From 213a5c6d8ff43d9afc3d7457fc8e8b553a8677d9 Mon Sep 17 00:00:00 2001 From: KF7EEL Date: Thu, 6 May 2021 18:14:20 -0700 Subject: [PATCH] improve authentication stability --- hblink.py | 55 +++++++++++++++++------------------ user_managment/application.py | 11 ++++--- 2 files changed, 34 insertions(+), 32 deletions(-) diff --git a/hblink.py b/hblink.py index d6fba28..162f73b 100755 --- a/hblink.py +++ b/hblink.py @@ -105,18 +105,7 @@ def acl_check(_id, _acl): return _acl[0] return not _acl[0] -def check_user_man(_id): - #Change this to a config value - user_man_url = _config['USE_USER_MAN']['URL'] - print(int(str(int_id(_id))[:7])) - auth_check = { - 'id':int(str(int_id(_id))[:7]) - } - json_object = json.dumps(auth_check, indent = 4) - req = requests.post(user_man_url, data=json_object, headers={'Content-Type': 'application/json'}) - resp = json.loads(req.text) - return resp - + #************************************************ # OPENBRIDGE CLASS #************************************************ @@ -246,6 +235,20 @@ class HBSYSTEM(DatagramProtocol): self.maintenance_loop = self.peer_maintenance_loop self.datagramReceived = self.peer_datagramReceived self.dereg = self.peer_dereg + def check_user_man(self, _id): + #Change this to a config value + user_man_url = self._CONFIG['USER_MANAGER']['URL'] + print(int(str(int_id(_id))[:7])) + auth_check = { + 'id':int(str(int_id(_id))[:7]) + } + json_object = json.dumps(auth_check, indent = 4) + try: + req = requests.post(user_man_url, data=json_object, headers={'Content-Type': 'application/json'}) + resp = json.loads(req.text) + return resp + except requests.ConnectionError: + return {'allow':True} def startProtocol(self): # Set up periodic loop for tracking pings from peers. Run every 'PING_TIME' seconds @@ -426,18 +429,14 @@ class HBSYSTEM(DatagramProtocol): # Check to see if we've reached the maximum number of allowed peers if len(self._peers) < self._config['MAX_PEERS']: # Check for valid Radio ID + #print(self.check_user_man(_peer_id)) if self._config['USE_USER_MAN'] == True: - try: - self.ums_response = check_user_man(_peer_id) - print(self.ums_response) - if acl_check(_peer_id, self._CONFIG['GLOBAL']['REG_ACL']) and self.ums_response['allow']: - user_auth = self.ums_response['allow'] - except Exception as e: - if acl_check(_peer_id, self._CONFIG['GLOBAL']['REG_ACL']): - user_auth = True - logger.info(e) - else: - user_auth = False + self.ums_response = self.check_user_man(_peer_id) +## print(self.ums_response) + if acl_check(_peer_id, self._CONFIG['GLOBAL']['REG_ACL']) and self.ums_response['allow']: + user_auth = self.ums_response['allow'] + else: + user_auth = False print(user_auth) if self._config['USE_USER_MAN'] == False: if acl_check(_peer_id, self._CONFIG['GLOBAL']['REG_ACL']) and acl_check(_peer_id, self._config['REG_ACL']): @@ -490,7 +489,7 @@ class HBSYSTEM(DatagramProtocol): _this_peer['LAST_PING'] = time() _sent_hash = _data[8:] _salt_str = bytes_4(_this_peer['SALT']) - #print(self.ums_response) + print(self.ums_response) try: if self.ums_response['mode'] == 'legacy': _calc_hash = bhex(sha256(_salt_str+self._config['PASSPHRASE']).hexdigest()) @@ -499,13 +498,13 @@ class HBSYSTEM(DatagramProtocol): if self.ums_response['mode'] == 'normal': _new_peer_id = bytes_4(int(str(int_id(_peer_id))[:7])) ## print(int_id(_new_peer_id)) - calc_passphrase = base64.b64encode((_new_peer_id) + _config['USE_USER_MAN']['APPEND_INT'].to_bytes(2, 'big')) - ## print(calc_passphrase) + calc_passphrase = base64.b64encode((_new_peer_id) + self._CONFIG['USER_MANAGER']['APPEND_INT'].to_bytes(2, 'big')) + print(calc_passphrase) _calc_hash = bhex(sha256(_salt_str+calc_passphrase).hexdigest()) ums_down = False except Exception as e: - # If UMS down, default to base 64 auth - logger.info(e) +## # If UMS down, default to base 64 auth +## logger.info(e) calc_passphrase = base64.b64encode((_peer_id) + int(1).to_bytes(2, 'big')) _calc_hash = bhex(sha256(_salt_str+calc_passphrase).hexdigest()) ums_down = True diff --git a/user_managment/application.py b/user_managment/application.py index 2ae4622..8d5bafd 100644 --- a/user_managment/application.py +++ b/user_managment/application.py @@ -1,7 +1,8 @@ from flask import Flask, render_template, request, Response, Markup, jsonify, make_response auth_dict = { - 3153591:'' + 3153591:0, + 3153597:'' } @@ -18,7 +19,8 @@ def index(): @app.route('/auth', methods=['POST']) def auth(): hblink_req = request.json - print((auth_dict[hblink_req['id']])) + #print((auth_dict[hblink_req['id']])) + #try: if hblink_req['id'] in auth_dict: if auth_dict[hblink_req['id']] == 0: response = jsonify( @@ -37,8 +39,9 @@ def auth(): mode='override', value=auth_dict[hblink_req['id']] ) - if hblink_req['id'] in auth_dict: - esponse = jsonify( + if hblink_req['id'] not in auth_dict: +## except: + response = jsonify( allow=False) return response