Page info
Author
Wichert Akkerman
Navigation
Home
Where it all starts
Code
Useful and useless code
Presentations
What I have been telling others
Rants
I love to complain
My sites
Paradiso calendar
An easy to use calendar
HugeURL
For better URL bragging rights

pyrad

Summary Python RADIUS client
Current version 1.1
Downloads pyrad-1.1.tar.gz or from the python package index

pyrad is an implementation of a RADIUS client as described in RFC2865. It takes care of all the details like building RADIUS packets, sending them and decoding responses.

Modules

pyrad contains several modules:

pyrad.client
RADIUS client class.
pyrad.dictionary
RADIUS dictionary support. Supports standard radiusd dictionaries and has preliminary support for the freeradius octets and abinary extensions.
pyrad.packet
A packet with a RADIUS request or reply. A packet object takes care of all the necessary data conversion allowing the programmer to only use standard python data types and RADIUS attribute names.
pyrad.server
Basic RADIUS server and proxy classes.
pyrad.tools
Utility functions, mostly used internally for data conversion

Simple example

Below is a simple example of how to use pyrad; it shows how to do an authentication request. 

import pyrad.packet
from pyrad.client import Client
from pyrad.dictionary import Dictionary

srv=Client(server="radius.my.domain", secret="s3cr3t",
dict=Dictionary("dicts/dictionary", "dictionary.acc"))

req=srv.CreateAuthPacket(code=pyrad.packet.AccessRequest,
        User_Name="wichert", NAS_Identifier="localhost")
        req["User-Password"]=req.PwCrypt("password")

reply=srv.SendPacket(req)
if reply.code==pyrad.packet.AccessAccept:
    print "access accepted"
else:
    print "access denied"

print "Attributes returned by server:"
for i in reply.keys():
    print "%s: %s" % (i, reply[i])

Changes

1.1
  • Add the octets datatype from FreeRADIUS. This is treated just like string; the only difference is how FreeRADIUS prints it.
  • Check against unimplemented datatypes in EncodeData and DecodeData instead of assuming an identity transform works.
  • Make Packet.has_key and __contains__ gracefully handle unknown attributes. Based on a patch from Alexey V Michurun.
  • Add a __delitem__ implementation to Packet. Based on a patch from Alexey V Michurun.
1.0
  • Add unit tests. Pyrad now has 100% test coverage!
  • Moved the proxy server has been out of the server module to a new proxy module.
  • Fix several errors that prevented the proxy code from working.
  • Use the standard logging module instead of printing to stdout.
  • The default dictionary for Server instances was shared between all instances, possibly leading to unwanted data pollution. Each Server now gets its own dict instance if none is passed in to the constructor.
  • Fixed a timeout handling problem in the client: after receiving an invalid reply the current time was not updated, possibly leading to the client blocking forever.
  • Switch to setuptools, allowing pyrad to be distributed as an egg via the python package index.
  • Use absolute instead of relative imports.
  • Sockets are now opened with SO_REUSEADDR enabled to allow for faster restarts.
0.9
  • Start using trac as issue tracker
  • [3] Fix handling of packets with an id of 0
  • [2] Fix handling of file descriptor parameters in the server code and example.
  • [4] Fix wrong variable name in exception raised when encountering an overly long packet.
  • [5] Fix error message in parse error for dictionaries.
  • [8] Packet.CreateAuthenticator is now a static method.
0.8
  • Fix time-handling in the client packet sending code: it would loop forever since the now time was updated at the wrong moment. Fix from Michael Mitchell.
  • Fix passing of dict parameter when creating reply packets.
0.7
  • add HandleAuthPacket and HandleAcctPacket hooks to Server class. Request from Thomas Boettcher.
  • Pass on dict attribute when creating a reply packet. Requested by Thomas Boettcher
  • Allow specififying new attributes when using Server.CreateReplyPacket. Requested by Thomas Boettcher.
0.6
  • packet.VerifyReply() had a syntax error when not called with a raw packet
  • Add bind() method to the Client class
  • [SECURITY] Fix handling of timeouts in client module: when a bad packet was received pyrad immediately started the next retry instead of discarding it and waiting for a timeout. This could be exploited by sending a number of bogus responses before a correct reply to make pyrad not see the real response.
  • correctly set Acct-Delay-Time when resending accounting requests packets
  • verify account request packages as well (from Farshad Khoshkhui)
  • protect against packets with bogus lengts (from Farshad Khoshkhui)
0.5 (subversion revision 79)
  • Fix typo in server class which broke handling of accounting packets
  • Create seperate AuthPacket and AcctPacket classes; this resulted in a fair number of API changes
  • Packets now know how to create and verify replies
  • Client now directs authentication and accounting packets to the correct port on the server
  • Add twisted support via the new curved module
  • Fix incorrect exception handling in client code
  • Update example server to handle accounting packets
  • Add example for sending account packets
0.4 (subversion revision 61)
  • Fix last case of bogus exception usage
  • Move RADIUS code constants to packet module
  • Add support for decoding passwords and generating reply packets to Packet class
  • Add basic RADIUS server and proxy implementation
0.3 (subversion revision 44)
  • client.Timeout is now derived from Exception
  • docstring (epydoc) documentation added
  • include example dictionaries and authentication script
  • Now using subversion instead of CVS
0.2
  • Use proper exceptions
  • Encode and decode vendor attributes
  • Dictionary can parse vendor dictionaries
  • Dictionary can handle attribute values
  • Enhance most constructors; they now take extra optional parameters with initialisation info.
  • No longer use obsolete python interfaces like whrandom
0.1
  • First release
Copyright Information
Content copyright 2002,2003,2004 Wichert Akkerman
Layout copyright 2004 Neil Patel