pyrad2 1.0.0__tar.gz

pyrad2-1.0.0/LICENSE.txt

@@ -0,0 +1,31 @@
+Copyright 2020 Istvan Ruzman. All rights reserved.
+Copyright 2017-2023 Christian Giese. All rights reserved.
+Copyright 2007-2008 Simplon. All rights reserved.
+Copyright 2002-2008 Wichert Akkerman. All rights reserved.
+
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions
+are met:
+1. Redistributions of source code must retain the above copyright
+   notice, this list of conditions and the following disclaimer.
+2. Redistributions in binary form must reproduce the above copyright
+   notice, this list of conditions and the following disclaimer in the
+   documentation and/or other materials provided with the distribution.
+3. Neither the name of the University nor the names of its contributors
+   may be used to endorse or promote products derived from this software
+   without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+SUCH DAMAGE.
+

pyrad2-1.0.0/PKG-INFO

@@ -0,0 +1,63 @@
+Metadata-Version: 2.4
+Name: pyrad2
+Version: 1.0.0
+Summary: RADIUS Server
+Home-page: https://github.com/nicholasamorim/pyrad2
+Author: Nicholas Amorim, Istvan Ruzman, Christian Giese
+Author-email: nicholas@santos.ee, istvan@ruzman.eu, developer@gicnet.de
+Requires-Python: >=3.12
+Description-Content-Type: text/markdown
+License-File: LICENSE.txt
+Requires-Dist: loguru>=0.7.3
+Dynamic: author
+Dynamic: author-email
+Dynamic: home-page
+Dynamic: license-file
+
+[![Tests](https://github.com/nicholasamorim/pyrad2/actions/workflows/python-test.yml/badge.svg)](https://github.com/miraclesupernova/stickystack/actions/workflows/django.yml)
+[![python](https://img.shields.io/badge/Python-3.12+-3776AB.svg?style=flat&logo=python&logoColor=white)](https://www.python.org)
+[![pre-commit](https://img.shields.io/badge/pre--commit-enabled-brightgreen?logo=pre-commit&logoColor=white)](https://github.com/pre-commit/pre-commit)
+[![Code style: ruff](https://img.shields.io/badge/code%20style-ruff-000000.svg)]([https://github.com/psf/black](https://github.com/astral-sh/uv))
+[![Checked with mypy](http://www.mypy-lang.org/static/mypy_badge.svg)](http://mypy-lang.org/)
+
+pyrad2 is an implementation of a RADIUS client/server as described in RFC2865. It takes care of all the details like building RADIUS packets,
+sending them and decoding responses.
+
+# Introduction
+
+This is a fork of [pyrad](https://github.com/pyradius/pyrad) aiming to make it compatible with Python 3.12+ and introduce bug fixes and features. Most of the codebase now has type checking and test coverage has been increased. Legacy compatibility code with (very) older versions of Python have been removed and we only support Python 3.12+.
+
+Note that this is _not_ a stand-alone Radius implementation like [FreeRadius](https://www.freeradius.org). You are supposed to inherit the server classes and code your own behind-the-scenes implementation. This package allows you to code your business logic on top of it.
+
+# Requirements & Installation
+
+pyrad2 requires Python 3.12 and uses [uv](https://github.com/astral-sh/uv). On a Mac, you can simply run `brew install uv`.
+
+# Examples
+
+There are a few examples in the `examples` folder. 
+
+The easiest way to start a server is by running `make test_server_async`. This will run the example server in `examples/server_async.py`.
+
+If you want to see a request in action, leave the server running, open another terminal and type `make test_auth`.
+
+# Tests
+
+Run `make test`.
+
+# Author, Copyright, Availability
+
+pyrad2 is currently maintaned by Nicholas Amorim \<<nicholas@santos.ee\>.
+
+pyrad was written by Wichert Akkerman \<<wichert@wiggy.net>\> and is
+maintained by Christian Giese (GIC-de) and Istvan Ruzman (Istvan91).
+
+This project is licensed under a BSD license.
+
+Copyright and license information can be found in the LICENSE.txt file.
+
+The current version and documentation can be found on pypi:
+<https://pypi.org/project/pyrad2/>
+
+Bugs and wishes can be submitted in the pyrad issue tracker on github:
+<https://github.com/nicholasamorim/pyrad2/issues>

