rubius 0.0.1

data/lib/generators/rubius/templates/rubius.yml

@@ -0,0 +1,13 @@
+development:
+    host: 127.0.0.1
+    port: 1812
+    timeout: 10
+    secret: secret_key
+    dictionary: radius-dictionary
+
+production:
+    host: 127.0.0.1
+    port: 1812
+    timeout: 10
+    secret: secret_key
+    dictionary: radius-dictionary

data/lib/generators/rubius/templates/rubius_initializer.rb

@@ -0,0 +1,2 @@
+# Initialize Rubius
+Rubius::Rails.init

data/lib/rubius.rb

@@ -0,0 +1,6 @@
+require 'rubius/string'
+
+require 'rubius/rails'
+require 'rubius/dictionary'
+require 'rubius/packet'
+require 'rubius/authenticator'

data/lib/rubius/authenticator.rb

@@ -0,0 +1,107 @@
+module Rubius
+  require 'singleton'
+  require 'socket'
+  require 'yaml'
+  
+  class Authenticator
+    include Singleton
+    
+    def initialize
+      @dictionary = Rubius::Dictionary.new
+      @packet = nil
+      @secret = nil
+      
+      @host = nil
+      @port ||= Socket.getservbyname("radius", "udp")
+      @port ||= 1812
+      
+      @timeout = 10
+      
+      @sock = nil
+      
+      @nas_ip = UDPSocket.open {|s| s.connect(@host, 1); s.addr.last }
+      
+      @identifier = Process.pid && 0xff
+    end
+    
+    def init_from_config(config_file)
+      env = defined?(Rails) ? ::Rails.env : 'development'
+      
+      config = YAML.load_file(config_file)
+      @host = config[env]["host"]
+      @port = config[env]["port"] if config[env]["port"]
+      @secret = config[env]["secret"]
+      
+      if config[env]["dictionary"]
+        dict = File.join(File.dirname(config_file), config[env]["dictionary"])
+        @dictionary.load(dict) if File.exists?(dict)
+      end
+      
+      @nas_ip = config[env]["nas_ip"] if config[env]["nas_ip"]
+      
+      setup_connection
+    end
+    
+    def authenticate(username, password)
+      init_packet
+      
+      @packet.code = Rubius::Packet::ACCESS_REQUEST
+      @packet.secret = @secret
+      rand_authenticator
+      
+      @packet.set_attribute('User-Name', username)
+      @packet.set_attribute('NAS-IP-Address', @nas_ip)
+      @packet.set_password(password)
+      
+      send_packet
+      recv_packet
+      
+      return(@packet.code == Rubius::Packet::ACCESS_ACCEPT)
+    end
+    
+    def self.authenticate(username, password)
+      Rubius::Authenticator.instance.authenticate(username, password)
+    end
+    
+    private
+    def init_packet
+      increment_identifier!
+      @packet = Rubius::Packet.new(@dictionary)
+      @packet.identifier = @identifier
+    end
+    
+    def increment_identifier!
+      @identifier = (@identifier + 1) & 0xff
+    end
+    
+    def setup_connection
+      @sock = UDPSocket.open
+      @sock.connect(@host, @port)
+    end
+    
+    def rand_authenticator
+      if (File.exists?("/dev/urandom"))
+        File.open("/dev/urandom") { |rand| @packet.authenticator = rand.read(16) }
+      else
+        @packet.authenticator = [rand(65536), rand(65536), rand(65536), rand(65536), rand(65536), rand(65536), rand(65536), rand(65536)].pack("n8")
+      end
+      @packet.authenticator
+    end
+    
+    def send_packet
+      data = @packet.pack
+      increment_identifier!
+      @sock.send(data, 0)
+    end
+    
+    def recv_packet
+      if select([@sock], nil, nil, @timeout) == nil
+        raise "Timed out waiting for response packet from server"
+      end
+      data = @sock.recvfrom(65536)
+      @packet.unpack(data[0])
+      @identifier = @packet.identifier
+      return @packet
+    end
+  end
+end

