pyrad.packet
– packet encoding and decoding¶
-
class
pyrad.packet.
Packet
(code=0, id=None, secret=b'', authenticator=None, **attributes)[source]¶ Packet acts like a standard python map to provide simple access to the RADIUS attributes. Since RADIUS allows for repeated attributes the value will always be a sequence. pyrad makes sure to preserve the ordering when encoding and decoding packets.
There are two ways to use the map intereface: if attribute names are used pyrad take care of en-/decoding data. If the attribute type number (or a vendor ID/attribute type tuple for vendor attributes) is used you work with the raw data.
Normally you will not use this class directly, but one of the
AuthPacket
orAcctPacket
classes.-
AddAttribute
(key, value)[source]¶ Add an attribute to the packet.
- Parameters
key (string, attribute code or (vendor code, attribute code) tuple) – attribute name or identification
value (depends on type of attribute) – value
-
static
CreateAuthenticator
()[source]¶ Create a packet authenticator. All RADIUS packets contain a sixteen byte authenticator which is used to authenticate replies from the RADIUS server and in the password hiding algorithm. This function returns a suitable random string that can be used as an authenticator.
- Returns
valid packet authenticator
- Return type
binary string
-
CreateID
()[source]¶ Create a packet ID. All RADIUS requests have a ID which is used to identify a request. This is used to detect retries and replay attacks. This function returns a suitable random number that can be used as ID.
- Returns
ID number
- Return type
integer
-
CreateReply
(**attributes)[source]¶ Create a new packet as a reply to this one. This method makes sure the authenticator and secret are copied over to the new instance.
-
DecodePacket
(packet)[source]¶ Initialize the object from raw packet data. Decode a packet as received from the network and decode it.
- Parameters
packet (string) – raw packet
-
ReplyPacket
()[source]¶ Create a ready-to-transmit authentication reply packet. Returns a RADIUS packet which can be directly transmitted to a RADIUS server. This differs with Packet() in how the authenticator is calculated.
- Returns
raw packet
- Return type
string
-
SaltCrypt
(value)[source]¶ Salt Encryption
- Parameters
value – plaintext value
- Returns
obfuscated version of the value
- Return type
binary string
-
has_key
(key)¶ True if the dictionary has the specified key, else False.
-
-
class
pyrad.packet.
AuthPacket
(code=1, id=None, secret=b'', authenticator=None, auth_type='pap', **attributes)[source]¶ -
CreateReply
(**attributes)[source]¶ Create a new packet as a reply to this one. This method makes sure the authenticator and secret are copied over to the new instance.
-
PwCrypt
(password)[source]¶ Obfuscate password. RADIUS hides passwords in packets by using an algorithm based on the MD5 hash of the packet authenticator and RADIUS secret. If no authenticator has been set before calling PwCrypt one is created automatically. Changing the authenticator after setting a password that has been encrypted using this function will not work.
- Parameters
password (unicode string) – plaintext password
- Returns
obfuscated version of the password
- Return type
binary string
-
PwDecrypt
(password)[source]¶ Obfuscate a RADIUS password. RADIUS hides passwords in packets by using an algorithm based on the MD5 hash of the packet authenticator and RADIUS secret. This function reverses the obfuscation process.
- Parameters
password (binary string) – obfuscated form of password
- Returns
plaintext password
- Return type
unicode string
-
RequestPacket
()[source]¶ Create a ready-to-transmit authentication request packet. Return a RADIUS packet which can be directly transmitted to a RADIUS server.
- Returns
raw packet
- Return type
string
-
-
class
pyrad.packet.
AcctPacket
(code=4, id=None, secret=b'', authenticator=None, **attributes)[source]¶ RADIUS accounting packets. This class is a specialization of the generic
Packet
class for accounting packets.-
CreateReply
(**attributes)[source]¶ Create a new packet as a reply to this one. This method makes sure the authenticator and secret are copied over to the new instance.
-
-
class
pyrad.packet.
CoAPacket
(code=43, id=None, secret=b'', authenticator=None, **attributes)[source]¶ RADIUS CoA packets. This class is a specialization of the generic
Packet
class for CoA packets.-
CreateReply
(**attributes)[source]¶ Create a new packet as a reply to this one. This method makes sure the authenticator and secret are copied over to the new instance.
-
Constants¶
The pyrad.packet
module defines several common constants
that are useful when dealing with RADIUS packets.
The following packet codes are defined:
Constant name |
Value |
---|---|
AccessRequest |
1 |
AccessAccept |
2 |
AccessReject |
3 |
AccountingRequest |
4 |
AccountingResponse |
5 |
AccessChallenge |
11 |
StatusServer |
12 |
StatusClient |
13 |
DisconnectRequest |
40 |
DisconnectACK |
41 |
DisconnectNAK |
42 |
CoARequest |
43 |
CoAACK |
44 |
CoANAK |
45 |