So I have a fairly basic scenario where I have a freeRADIUS server acting as nothing more than a communication proxy to my own access controller. This is accomplished through the use of a simple Python module that makes use of the rlm_python3 freeRADIUS module to send requests to my controller's HTTP API.
The issue I'm having is with properly hashing the various values to create my own verification hash for comparing to the CHAP-Password value provided in the RADIUS Access-Request. Here is my basic Python code that is attempting to handle this verification process but I have yet to create any solution that actually validates the request properly. If anyone can tell me what the obvious thing is I'm almost certainly missing, it would be incredibly appreciated! I suspect I'm not using appropriate data types or something along those lines given that all the implementation examples I have read through, seem to indicate I have the order of things correct.
Code: Select all
if auth_type == 'ppp':
user_id: str = str(payload['request']['User-Name'])
chap_id: str = str(payload['request']['CHAP-Password'])[2:4]
chap_password: str = payload['request']['CHAP-Password'][4:]
chap_challenge: str = str(payload['request']['CHAP-Challenge'])[2:]
subs: QuerySet = AccountSubscription.objects.filter(username=user_id).order_by('-id')
if subs.count():
sub: AccountSubscription = subs[0]
hasher = hashlib.md5()
hasher.update(chap_id.encode('ascii'))
hasher.update(sub.password.encode('ascii'))
hasher.update(chap_challenge.encode('ascii'))
if chap_password == hasher.hexdigest():
subscription = sub
else:
status = 401