class RadAuthClient(protocol.DatagramProtocol):
def __init__(self,
secret,
dictionary,
server,
port=1812,
debug=False,
stat_push=None):
self.dict = dictionary
self.secret = six.b(secret)
self.server = server
self.authport = port
self.debug = debug
self.stat_push = stat_push
reactor.listenUDP(0, self)
def close(self):
if self.transport is not None:
self.transport.stopListening()
self.transport = None
def sendAuth(self, **kwargs):
User_Password = kwargs.pop("User-Password", None)
CHAP_Password = kwargs.pop("CHAP-Password", None)
CHAP_Challenge = kwargs.get("CHAP-Challenge")
request = message.AuthMessage(dict=self.dict,
secret=self.secret,
**kwargs)
if User_Password:
request['User-Password'] = request.PwCrypt(User_Password)
if CHAP_Password:
if CHAP_Challenge:
request['CHAP-Challenge'] = CHAP_Challenge
request['CHAP-Password'] = CHAP_Password
if self.debug:
log.msg("Send radius Auth Request to (%s:%s): %s" %
(self.server, self.authport, request.format_str()))
self.transport.write(request.RequestPacket(),
(self.server, self.authport))
self.stat_push.push("requests")
def datagramReceived(self, datagram, (host, port)):
try:
response = packet.Packet(packet=datagram,
dict=self.dict,
secret=self.secret)
msgs = ['replys']
if response.code == packet.AccessReject:
msgs.append('rejects')
if response.code == packet.AccessAccept:
msgs.append('accepts')
self.stat_push.push(",".join(msgs))
if self.debug:
log.msg("Received Radius Response from %s: %s" %
((host, port), message.format_packet_str(response)))
except Exception as err:
log.err('Invalid Response packet from %s: %s' %
((host, port), str(err)))
self.stat_push.push("errors")
def coaresp(session):
reply = coareq.CreateReply()
reply.code = packet.DisconnectACK
log.msg("[RADIUSAuthorize] :: Send Authorize radius response: %s" %
(message.format_packet_str(reply)))
self.transport.write(reply.ReplyPacket(), (host, port))
statusdb.del_client(self.status_dbfile, session.get('session_id'))
class RadiusdAuthorize(protocol.DatagramProtocol):
def __init__(self, config, dbengine=None,statcache=None):
self.config = config
self.dbengine = dbengine
self.statcache = statcache
self.radloader = RadiusLoader(config,dbengine)
def processPacket(self, coareq, (host,port)):
session_id = coareq.get_acct_sessionid()
session = RadiusSession.sessions.pop(session_id,None)
if session:
session.stop()
reply = coareq.CreateReply()
logger.info("[RADIUSAuthorize] :: Send Authorize radius response: %s" % (repr(reply)))
if self.config.radius.debug:
logger.debug(message.format_packet_str(reply))
self.transport.write(reply.ReplyPacket(), (host, port))
logger.debug(message.format_packet_str(reply))
self.transport.write(reply.ReplyPacket(), (host, port))
def datagramReceived(self, datagram, (host, port)):
try:
radius = self.radloader.getRadius(host)
if not radius:
logger.info('[RADIUSAuthorize] :: Dropping Authorize packet from unknown host ' + host)
return
coa_req = message.CoAMessage(packet=datagram, dict=radius.dict, secret=six.b(radius.secret))
logger.info("[RADIUSAuthorize] :: Received Authorize radius request: %s" % message.format_packet_log(coa_req))
if self.config.radius.debug:
logger.debug(message.format_packet_str(coa_req))
self.processPacket(coa_req, (host, port))
except packet.PacketError as err:
errstr = 'RadiusError:Dropping invalid packet from {0} {1},{2}'.format(
host, port, utils.safeunicode(err))
logger.error(errstr)
def run(config, dbengine=None):
authorize_protocol = RadiusdAuthorize(config, dbengine=dbengine)
reactor.listenUDP(int(config.radius.authorize_port), authorize_protocol, interface=config.radius.host)
reply.code = packet.DisconnectNAK
self.transport.write(reply.ReplyPacket(), (host, port))
def datagramReceived(self, datagram, (host, port)):
try:
if host not in self.radius_addr:
log.err(
'[RADIUSAuthorize] :: Dropping Authorize packet from unknown host '
+ host)
return
coa_req = message.CoAMessage(packet=datagram,
dict=self.dictionary,
secret=six.b(self.secret))
log.msg(
"[RADIUSAuthorize] :: Received Authorize radius request : %s" %
message.format_packet_str(coa_req))
self.processPacket(coa_req, (host, port))
