RADIUS
The system provides two Python objects alc.radius
, instance of class alc.Radius
, and alc.radius.attributes
, instance if class alc.RadiusAttributes
, to inspect and modify RADIUS packets.
Note
Only the pre-provided
alc.radius
/alc.radius.attributes
object should be used in script, the classalc.Radius
/alc.RadiusAttributes
should not be used directly.
The alc.Radius
class
Provides packet level operations.
- header()
Returns a dictionary containing the value of the RADIUS header fields:
code (
integer
)id (
integer
)len (
integer
)authenticator (
bytes
)
print(alc.radius.header())
# {'code': 1, 'id': 202, 'len': 133, 'authenticator': b'\xe5C\xabM\xa1\x82(\x95\xe2\x84\xfai\xe6|\xd8\x92'}
- drop()
Drops the packet.
The alc.RadiusAttributes
class
Provides attribute level operations.
- isSet(type, /)
Checks if a specified attribute is present.
- Parameters
type (int|tuple) – Attribute type. If the parameter is a tuple, it should be interpreted as an attribute identifier. See Attribute identifiers.
- Return type
bool
- get(type, /)
Retrieves the value of a specified attribute.
- Parameters
type (int|tuple) – Attribute type. If the parameter is a tuple, it should be interpreted as an attribute identifier. See Attribute identifiers.
- Returns
Value of the attribute, or None if not present.
- Return type
bytes
- getTuple(type, /)
Retrieves all values of a specified attribute.
- Parameters
type (int|tuple) – Attribute type. If the parameter is a tuple, it should be interpreted as an attribute identifier. See Attribute identifiers.
- Returns
All values collected in a tuple.
- Return type
tuple
- set(type, value, /)
Adds an attribute with the specified type and value. This overwrites previously existing values if present.
- Parameters
type (int|tuple) – Attribute type. If the parameter is a tuple, it should be interpreted as an attribute identifier. See Attribute identifiers.
value (bytes|tuple) – Attribute value. If it is a tuple, multiple attributes with the same type are added, one for each item in the tuple.
- clear(type, /)
Removes all attributes with the specified type.
- Parameters
type (int|tuple) – Attribute type. If the parameter is a tuple, it should be interpreted as an attribute identifier. See Attribute identifiers.
- isVSASet(vendor, vendor_type, /)
Verifies if a specified vendor-specific attribute is present.
- Parameters
vendor (int) – Vendor.
vendor_type (int) – Vendor type.
- Return type
bool
- getVSA(vendor, vendor_type, /)
Retrieves the value of a specified vendor-specific attribute.
- Parameters
vendor (int) – Vendor.
vendor_type (int) – Vendor type.
- Returns
Value of the attribute, or None if not present.
- Return type
bytes, None
- getVSATuple(vendor, vendor_type, /)
Retrieves all values of a specified vendor-specific attribute.
- Parameters
vendor (int) – Vendor.
vendor_type (int) – Vendor type.
- Returns
All values collected in a tuple.
- Return type
tuple
- setVSA(vendor, vendor_type, value, /)
Adds a vendor-specific attribute. If already present, the attribute is overwritten.
- Parameters
vendor (int) – Vendor.
vendor_type (int) – Vendor type.
value (bytes|tuple) – Attribute value. If it is a tuple, multiple attributes with the same type are added, one for each item in the tuple.
- clearVSA(vendor, vendor_type, /)
Removes all specified vendor-specific attributes.
- Parameters
vendor (int) – Vendor.
vendor_type (int) – Vendor type.
- isExtSet(type, ext_type, /)
Verifies if a specified extended attribute is present.
- Parameters
type (int) – Type. Must be one of 241, 242, 243, 244, 245, 246.
ext_type (int) – Extended type.
- Return type
bool
- getExt(type, ext_type, /)
Retrieves the value of a specified extended attribute.
- Parameters
type (int) – Type. Must be one of 241, 242, 243, 244, 245, 246.
ext_type (int) – Extended type.
- Returns
All values collected in a tuple.
- Return type
tuple
- getExtTuple(type, ext_type, /)
Retrieves all values of a specified extended attribute.