data/lib/rubius/dictionary.rb

@@ -0,0 +1,57 @@
+module Rubius
+  class Dictionary
+    VENDOR = 'VENDOR'
+    ATTRIBUTE = 'ATTRIBUTE'
+    VALUE = 'VALUE'
+    NAME = 'NAME'
+    TYPE = 'TYPE'
+    DEFAULT_VENDOR = 0
+    
+    def initialize
+      @dictionary = Hash.new
+      @dictionary[DEFAULT_VENDOR] = {NAME => ''}
+    end
+    
+    def load(dictionary_file)
+      dict_lines = IO.readlines(dictionary_file)
+      
+      vendor_id = DEFAULT_VENDOR
+      dict_lines.each do |line|
+        next if line =~ /^\#/
+        next if (tokens = line.split(/\s+/)).empty?
+        
+        entry_type = tokens[0].upcase
+        case entry_type
+        when VENDOR
+          vendor_id = tokens[2].to_i
+          vendor_name = tokens[1].strip
+          @dictionary[vendor_id] ||= {NAME => vendor_name}
+        when ATTRIBUTE
+          @dictionary[vendor_id][tokens[2].to_i] = {NAME => tokens[1].strip, TYPE => tokens[3].strip}
+        when VALUE
+          @dictionary[vendor_id][tokens[1]] = {tokens[2].strip => tokens[3].to_i}
+        end
+      end
+    end
+    
+    def vendor_name(vendor_id)
+      @dictionary[vendor_id][NAME]
+    end
+    
+    def attribute(vendor_id, attr_id)
+      @dictionary[vendor_id][attr_id] rescue nil
+    end
+    
+    def attribute_name(vendor_id, attr_id)
+      attribute(vendor_id, attr_id)[NAME] rescue nil
+    end
+    
+    def attribute_type(vendor_id, attr_id)
+      attribute(vendor_id, attr_id)[TYPE] rescue nil
+    end
+    
+    def attribute_id(attr_name, vendor_id=0)
+      @dictionary[vendor_id].reject{|k,v| !v.is_a?(Hash) || v[NAME]!=attr_name}.flatten.first
+    end
+  end
+end

