DEVHIDE
Login Or Sign up

Cant send http post requests from freeradius using Rlm_python module

1.2k Views Asked by At

I'm trying to access a rest back end to authenticate users via RADIUS. Thus I wrote this Python script. All steps in the script work fine when using the terminal. But regarding the Freeradius log, when this script is called by Freeradius it always stops at response = urllib2.urlopen(req). I tried a similar script using requests instead of urllib2. The result was the same. It seems that somehow the Freeradius service isn't allowed to access the network or something like that. Does anyone know what could be causing this or how to obtain more debug data then just seeing where it stopped?

Setup: Ubuntu 16.04
Python 2.7.12
Freeradius 3.0.15

/var/log/freeradius/radius.log

Thu Aug 24 18:08:16 2017 : Warning: [/etc/freeradius/mods-config/attr_filter/access_reject]:11 Check item "FreeRAD$
Thu Aug 24 18:08:16 2017 : Warning: [/etc/freeradius/mods-config/attr_filter/access_reject]:11 Check item "FreeRAD$
Thu Aug 24 18:08:16 2017 : Info: Python version: 2.7.12 (default, Nov 19 2016, 06:48:10)  [GCC 5.4.0 20160609]
Thu Aug 24 18:08:16 2017 : Info: Loaded virtual server <default>
Thu Aug 24 18:08:16 2017 : Warning: Ignoring "sql" (see raddb/mods-available/README.rst)
Thu Aug 24 18:08:16 2017 : Warning: Ignoring "ldap" (see raddb/mods-available/README.rst)
Thu Aug 24 18:08:16 2017 : Info:  # Skipping contents of 'if' as it is always 'false' -- /etc/freeradius/sites-ena$
Thu Aug 24 18:08:16 2017 : Info: Loaded virtual server inner-tunnel
Thu Aug 24 18:08:16 2017 : Info: Loaded virtual server default
Thu Aug 24 18:08:16 2017 : Info: Ready to process requests
Thu Aug 24 18:08:31 2017 : Info: *** radlog call in authorize ***
Thu Aug 24 18:08:31 2017 : Info: ***pda ***
Thu Aug 24 18:08:31 2017 : Info: *** vor request push ab setzten ***
Thu Aug 24 18:31:33 2017 : Info: Signalled to terminate
Thu Aug 24 18:31:33 2017 : Info: Exiting normally

Script:

import json
import time
import urllib2
import radiusd

def authorize(p):
  radiusd.radlog(radiusd.L_INFO, '*** radlog call in authorize ***')
  # prepare hostname and user which want to login

  hostname = "172.22.15.222"
  controller = "validate"
  action = "check"
  user = p[0][1]
  #userpass = p[1][1]
  userpass = ""
  #removing doublequotes might become unnessecary in future versions of freeradius
  #user = user[1:-1]
  #userpass = userpass[1:-1]

  radiusd.radlog(radiusd.L_INFO, '***' + user + " " + userpass + "***")

  url = "https://" + hostname + "/" + \
        controller + "/" + action

  post_params = "user=" + user + "&pass=" + userpass + "&data=AnyConnect&content_type=0"
  # do request
  #response = requests.post(url, data=post_params, verify=sslver)
  req = urllib2.Request(url, post_params)

  radiusd.radlog(radiusd.L_INFO, '*** vor request push ab setzten ***')
  response = urllib2.urlopen(req)
  radiusd.radlog(radiusd.L_INFO, '*** nach request push ab setzen ***')
  data = json.load(response)

  transactionid = data[u"detail"][u"transactionid"]

