python freeradius authentication script for apache authentication

gistfile1.py

#!/usr/bin/python
import pyrad.packet
import sys

from pyrad.client import Client
from pyrad.dictionary import Dictionary

radius_server = "192.168.137.200"
radius_secret = "wowsuchsecret"

def check_auth(username, password):
	srv=Client(server=radius_server, secret=radius_secret,
		  dict=Dictionary("/usr/share/freeradius/dictionary"))

	req=srv.CreateAuthPacket(code=pyrad.packet.AccessRequest,
				  User_Name=username, NAS_Identifier="")		
	req["Password"]=req.PwCrypt(password)
	reply=srv.SendPacket(req)
	return reply.code == pyrad.packet.AccessAccept

			
username = sys.stdin.readline().strip()
passwordandtwofactor = sys.stdin.readline().strip()

if(len(passwordandtwofactor) < 6):
	sys.stderr.write("Authentication error: password and twofactor auth should be sent concatenated to this program. twofactor+password. Twofactor of length 6.")
	exit(1)

twofactor = passwordandtwofactor[:6]
password = passwordandtwofactor[6:]

sys.stderr.write("Creds: " + username + " " + password + " " + twofactor)

if(twofactor == password):
	sys.stderr.write("Authentication failed: password and twofactor can not be the same.")
	exit(1)

#~ print username
#~ print password
#~ print twofactor

# Check normal auth.
normal_auth = check_auth(username, password)

if not normal_auth:
	sys.stderr.write("Authentication failed: wrong password or username for user "+username)
	exit(1)

# Check twofactor auth.
#~ twofactor_auth = check_auth(username, password)
#~ 
#~ if not normal_auth:
	#~ sys.stderr.write("Authentication failed: wrong twofactor code for user "+username)
	#~ exit(1)


sys.stderr.write("Authentication successful for user "+username)
exit(0)