = create_reply(m1, radius.CODE_ACCESS_ACCEPT)
sock.sendto(m2.pack(), addr)
with start_server(handler, bind) as addr:
host, port = addr
r = radius.Radius(TEST_SECRET, host=host, port=port)
self.assertTrue(r.authenticate('username', 'password'))
def test_un_pack(self):
"""Test packing and unpacking messages."""
m = radius.Radius(TEST_SECRET).access_request_message(b'foo', u'bar')
d = m.pack()
self.assertEqual(43, len(d))
u = radius.Message.unpack(TEST_SECRET, d)
self.assertEqual(radius.CODE_ACCESS_REQUEST, u.code)
self.assertEqual(m.id, u.id)
self.assertEqual(m.authenticator, u.authenticator)
# Extra data should not prevent unpacking.
radius.Message.unpack(TEST_SECRET, d + b'0')
def test_failure(self):
"""Test sending a message and receiving a reject reply."""
def _reply_to_client():
"""Thread to act as server."""
data, addr = self.sock.recvfrom(radius.PACKET_MAX)
m1 = radius.Message.unpack(TEST_SECRET, data)
m2 = create_reply(m1)
self.sock.sendto(m2.pack(), addr)
t = threading.Thread(target=_reply_to_client)
t.daemon = True
t.start()
r = radius.Radius(TEST_SECRET, host='localhost', port=self.port)
self.assertFalse(r.authenticate('username', 'password'))
def test_connect_tcp(self):
"""Test connecting via tcp."""
def _reply_to_client():
conn, addr = self.tcp_sock.accept()
self.tcp_received_data = conn.recv(32)
conn.send(b'bye')
self.startServer(_reply_to_client)
r = radius.Radius(TEST_SECRET,
host='localhost',
port=self.tcp_port,
proto=radius.TCP)
with r.connect() as c:
c.send(b'hello?')
self.assertEventually(lambda: b'hello?' == self.tcp_received_data)
def test_verify(self):
"""Test response verification."""
m1 = radius.Radius(TEST_SECRET).access_request_message(b'foo', b'bar')
m2 = create_reply(m1)
# Verify should now succeed.
m2 = m1.verify(m2.pack())
self.assertIsInstance(m2, radius.Message)
# Should fail with incrrect id
m2.id += 1
with self.assertRaises(AssertionError):
m1.verify(m2.pack())
# Should fail with incorrect authenticator.
m2.authenticator = b'0' * 16
with self.assertRaises(AssertionError):
m1.verify(m2.pack())
def test_success_over_tcp(self):
"""Test sending a message and receiving an accept reply via tcp."""
def _reply_to_client():
"""Thread to act as server."""
conn, addr = self.tcp_sock.accept()
data = conn.recv(radius.PACKET_MAX)
m1 = radius.Message.unpack(TEST_SECRET, data)
m2 = create_reply(m1, radius.CODE_ACCESS_ACCEPT)
conn.send(m2.pack())
conn.close()
self.startServer(_reply_to_client)
r = radius.Radius(TEST_SECRET,
host='localhost',
port=self.tcp_port,
proto=radius.TCP)
self.assertTrue(r.authenticate('username', 'password'))
def authenticateUser():
"""
Authenticates the user using a RADIUS protocol
:return: Success/Failure
"""
# UPRM Radius server connection
r = radius.Radius('whitestone', host='radius.uprm.edu', port=1812)
if request.method == 'POST':
try:
if r.authenticate(request.json.get('email'), request.json.get('password')):
return "Success"
else:
return "Failure"
except NameError:
return "Failure"
except TypeError:
return "Failure"
except:
return "Failure"
def check_username_and_password_by_radius(username, password, request):
# ACD++ в этой функции выполняется проверка через RADIUS
if settings.RADIUS_DISABLE:
return True
try:
r = radius.Radius(settings.RADIUS_SECRET,
host=settings.RADIUS_HOST,
port=settings.RADIUS_PORT)
return r.authenticate(username, password)
pass
except Exception as e:
ErrorAuthList(date=timezone.now(),
login=username,
ip=request.META.get('HTTP_X_FORWARDED_FOR',
request.META.get('REMOTE_ADDR', '')),
text='Ошибка проверки авторизации: %s' %
e.__class__).save()
pass
return False
def challenge_empty(self, bind):
"""Generic test sending a message and receiving an challenge reply."""
def handler(sock):
"""Thread to act as server."""
data, addr = sock.recvfrom(radius.PACKET_MAX)
m1 = radius.Message.unpack(TEST_SECRET, data)
m2 = create_reply(m1, radius.CODE_ACCESS_CHALLENGE)
sock.sendto(m2.pack(), addr)
with start_server(handler, bind) as addr:
host, port = addr
r = radius.Radius(TEST_SECRET, host=host, port=port)
try:
r.authenticate('username', 'password')
except radius.ChallengeResponse as e:
self.assertEqual([], e.messages)
self.assertIsNone(e.state)
self.assertIsNone(e.prompt)
else:
self.fail('ChallengeResponse not raised')
def test_challenge_empty(self):
"""Test sending a message and receiving an challenge reply."""