  #new post params
  action = "check_status"
  url = "https://" + hostname + "/" + \
        controller + "/" + action

  post_params = "user=" + user + "&pass=" + userpass + "&transactionid=" +transactionid
  req = urllib2.Request(url, post_params)

  authenticated = False

  #Loop for 60 seconds
  t_end = time.time() + 60
  while time.time() < t_end:
      #time.sleep(1)
      response = urllib2.urlopen(req)
      data = json.load(response)
      authenticated = data[u"detail"][u"transactions"][transactionid][u"valid_tan"]
      if authenticated:
          radiusd.radlog(radiusd.L_INFO, '*** autentifizierung erfolgreich ***')
          config = ( ('User-Name', user), )
          reply = ( ('Reply-Message', 'Authentication did succeed'), )
          break
      else:
          radiusd.radlog(radiusd.L_INFO, '*** authentifizierung nicht erfolgreich ***')
  return(raduisd.RLM_MODULE_OK, reply, config)

freeradius -X

enter code Listening on auth address 127.0.0.1 port 18120 bound to server inner-tunnel
Listening on auth address * port 1812 bound to server default
Listening on acct address * port 1813 bound to server default
Listening on auth address :: port 1812 bound to server default
Listening on acct address :: port 1813 bound to server default
Listening on proxy address * port 59425
Listening on proxy address :: port 53966
[1mReady to process requests[0m
(0) Received Access-Request Id 15 from 172.22.15.174:56005 to 172.22.15.226:1812 length 114
(0)   User-Name = "pda"
(0)   Acct-Session-Id = "1503645990P10amo"
(0)   NAS-IP-Address = 127.0.0.1
(0)   NAS-Identifier = "Localhost"
(0)   NAS-Port = 0
(0)   Calling-Station-Id = "1115551212"
(0)   User-Password = "pda"
(0)   Message-Authenticator = 0x4349c9c4b4af416f415cf648a864f499
(0) # Executing section authorize from file /etc/freeradius/sites-enabled/default
(0)   authorize {
(0)     policy filter_username {
(0)       if (&User-Name) {
(0)       if (&User-Name)  -> TRUE
(0)       if (&User-Name)  {
(0)         if (&User-Name =~ / /) {
(0)         if (&User-Name =~ / /)  -> FALSE
(0)         if (&User-Name =~ /@[^@]*@/ ) {
(0)         if (&User-Name =~ /@[^@]*@/ )  -> FALSE
(0)         if (&User-Name =~ /\.\./ ) {
(0)         if (&User-Name =~ /\.\./ )  -> FALSE
(0)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))  {
(0)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))   -> FALSE
(0)         if (&User-Name =~ /\.$/)  {
(0)         if (&User-Name =~ /\.$/)   -> FALSE
(0)         if (&User-Name =~ /@\./)  {
(0)         if (&User-Name =~ /@\./)   -> FALSE
(0)       } # if (&User-Name)  = notfound
(0)     } # policy filter_username = notfound
(0)     [preprocess] = ok
[1m*** radlog call in authorize ***[0m
[1m***pda ***[0m
[1m*** vor request push ab setzten ***[0m
(0)     [python] = fail
(0)   } # authorize = fail
(0) Using Post-Auth-Type Reject
(0) # Executing group from file /etc/freeradius/sites-enabled/default
(0)   Post-Auth-Type REJECT {
(0) attr_filter.access_reject: EXPAND %{User-Name}
(0) attr_filter.access_reject:    --> pda
(0) attr_filter.access_reject: Matched entry DEFAULT at line 11
(0)     [attr_filter.access_reject] = updated
(0)     [eap] = noop
(0)     policy remove_reply_message_if_eap {
(0)       if (&reply:EAP-Message && &reply:Reply-Message) {
(0)       if (&reply:EAP-Message && &reply:Reply-Message)  -> FALSE
(0)       else {
(0)         [noop] = noop
(0)       } # else = noop
(0)     } # policy remove_reply_message_if_eap = noop
(0)   } # Post-Auth-Type REJECT = updated
(0) Delaying response for 1.000000 seconds
Waking up in 0.3 seconds.
Waking up in 0.6 seconds.
(0) Sending delayed response
(0) Sent Access-Reject Id 15 from 172.22.15.226:1812 to 172.22.15.174:56005 length 20
Waking up in 3.9 seconds.
(0) Cleaning up request packet ID 15 with timestamp +2
[1mReady to process requests[0mhere
python http-post freeradius
Original Q&A
0

There are 0 best solutions below

Related Questions in PYTHON

Related Questions in HTTP-POST

Related Questions in FREERADIUS

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Popular Questions

Copyright © 2021 Jogjafile Inc.