improve authentication stability

This commit is contained in:
KF7EEL 2021-05-06 18:14:20 -07:00
parent a93a61d05b
commit 213a5c6d8f
2 changed files with 34 additions and 32 deletions

View File

@ -105,17 +105,6 @@ def acl_check(_id, _acl):
return _acl[0] return _acl[0]
return not _acl[0] return not _acl[0]
def check_user_man(_id):
#Change this to a config value
user_man_url = _config['USE_USER_MAN']['URL']
print(int(str(int_id(_id))[:7]))
auth_check = {
'id':int(str(int_id(_id))[:7])
}
json_object = json.dumps(auth_check, indent = 4)
req = requests.post(user_man_url, data=json_object, headers={'Content-Type': 'application/json'})
resp = json.loads(req.text)
return resp
#************************************************ #************************************************
# OPENBRIDGE CLASS # OPENBRIDGE CLASS
@ -246,6 +235,20 @@ class HBSYSTEM(DatagramProtocol):
self.maintenance_loop = self.peer_maintenance_loop self.maintenance_loop = self.peer_maintenance_loop
self.datagramReceived = self.peer_datagramReceived self.datagramReceived = self.peer_datagramReceived
self.dereg = self.peer_dereg self.dereg = self.peer_dereg
def check_user_man(self, _id):
#Change this to a config value
user_man_url = self._CONFIG['USER_MANAGER']['URL']
print(int(str(int_id(_id))[:7]))
auth_check = {
'id':int(str(int_id(_id))[:7])
}
json_object = json.dumps(auth_check, indent = 4)
try:
req = requests.post(user_man_url, data=json_object, headers={'Content-Type': 'application/json'})
resp = json.loads(req.text)
return resp
except requests.ConnectionError:
return {'allow':True}
def startProtocol(self): def startProtocol(self):
# Set up periodic loop for tracking pings from peers. Run every 'PING_TIME' seconds # Set up periodic loop for tracking pings from peers. Run every 'PING_TIME' seconds
@ -426,18 +429,14 @@ class HBSYSTEM(DatagramProtocol):
# Check to see if we've reached the maximum number of allowed peers # Check to see if we've reached the maximum number of allowed peers
if len(self._peers) < self._config['MAX_PEERS']: if len(self._peers) < self._config['MAX_PEERS']:
# Check for valid Radio ID # Check for valid Radio ID
#print(self.check_user_man(_peer_id))
if self._config['USE_USER_MAN'] == True: if self._config['USE_USER_MAN'] == True:
try: self.ums_response = self.check_user_man(_peer_id)
self.ums_response = check_user_man(_peer_id) ## print(self.ums_response)
print(self.ums_response) if acl_check(_peer_id, self._CONFIG['GLOBAL']['REG_ACL']) and self.ums_response['allow']:
if acl_check(_peer_id, self._CONFIG['GLOBAL']['REG_ACL']) and self.ums_response['allow']: user_auth = self.ums_response['allow']
user_auth = self.ums_response['allow'] else:
except Exception as e: user_auth = False
if acl_check(_peer_id, self._CONFIG['GLOBAL']['REG_ACL']):
user_auth = True
logger.info(e)
else:
user_auth = False
print(user_auth) print(user_auth)
if self._config['USE_USER_MAN'] == False: if self._config['USE_USER_MAN'] == False:
if acl_check(_peer_id, self._CONFIG['GLOBAL']['REG_ACL']) and acl_check(_peer_id, self._config['REG_ACL']): if acl_check(_peer_id, self._CONFIG['GLOBAL']['REG_ACL']) and acl_check(_peer_id, self._config['REG_ACL']):
@ -490,7 +489,7 @@ class HBSYSTEM(DatagramProtocol):
_this_peer['LAST_PING'] = time() _this_peer['LAST_PING'] = time()
_sent_hash = _data[8:] _sent_hash = _data[8:]
_salt_str = bytes_4(_this_peer['SALT']) _salt_str = bytes_4(_this_peer['SALT'])
#print(self.ums_response) print(self.ums_response)
try: try:
if self.ums_response['mode'] == 'legacy': if self.ums_response['mode'] == 'legacy':
_calc_hash = bhex(sha256(_salt_str+self._config['PASSPHRASE']).hexdigest()) _calc_hash = bhex(sha256(_salt_str+self._config['PASSPHRASE']).hexdigest())
@ -499,13 +498,13 @@ class HBSYSTEM(DatagramProtocol):
if self.ums_response['mode'] == 'normal': if self.ums_response['mode'] == 'normal':
_new_peer_id = bytes_4(int(str(int_id(_peer_id))[:7])) _new_peer_id = bytes_4(int(str(int_id(_peer_id))[:7]))
## print(int_id(_new_peer_id)) ## print(int_id(_new_peer_id))
calc_passphrase = base64.b64encode((_new_peer_id) + _config['USE_USER_MAN']['APPEND_INT'].to_bytes(2, 'big')) calc_passphrase = base64.b64encode((_new_peer_id) + self._CONFIG['USER_MANAGER']['APPEND_INT'].to_bytes(2, 'big'))
## print(calc_passphrase) print(calc_passphrase)
_calc_hash = bhex(sha256(_salt_str+calc_passphrase).hexdigest()) _calc_hash = bhex(sha256(_salt_str+calc_passphrase).hexdigest())
ums_down = False ums_down = False
except Exception as e: except Exception as e:
# If UMS down, default to base 64 auth ## # If UMS down, default to base 64 auth
logger.info(e) ## logger.info(e)
calc_passphrase = base64.b64encode((_peer_id) + int(1).to_bytes(2, 'big')) calc_passphrase = base64.b64encode((_peer_id) + int(1).to_bytes(2, 'big'))
_calc_hash = bhex(sha256(_salt_str+calc_passphrase).hexdigest()) _calc_hash = bhex(sha256(_salt_str+calc_passphrase).hexdigest())
ums_down = True ums_down = True

View File

@ -1,7 +1,8 @@
from flask import Flask, render_template, request, Response, Markup, jsonify, make_response from flask import Flask, render_template, request, Response, Markup, jsonify, make_response
auth_dict = { auth_dict = {
3153591:'' 3153591:0,
3153597:''
} }
@ -18,7 +19,8 @@ def index():
@app.route('/auth', methods=['POST']) @app.route('/auth', methods=['POST'])
def auth(): def auth():
hblink_req = request.json hblink_req = request.json
print((auth_dict[hblink_req['id']])) #print((auth_dict[hblink_req['id']]))
#try:
if hblink_req['id'] in auth_dict: if hblink_req['id'] in auth_dict:
if auth_dict[hblink_req['id']] == 0: if auth_dict[hblink_req['id']] == 0:
response = jsonify( response = jsonify(
@ -37,8 +39,9 @@ def auth():
mode='override', mode='override',
value=auth_dict[hblink_req['id']] value=auth_dict[hblink_req['id']]
) )
if hblink_req['id'] in auth_dict: if hblink_req['id'] not in auth_dict:
esponse = jsonify( ## except:
response = jsonify(
allow=False) allow=False)
return response return response