except Exception as err:
log.err('RadiusError:Dropping invalid packet from {0} {1}'.format(
host, port))
log.err(err)
@click.command()
@click.option('-c', '--conf', default=CONFIG_FILE, help='txovpn config file')
def main(conf):
""" OpenVPN status daemon
"""
config = init_config(conf)
nas_addr = config.get('DEFAULT', 'nas_addr')
status_file = config.get('DEFAULT', 'statusfile')
logger.debug(message.format_packet_str(reply))
self.transport.write(reply.ReplyPacket(), (host, port))
def datagramReceived(self, datagram, (host, port)):
try:
radius = self.radloader.getRadius(host)
if not radius:
logger.info('[RADIUSAuthorize] :: Dropping Authorize packet from unknown host ' + host)
return
coa_req = message.CoAMessage(packet=datagram, dict=radius.dict, secret=six.b(radius.secret))
logger.info("[RADIUSAuthorize] :: Received Authorize radius request: %s" % message.format_packet_log(coa_req))
if self.config.radius.debug:
logger.debug(message.format_packet_str(coa_req))
self.processPacket(coa_req, (host, port))
except packet.PacketError as err:
errstr = 'RadiusError:Dropping invalid packet from {0} {1},{2}'.format(
host, port, utils.safeunicode(err))
logger.error(errstr)
def run(config, dbengine=None):
authorize_protocol = RadiusdAuthorize(config, dbengine=dbengine)
reactor.listenUDP(int(config.radius.authorize_port), authorize_protocol, interface=config.radius.host)
def onresp(r):
print message.format_packet_str(r)
reactor.stop()
class RadiusClient(protocol.DatagramProtocol):
def __init__(self, secret, dictionary, server, authport=1812, acctport=1813, debug=False):
self.dict = dictionary
self.secret = six.b(secret)
self.server = server
self.authport = authport
self.acctport = acctport
self.debug = debug
reactor.listenUDP(0, self)
def close(self):
if self.transport is not None:
self.transport.stopListening()
self.transport = None
def onError(self, err):
log.err('Packet process error:%s' % str(err))
reactor.callLater(0.01, self.close,)
return err
def onResult(self, resp):
reactor.callLater(0.01, self.close,)
return resp
def onTimeout(self):
if not self.deferrd.called:
defer.timeout(self.deferrd)
def sendAuth(self, **kwargs):
timeout_sec = kwargs.pop('timeout',10)
User_Password = kwargs.pop("User-Password",None)
CHAP_Password = kwargs.pop("CHAP-Password",None)
CHAP_Password_Plaintext = kwargs.pop("CHAP-Password-Plaintext",None)
CHAP_Challenge = kwargs.get("CHAP-Challenge")
request = message.AuthMessage(dict=self.dict, secret=self.secret, **kwargs)
if User_Password:
request['User-Password'] = request.PwCrypt(User_Password)
if CHAP_Password:
if CHAP_Challenge:
request['CHAP-Challenge'] = CHAP_Challenge
request['CHAP-Password'] = CHAP_Password
if CHAP_Password_Plaintext:
request['CHAP-Password'] = request.ChapEcrypt(CHAP_Password_Plaintext)
if self.debug:
log.msg("Send radius Auth Request to (%s:%s): %s" % (self.server, self.authport, request.format_str()))
self.transport.write(request.RequestPacket(), (self.server, self.authport))
self.deferrd = defer.Deferred()
self.deferrd.addCallbacks(self.onResult,self.onError)
reactor.callLater(timeout_sec, self.onTimeout,)
return self.deferrd
def sendAcct(self, **kwargs):
timeout_sec = kwargs.pop('timeout',10)
request = message.AcctMessage(dict=self.dict, secret=self.secret, **kwargs)
if self.debug:
log.msg("Send radius Acct Request to (%s:%s): %s" % (self.server, self.acctport, request.format_str()))
self.transport.write(request.RequestPacket(), (self.server, self.acctport))
self.deferrd = defer.Deferred()
self.deferrd.addCallbacks(self.onResult,self.onError)
reactor.callLater(timeout_sec, self.onTimeout,)
return self.deferrd
def datagramReceived(self, datagram, (host, port)):
try:
response = packet.Packet(packet=datagram,dict=self.dict, secret=self.secret)
if self.debug:
log.msg("Received Radius Response from %s: %s" % ((host, port), message.format_packet_str(response)))
self.deferrd.callback(response)
except Exception as err:
log.err('Invalid Response packet from %s: %s' % ((host, port), str(err)))
self.deferrd.errback(err)
def onresp(r):
print message.format_packet_str(r)
reactor.stop()
