Class: Radius::Auth

Inherits:
Object
  • Object
show all
Defined in:
lib/radius/auth.rb

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(radhost, myip, timeout, dictfilename = File.dirname(__FILE__) + "/../../dictionary") ⇒ Auth

This method initializes the Auth object, given a dictionary filename to read, the RADIUS host to connect to, and a timeout value in seconds for the connection.

Parameters
dictfilename

Dictionary filename to read

radhost

name of RADIUS server optionally followed by port number

myip

the client’s own IP address (NAS IP address)

timeout

Timeout time



46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
 
# File 'lib/radius/auth.rb', line 46

def initialize(radhost, myip, timeout, dictfilename = File.dirname(__FILE__) + "/../../dictionary")
  @dict = Radius::Dictionary.new
  if dictfilename != nil
    File.open(dictfilename) do |fn|
      @dict.read(fn)
    end
  end
  @packet = Radius::Packet.new(@dict)

  # this is probably better than starting identifiers at 0
  @packet.identifier = Kernel.rand(65535)
  @myip = myip
  @host, @port = radhost.split(":")
  @port = Socket.getservbyname("radius", "udp") unless @port
  @port = 1812 unless @port
  @port = @port.to_i	# just in case
  @timeout = timeout
  @sock = UDPSocket.open
  @sock.connect(@host, @port)
end

Instance Attribute Details

#packetObject (readonly)

We can inspect and alter the contents of the internal RADIUS packet here (although this is probably not required for simple work)



36
37
38
 
# File 'lib/radius/auth.rb', line 36

def packet
  @packet
end

Instance Method Details

#check_passwd(name, pwd, secret) ⇒ Object

Verifies a username/password pair against the RADIUS server associated with the Auth object.

Parameters
name

The user name to verify

pwd

The password associated with this name

secret

The RADIUS secret of the system

Return value

returns true or false depending on whether or not the attempt succeeded or failed.



76
77
78
79
 
# File 'lib/radius/auth.rb', line 76

def check_passwd(name, pwd, secret)
  send_check_passwd(name, pwd, secret)
  recv_check_passwd
end

#gen_authenticatorObject

Generate an authenticator, placing it in the @packet object’s authenticator attribute. It will try to use /dev/urandom if possible, or the system rand call if that’s not available.



98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
 
# File 'lib/radius/auth.rb', line 98

def gen_authenticator
  # get authenticator data from /dev/urandom if possible
  if (File.exist?("/dev/urandom"))
    File.open("/dev/urandom") do |urandom|
      @packet.authenticator = urandom.read(16)
    end
  else
    # use the Kernel:rand method.  This is quite probably not
    # as secure as using /dev/urandom, be wary...
    @packet.authenticator = [rand(65536), rand(65536), rand(65536),
      rand(65536), rand(65536), rand(65536), rand(65536),
      rand(65536)].pack("n8")
  end
  return(@packet.authenticator)
end

#recv_check_passwdObject 



90
91
92
93
 
# File 'lib/radius/auth.rb', line 90

def recv_check_passwd
  recv_packet
  return(@packet.code == 'Access-Accept')
end

#recv_packetObject

Receive a packet from the server via UDP.



122
123
124
125
126
127
128
129
 
# File 'lib/radius/auth.rb', line 122

def recv_packet
  if select([@sock], nil, nil, @timeout) == nil
    raise "Timed out waiting for response packet from server"
  end
  data = @sock.recvfrom(65536)
  @packet.unpack(data[0])
  return(@packet)
end

#send_check_passwd(name, pwd, secret) ⇒ Object 



81
82
83
84
85
86
87
88
 
# File 'lib/radius/auth.rb', line 81

def send_check_passwd(name, pwd, secret)
  @packet.code = 'Access-Request'
  gen_authenticator
  @packet.set_attr('User-Name', name)
  @packet.set_attr('NAS-IP-Address', @myip)
  @packet.set_password(pwd, secret)
  send_packet
end

#send_packetObject

Sends a packet to the server via UDP.



115
116
117
118
119
 
# File 'lib/radius/auth.rb', line 115

def send_packet
  data = @packet.pack
  @packet.identifier = (@packet.identifier + 1) & 0xff
  @sock.send(data, 0)
end