improve authentication stability
This commit is contained in:
KF7EEL
parent
a93a61d05b
commit
213a5c6d8f
55
hblink.py
55
hblink.py
@ -105,18 +105,7 @@ def acl_check(_id, _acl):
|
|||||||
return _acl[0]
|
return _acl[0]
|
||||||
return not _acl[0]
|
return not _acl[0]
|
||||||
|
|
||||||
def check_user_man(_id):
|
|
||||||
#Change this to a config value
|
|
||||||
user_man_url = _config['USE_USER_MAN']['URL']
|
|
||||||
print(int(str(int_id(_id))[:7]))
|
|
||||||
auth_check = {
|
|
||||||
'id':int(str(int_id(_id))[:7])
|
|
||||||
}
|
|
||||||
json_object = json.dumps(auth_check, indent = 4)
|
|
||||||
req = requests.post(user_man_url, data=json_object, headers={'Content-Type': 'application/json'})
|
|
||||||
resp = json.loads(req.text)
|
|
||||||
return resp
|
|
||||||
|
|
||||||
#************************************************
|
#************************************************
|
||||||
# OPENBRIDGE CLASS
|
# OPENBRIDGE CLASS
|
||||||
#************************************************
|
#************************************************
|
||||||
@ -246,6 +235,20 @@ class HBSYSTEM(DatagramProtocol):
|
|||||||
self.maintenance_loop = self.peer_maintenance_loop
|
self.maintenance_loop = self.peer_maintenance_loop
|
||||||
self.datagramReceived = self.peer_datagramReceived
|
self.datagramReceived = self.peer_datagramReceived
|
||||||
self.dereg = self.peer_dereg
|
self.dereg = self.peer_dereg
|
||||||
|
def check_user_man(self, _id):
|
||||||
|
#Change this to a config value
|
||||||
|
user_man_url = self._CONFIG['USER_MANAGER']['URL']
|
||||||
|
print(int(str(int_id(_id))[:7]))
|
||||||
|
auth_check = {
|
||||||
|
'id':int(str(int_id(_id))[:7])
|
||||||
|
}
|
||||||
|
json_object = json.dumps(auth_check, indent = 4)
|
||||||
|
try:
|
||||||
|
req = requests.post(user_man_url, data=json_object, headers={'Content-Type': 'application/json'})
|
||||||
|
resp = json.loads(req.text)
|
||||||
|
return resp
|
||||||
|
except requests.ConnectionError:
|
||||||
|
return {'allow':True}
|
||||||
|
|
||||||
def startProtocol(self):
|
def startProtocol(self):
|
||||||
# Set up periodic loop for tracking pings from peers. Run every 'PING_TIME' seconds
|
# Set up periodic loop for tracking pings from peers. Run every 'PING_TIME' seconds
|
||||||
@ -426,18 +429,14 @@ class HBSYSTEM(DatagramProtocol):
|
|||||||
# Check to see if we've reached the maximum number of allowed peers
|
# Check to see if we've reached the maximum number of allowed peers
|
||||||
if len(self._peers) < self._config['MAX_PEERS']:
|
if len(self._peers) < self._config['MAX_PEERS']:
|
||||||
# Check for valid Radio ID
|
# Check for valid Radio ID
|
||||||
|
#print(self.check_user_man(_peer_id))
|
||||||
if self._config['USE_USER_MAN'] == True:
|
if self._config['USE_USER_MAN'] == True:
|
||||||
try:
|
self.ums_response = self.check_user_man(_peer_id)
|
||||||
self.ums_response = check_user_man(_peer_id)
|
## print(self.ums_response)
|
||||||
print(self.ums_response)
|
if acl_check(_peer_id, self._CONFIG['GLOBAL']['REG_ACL']) and self.ums_response['allow']:
|
||||||
if acl_check(_peer_id, self._CONFIG['GLOBAL']['REG_ACL']) and self.ums_response['allow']:
|
user_auth = self.ums_response['allow']
|
||||||
user_auth = self.ums_response['allow']
|
else:
|
||||||
except Exception as e:
|
user_auth = False
|
||||||
if acl_check(_peer_id, self._CONFIG['GLOBAL']['REG_ACL']):
|
|
||||||
user_auth = True
|
|
||||||
logger.info(e)
|
|
||||||
else:
|
|
||||||
user_auth = False
|
|
||||||
print(user_auth)
|
print(user_auth)
|
||||||
if self._config['USE_USER_MAN'] == False:
|
if self._config['USE_USER_MAN'] == False:
|
