def test_challenge(self): """Test sending a message and receiving an challenge reply.""" def _reply_to_client(): """Thread to act as server.""" data, addr = self.sock.recvfrom(radius.PACKET_MAX) m1 = radius.Message.unpack(TEST_SECRET, data) m2 = create_reply(m1, radius.CODE_ACCESS_CHALLENGE, attributes={ 'Reply-Message': b'Message one', 'State': b'Indiana', }) self.sock.sendto(m2.pack(), addr) t = threading.Thread(target=_reply_to_client) t.daemon = True t.start() r = radius.Radius(TEST_SECRET, host='localhost', port=self.port) try: r.authenticate('username', 'password') except radius.ChallengeResponse as e: self.assertEqual(1, len(e.messages)) self.assertEqual([b'Message one'], e.messages) self.assertEqual(b'Indiana', e.state) else: self.fail('ChallengeResponse not raised')
def post(self): password_form = forms.ChangePasswordForm() username = request.form.get('username') password = request.form.get('password') confirm_pwd = request.form.get('confirm') code = request.form.get('code') google_auth = configs.get_configs('google_auth') if not username: # TODO: Check username syntax. return "Username incorrect" elif not password or not confirm_pwd: return "Password cannot left blank" elif not code: return "Google Authenticator Code not found" elif password != confirm_pwd: return "Password not match" r = radius.Radius(google_auth['secret'], google_auth['host']) if r.authenticate(username, code): if not ldap.list_users(user=username): return "User Not Exist" ldap.change_passwd(username=username, password=password.encode('utf-8')) return "Reset Password Success" return "Identify Authentication Failed"
def test_invalid_proto(self): """Test that exception is raised if specifying an invalid protocol""" r = radius.Radius(TEST_SECRET, host='localhost', port=self.tcp_port, proto="invalid_proto") self.assertRaises(radius.RadiusException, r.connect)
def test_connect(self): """Test connecting.""" r = radius.Radius(TEST_SECRET, host='localhost', port=self.port) with r.connect() as c: c.send(b'hello?') self.assertEqual(b'hello?', self.sock.recv(32))
def __checkRAD(self): r = radius.Radius(RAD_SECRET, host='127.0.0.1', port=1812) try: if r.authenticate(RAD_USER, RAD_PASS): LOG.info("Authentication successful!") return 'Success' else: LOG.error("RADIUS is UP but cannot authenticate!!!") return 'Failure' except radius.SocketError as e: LOG.error("Cannot connect to RADIUS: "+ str(e) ) return 'Failure'
def check_radius(mac, address, server, secret): r = radius.Radius(secret, host=server) attrs = {'Framed-IP-Address': binascii.unhexlify(address)} try: if r.authenticate(mac, mac, attributes=attrs): return 'True' else: return 'False' except: return 'Error'
def test_success(self): """Test sending a message and receiving an accept reply.""" def _reply_to_client(): """Thread to act as server.""" data, addr = self.sock.recvfrom(radius.PACKET_MAX) m1 = radius.Message.unpack(TEST_SECRET, data) m2 = create_reply(m1, radius.CODE_ACCESS_ACCEPT) self.sock.sendto(m2.pack(), addr) self.startServer(_reply_to_client) r = radius.Radius(TEST_SECRET, host='localhost', port=self.port) self.assertTrue(r.authenticate('username', 'password'))
def success(self, bind): """Generic test sending a message and receiving an accept reply.""" def handler(sock): """Thread to act as server.""" data, addr = sock.recvfrom(radius.PACKET_MAX) m1 = radius.Message.unpack(TEST_SECRET, data) m2 = create_reply(m1, radius.CODE_ACCESS_ACCEPT) sock.sendto(m2.pack(), addr) with start_server(handler, bind) as addr: host, port = addr r = radius.Radius(TEST_SECRET, host=host, port=port) self.assertTrue(r.authenticate('username', 'password'))
def test_un_pack(self): """Test packing and unpacking messages.""" m = radius.Radius(TEST_SECRET).access_request_message(b'foo', u'bar') d = m.pack() self.assertEqual(43, len(d)) u = radius.Message.unpack(TEST_SECRET, d) self.assertEqual(radius.CODE_ACCESS_REQUEST, u.code) self.assertEqual(m.id, u.id) self.assertEqual(m.authenticator, u.authenticator) # Extra data should not prevent unpacking. radius.Message.unpack(TEST_SECRET, d + b'0')
