chewie.radius module
RADIUS Packets
- exception chewie.radius.InvalidMessageAuthenticatorError
Bases:
Exception
- To be used when the Message-Authenticator hashes
(received in packet, and calculated) do not match.
Received packets that throw this error should be ‘silently dropped’ (logging is fine).
- exception chewie.radius.InvalidResponseAuthenticatorError
Bases:
Exception
To be used when the ResponseAuthenticator hashes (received in packet, and calculated) do not match.
- class chewie.radius.Radius
Bases:
object
Radius packet interface which will determin the correct RadiusPacket child class to use
- ACCESS_ACCEPT = 2
- ACCESS_CHALLENGE = 11
- ACCESS_REJECT = 3
- ACCESS_REQUEST = 1
- ACCOUNTING_REQUEST = 4
- ACCOUNTING_RESPONSE = 5
- STATUS_CLIENT = 13
- STATUS_SERVER = 12
- pack()
- static parse(packed_message, secret, radius_lifecycle=None)
- Args:
packed_message: secret (str): Shared sceret between chewie and RADIUS server. radius_lifecycle: RadiusLifecycle object
- Returns:
- RadiusPacket - RadiusAccessChallenge/RadiusAccessRequest/
RadiusAccessAccept/RadiusAccessFailure
- Raises:
MessageParseError: if packed_message cannot be parsed
- class chewie.radius.RadiusAccessAccept(packet_id, authenticator, attributes)
Bases:
RadiusPacket
- CODE = 2
- class chewie.radius.RadiusAccessChallenge(packet_id, authenticator, attributes)
Bases:
RadiusPacket
- CODE = 11
- class chewie.radius.RadiusAccessReject(packet_id, authenticator, attributes)
Bases:
RadiusPacket
- CODE = 3
- class chewie.radius.RadiusAccessRequest(packet_id, authenticator, attributes)
Bases:
RadiusPacket
- CODE = 1
- class chewie.radius.RadiusAttributesList(attributes)
Bases:
object
Container class for the Radius Attribute Value Pairs
- classmethod extract_attributes(attributes_data, attributes, attributes_to_concat)
Extracts Radius Attributes from a packed payload. Keeps track of attribute ordering. Args:
attributes_data (): data to extract from (input). attributes: attributes extracted (output variable). attributes_to_concat (dict): (output variable).
- Raises:
MessageParseError: RadiusAttribute.parse will raise error if it cannot parse the attribute’s data
- find(item)
Find first attribute that has the matching description Args:
item (str): description of attribute to find
- Returns:
attribute or None if not found
- indexof(item)
Finds the position (number of bytes) that item is at in list. Args:
item (str): description of attribute to find index of.
- Returns:
int - number of bytes to item.
- Raises:
ValueErrpr: if cannot find item
- classmethod merge_concat_attributes(attributes, attributes_to_concat)
Removes concat attributes for attributes list, and inserts a single new master attribute for all concat attributes of the same type (e.g. EAPMessage, EAPMessage, = 1 EAPMessage) Args:
attributes (list): attributes_to_concat (dict): attribute - position.
- Returns:
attributes (list)
- Raises:
MessageParseError: RadiusAttribute.parse will raise error if it cannot parse the attribute’s data
- pack()
- classmethod parse(attributes_data)
- Args:
attributes_data:
- Returns:
RadiusAttributeList
- Raises:
MessageParseError: if unable to parse an attribute’s data.
- to_dict()
- class chewie.radius.RadiusPacket(packet_id, authenticator, attributes)
Bases:
Radius
super class for different radius packets
- CODE = None
- build(secret=None)
- Only call this once, or else the MessageAuthenticator will not be zeros,
resulting in the wrong hash Args:
secret (str): Shared sceret between chewie and RADIUS server.
- Returns:
packed packet (bytes)
- pack()
- packed = None
- classmethod parse(packet_id, request_authenticator, attributes)
- Args:
packed_message: secret (str): Shared sceret between chewie and RADIUS server. radius_lifecycle: RadiusLifecycle object
- Returns:
- RadiusPacket - RadiusAccessChallenge/RadiusAccessRequest/
RadiusAccessAccept/RadiusAccessFailure
- Raises:
MessageParseError: if packed_message cannot be parsed
- static validate_message_authenticator(radius_packet, secret, request_authenticator)
- validate_packet(secret, request_authenticator=None, code=None)
Calculates the Response Authenticator (in Radius Header) and MessageAuthenticator (a Radius Attribute) hashes and compares with what was provided. Args:
code (int): The RADIUS Code (e.g. Access-Challenge) secret (str): secret shared between RADIUS and chewie. request_authenticator (): the original request authenticator for this
packet (which is a response)
- Raises:
ValueError: if secret is None or empty string. InvalidResponseAuthenticatorError: if Response Authenticator does not match calculated. InvalidMessageAuthenticatorError: if MessageAuthenticator does not match calculated.
- static validate_response_authenticator(radius_packet, request_authenticator, secret, code)
- chewie.radius.register_packet_type_parser(cls)