Class: Radius::Auth

Inherits:

Object

• Object
• Radius::Auth

Defined in:

lib/radius/auth.rb

Instance Attribute Summary

• #packet ⇒ Object readonly

  We can inspect and alter the contents of the internal RADIUS packet here (although this is probably not required for simple work).

Instance Method Summary

• #check_passwd(name, pwd, secret) ⇒ Object

  Verifies a username/password pair against the RADIUS server associated with the Auth object.

• #gen_authenticator ⇒ Object

  Generate an authenticator, placing it in the @packet object's authenticator attribute.

• #initialize(radhost, myip, timeout, dictfilename = File.dirname(__FILE__) + "/../../dictionary") ⇒ Auth constructor

  This method initializes the Auth object, given a dictionary filename to read, the RADIUS host to connect to, and a timeout value in seconds for the connection.

• #recv_check_passwd ⇒ Object
• #recv_packet ⇒ Object

  Receive a packet from the server via UDP.

• #send_check_passwd(name, pwd, secret) ⇒ Object
• #send_packet ⇒ Object

  Sends a packet to the server via UDP.

Constructor Details

#initialize(radhost, myip, timeout, dictfilename = File.dirname(__FILE__) + "/../../dictionary") ⇒ Auth

This method initializes the Auth object, given a dictionary filename to read, the RADIUS host to connect to, and a timeout value in seconds for the connection. =====Parameters

dictfilename

Dictionary filename to read

radhost

name of RADIUS server optionally followed by port number

myip

the client's own IP address (NAS IP address)

timeout

Timeout time

# File 'lib/radius/auth.rb', line 46

def initialize(radhost, myip, timeout, dictfilename = File.dirname(__FILE__) + "/../../dictionary")
  @dict = Radius::Dictionary.new
  if dictfilename != nil
    File.open(dictfilename) do |fn|
      @dict.read(fn)
    end
  end
  @packet = Radius::Packet.new(@dict)

  # this is probably better than starting identifiers at 0
  @packet.identifier = Kernel.rand(65535)
  @myip = myip
  @host, @port = radhost.split(":")
  @port = Socket.getservbyname("radius", "udp") unless @port
  @port = 1812 unless @port
  @port = @port.to_i	# just in case
  @timeout = timeout
  @sock = UDPSocket.open
  @sock.connect(@host, @port)
end

Instance Attribute Details

#packet ⇒ Object (readonly)

We can inspect and alter the contents of the internal RADIUS packet here (although this is probably not required for simple work)

# File 'lib/radius/auth.rb', line 36

def packet
  @packet
end

Instance Method Details

#check_passwd(name, pwd, secret) ⇒ Object

Verifies a username/password pair against the RADIUS server associated with the Auth object.

=====Parameters

name

The user name to verify

pwd

The password associated with this name

secret

The RADIUS secret of the system

=====Return value returns true or false depending on whether or not the attempt succeeded or failed.

# File 'lib/radius/auth.rb', line 76

def check_passwd(name, pwd, secret)
  send_check_passwd(name, pwd, secret)
  recv_check_passwd
end

#gen_authenticator ⇒ Object

Generate an authenticator, placing it in the @packet object's authenticator attribute. It will try to use /dev/urandom if possible, or the system rand call if that's not available.

# File 'lib/radius/auth.rb', line 98

def gen_authenticator
  # get authenticator data from /dev/urandom if possible
  if (File.exist?("/dev/urandom"))
    File.open("/dev/urandom") do |urandom|
      @packet.authenticator = urandom.read(16)
    end
  else
    # use the Kernel:rand method.  This is quite probably not
    # as secure as using /dev/urandom, be wary...
    @packet.authenticator = [rand(65536), rand(65536), rand(65536),
      rand(65536), rand(65536), rand(65536), rand(65536),
      rand(65536)].pack("n8")
  end
  return(@packet.authenticator)
end

#recv_check_passwd ⇒ Object

# File 'lib/radius/auth.rb', line 90

def recv_check_passwd
  recv_packet
  return(@packet.code == 'Access-Accept')
end

#recv_packet ⇒ Object

Receive a packet from the server via UDP.

# File 'lib/radius/auth.rb', line 122

def recv_packet
  if select([@sock], nil, nil, @timeout) == nil
    raise "Timed out waiting for response packet from server"
  end
  data = @sock.recvfrom(65536)
  @packet.unpack(data[0])
  return(@packet)
end

#send_check_passwd(name, pwd, secret) ⇒ Object

# File 'lib/radius/auth.rb', line 81

def send_check_passwd(name, pwd, secret)
  @packet.code = 'Access-Request'
  gen_authenticator
  @packet.set_attr('User-Name', name)
  @packet.set_attr('NAS-IP-Address', @myip)
  @packet.set_password(pwd, secret)
  send_packet
end

#send_packet ⇒ Object

Sends a packet to the server via UDP.

# File 'lib/radius/auth.rb', line 115

def send_packet
  data = @packet.pack
  @packet.identifier = (@packet.identifier + 1) & 0xff
  @sock.send(data, 0)
end