def render_json(self, **template_vars):
if not template_vars.has_key("code"):
template_vars["code"] = 0
resp = json.dumps(template_vars, ensure_ascii=False)
if self.settings.debug:
logger.debug("[api debug] :: %s response body: %s" % (self.request.path, utils.safeunicode(resp)))
self.write(resp)
def process(self, *args, **kwargs):
self.logtimes()
next_interval = self.get_notify_interval()
backup_path = self.config.database.backup_path
backup_file = "trdb_cron_backup_%s.json.gz" % utils.gen_backep_id()
try:
self.db_backup.dumpdb(os.path.join(backup_path, backup_file))
logger.info(u"数据备份完成,下次执行还需等待 %s"%(self.format_time(next_interval)),trace="task")
except Exception as err:
logger.info(u"数据备份失败,%s, 下次执行还需等待 %s"%( repr(err), self.format_time(next_interval)),trace="task")
logger.exception(err)
try:
bak_list = [ bd for bd in os.listdir(backup_path) if 'trdb_cron_backup' in bd]
if len(bak_list) > 7:
logger.info("find expire backup file and remove")
_count = 0
for fname in bak_list:
fpath = os.path.join(backup_path, fname)
if (time.time() - os.path.getctime(fpath))/(3600*24) > 14:
os.remove(fpath)
_count += 1
logger.debug("remove expire backup file %s"%fpath)
logger.info("remove expire backup file total %s"%_count,trace="task")
except Exception as err:
logger.exception(err)
return next_interval
def render_result(self, **result):
resp = apiutils.make_message(self.settings.config.system.secret,
**result)
if self.settings.debug:
logger.debug("[api debug] :: %s response body: %s" %
(self.request.path, utils.safeunicode(resp)))
self.write(resp)
def process(self, message):
datagram, host, port = umsgpack.unpackb(message[0])
reply = self.processAuth(datagram, host, port)
logger.info("[Radiusd] :: Send radius response: %s" % repr(reply))
if self.config.system.debug:
logger.debug(reply.format_str())
self.pusher.push(umsgpack.packb([reply.ReplyPacket(),host,port]))
def processAcct(self, datagram, host, port):
try:
bas = self.find_nas(host)
if not bas:
raise PacketError('[Radiusd] :: Dropping packet from unknown host %s' % host)
secret, vendor_id = bas['bas_secret'], bas['vendor_id']
req = self.createAcctPacket(packet=datagram,
dict=self.dict, secret=six.b(str(secret)),vendor_id=vendor_id)
logger.info("[Radiusd] :: Received radius request: %s" % (repr(req)))
if self.config.system.debug:
logger.debug(req.format_str())
if req.code != packet.AccountingRequest:
raise PacketError('non-AccountingRequest packet on authentication socket')
if not req.VerifyAcctRequest():
raise PacketError('VerifyAcctRequest error')
reply = req.CreateReply()
status_type = req.get_acct_status_type()
if status_type in self.acct_class:
acct_func = self.acct_class[status_type](self,req.get_ticket()).acctounting
reactor.callLater(0.1,acct_func)
return reply
except Exception as err:
errstr = 'RadiusError:Dropping invalid acct packet from {0} {1},{2}'.format(
host, port, utils.safeunicode(err))
logger.error(errstr)
import traceback
traceback.print_exc()
def render_json(self, **template_vars):
if not template_vars.has_key("code"):
template_vars["code"] = 0
resp = json.dumps(template_vars, ensure_ascii=False)
if self.settings.debug:
logger.debug("[api debug] :: %s response body: %s" % (self.request.path, utils.safestr(resp)))
self.write(resp)
def process(self, message):
datagram, host, port = msgpack.unpackb(message[0])
reply = self.processAuth(datagram, host, port)
if not reply:
return
self.do_stat(reply.code)
logger.info("[Radiusd] :: Send radius response: %s" % repr(reply))
if self.config.system.debug:
logger.debug(reply.format_str())
self.pusher.push(msgpack.packb([reply.ReplyPacket(), host, port]))
def process(self, message):
datagram, host, port = msgpack.unpackb(message[0])
reply = self.processAuth(datagram, host, port)
if not reply:
return
