PyPI - pyrad - Versions diffs - 2.3__py3-none-any.whl → 2.5.0__py3-none-any.whl - Mend

pyrad 2.3py3-none-any.whl → 2.5.0py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (53) hide show

docs/Makefile +20 -0
docs/make.bat +36 -0
docs/source/_static/logo.png +0 -0
docs/source/api/client.rst +10 -0
docs/source/api/dictionary.rst +10 -0
docs/source/api/host.rst +7 -0
docs/source/api/packet.rst +48 -0
docs/source/api/proxy.rst +7 -0
docs/source/api/server.rst +13 -0
docs/source/conf.py +158 -0
docs/source/index.rst +75 -0
example/acct.py +41 -0
example/auth.py +37 -0
example/auth_async.py +164 -0
example/client-coa.py +61 -0
example/coa.py +40 -0
example/dictionary +405 -0
example/dictionary.freeradius +91 -0
example/pyrad.log +0 -0
example/server.py +68 -0
example/server_async.py +117 -0
example/status.py +26 -0
pyrad/__init__.py +3 -3
pyrad/client.py +54 -9
pyrad/client_async.py +22 -14
pyrad/dictfile.py +2 -5
pyrad/dictionary.py +12 -1
pyrad/host.py +1 -1
pyrad/packet.py +208 -133
pyrad/proxy.py +2 -2
pyrad/server.py +3 -7
pyrad/server_async.py +4 -5
pyrad/tests/__init__.py +2 -2
pyrad/tests/mock.py +5 -1
pyrad/tests/{testBidict.py → test_bidict.py} +2 -2
pyrad/tests/{testClient.py → test_client.py} +28 -30
pyrad/tests/{testDictionary.py → test_dictionary.py} +38 -21
pyrad/tests/{testHost.py → test_host.py} +10 -10
pyrad/tests/test_packet.py +679 -0
pyrad/tests/{testProxy.py → test_proxy.py} +11 -11
pyrad/tests/{testServer.py → test_server.py} +35 -33
pyrad/tests/test_tools.py +126 -0
pyrad/tools.py +254 -158
{pyrad-2.3.dist-info → pyrad-2.5.0.dist-info}/METADATA +44 -20
pyrad-2.5.0.dist-info/RECORD +51 -0
{pyrad-2.3.dist-info → pyrad-2.5.0.dist-info}/WHEEL +1 -1
{pyrad-2.3.dist-info → pyrad-2.5.0.dist-info/licenses}/LICENSE.txt +2 -1
pyrad-2.5.0.dist-info/top_level.txt +3 -0
pyrad/tests/testPacket.py +0 -530
pyrad/tests/testTools.py +0 -122
pyrad-2.3.dist-info/RECORD +0 -29
pyrad-2.3.dist-info/top_level.txt +0 -1
{pyrad-2.3.dist-info → pyrad-2.5.0.dist-info}/zip-safe +0 -0