||||||
if acl_check(_peer_id, self._CONFIG['GLOBAL']['REG_ACL']) and acl_check(_peer_id, self._config['REG_ACL']):
|
if acl_check(_peer_id, self._CONFIG['GLOBAL']['REG_ACL']) and acl_check(_peer_id, self._config['REG_ACL']):
|
||||||
@ -490,7 +489,7 @@ class HBSYSTEM(DatagramProtocol):
|
|||||||
_this_peer['LAST_PING'] = time()
|
_this_peer['LAST_PING'] = time()
|
||||||
_sent_hash = _data[8:]
|
_sent_hash = _data[8:]
|
||||||
_salt_str = bytes_4(_this_peer['SALT'])
|
_salt_str = bytes_4(_this_peer['SALT'])
|
||||||
#print(self.ums_response)
|
print(self.ums_response)
|
||||||
try:
|
try:
|
||||||
if self.ums_response['mode'] == 'legacy':
|
if self.ums_response['mode'] == 'legacy':
|
||||||
_calc_hash = bhex(sha256(_salt_str+self._config['PASSPHRASE']).hexdigest())
|
_calc_hash = bhex(sha256(_salt_str+self._config['PASSPHRASE']).hexdigest())
|
||||||
@ -499,13 +498,13 @@ class HBSYSTEM(DatagramProtocol):
|
|||||||
if self.ums_response['mode'] == 'normal':
|
if self.ums_response['mode'] == 'normal':
|
||||||
_new_peer_id = bytes_4(int(str(int_id(_peer_id))[:7]))
|
_new_peer_id = bytes_4(int(str(int_id(_peer_id))[:7]))
|
||||||
## print(int_id(_new_peer_id))
|
## print(int_id(_new_peer_id))
|
||||||
calc_passphrase = base64.b64encode((_new_peer_id) + _config['USE_USER_MAN']['APPEND_INT'].to_bytes(2, 'big'))
|
calc_passphrase = base64.b64encode((_new_peer_id) + self._CONFIG['USER_MANAGER']['APPEND_INT'].to_bytes(2, 'big'))
|
||||||
## print(calc_passphrase)
|
print(calc_passphrase)
|
||||||
_calc_hash = bhex(sha256(_salt_str+calc_passphrase).hexdigest())
|
_calc_hash = bhex(sha256(_salt_str+calc_passphrase).hexdigest())
|
||||||
ums_down = False
|
ums_down = False
|
||||||
except Exception as e:
|
except Exception as e:
|
||||||
# If UMS down, default to base 64 auth
|
## # If UMS down, default to base 64 auth
|
||||||
logger.info(e)
|
## logger.info(e)
|
||||||
calc_passphrase = base64.b64encode((_peer_id) + int(1).to_bytes(2, 'big'))
|
calc_passphrase = base64.b64encode((_peer_id) + int(1).to_bytes(2, 'big'))
|
||||||
_calc_hash = bhex(sha256(_salt_str+calc_passphrase).hexdigest())
|
_calc_hash = bhex(sha256(_salt_str+calc_passphrase).hexdigest())
|
||||||
ums_down = True
|
ums_down = True
|
||||||
|
|||||||
@ -1,7 +1,8 @@
|
|||||||
from flask import Flask, render_template, request, Response, Markup, jsonify, make_response
|
from flask import Flask, render_template, request, Response, Markup, jsonify, make_response
|
||||||
|
|
||||||
auth_dict = {
|
auth_dict = {
|
||||||
3153591:''
|
3153591:0,
|
||||||
|
3153597:''
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@ -18,7 +19,8 @@ def index():
|
|||||||
@app.route('/auth', methods=['POST'])
|
@app.route('/auth', methods=['POST'])
|
||||||
def auth():
|
def auth():
|
||||||
hblink_req = request.json
|
hblink_req = request.json
|
||||||
print((auth_dict[hblink_req['id']]))
|
#print((auth_dict[hblink_req['id']]))
|
||||||
|
#try:
|
||||||
if hblink_req['id'] in auth_dict:
|
if hblink_req['id'] in auth_dict:
|
||||||
if auth_dict[hblink_req['id']] == 0:
|
if auth_dict[hblink_req['id']] == 0:
|
||||||
response = jsonify(
|
response = jsonify(
|
||||||
@ -37,8 +39,9 @@ def auth():
|
|||||||
mode='override',
|
mode='override',
|
||||||
value=auth_dict[hblink_req['id']]
|
value=auth_dict[hblink_req['id']]
|
||||||
)
|
)
|
||||||
if hblink_req['id'] in auth_dict:
|
if hblink_req['id'] not in auth_dict:
|
||||||
esponse = jsonify(
|
## except:
|
||||||
|
response = jsonify(
|
||||||
allow=False)
|
allow=False)
|
||||||
return response
|
return response
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user