refactoring

2025-12-12 01:00:29 +08:00 · 2022-03-27 03:50:11 +03:00 · 2022-03-27 03:50:11 +03:00 · 6dc1b758b5
commit 6dc1b758b5
parent be5f57e03f
3 changed files with 64 additions and 28 deletions
--- a/2
+++ b/2
@ -62,7 +62,7 @@ depends=(
 	python-xlib
 	python-hidapi
 	python-six
-	python-radius
+	python-pyrad
 	libgpiod
 	freetype2
 	"v4l-utils>=1.22.1-1"
--- a/kvmd/plugins/auth/radius.py
+++ b/kvmd/plugins/auth/radius.py
@ -19,26 +19,55 @@
 #                                                                            #
 # ========================================================================== #

-#
-# For some reason this needs the two following files in /
-#  https://raw.githubusercontent.com/AndrewAubury/kvmd/master/kvmd/plugins/auth/radius.py
-#  https://github.com/pyradius/pyrad/raw/master/example/dictionary.freeradius
-#
+
+import io
+import textwrap

 from typing import Dict

+import pyrad.client
+import pyrad.packet
+import pyrad.dictionary
+
 from ...yamlconf import Option

-from ...validators.os import valid_abs_file
 from ...validators.net import valid_port
 from ...validators.net import valid_ip_or_host
 from ...validators.basic import valid_int_f1

+from ...logging import get_logger
+
+from ... import aiotools
+
 from . import BaseAuthService

-from pyrad.client import Client
-from pyrad.dictionary import Dictionary
-import pyrad.packet 
+
+# =====
+_FREERADUIS_DICT = textwrap.dedent("""
+    # https://github.com/pyradius/pyrad/raw/master/example/dictionary.freeradius
+
+    VENDOR			FreeRADIUS			11344
+    BEGIN-VENDOR	FreeRADIUS
+
+    ATTRIBUTE	FreeRADIUS-Statistics-Type		127	integer
+
+    VALUE	FreeRADIUS-Statistics-Type	None					0
+    VALUE	FreeRADIUS-Statistics-Type	Authentication			1
+    VALUE	FreeRADIUS-Statistics-Type	Accounting				2
+    VALUE	FreeRADIUS-Statistics-Type	Proxy-Authentication	4
+    VALUE	FreeRADIUS-Statistics-Type	Proxy-Accounting		8
+    VALUE	FreeRADIUS-Statistics-Type	Internal				0x10
+    VALUE	FreeRADIUS-Statistics-Type	Client					0x20
+    VALUE	FreeRADIUS-Statistics-Type	Server					0x40
+    VALUE	FreeRADIUS-Statistics-Type	Home-Server				0x80
+
+    VALUE	FreeRADIUS-Statistics-Type	Auth-Acct				0x03
+    VALUE	FreeRADIUS-Statistics-Type	Proxy-Auth-Acct			0x0c
+
+    VALUE	FreeRADIUS-Statistics-Type	All						0x1f
+
+    END-VENDOR FreeRADIUS
+""")


 # =====
@ -48,37 +77,43 @@ class Plugin(BaseAuthService):
        host: str,
        port: int,
        secret: str,
-        user: str,
-        passwd: str,
-        timeout: int,
+        timeout: float,
    ) -> None:

        self.__host = host
        self.__port = port
        self.__secret = secret
-        self.__user = user
-        self.__passwd = passwd
        self.__timeout = timeout

    @classmethod
    def get_plugin_options(cls) -> Dict:
        return {
-            "host":     Option("localhost",type=valid_ip_or_host),
-            "port":  Option(1812,type=valid_port),
+            "host":    Option("localhost", type=valid_ip_or_host),
+            "port":    Option(1812, type=valid_port),
            "secret":  Option(""),
-            "user":    Option(""),
-            "passwd":  Option(""),
-            "timeout": Option(5,type=valid_int_f1),
+            "timeout": Option(5, type=valid_int_f1),
        }

    async def authorize(self, user: str, passwd: str) -> bool:
-        user = user.strip()
+        return (await aiotools.run_async(self.__inner_authorize, user, passwd))
+
+    def __inner_authorize(self, user: str, passwd: str) -> bool:
+        assert user == user.strip()
+        assert user
        try:
-            srv = Client(server=self.__host, secret=self.__secret.encode('ascii'), timeout=self.__timeout, dict=Dictionary("dictionary"))
-            req = srv.CreateAuthPacket(code=pyrad.packet.AccessRequest, User_Name=user)
-            req["User-Password"] = req.PwCrypt(passwd)
-            # send request
-            reply = srv.SendPacket(req)
-            return (reply.code == pyrad.packet.AccessAccept)
-        except:
+            with io.StringIO(_FREERADUIS_DICT) as dct_file:
+                dct = pyrad.dictionary.Dictionary(dct_file)
+            client = pyrad.client.Client(
+                server=self.__host,
+                authport=self.__port,
+                secret=self.__secret.encode("ascii"),
+                timeout=self.__timeout,
+                dict=dct,
+            )
+            request = client.CreateAuthPacket(code=pyrad.packet.AccessRequest, User_Name=user)
+            request["User-Password"] = request.PwCrypt(passwd)
+            response = client.SendPacket(request)
+            return (response.code == pyrad.packet.AccessAccept)
+        except Exception:
+            get_logger().exception("Failed RADIUS auth request for user %r", user)
            return False
--- a/testenv/requirements.txt
+++ b/testenv/requirements.txt
@ -1,4 +1,5 @@
 pyghmi
 spidev
+pyrad
 types-PyYAML
 types-aiofiles