data/lib/rubius/packet.rb

@@ -0,0 +1,154 @@
+module Rubius
+  require 'ipaddr'
+  require 'digest/md5'
+  
+  class Packet
+    PACK_HEADER = 'CCna16a*'
+    HEADER_LENGTH = 1 + 1 + 2 + 16
+    VSA_TYPE = 26
+      ACCESS_REQUEST = 'Access-Request'
+      ACCESS_ACCEPT = 'Access-Accept'
+      ACCESS_REJECT = 'Access-Reject'
+      ACCOUNTING_REQUEST = 'Accounting-Request'
+      ACCOUNTING_RESPONSE = 'Accounting-Response'
+      ACCESS_CHALLENGE = 'Access-Challenge'
+      STATUS_SERVER = 'Status-Server'
+      STATUS_CLIENT = 'Status-Client'
+    RESPONSES = {   1 => ACCESS_REQUEST,
+                    2 => ACCESS_ACCEPT,
+                    3 => ACCESS_REJECT,
+                    4 => ACCOUNTING_REQUEST,
+                    5 => ACCOUNTING_RESPONSE,
+                    11 => ACCESS_CHALLENGE,
+                    12 => STATUS_SERVER,
+                    13 => STATUS_CLIENT}
+                    
+    attr_accessor :identifier
+    attr_accessor :secret
+    attr_accessor :code
+    attr_accessor :authenticator
+    
+    def initialize(dictionary)
+      @dictionary = dictionary
+      @attributes = Hash.new
+      @secret = nil
+    end
+    
+    def unpack_attribute(data, type)
+      val = case type 
+      when 'string'
+        data
+      when 'integer'
+        data.unpack("N")[0]
+      when 'ipaddr'
+        IPAddr.new(data, Socket::AF_INET).to_s
+      when 'time'
+        data.unpack("N")[0]
+      when 'date'
+        data.unpack("N")[0]
+      else
+        raise "Unknown type found: #{type}"
+      end
+      
+      val
+    end
+    private :unpack_attribute
+    
+    def pack_attribute(data, type)
+      val = case type
+      when 'string'
+        data
+      when 'integer'
+        [data].pack("N")
+      when 'ipaddr'
+        [IPAddr.new(data).to_i].pack("N")
+      when 'date'
+        [data].pack("N")
+      when 'time'
+        [data].pack("N")
+      else
+        nil
+      end
+      
+      val
+    end
+    
+    def unpack(data)
+      @code, @identifier, @length, @authenticator, attribute_data = data.unpack(PACK_HEADER)
+      @code = RESPONSES[@code]
+      @attributes = Hash.new
+      
+      while(attribute_data.length > 0)
+        # Read the length of the packet data
+        length = attribute_data.unpack("xC")[0].to_i
+        
+        # read the type header to determine if this is a VSA
+        type_id, value = attribute_data.unpack("Cxa#{length-2}")
+        type_id = type_id.to_i
+        
+        if(type_id == VSA_TYPE)
+          # Handle VSA's
+          vendor_id, vendor_attribute_id, vendor_attribute_length = value.unpack("NCC")
+          vendor_attribute_value = value.unpack("xxxxxxa#{vendor_attribute_length-2}")[0]
+          
+          # look up the type of data so we know how to unpack it
+          type = @dictionary.attribute_type(vendor_id, vendor_attribute_id)
+          raise "VSA not found in dictionary (#{vendor_id}/#{vendor_attribute_id})" if type.nil?
+          
+          val = unpack_attribute(vendor_attribute_value, type)
+          set_vendor_attribute(vendor_id, vendor_attribute_id, val)
+        else
+          type = @dictionary.attribute_type(Dictionary::DEFAULT_VENDOR, type_id)
+          raise "Attribute not found in dictionary (#{Dictionary::DEFAULT_VENDOR}/#{type_id})" if type.nil?
+          
+          val = unpack_attribute(value, type)
+          set_vendor_attribute(Dictionary::DEFAULT_VENDOR, type_id, val)
+        end
+        attribute_data[0, length] = ''
+      end
+    end
+    
+    def pack
+      attr_string = ''
+      
+      @attributes.each_pair {|key, value|
+        attr_num = @dictionary.attribute_id(key)
+        type = @dictionary.attribute_type(Dictionary::DEFAULT_VENDOR, attr_num)
+        val = pack_attribute(value, type)
+        next if val.nil?
+        attr_string += [attr_num, val.length + 2, val].pack("CCa*")
+      }
+      
+      rcode = RESPONSES.reject{|k,v| v!=@code}.flatten.first
+      
+      return [rcode, @identifier, attr_string.length + HEADER_LENGTH, @authenticator, attr_string].pack(PACK_HEADER)
+    end
+    
+    def set_vendor_attribute(vendor_id, attr_id, value)
+      attr_name = @dictionary.attribute_name(vendor_id, attr_id)
+      set_attribute(attr_name, value)
+    end
+    
+    def set_attribute(attr_name, value)
+      @attributes[attr_name] = value
+    end
+    
+    def set_password(password)
+      lastround = @authenticator
+      pwdout = ""
+      password += "\000" * (15-(15+password.length)%16)
+      0.step(password.length-1, 16) {|i|
+        lastround = password[i, 16].xor(Digest::MD5.digest(@secret + lastround))
+        pwdout += lastround
+      }
+      
+      set_attribute("User-Password", pwdout)
+    end
+    
+    def response_authenticator
+      attributes = ''
+      hash_data = [5, @identifier, attributes.length+HEADER_LENGTH, @authenticator, attributes, @secret].pack(PACK_HEADER)
+      digest = Digest::MD5.digest(hash_data)
+    end
+  end
+end

data/lib/rubius/rails.rb

@@ -0,0 +1,18 @@
+module Rubius
+  class Rails
+    def self.init(root = nil, env = nil)
+      base_dir = root
+      if root.nil?
+        root = defined?(Rails) ?  ::Rails.root : FileUtils.pwd
+        base_dir = File.expand_path(File.join(root, 'config'))
+      end
+      
+      if env.nil?
+        env = defined?(Rails) ? ::Rails.env : 'development'
+      end
+      
+      config_file = File.join(base_dir, 'rubius.yml')
+      Rubius::Authenticator.instance.init_from_config(config_file)
+    end
+  end
+end