pyrad2-1.0.0/README.md

@@ -0,0 +1,47 @@
+[![Tests](https://github.com/nicholasamorim/pyrad2/actions/workflows/python-test.yml/badge.svg)](https://github.com/miraclesupernova/stickystack/actions/workflows/django.yml)
+[![python](https://img.shields.io/badge/Python-3.12+-3776AB.svg?style=flat&logo=python&logoColor=white)](https://www.python.org)
+[![pre-commit](https://img.shields.io/badge/pre--commit-enabled-brightgreen?logo=pre-commit&logoColor=white)](https://github.com/pre-commit/pre-commit)
+[![Code style: ruff](https://img.shields.io/badge/code%20style-ruff-000000.svg)]([https://github.com/psf/black](https://github.com/astral-sh/uv))
+[![Checked with mypy](http://www.mypy-lang.org/static/mypy_badge.svg)](http://mypy-lang.org/)
+
+pyrad2 is an implementation of a RADIUS client/server as described in RFC2865. It takes care of all the details like building RADIUS packets,
+sending them and decoding responses.
+
+# Introduction
+
+This is a fork of [pyrad](https://github.com/pyradius/pyrad) aiming to make it compatible with Python 3.12+ and introduce bug fixes and features. Most of the codebase now has type checking and test coverage has been increased. Legacy compatibility code with (very) older versions of Python have been removed and we only support Python 3.12+.
+
+Note that this is _not_ a stand-alone Radius implementation like [FreeRadius](https://www.freeradius.org). You are supposed to inherit the server classes and code your own behind-the-scenes implementation. This package allows you to code your business logic on top of it.
+
+# Requirements & Installation
+
+pyrad2 requires Python 3.12 and uses [uv](https://github.com/astral-sh/uv). On a Mac, you can simply run `brew install uv`.
+
+# Examples
+
+There are a few examples in the `examples` folder. 
+
+The easiest way to start a server is by running `make test_server_async`. This will run the example server in `examples/server_async.py`.
+
+If you want to see a request in action, leave the server running, open another terminal and type `make test_auth`.
+
+# Tests
+
+Run `make test`.
+
+# Author, Copyright, Availability
+
+pyrad2 is currently maintaned by Nicholas Amorim \<<nicholas@santos.ee\>.
+
+pyrad was written by Wichert Akkerman \<<wichert@wiggy.net>\> and is
+maintained by Christian Giese (GIC-de) and Istvan Ruzman (Istvan91).
+
+This project is licensed under a BSD license.
+
+Copyright and license information can be found in the LICENSE.txt file.
+
+The current version and documentation can be found on pypi:
+<https://pypi.org/project/pyrad2/>
+
+Bugs and wishes can be submitted in the pyrad issue tracker on github:
+<https://github.com/nicholasamorim/pyrad2/issues>

pyrad2-1.0.0/pyproject.toml

@@ -0,0 +1,24 @@
+[project]
+name = "pyrad2"
+version = "1.0.0"
+description = "RADIUS Server"
+readme = "README.md"
+requires-python = ">=3.12"
+dependencies = [
+    "loguru>=0.7.3",
+]
+
+[dependency-groups]
+dev = [
+    "mypy>=1.16.1",
+    "pytest>=8.4.1",
+    "pytest-cov>=6.2.1",
+    "pytest-sugar>=1.0.0",
+    "pyupgrade>=3.20.0",
+    "ruff>=0.12.2",
+    "types-setuptools>=80.9.0.20250529",
+]
+
+# [build-system]
+# requires = ["setuptools>=61.0", "wheel"]
+# build-backend = "setuptools.build_meta"