def _reply_to_client():
"""Thread to act as server."""
data, addr = self.sock.recvfrom(radius.PACKET_MAX)
m1 = radius.Message.unpack(TEST_SECRET, data)
m2 = create_reply(m1, radius.CODE_ACCESS_CHALLENGE)
self.sock.sendto(m2.pack(), addr)
self.startServer(_reply_to_client)
r = radius.Radius(TEST_SECRET, host='localhost', port=self.port)
try:
r.authenticate('username', 'password')
except radius.ChallengeResponse as e:
self.assertEqual([], e.messages)
self.assertIsNone(e.state)
self.assertIsNone(e.prompt)
else:
self.fail('ChallengeResponse not raised')
def challenge(self, bind):
"""Generic test sending a message and receiving an challenge reply."""
def handler(sock):
"""Thread to act as server."""
data, addr = sock.recvfrom(radius.PACKET_MAX)
m1 = radius.Message.unpack(TEST_SECRET, data)
m2 = create_reply(m1, radius.CODE_ACCESS_CHALLENGE, attributes={
'Reply-Message': b'Message one',
'State': b'Indiana',
'Prompt': struct.pack('!i', 128),
})
sock.sendto(m2.pack(), addr)
with start_server(handler, bind) as addr:
host, port = addr
r = radius.Radius(TEST_SECRET, host=host, port=port)
try:
r.authenticate('username', 'password')
except radius.ChallengeResponse as e:
self.assertEqual([b'Message one'], e.messages)
self.assertEqual(b'Indiana', e.state)
self.assertEqual(128, e.prompt)
else:
self.fail('ChallengeResponse not raised')
#*************************************************************************
# author: Lakshmi Narasimha vedantam (Dundi)
#
#************************************************************************
# import the necessary packages
import radius, sys
fullCmdArguments = sys.argv
argumentList = fullCmdArguments[1:]
# construct the arguments
# first_arg : username
# second_arg : password
# thrid_arg : secret
# fourth_arg : host
r = radius.Radius('+argumentList[2]+', host='+argumentList[3]+', port=1812)
if r.authenticate('+argumentList[0]+', '+argumentList[1]+'):
print("ok")
else:
print("wrong user name and password")
try:
data = json.load(open('client.json'))
except FileNotFoundError:
pass
if "hostname" in data: hostname = data["hostname"]
if "port" in data: port = data["port"]
if "username" in data: username = data["username"]
s = input("Enter hostname name ("+hostname+") : ")
if s != "":
hostname = s.strip()
s = input("Enter port number ("+str(port)+") : ")
if s != "":
port = int(s)
s = input("Enter username (" + username + ") : ")
if s != "":
username = s.strip()
s = input("Enter radius secret (" + secret + ") : ")
if s != "":
secret = s.strip()
s = input("Enter radius secret (" + password + ") : ")
if s != "":
password = s.strip()
d = dict(hostname=hostname, port=port, username=username)
with open('client.json', 'w') as outfile:
json.dump(d, outfile)
r = radius.Radius(secret, host=hostname, port=port)
print('success' if r.authenticate(username, password) else 'failure')
#!/usr/bin/python
import radius
import binascii
mac = '90E6BA8B16C5'
r = radius.Radius('TVsTreAM', host='33.16.2.3')
for address in ('239.1.21.3', '226.110.10.128'):
ip = '{:02X}{:02X}{:02X}{:02X}'.format(*map(int, address.split('.')))
print mac, address
attrs = {'Framed-IP-Address': binascii.unhexlify(ip)}
print(r.authenticate(mac, mac, attributes=attrs))
elif opt in ("-P", "--port"):
port = arg
# Check if necessary options are set
if (host == "" or username == "" or password == "" or secret == ""):
print("Missing mandatory parameters!")
print(
"check_radius_auth.py -h <host> -u <username> -p <password> -s <secret>"
)
sys.exit(3)
if (port == ""):
port = 1812
# initialize RADIUS
try:
r = radius.Radius(secret, host, port, 1, 3)
except:
print("Error connecting to RADIUS server")
exit(3)
# authenticate user and pass
try:
authen = r.authenticate(username=username, password=password)
except:
print("Error trying authentication")
exit(3)
if (authen):
print("OK")
exit(0)
else:
import radius
from getpass import getpass
radius_secret = "REDCATED"
radius_server = "REDCATED"
radius_port = 1812
user = input('Username:'******'success' if r.authenticate(user, password) else 'failure')
