pyrad.packet
– packet encoding and decoding¶
- class pyrad.packet.Packet(code=0, id=None, secret=b'', authenticator=None, **attributes)[source]¶
Packet acts like a standard python map to provide simple access to the RADIUS attributes. Since RADIUS allows for repeated attributes the value will always be a sequence. pyrad makes sure to preserve the ordering when encoding and decoding packets.
There are two ways to use the map interface: if attribute names are used pyrad take care of en-/decoding data. If the attribute type number (or a vendor ID/attribute type tuple for vendor attributes) is used you work with the raw data.
Normally you will not use this class directly, but one of the
AuthPacket
orAcctPacket
classes.- AddAttribute(key, value)[source]¶
Add an attribute to the packet.
- Parameters:
key (string, attribute code or (vendor code, attribute code) tuple) – attribute name or identification
value (depends on type of attribute) – value
- static CreateAuthenticator()[source]¶
Create a packet authenticator. All RADIUS packets contain a sixteen byte authenticator which is used to authenticate replies from the RADIUS server and in the password hiding algorithm. This function returns a suitable random string that can be used as an authenticator.
- Returns:
valid packet authenticator
- Return type:
binary string
- CreateID()[source]¶
Create a packet ID. All RADIUS requests have a ID which is used to identify a request. This is used to detect retries and replay attacks. This function returns a suitable random number that can be used as ID.
- Returns:
ID number
- Return type:
integer
- CreateReply(**attributes)[source]¶
Create a new packet as a reply to this one. This method makes sure the authenticator and secret are copied over to the new instance.
- DecodePacket(packet)[source]¶
Initialize the object from raw packet data. Decode a packet as received from the network and decode it.
- Parameters:
packet (string) – raw packet
- ReplyPacket()[source]¶
Create a ready-to-transmit authentication reply packet. Returns a RADIUS packet which can be directly transmitted to a RADIUS server. This differs with Packet() in how the authenticator is calculated.
- Returns:
raw packet
- Return type:
string
- SaltCrypt(value)[source]¶
SaltEncrypt
- Parameters:
value – plaintext value
- Type:
unicode string
- Returns:
obfuscated version of the value
- Return type:
binary string
- SaltDecrypt(value)[source]¶
- Parameters:
value – encrypted value including salt
- Type:
binary string
- Returns:
decrypted plaintext string
- Return type:
unicode string
- has_key(key)¶
True if the dictionary has the specified key, else False.
- class pyrad.packet.AuthPacket(code=1, id=None, secret=b'', authenticator=None, auth_type='pap', **attributes)[source]¶
- CreateReply(**attributes)[source]¶
Create a new packet as a reply to this one. This method makes sure the authenticator and secret are copied over to the new instance.
- PwCrypt(password)[source]¶
Obfuscate password. RADIUS hides passwords in packets by using an algorithm based on the MD5 hash of the packet authenticator and RADIUS secret. If no authenticator has been set before calling PwCrypt one is created automatically. Changing the authenticator after setting a password that has been encrypted using this function will not work.
- Parameters:
password (unicode string) – plaintext password
- Returns:
obfuscated version of the password
- Return type:
binary string
- PwDecrypt(password)[source]¶
Obfuscate a RADIUS password. RADIUS hides passwords in packets by using an algorithm based on the MD5 hash of the packet authenticator and RADIUS secret. This function reverses the obfuscation process.
- Parameters:
password (binary string) – obfuscated form of password
- Returns:
plaintext password
- Return type:
unicode string
- RequestPacket()[source]¶
Create a ready-to-transmit authentication request packet. Return a RADIUS packet which can be directly transmitted to a RADIUS server.
- Returns:
raw packet
- Return type:
string
- class pyrad.packet.AcctPacket(code=4, id=None, secret=b'', authenticator=None, **attributes)[source]¶
RADIUS accounting packets. This class is a specialization of the generic
Packet
class for accounting packets.- CreateReply(**attributes)[source]¶
Create a new packet as a reply to this one. This method makes sure the authenticator and secret are copied over to the new instance.
- class pyrad.packet.CoAPacket(code=43, id=None, secret=b'', authenticator=None, **attributes)[source]¶
RADIUS CoA packets. This class is a specialization of the generic
Packet
class for CoA packets.- CreateReply(**attributes)[source]¶
Create a new packet as a reply to this one. This method makes sure the authenticator and secret are copied over to the new instance.
Constants¶
The pyrad.packet
module defines several common constants
that are useful when dealing with RADIUS packets.
The following packet codes are defined:
Constant name |
Value |
---|---|
AccessRequest |
1 |
AccessAccept |
2 |
AccessReject |
3 |
AccountingRequest |
4 |
AccountingResponse |
5 |
AccessChallenge |
11 |
StatusServer |
12 |
StatusClient |
13 |
DisconnectRequest |
40 |
DisconnectACK |
41 |
DisconnectNAK |
42 |
CoARequest |
43 |
CoAACK |
44 |
CoANAK |
45 |