def test_failure(self): """Test sending a message and receiving a reject reply.""" def _reply_to_client(): """Thread to act as server.""" data, addr = self.sock.recvfrom(radius.PACKET_MAX) m1 = radius.Message.unpack(TEST_SECRET, data) m2 = create_reply(m1) self.sock.sendto(m2.pack(), addr) t = threading.Thread(target=_reply_to_client) t.daemon = True t.start() r = radius.Radius(TEST_SECRET, host='localhost', port=self.port) self.assertFalse(r.authenticate('username', 'password'))
def test_connect_tcp(self): """Test connecting via tcp.""" def _reply_to_client(): conn, addr = self.tcp_sock.accept() self.tcp_received_data = conn.recv(32) conn.send(b'bye') self.startServer(_reply_to_client) r = radius.Radius(TEST_SECRET, host='localhost', port=self.tcp_port, proto=radius.TCP) with r.connect() as c: c.send(b'hello?') self.assertEventually(lambda: b'hello?' == self.tcp_received_data)
def test_verify(self): """Test response verification.""" m1 = radius.Radius(TEST_SECRET).access_request_message(b'foo', b'bar') m2 = create_reply(m1) # Verify should now succeed. m2 = m1.verify(m2.pack()) self.assertIsInstance(m2, radius.Message) # Should fail with incrrect id m2.id += 1 with self.assertRaises(AssertionError): m1.verify(m2.pack()) # Should fail with incorrect authenticator. m2.authenticator = b'0' * 16 with self.assertRaises(AssertionError): m1.verify(m2.pack())
def test_success_over_tcp(self): """Test sending a message and receiving an accept reply via tcp.""" def _reply_to_client(): """Thread to act as server.""" conn, addr = self.tcp_sock.accept() data = conn.recv(radius.PACKET_MAX) m1 = radius.Message.unpack(TEST_SECRET, data) m2 = create_reply(m1, radius.CODE_ACCESS_ACCEPT) conn.send(m2.pack()) conn.close() self.startServer(_reply_to_client) r = radius.Radius(TEST_SECRET, host='localhost', port=self.tcp_port, proto=radius.TCP) self.assertTrue(r.authenticate('username', 'password'))
def authenticateUser(): """ Authenticates the user using a RADIUS protocol :return: Success/Failure """ # UPRM Radius server connection r = radius.Radius('whitestone', host='radius.uprm.edu', port=1812) if request.method == 'POST': try: if r.authenticate(request.json.get('email'), request.json.get('password')): return "Success" else: return "Failure" except NameError: return "Failure" except TypeError: return "Failure" except: return "Failure"
def check_username_and_password_by_radius(username, password, request): # ACD++ в этой функции выполняется проверка через RADIUS if settings.RADIUS_DISABLE: return True try: r = radius.Radius(settings.RADIUS_SECRET, host=settings.RADIUS_HOST, port=settings.RADIUS_PORT) return r.authenticate(username, password) pass except Exception as e: ErrorAuthList(date=timezone.now(), login=username, ip=request.META.get('HTTP_X_FORWARDED_FOR', request.META.get('REMOTE_ADDR', '')), text='Ошибка проверки авторизации: %s' % e.__class__).save() pass return False
def challenge_empty(self, bind): """Generic test sending a message and receiving an challenge reply.""" def handler(sock): """Thread to act as server.""" data, addr = sock.recvfrom(radius.PACKET_MAX) m1 = radius.Message.unpack(TEST_SECRET, data) m2 = create_reply(m1, radius.CODE_ACCESS_CHALLENGE) sock.sendto(m2.pack(), addr) with start_server(handler, bind) as addr: host, port = addr r = radius.Radius(TEST_SECRET, host=host, port=port) try: r.authenticate('username', 'password') except radius.ChallengeResponse as e: self.assertEqual([], e.messages) self.assertIsNone(e.state) self.assertIsNone(e.prompt) else: self.fail('ChallengeResponse not raised')
