#!/usr/bin/python # # FreeIPA 2FA Test Day RADIUS Daemon # # Authors: Nathaniel McCallum # # Copyright (C) 2013 Nathaniel McCallum, Red Hat # see file 'COPYING' for use and warranty information # # This program is free software you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . import socket import StringIO import sys try: from pyrad import packet from pyrad.dictionary import Dictionary except ImportError: sys.stdout.write("pyrad not found!\n") sys.exit(1) # We could use a dictionary file, but since we need # such few attributes, we'll just include them here DICTIONARY = """ ATTRIBUTE User-Name 1 string ATTRIBUTE User-Password 2 string ATTRIBUTE NAS-Identifier 32 string """ dct = Dictionary(StringIO.StringIO(DICTIONARY)) sock = socket.fromfd(3, socket.AF_INET, socket.SOCK_DGRAM) while True: (buf, source) = sock.recvfrom(4096) if not buf: break pkt = packet.AuthPacket(secret="testday", dict=dct, packet=buf) usernm = [] passwd = [] for key in pkt.keys(): if key == 'User-Password': passwd = map(pkt.PwDecrypt, pkt[key]) elif key == 'User-Name': usernm = pkt[key] print "Authentication from %s with password %s" % (usernm, passwd) reply = pkt.CreateReply() if passwd == ['accept']: reply.code = packet.AccessAccept print "Response: AccessAccept" else: reply.code = packet.AccessReject print "Response: AccessReject" sock.sendto(reply.ReplyPacket(), source)