pyrad2-1.0.0/pyrad2/__init__.py

@@ -0,0 +1,45 @@
+"""Python RADIUS client code.
+
+pyrad is an implementation of a RADIUS client as described in RFC2865.
+It takes care of all the details like building RADIUS packets, sending
+them and decoding responses.
+
+Here is an example of doing a authentication request::
+
+  import pyrad.packet
+  from pyrad.client import Client
+  from pyrad.dictionary import Dictionary
+
+  srv = Client(server="radius.my.domain", secret="s3cr3t",
+    dict = Dictionary("dicts/dictionary", "dictionary.acc"))
+
+  req = srv.CreatePacket(code=pyrad.packet.AccessRequest,
+        User_Name = "wichert", NAS_Identifier="localhost")
+  req["User-Password"] = req.PwCrypt("password")
+
+  reply = srv.SendPacket(req)
+  if reply.code = =pyrad.packet.AccessAccept:
+      print "access accepted"
+  else:
+      print "access denied"
+
+  print "Attributes returned by server:"
+  for i in reply.keys():
+      print "%s: %s" % (i, reply[i])
+
+
+This package contains four modules:
+
+  - client: RADIUS client code
+  - dictionary: RADIUS attribute dictionary
+  - packet: a RADIUS packet as send to/from servers
+  - tools: utility functions
+"""
+
+__docformat__ = "epytext en"
+
+__author__ = "Nicholas Amorim <nicholas@bloomshield.ee>"
+__url__ = "http://pyrad2.readthedocs.io/en/latest/?badge=latest"
+__version__ = "1.0"
+
+__all__ = ["client", "dictionary", "packet", "server", "tools", "dictfile"]

pyrad2-1.0.0/pyrad2/bidict.py

@@ -0,0 +1,53 @@
+from typing import Any, Dict, Hashable
+
+
+class BiDict:
+    """
+    BiDict (Bidirectional Dictionary) provides a one-to-one mapping
+    between keys and values.
+
+    Supports both forward and reverse lookup.
+    """
+
+    def __init__(self) -> None:
+        """Initialize empty forward and reverse dictionaries."""
+        self.forward: Dict[Hashable, Any] = {}
+        self.backward: Dict[Hashable, Any] = {}
+
+    def Add(self, one: Hashable, two: Hashable) -> None:
+        """Add a bidirectional mapping between 'one' and 'two'."""
+        self.forward[one] = two
+        self.backward[two] = one
+
+    def __len__(self) -> int:
+        """Return the number of entries in the dictionary."""
+        return len(self.forward)
+
+    def __getitem__(self, key: Hashable) -> Any:
+        """Retrieve the value associated with the given key."""
+        return self.GetForward(key)
+
+    def __delitem__(self, key: Hashable) -> None:
+        """Remove key and its associated value from the dictionary."""
+        if key in self.forward:
+            del self.backward[self.forward[key]]
+            del self.forward[key]
+        else:
+            del self.forward[self.backward[key]]
+            del self.backward[key]
+
+    def GetForward(self, key: Hashable) -> Any:
+        """Return the value associated with 'key' from the forward mapping."""
+        return self.forward[key]
+
+    def HasForward(self, key: Hashable) -> bool:
+        """Check if 'key' exists in the forward mapping."""
+        return key in self.forward
+
+    def GetBackward(self, key: Hashable) -> Any:
+        """Return the key associated with 'value' from the reverse mapping."""
+        return self.backward[key]
+
+    def HasBackward(self, key: Hashable) -> bool:
+        """Check if 'value' exists in the reverse mapping."""
+        return key in self.backward