- Parameters
type (int) – Type. Must be one of 241, 242, 243, 244, 245, 246.
ext_type (int) – Extended type.
- Returns
All values collected in a tuple.
- Return type
tuple
- setExt(type, ext_type, value, /)
Adds an extended attribute. If already present, the attribute is overwritten.
- Parameters
type (int) – Type. Must be one of 241, 242, 243, 244, 245, 246.
ext_type (int) – Extended type.
value (bytes|tuple) – Attribute value. If it is a tuple, multiple attributes with the same type are added, one for each item in the tuple.
- clearExt(type, ext_type, /)
Removes all specified extended attributes.
- Parameters
type (int) – Type. Must be one of 241, 242, 243, 244, 245, 246.
ext_type (int) – Extended type.
- isExtVSASet(type, vendor, vendor_type, /)
Verifies if a specified extended-vendor-specific attribute is present.
- Parameters
type (int) – Type. Must be one of 241, 242, 243, 244, 245, 246.
vendor (int) – Vendor.
vendor_type (int) – Vendor type.
- Return type
bool
- getExtVSA(type, vendor, vendor_type, /)
Retrieves the value of a specified extended-vendor-specific attribute.
- Parameters
type (int) – Type. Must be one of 241, 242, 243, 244, 245, 246.
vendor (int) – Vendor.
vendor_type (int) – Vendor type.
- Returns
All values collected in a tuple.
- Return type
tuple
- getExtVSATuple(type, vendor, vendor_type, /)
Retrieves all values of a specified extended-vendor-specific attribute.
- Parameters
type (int) – Type. Must be one of 241, 242, 243, 244, 245, 246.
vendor (int) – Vendor.
vendor_type (int) – Vendor type.
- Returns
All values collected in a tuple.
- Return type
tuple
- setExtVSA(type, vendor, vendor_type, value, /)
Adds an extended-vendor-specific attribute. If already present, the attribute is overwritten.
- Parameters
type (int) – Type. Must be one of 241, 242, 243, 244, 245, 246.
vendor (int) – Vendor.
vendor_type (int) – Vendor type.
value (bytes|tuple) – Attribute value. If it is a tuple, multiple attributes with the same type are added, one for each item in the tuple.
- clearExtVSA(type, vendor, vendor_type, /)
Removes all specified extended-vendor-specific attributes.
- Parameters
type (int) – Type. Must be one of 241, 242, 243, 244, 245, 246.
vendor (int) – Vendor.
vendor_type (int) – Vendor type.
- getLongExtTuple(type, ext_type, /)
Retrieves all values of a specified long-extended attribute.
- Deprecated
use getExtTuple() instead
- Parameters
type (int) – Type. Must be one of 245, 246.
ext_type (int) – Extended type.
- Returns
All values collected in a tuple.
- Return type
tuple
- setLongExt(type, ext_type, value, /)
Adds a long-extended attribute. If already present, the attribute is overwritten.
- Deprecated
use setExt() instead
- Parameters
type (int) – Type. Must be one of 245, 246.
ext_type (int) – Extended type.
value (bytes|tuple) – Attribute value. If it is a tuple, multiple attributes with the same type are added, one for each item in the tuple.
- getLongExtVSATuple(type, vendor, vendor_type, /)
Retrieves all values of a specified long-extended vendor-specific attribute.
- Deprecated
use getExtVSATuple() instead
- Parameters
type (int) – Type. Must be one of 245, 246.
vendor (int) – Vendor.
vendor_type (int) – Vendor type.
- Returns
All values collected in a tuple.
- Return type
tuple
- setLongExtVSA(type, vendor, vendor_type, value, /)
Adds a long-extended vendor-specific attribute. If already present, the attribute is overwritten.
- Deprecated
use setExtVSA() instead
- Parameters
type (int) – Type. Must be one of 245, 246.
vendor (int) – Vendor.
vendor_type (int) – Vendor type.
value (bytes|tuple) – Attribute value. If it is a tuple, multiple attributes with the same type are added, one for each item in the tuple.
