pyrad获取明文密码

时间:2018-09-11 19:38:22

标签: python python-3.5 radius

我正在尝试使用pyrad构建一个简单的Radius服务器。它可以正常工作,但是要在我的记录中检查用户密码,我首先需要明文密码。

我的代码:

    #!/usr/bin/python
from __future__ import print_function
from pyrad import dictionary, packet, server
import six
import logging
from pyrad.tools import *

from pyrad.packet import AuthPacket

try:
    import hashlib
    md5_constructor = hashlib.md5
except ImportError:
    # BBB for python 2.4
    import md5
    md5_constructor = md5.new

logging.basicConfig(filename="pyrad.log", level="DEBUG",
                    format="%(asctime)s [%(levelname)-8s] %(message)s")

def dump(obj):
   for attr in dir(obj):
       if hasattr( obj, attr ):
           print( "obj.%s = %s" % (attr, getattr(obj, attr)))

class FakeServer(server.Server):

    def HandleAuthPacket(self, pkt):

        pwd = pkt.PwDecrypt(pkt['User-Password'][0])
        uname = pkt['User-Name'][0]
        print (uname)
        print ('Plaintext PW: {}' . format(pwd))
        print("Received an authentication request")


        print("Attributes: ")
        for attr in pkt.keys():
            print("%s: %s" % (attr, pkt[attr]))

        reply = self.CreateReplyPacket(pkt, **{
            "Service-Type": "Framed-User",
            "Framed-IP-Address": '192.168.0.1',
            "Framed-IPv6-Prefix": "fc66::1/64"
        })

        reply.code = packet.AccessAccept
        self.SendReplyPacket(pkt.fd, reply)

    def HandleAcctPacket(self, pkt):

        print("Received an accounting request")
        print("Attributes: ")
        for attr in pkt.keys():
            print("%s: %s" % (attr, pkt[attr]))

        reply = self.CreateReplyPacket(pkt)
        self.SendReplyPacket(pkt.fd, reply)

    def HandleCoaPacket(self, pkt):

        print("Received an coa request")
        print("Attributes: ")
        for attr in pkt.keys():
            print("%s: %s" % (attr, pkt[attr]))

        reply = self.CreateReplyPacket(pkt)
        self.SendReplyPacket(pkt.fd, reply)

    def HandleDisconnectPacket(self, pkt):

        print("Received an disconnect request")
        print("Attributes: ")
        for attr in pkt.keys():
            print("%s: %s" % (attr, pkt[attr]))

        reply = self.CreateReplyPacket(pkt)
        # COA NAK
        reply.code = 45
        self.SendReplyPacket(pkt.fd, reply)

if __name__ == '__main__':

    # create server and read dictionary
    srv = FakeServer(dict=dictionary.Dictionary("dictionary"), coa_enabled=True)

    # add clients (address, secret, name)
    srv.hosts["xxx.xxx.xxx.xxx"] = server.RemoteHost("xxx.xxx.xxx.xxx", b"mysecretpw", "xxx.xxx.xxx.xxx")

    srv.BindToAddress("")

    # start server
    srv.Run()

其输出为:

b'thisistheusername\xe1\xe9'
Plaintext PW: b'\xc6NK\x18\xcb\xea\xd2Ne6t\xe1[p{\xb9'
Received an authentication request
Attributes:
User-Name: [b'thisistheusername\xe1\xe9']
User-Password: [b'r?\xbd7\xbd&\x9b\xdc17i\xc1\xc6\x95\xe6\xee']

我正在使用NTRadPing进行测试。输入是:

Username: thisistheusernameáé
Password: asdasd

所以我的问题是我无法获得原始的纯文本密码。我在做什么错了?

pyrad服务器正在Ubuntu Xenial上运行。

您可以在GitHub上找到它:https://github.com/wichert/pyrad

非常感谢您!

2 个答案:

答案 0 :(得分:1)

从根本上来说,您确实不应该有权访问纯文本密码。您应该将密码的哈希值与拥有的哈希值进行比较,以验证登录名,而不是比较纯文本。

答案 1 :(得分:0)

我找到了解决方法!

代码很完美。问题是我尝试使用错误的SECRET密钥进行身份验证。

由于密码已包含在软件包中,因此代码无法使用错误的秘密密钥对其进行解密。