pyrad2-1.0.0/pyrad2/client.py

@@ -0,0 +1,242 @@
+__docformat__ = "epytext en"
+
+import hashlib
+import select
+import socket
+import struct
+import time
+from typing import Optional
+
+from pyrad2 import host, packet
+from pyrad2.dictionary import Dictionary
+
+EAP_CODE_REQUEST = 1
+EAP_CODE_RESPONSE = 2
+EAP_TYPE_IDENTITY = 1
+
+
+class Timeout(Exception):
+    """Simple exception class which is raised when a timeout occurs
+    while waiting for a RADIUS server to respond."""
+
+
+class Client(host.Host):
+    """Basic RADIUS client.
+    This class implements a basic RADIUS client. It can send requests
+    to a RADIUS server, taking care of timeouts and retries, and
+    validate its replies.
+
+    :ivar retries: number of times to retry sending a RADIUS request
+    :type retries: integer
+    :ivar timeout: number of seconds to wait for an answer
+    :type timeout: float
+    """
+
+    def __init__(
+        self,
+        server: str,
+        authport: int = 1812,
+        acctport: int = 1813,
+        coaport: int = 3799,
+        secret: bytes = b"",
+        dict: Optional[Dictionary] = None,
+        retries: int = 3,
+        timeout: int = 5,
+    ):
+        """Constructor.
+
+        :param   server: hostname or IP address of RADIUS server
+        :type    server: string
+        :param authport: port to use for authentication packets
+        :type  authport: integer
+        :param acctport: port to use for accounting packets
+        :type  acctport: integer
+        :param coaport: port to use for CoA packets
+        :type  coaport: integer
+        :param   secret: RADIUS secret
+        :type    secret: string
+        :param     dict: RADIUS dictionary
+        :type      dict: pyrad.dictionary.Dictionary
+        """
+        super().__init__(authport, acctport, coaport, dict)
+
+        self.server = server
+        self.secret = secret
+        self.retries = retries
+        self.timeout = timeout
+        self._poll = select.poll()
+        self._socket: Optional[socket.socket] = None
+
+    def bind(self, addr: str) -> None:
+        """Bind socket to an address.
+        Binding the socket used for communicating to an address can be
+        usefull when working on a machine with multiple addresses.
+
+        :param addr: network address (hostname or IP) and port to bind to
+        :type  addr: host,port tuple
+        """
+        self._CloseSocket()
+        self._SocketOpen()
+        if self._socket:
+            self._socket.bind(addr)
+        else:
+            raise RuntimeError("No socket present")
+
+    def _SocketOpen(self) -> None:
+        try:
+            family = socket.getaddrinfo(self.server, 80)[0][0]
+        except Exception:
+            family = socket.AF_INET
+        if not self._socket:
+            self._socket = socket.socket(family, socket.SOCK_DGRAM)
+            self._socket.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
+            self._poll.register(self._socket, select.POLLIN)
+
+    def _CloseSocket(self) -> None:
+        if self._socket:
+            self._poll.unregister(self._socket)
+            self._socket.close()
+            self._socket = None
+
+    def CreateAuthPacket(self, **args) -> packet.Packet:
+        """Create a new RADIUS packet.
+        This utility function creates a new RADIUS packet which can
+        be used to communicate with the RADIUS server this client
+        talks to. This is initializing the new packet with the
+        dictionary and secret used for the client.
+
+        :return: a new empty packet instance
+        :rtype:  pyrad.packet.AuthPacket
+        """
+        return super().CreateAuthPacket(secret=self.secret, **args)
+
+    def CreateAcctPacket(self, **args) -> packet.Packet:
+        """Create a new RADIUS packet.
+        This utility function creates a new RADIUS packet which can
+        be used to communicate with the RADIUS server this client
+        talks to. This is initializing the new packet with the
+        dictionary and secret used for the client.
+
+        :return: a new empty packet instance
+        :rtype:  pyrad.packet.Packet
+        """
+        return super().CreateAcctPacket(secret=self.secret, **args)
+
+    def CreateCoAPacket(self, **args) -> packet.Packet:
+        """Create a new RADIUS packet.
+        This utility function creates a new RADIUS packet which can