def test_challenge_empty(self): """Test sending a message and receiving an challenge reply.""" def _reply_to_client(): """Thread to act as server.""" data, addr = self.sock.recvfrom(radius.PACKET_MAX) m1 = radius.Message.unpack(TEST_SECRET, data) m2 = create_reply(m1, radius.CODE_ACCESS_CHALLENGE) self.sock.sendto(m2.pack(), addr) self.startServer(_reply_to_client) r = radius.Radius(TEST_SECRET, host='localhost', port=self.port) try: r.authenticate('username', 'password') except radius.ChallengeResponse as e: self.assertEqual([], e.messages) self.assertIsNone(e.state) self.assertIsNone(e.prompt) else: self.fail('ChallengeResponse not raised')
def challenge(self, bind): """Generic test sending a message and receiving an challenge reply.""" def handler(sock): """Thread to act as server.""" data, addr = sock.recvfrom(radius.PACKET_MAX) m1 = radius.Message.unpack(TEST_SECRET, data) m2 = create_reply(m1, radius.CODE_ACCESS_CHALLENGE, attributes={ 'Reply-Message': b'Message one', 'State': b'Indiana', 'Prompt': struct.pack('!i', 128), }) sock.sendto(m2.pack(), addr) with start_server(handler, bind) as addr: host, port = addr r = radius.Radius(TEST_SECRET, host=host, port=port) try: r.authenticate('username', 'password') except radius.ChallengeResponse as e: self.assertEqual([b'Message one'], e.messages) self.assertEqual(b'Indiana', e.state) self.assertEqual(128, e.prompt) else: self.fail('ChallengeResponse not raised')
#************************************************************************* # author: Lakshmi Narasimha vedantam (Dundi) # #************************************************************************ # import the necessary packages import radius, sys fullCmdArguments = sys.argv argumentList = fullCmdArguments[1:] # construct the arguments # first_arg : username # second_arg : password # thrid_arg : secret # fourth_arg : host r = radius.Radius('+argumentList[2]+', host='+argumentList[3]+', port=1812) if r.authenticate('+argumentList[0]+', '+argumentList[1]+'): print("ok") else: print("wrong user name and password")
try: data = json.load(open('client.json')) except FileNotFoundError: pass if "hostname" in data: hostname = data["hostname"] if "port" in data: port = data["port"] if "username" in data: username = data["username"] s = input("Enter hostname name ("+hostname+") : ") if s != "": hostname = s.strip() s = input("Enter port number ("+str(port)+") : ") if s != "": port = int(s) s = input("Enter username (" + username + ") : ") if s != "": username = s.strip() s = input("Enter radius secret (" + secret + ") : ") if s != "": secret = s.strip() s = input("Enter radius secret (" + password + ") : ") if s != "": password = s.strip() d = dict(hostname=hostname, port=port, username=username) with open('client.json', 'w') as outfile: json.dump(d, outfile) r = radius.Radius(secret, host=hostname, port=port) print('success' if r.authenticate(username, password) else 'failure')
#!/usr/bin/python import radius import binascii mac = '90E6BA8B16C5' r = radius.Radius('TVsTreAM', host='33.16.2.3') for address in ('239.1.21.3', '226.110.10.128'): ip = '{:02X}{:02X}{:02X}{:02X}'.format(*map(int, address.split('.'))) print mac, address attrs = {'Framed-IP-Address': binascii.unhexlify(ip)} print(r.authenticate(mac, mac, attributes=attrs))
elif opt in ("-P", "--port"): port = arg # Check if necessary options are set if (host == "" or username == "" or password == "" or secret == ""): print("Missing mandatory parameters!") print( "check_radius_auth.py -h <host> -u <username> -p <password> -s <secret>" ) sys.exit(3) if (port == ""): port = 1812 # initialize RADIUS try: r = radius.Radius(secret, host, port, 1, 3) except: print("Error connecting to RADIUS server") exit(3) # authenticate user and pass try: authen = r.authenticate(username=username, password=password) except: print("Error trying authentication") exit(3) if (authen): print("OK") exit(0) else:
import radius from getpass import getpass radius_secret = "REDCATED" radius_server = "REDCATED" radius_port = 1812 user = input('Username:'******'success' if r.authenticate(user, password) else 'failure')