example/server_async.py ADDED Viewed

@@ -0,0 +1,117 @@
+#!/usr/bin/python
+import asyncio
+import logging
+import traceback
+from pyrad.dictionary import Dictionary
+from pyrad.server_async import ServerAsync
+from pyrad.packet import AccessAccept
+from pyrad.server import RemoteHost
+try:
+    import uvloop
+    asyncio.set_event_loop_policy(uvloop.EventLoopPolicy())
+except:
+    pass
+logging.basicConfig(level="DEBUG",
+                    format="%(asctime)s [%(levelname)-8s] %(message)s")
+class FakeServer(ServerAsync):
+    def __init__(self, loop, dictionary):
+        ServerAsync.__init__(self, loop=loop, dictionary=dictionary,
+                             enable_pkt_verify=True, debug=True)
+    def handle_auth_packet(self, protocol, pkt, addr):
+        print("Received an authentication request with id ", pkt.id)
+        print('Authenticator ', pkt.authenticator.hex())
+        print('Secret ', pkt.secret)
+        print("Attributes: ")
+        for attr in pkt.keys():
+            print("%s: %s" % (attr, pkt[attr]))
+        reply = self.CreateReplyPacket(pkt, **{
+            "Service-Type": "Framed-User",
+            "Framed-IP-Address": '192.168.0.1',
+            "Framed-IPv6-Prefix": "fc66::1/64"
+        })
+        reply.code = AccessAccept
+        protocol.send_response(reply, addr)
+    def handle_acct_packet(self, protocol, pkt, addr):
+        print("Received an accounting request")
+        print("Attributes: ")
+        for attr in pkt.keys():
+            print("%s: %s" % (attr, pkt[attr]))
+        reply = self.CreateReplyPacket(pkt)
+        protocol.send_response(reply, addr)
+    def handle_coa_packet(self, protocol, pkt, addr):
+        print("Received an coa request")
+        print("Attributes: ")
+        for attr in pkt.keys():
+            print("%s: %s" % (attr, pkt[attr]))
+        reply = self.CreateReplyPacket(pkt)
+        protocol.send_response(reply, addr)
+    def handle_disconnect_packet(self, protocol, pkt, addr):
+        print("Received an disconnect request")
+        print("Attributes: ")
+        for attr in pkt.keys():
+            print("%s: %s" % (attr, pkt[attr]))
+        reply = self.CreateReplyPacket(pkt)
+        # COA NAK
+        reply.code = 45
+        protocol.send_response(reply, addr)
+if __name__ == '__main__':
+    # create server and read dictionary
+    loop = asyncio.get_event_loop()
+    server = FakeServer(loop=loop, dictionary=Dictionary('dictionary'))
+    # add clients (address, secret, name)
+    server.hosts["127.0.0.1"] = RemoteHost("127.0.0.1",
+                                           b"Kah3choteereethiejeimaeziecumi",
+                                           "localhost")
+    try:
+        # Initialize transports
+        loop.run_until_complete(
+            asyncio.ensure_future(
+                server.initialize_transports(enable_auth=True,
+                                             enable_acct=True,
+                                             enable_coa=True)))
+        try:
+            # start server
+            loop.run_forever()
+        except KeyboardInterrupt as k:
+            pass
+        # Close transports
+        loop.run_until_complete(asyncio.ensure_future(
+            server.deinitialize_transports()))
+    except Exception as exc:
+        print('Error: ', exc)
+        print('\n'.join(traceback.format_exc().splitlines()))
+        # Close transports
+        loop.run_until_complete(asyncio.ensure_future(
+            server.deinitialize_transports()))
+    loop.close()

example/status.py ADDED Viewed

@@ -0,0 +1,26 @@
+#!/usr/bin/python
+from pyrad.client import Client
+from pyrad.dictionary import Dictionary
+import socket
+import sys
+import pyrad.packet
+srv = Client(server="localhost", authport=18121, secret=b"test", dict=Dictionary("dictionary"))
+req = srv.CreateAuthPacket(code=pyrad.packet.StatusServer)
+req["FreeRADIUS-Statistics-Type"] = "All"
+req.add_message_authenticator()
+try:
+    print("Sending FreeRADIUS status request")
+    reply = srv.SendPacket(req)
+except pyrad.client.Timeout:
+    print("RADIUS server does not reply")
+    sys.exit(1)
+except socket.error as error:
+    print("Network error: " + error[1])
+    sys.exit(1)
+print("Attributes returned by server:")
+for i in reply.keys():
+    print("%s: %s" % (i, reply[i]))