+        be used to communicate with the RADIUS server this client
+        talks to. This is initializing the new packet with the
+        dictionary and secret used for the client.
+
+        :return: a new empty packet instance
+        :rtype:  pyrad.packet.Packet
+        """
+        return super().CreateCoAPacket(secret=self.secret, **args)
+
+    def _SendPacket(self, pkt: packet.PacketImplementation, port: int):
+        """Send a packet to a RADIUS server.
+
+        :param pkt:  the packet to send
+        :type pkt:   pyrad.packet.Packet
+        :param port: UDP port to send packet to
+        :type port:  integer
+        :return:     the reply packet received
+        :rtype:      pyrad.packet.Packet
+        :raise Timeout: RADIUS server does not reply
+        """
+        self._SocketOpen()
+
+        for attempt in range(self.retries):
+            if attempt and pkt.code == packet.AccountingRequest:
+                if "Acct-Delay-Time" in pkt:
+                    pkt["Acct-Delay-Time"] = pkt["Acct-Delay-Time"][0] + self.timeout
+                else:
+                    pkt["Acct-Delay-Time"] = self.timeout
+
+            now = time.time()
+            waitto = now + self.timeout
+
+            if not self._socket:
+                raise RuntimeError("No socket present")
+
+            self._socket.sendto(pkt.RequestPacket(), (self.server, port))
+
+            while now < waitto:
+                ready = self._poll.poll((waitto - now) * 1000)
+
+                if ready:
+                    rawreply = self._socket.recv(4096)
+                else:
+                    now = time.time()
+                    continue
+
+                try:
+                    reply = pkt.CreateReply(packet=rawreply)
+                    if pkt.VerifyReply(reply, rawreply):
+                        return reply
+                except packet.PacketError:
+                    pass
+
+                now = time.time()
+
+        raise Timeout
+
+    def SendPacket(self, pkt: packet.PacketImplementation):  # type: ignore
+        """Send a packet to a RADIUS server.
+
+        :param pkt: the packet to send
+        :type pkt:  pyrad.packet.Packet
+        :return:    the reply packet received
+        :rtype:     pyrad.packet.Packet
+        :raise Timeout: RADIUS server does not reply
+        """
+        if isinstance(pkt, packet.AuthPacket):
+            if pkt.auth_type == "eap-md5":
+                # Creating EAP-Identity
+                password = pkt[2][0] if 2 in pkt else pkt[1][0]
+                pkt[79] = [
+                    struct.pack(
+                        "!BBHB%ds" % len(password),
+                        EAP_CODE_RESPONSE,
+                        packet.CurrentID,
+                        len(password) + 5,
+                        EAP_TYPE_IDENTITY,
+                        password,
+                    )
+                ]
+            reply = self._SendPacket(pkt, self.authport)
+            if (
+                reply
+                and reply.code == packet.AccessChallenge
+                and pkt.auth_type == "eap-md5"
+            ):
+                # Got an Access-Challenge
+                eap_code, eap_id, eap_size, eap_type, eap_md5 = struct.unpack(
+                    "!BBHB%ds" % (len(reply[79][0]) - 5), reply[79][0]
+                )
+                # Sending back an EAP-Type-MD5-Challenge
+                # Thank god for http://www.secdev.org/python/eapy.py
+                client_pw = pkt[2][0] if 2 in pkt else pkt[1][0]
+                md5_challenge = hashlib.md5(
+                    struct.pack("!B", eap_id) + client_pw + eap_md5[1:]
+                ).digest()
+                pkt[79] = [
+                    struct.pack(
+                        "!BBHBB",
+                        2,
+                        eap_id,
+                        len(md5_challenge) + 6,
+                        4,
+                        len(md5_challenge),
+                    )
+                    + md5_challenge
+                ]
+                # Copy over Challenge-State
+                pkt[24] = reply[24]
+                reply = self._SendPacket(pkt, self.authport)
+            return reply
+        elif isinstance(pkt, packet.CoAPacket):
+            return self._SendPacket(pkt, self.coaport)
+        else:
+            return self._SendPacket(pkt, self.acctport)