Note
The following RADIUS attributes or VSAs are read-only:
Message-Authenticator (80)
Alc-LI-Action (26.6527.122)
Alc-LI-Destination (26.6527.123)
Alc-LI-FC (26.6527.124)
Alc-LI-Direction (26.6527.125)
Alc-LI-Intercept-Id (26.6527.138)
Alc-LI-Session-Id (26.6527.139)
Warning
All methods in alc.RadiusAttributes
raise appropriate TypeError or ValueError messages in cases of invalid arguments.
See Breaking changes for differences with the previous version.
Attribute iteration
The class alc.RadiusAttributes
acts as an iterator over the attributes, yielding a tuple (identifier, value) for each attribute present.
import alc
print(list(alc.radius.attributes))
# [((8,), b'\xc0\xa8\x01\x14'), ((26, 6527, 9), b'\x08\x08\x08\x08'), ((26, 6527, 10), b'\x08\x08\x04\x04')]
for attr, value in alc.radius.attributes:
dotted_number = ".".join(map(str, attr))
print("{} = {}".format(dotted_number, value))
#8 = b'\xc0\xa8\x01\x14'
#26.6527.9 = b'\x08\x08\x08\x08'
#26.6527.10 = b\x08\x08\x04\x04'
Warning
The type of object returned by the iterator has changed between the Python 2 and Python 3 version of this module. See Breaking changes.
Attribute access
Besides the methods defined for the alc.Radius class, the attributes can also be fetched, set, and cleared using the container syntax of Python. The keys by which the attributes can be reached are the identifier tuples as described in Attribute identifiers. The values are tuples of bytes.
print(alc.radius.attributes[(8,)])
#(b'\xc0\xa8\x01\x14',)
print(alc.radius.attributes[(241, 26, 6527, 4)])
#()
Checking if an attribute is present can be done via the in operator.
print((8,) in alc.radius.attributes)
#True
print((241, 26, 6527, 4) in alc.radius.attributes)
#False
Adding or overwriting an attribute can be done by assigning a value to the indexed attributes object. When setting multiple values for an attribute, the value should be a tuple of bytes. When setting a single value for an attribute, the value can be a 1-tuple of bytes or the individual bytes.
alc.radius.attributes[(8,)] = b'\xc0\xa8\x01\x14'
alc.radius.attributes[(8,)] = (b'\xc0\xa8\x01\x14',)
alc.radius.attributes[(25,)] = (b'red', b'green', b'blue')
Clearing an attribute can be performed with the del operator.
del alc.radius.attributes[(8,)]
Attribute identifiers
Attribute identifiers as described in RFC 6929#section-2.7 can be used to target a specific attribute. They are specified in Python as a tuple of integers, where each item in the tuple corresponds to a number in the “dotted number” format.
Type |
Name |
Identifier |
Python object |
---|---|---|---|
Normal |
NAS-IP-Address |
4 |
(4, ) |
Extended |
Frag-Status |
241.1 |
(241, 1) |
Vendor-Specific |
Alc-Subsc-Prof-Str |
26.6527.12 |
(26, 6527, 12) |
Extended-Vendor-Specific |
Alc-PPPoE-Client-Service |
241.26.6527.1 |
(241, 26, 6527, 1) |
Breaking changes
Radius attribute iteration
Warning
With Python 2 API, the result of iterating over the alc.RadiusAttributes
object returns tuples of length 3: (vendor, type, value), where vendor was set to 0 for regular attributes.
With Python 3, the iterator has been changed to return tuples of length 2: (identifier, value), where the identifier is itself a tuple as specified in Attribute identifiers, which uniquely identifies an attribute.
Radius invalid arguments
Warning
With Python 2 API, all functions on the alc.RadiusAttributes
object fail silently when one of the arguments (type, vendor, ext-type, or vendor-type) is invalid.
With Python 3, a TypeError or ValueError exception is raised in cases of invalid arguments.
Radius attribute not present
Warning
With Python 2 API, all functions on the alc.RadiusAttributes
object returning a single attribute (not the getTuple variants) return the empty bytes if the attribute is not present.
With Python 3, None is returned when the attribute is not present.