pyrad/__init__.py CHANGED Viewed

@@ -38,9 +38,9 @@ This package contains four modules:
 __docformat__ = 'epytext en'
-__author__ = 'Christian Giese <developer@gicnet.de>'
+__author__ = 'Christian Giese <gic@gicnet.de>, Istvan Ruzman <istvan@ruzman.eu> and Stefan Lieberth <stefan@lieberth.net>'
 __url__ = 'http://pyrad.readthedocs.io/en/latest/?badge=latest'
-__copyright__ = 'Copyright 2002-2020 Wichert Akkerman and Christian Giese. All rights reserved.'
-__version__ = '2.3'
+__copyright__ = 'Copyright 2002-2026 Wichert Akkerman, Christian Giese, Istvan Ruzman and Stefan Lieberth. All rights reserved.'
+__version__ = '2.5.0'
 __all__ = ['client', 'dictionary', 'packet', 'server', 'tools', 'dictfile']

pyrad/client.py CHANGED Viewed

@@ -4,13 +4,19 @@
 __docformat__ = "epytext en"
+import hashlib
 import select
 import socket
 import time
+import struct
 import six
 from pyrad import host
 from pyrad import packet
+EAP_CODE_REQUEST = 1
+EAP_CODE_RESPONSE = 2
+EAP_TYPE_IDENTITY = 1
 class Timeout(Exception):
     """Simple exception class which is raised when a timeout occurs
@@ -26,11 +32,10 @@ class Client(host.Host):
     :ivar retries: number of times to retry sending a RADIUS request
     :type retries: integer
     :ivar timeout: number of seconds to wait for an answer
-    :type timeout: integer
+    :type timeout: float
     """
     def __init__(self, server, authport=1812, acctport=1813,
-            coaport=3799, secret=six.b(''), dict=None):
+                 coaport=3799, secret=six.b(''), dict=None, retries=3, timeout=5, enforce_ma=False):
         """Constructor.
         :param   server: hostname or IP address of RADIUS server
@@ -45,14 +50,17 @@ class Client(host.Host):
         :type    secret: string
         :param     dict: RADIUS dictionary
         :type      dict: pyrad.dictionary.Dictionary
+        :param enforce_ma: Enforce usage and check of Message-Authenticator
+        :type  enforce_ma: boolean
         """
         host.Host.__init__(self, authport, acctport, coaport, dict)
         self.server = server
         self.secret = secret
         self._socket = None
-        self.retries = 3
-        self.timeout = 5
+        self.retries = retries
+        self.timeout = timeout
+        self.enforce_ma = enforce_ma
         self._poll = select.poll()
     def bind(self, addr):
@@ -69,12 +77,12 @@ class Client(host.Host):
     def _SocketOpen(self):
         try:
-            family = socket.getaddrinfo(self.server, 'www')[0][0]
-        except:
+            family = socket.getaddrinfo(self.server, 80)[0][0]
+        except Exception:
             family = socket.AF_INET
         if not self._socket:
             self._socket = socket.socket(family,
-                                       socket.SOCK_DGRAM)
+                                         socket.SOCK_DGRAM)
             self._socket.setsockopt(socket.SOL_SOCKET,
                                     socket.SO_REUSEADDR, 1)
             self._poll.register(self._socket, select.POLLIN)
@@ -95,6 +103,9 @@ class Client(host.Host):
         :return: a new empty packet instance
         :rtype:  pyrad.packet.AuthPacket
         """
+        if self.enforce_ma:
+            return host.Host.CreateAuthPacket(self, secret=self.secret,
+                                              message_authenticator=True, **args)
         return host.Host.CreateAuthPacket(self, secret=self.secret, **args)
     def CreateAcctPacket(self, **args):
@@ -159,6 +170,8 @@ class Client(host.Host):
                 try:
                     reply = pkt.CreateReply(packet=rawreply)
                     if pkt.VerifyReply(reply, rawreply):
+                        if hasattr(pkt, 'authenticator'):
+                            reply.request_authenticator = pkt.authenticator
                         return reply
                 except packet.PacketError:
                     pass
@@ -177,7 +190,39 @@ class Client(host.Host):
         :raise Timeout: RADIUS server does not reply
         """
         if isinstance(pkt, packet.AuthPacket):
-            return self._SendPacket(pkt, self.authport)
+            if pkt.auth_type == 'eap-md5':
+                # Creating EAP-Identity
+                password = pkt[2][0] if 2 in pkt else pkt[1][0]
+                pkt[79] = [struct.pack('!BBHB%ds' % len(password),
+                                       EAP_CODE_RESPONSE,
+                                       packet.CurrentID,
+                                       len(password) + 5,
+                                       EAP_TYPE_IDENTITY,
+                                       password)]
+            reply = self._SendPacket(pkt, self.authport)
+            if (
+                reply
+                and reply.code == packet.AccessChallenge
+                and pkt.auth_type == 'eap-md5'
+            ):
+                # Got an Access-Challenge
+                eap_code, eap_id, eap_size, eap_type, eap_md5 = struct.unpack(
+                    '!BBHB%ds' % (len(reply[79][0]) - 5), reply[79][0]
+                )
+                # Sending back an EAP-Type-MD5-Challenge
+                # Thank god for http://www.secdev.org/python/eapy.py
+                client_pw = pkt[2][0] if 2 in pkt else pkt[1][0]
+                md5_challenge = hashlib.md5(
+                    struct.pack('!B', eap_id) + client_pw + eap_md5[1:]
+                ).digest()
+                pkt[79] = [
+                    struct.pack('!BBHBB', 2, eap_id, len(md5_challenge) + 6,
+                                4, len(md5_challenge)) + md5_challenge
+                ]
+                # Copy over Challenge-State
+                pkt[24] = reply[24]
+                reply = self._SendPacket(pkt, self.authport)
+            return reply
         elif isinstance(pkt, packet.CoAPacket):
             return self._SendPacket(pkt, self.coaport)
         else:

pyrad/client_async.py CHANGED Viewed

@@ -6,7 +6,6 @@ __docformat__ = "epytext en"
 from datetime import datetime
 import asyncio
-import six
 import logging
 import random
@@ -92,12 +91,10 @@ class DatagramProtocolClient(asyncio.Protocol):
     def connection_made(self, transport):
         self.transport = transport
         socket = transport.get_extra_info('socket')
-        self.logger.info(
-            '[%s:%d] Transport created with binding in %s:%d',
-                self.server, self.port,
-                socket.getsockname()[0],
-                socket.getsockname()[1]
-        )
+        self.logger.info('[%s:%d] Transport created with binding in %s:%d',
+                         self.server, self.port,
+                         socket.getsockname()[0],
+                         socket.getsockname()[1])
         pre_loop = asyncio.get_event_loop()
         asyncio.set_event_loop(loop=self.client.loop)
@@ -121,21 +118,21 @@ class DatagramProtocolClient(asyncio.Protocol):
         try:
             reply = Packet(packet=data, dict=self.client.dict)
-            if reply and reply.id in self.pending_requests:
+            if reply.code and reply.id in self.pending_requests:
                 req = self.pending_requests[reply.id]
                 packet = req['packet']
                 reply.dict = packet.dict
                 reply.secret = packet.secret
-                if packet.VerifyReply(reply, data):
+                if packet.VerifyReply(reply, data, enforce_ma=self.client.enforce_ma):
                     req['future'].set_result(reply)
                     # Remove request for map
                     del self.pending_requests[reply.id]
                 else:
-                    self.logger.warn('[%s:%d] Ignore invalid reply for id %d. %s', self.server, self.port, reply.id)
+                    self.logger.warn('[%s:%d] Ignore invalid reply for id %d: %s', self.server, self.port, reply.id, data)
             else:
-                self.logger.warn('[%s:%d] Ignore invalid reply: %d', self.server, self.port, data)
+                self.logger.warn('[%s:%d] Ignore invalid reply: %s', self.server, self.port, data)
         except Exception as exc:
             self.logger.error('[%s:%d] Error on decode packet: %s', self.server, self.port, exc)
@@ -175,9 +172,9 @@ class ClientAsync:
     """
     # noinspection PyShadowingBuiltins
     def __init__(self, server, auth_port=1812, acct_port=1813,
-                 coa_port=3799, secret=six.b(''), dict=None,
+                 coa_port=3799, secret=b'', dict=None,
                  loop=None, retries=3, timeout=30,
-                 logger_name='pyrad'):
+                 logger_name='pyrad', enforce_ma=False):
         """Constructor.
@@ -216,6 +213,7 @@ class ClientAsync:
         self.protocol_coa = None
         self.coa_port = coa_port
+        self.enforce_ma = enforce_ma
     async def initialize_transports(self, enable_acct=False,
                                     enable_auth=False, enable_coa=False,
@@ -325,6 +323,11 @@ class ClientAsync:
         """
         if not self.protocol_auth:
             raise Exception('Transport not initialized')
+        if self.enforce_ma:
+            return AuthPacket(dict=self.dict,
+                              id=self.protocol_auth.create_id(),
+                              secret=self.secret,
+                              message_authenticator=True, **args)
         return AuthPacket(dict=self.dict,
                           id=self.protocol_auth.create_id(),
@@ -360,7 +363,7 @@ class ClientAsync:
         :rtype:  pyrad.packet.Packet
         """
-        if not self.protocol_acct:
+        if not self.protocol_coa:
             raise Exception('Transport not initialized')
         return CoAPacket(id=self.protocol_coa.create_id(),
@@ -398,9 +401,14 @@ class ClientAsync:
             if not self.protocol_acct:
                 raise Exception('Transport not initialized')
+            self.protocol_acct.send_packet(pkt, ans)
         elif isinstance(pkt, CoAPacket):
             if not self.protocol_coa:
                 raise Exception('Transport not initialized')
+            self.protocol_coa.send_packet(pkt, ans)
         else:
             raise Exception('Unsupported packet')