data/lib/rubius/string.rb

@@ -0,0 +1,14 @@
+class String
+  def xor(s2)
+    if s2.empty?
+      self
+    else
+      a1 = self.unpack("c*")
+      a2 = s2.unpack("c*")
+      
+      a2 *= 2 while a2.length < a1.length
+      
+      a1.zip(a2).collect{|c1,c2| c1^c2}.pack("c*")
+    end
+  end
+end

data/test/helper.rb

@@ -0,0 +1,18 @@
+require 'rubygems'
+require 'bundler'
+begin
+  Bundler.setup(:default, :development)
+rescue Bundler::BundlerError => e
+  $stderr.puts e.message
+  $stderr.puts "Run `bundle install` to install missing gems"
+  exit e.status_code
+end
+require 'test/unit'
+require 'shoulda'
+
+$LOAD_PATH.unshift(File.join(File.dirname(__FILE__), '..', 'lib'))
+$LOAD_PATH.unshift(File.dirname(__FILE__))
+require 'rubius'
+
+class Test::Unit::TestCase
+end

data/test/test_rubius.rb

@@ -0,0 +1,7 @@
+require 'helper'
+
+class TestRubius < Test::Unit::TestCase
+  should "probably rename this file and start testing for real" do
+    flunk "hey buddy, you should probably rename this file and start testing for real"
+  end
+end

metadata

@@ -0,0 +1,120 @@
+--- !ruby/object:Gem::Specification 
+name: rubius
+version: !ruby/object:Gem::Version 
+  prerelease: 
+  version: 0.0.1
+platform: ruby
+authors: 
+- Ralph Rooding
+autorequire: 
+bindir: bin
+cert_chain: []
+
+date: 2011-04-19 00:00:00 +02:00
+default_executable: 
+dependencies: 
+- !ruby/object:Gem::Dependency 
+  name: shoulda
+  requirement: &id001 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        version: "0"
+  type: :development
+  prerelease: false
+  version_requirements: *id001
+- !ruby/object:Gem::Dependency 
+  name: bundler
+  requirement: &id002 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ~>
+      - !ruby/object:Gem::Version 
+        version: 1.0.0
+  type: :development
+  prerelease: false
+  version_requirements: *id002
+- !ruby/object:Gem::Dependency 
+  name: jeweler
+  requirement: &id003 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ~>
+      - !ruby/object:Gem::Version 
+        version: 1.5.2
+  type: :development
+  prerelease: false
+  version_requirements: *id003
+- !ruby/object:Gem::Dependency 
+  name: rcov
+  requirement: &id004 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        version: "0"
+  type: :development
+  prerelease: false
+  version_requirements: *id004
+description: A simply ruby RADIUS authentication gem
+email: ralph@izerion.com
+executables: []
+
+extensions: []
+
+extra_rdoc_files: 
+- LICENSE.txt
+- README.rdoc
+files: 
+- Gemfile
+- LICENSE.txt
+- README.rdoc
+- Rakefile
+- VERSION
+- lib/generators/rubius/install_generator.rb
+- lib/generators/rubius/templates/radius-dictionary
+- lib/generators/rubius/templates/rubius.yml
+- lib/generators/rubius/templates/rubius_initializer.rb
+- lib/rubius.rb
+- lib/rubius/authenticator.rb
+- lib/rubius/dictionary.rb
+- lib/rubius/packet.rb
+- lib/rubius/rails.rb
+- lib/rubius/string.rb
+- test/helper.rb
+- test/test_rubius.rb
+has_rdoc: true
+homepage: http://github.com/rahvin/rubius
+licenses: 
+- MIT
+post_install_message: 
+rdoc_options: []
+
+require_paths: 
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      hash: 4409384527015067188
+      segments: 
+      - 0
+      version: "0"
+required_rubygems_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      version: "0"
+requirements: []
+
+rubyforge_project: 
+rubygems_version: 1.5.2
+signing_key: 
+specification_version: 3
+summary: A simply ruby RADIUS authentication gem
+test_files: 
+- test/helper.rb
+- test/test_rubius.rb