pyrad/dictfile.py CHANGED Viewed

@@ -9,7 +9,6 @@ RADIUS $INCLUDE directives behind the scene.
 """
 import os
-import six
 class _Node(object):
@@ -54,10 +53,8 @@ class DictFile(object):
         self.__ReadNode(fil)
     def __ReadNode(self, fil):
-        node = None
         parentdir = self.__CurDir()
-        if isinstance(fil, six.string_types):
-            fname = None
+        if isinstance(fil, str):
             if os.path.isabs(fil):
                 fname = fil
             else:
@@ -105,7 +102,7 @@ class DictFile(object):
     def __next__(self):
         while self.stack:
             line = self.stack[-1].Next()
-            if line == None:
+            if line is None:
                 self.stack.pop()
             else:
                 inc = self.__GetInclude(line)

pyrad/dictionary.py CHANGED Viewed

@@ -75,7 +75,6 @@ from pyrad import bidict
 from pyrad import tools
 from pyrad import dictfile
 from copy import copy
-import logging
 __docformat__ = 'epytext en'
@@ -220,6 +219,18 @@ class Dictionary(object):
         (attribute, code, datatype) = tokens[1:4]
         codes = code.split('.')
+        # Codes can be sent as hex, or octal or decimal string representations.
+        tmp = []
+        for c in codes:
+            if c.startswith('0x'):
+                tmp.append(int(c, 16))
+            elif c.startswith('0o'):
+                tmp.append(int(c, 8))
+            else:
+                tmp.append(int(c, 10))
+        codes = tmp
         is_sub_attribute = (len(codes) > 1)
         if len(codes) == 2:
             code = int(codes[1])

pyrad/host.py CHANGED Viewed

@@ -57,7 +57,7 @@ class Host(object):
     def CreateAcctPacket(self, **args):
         """Create a new accounting RADIUS packet.
-        This utility function creates a new accouting RADIUS packet
+        This utility function creates a new accounting RADIUS packet
         which can be used to communicate with the RADIUS server this
         client talks to. This is initializing the new packet with the
         dictionary and secret used for the client.

pyrad 2.3__py3-none-any.whl → 2.5.0__py3-none-any.whl

pyrad 2.3py3-none-any.whl → 2.5.0py3-none-any.whl