logger.info("[Radiusd] :: Send radius response: %s" % repr(reply))
if self.config.system.debug:
logger.debug(reply.format_str())
self.pusher.push(msgpack.packb([reply.ReplyPacket(),host,port]))
# self.transport.write(reply.ReplyPacket(), (host,port))
self.do_stat(reply.code)
def processAcct(self, datagram, host, port):
try:
bas = self.find_nas(host)
if not bas:
raise PacketError(
'[Radiusd] :: Dropping packet from unknown host %s' % host)
secret, vendor_id = bas['bas_secret'], bas['vendor_id']
req = self.createAcctPacket(packet=datagram,
dict=self.dict,
secret=six.b(str(secret)),
vendor_id=vendor_id)
self.do_stat(req.code, req.get_acct_status_type())
logger.info("[Radiusd] :: Received radius request: %s" %
(repr(req)))
if self.config.system.debug:
logger.debug(req.format_str())
if req.code != packet.AccountingRequest:
raise PacketError(
'non-AccountingRequest packet on authentication socket')
if not req.VerifyAcctRequest():
raise PacketError('VerifyAcctRequest error')
reply = req.CreateReply()
self.pusher.push(msgpack.packb([reply.ReplyPacket(), host, port]))
self.do_stat(reply.code)
logger.info("[Radiusd] :: Send radius response: %s" % repr(reply))
if self.config.system.debug:
logger.debug(reply.format_str())
status_type = req.get_acct_status_type()
if status_type in self.acct_class:
ticket = req.get_ticket()
if not ticket.get('nas_addr'):
ticket['nas_addr'] = host
acct_func = self.acct_class[status_type](self.db_engine,
self.mcache, None,
ticket).acctounting
reactor.callLater(0.1, acct_func)
else:
logger.error('status_type <%s> not support' % status_type)
except Exception as err:
self.do_stat(0)
errstr = 'RadiusError:Dropping invalid acct packet from {0} {1},{2}'.format(
host, port, utils.safeunicode(err))
logger.error(errstr)
import traceback
traceback.print_exc()
def processAcct(self, datagram, host, port):
try:
bas = self.find_nas(host)
if not bas:
raise PacketError('[Radiusd] :: Dropping packet from unknown host %s' % host)
secret, vendor_id = bas['bas_secret'], bas['vendor_id']
req = self.createAcctPacket(packet=datagram,
dict=self.dict, secret=six.b(str(secret)),vendor_id=vendor_id)
self.do_stat(req.code, req.get_acct_status_type())
logger.info("[Radiusd] :: Received radius request: %s" % (repr(req)))
if self.config.system.debug:
logger.debug(req.format_str())
if req.code != packet.AccountingRequest:
raise PacketError('non-AccountingRequest packet on authentication socket')
if not req.VerifyAcctRequest():
raise PacketError('VerifyAcctRequest error')
reply = req.CreateReply()
self.pusher.push(msgpack.packb([reply.ReplyPacket(),host,port]))
self.do_stat(reply.code)
logger.info("[Radiusd] :: Send radius response: %s" % repr(reply))
if self.config.system.debug:
logger.debug(reply.format_str())
status_type = req.get_acct_status_type()
if status_type in self.acct_class:
ticket = req.get_ticket()
if not ticket.get('nas_addr'):
ticket['nas_addr'] = host
acct_func = self.acct_class[status_type](
self.db_engine,self.mcache,None,ticket).acctounting
reactor.callLater(0.1,acct_func)
else:
logger.error('status_type <%s> not support' % status_type)
except Exception as err:
self.do_stat(0)
errstr = 'RadiusError:Dropping invalid acct packet from {0} {1},{2}'.format(
host, port, utils.safeunicode(err))
logger.error(errstr)
import traceback
traceback.print_exc()
def post(self):
token = self.get_argument("token", None)
if not token or token not in md5(
self.settings.config.system.secret.encode(
'utf-8')).hexdigest():
return self.render_json(code=1, msg=u"token invalid")
command = self.get_argument("command", None)
if not command:
return self.render_json(code=1, msg=u"cmd invalid")
pref_cmd = ([p for p in parse_funcs.keys() if p in command]
or [None])[0]
if not pref_cmd:
return self.render_json(code=1,
msg=u"command %s not support" % command)
host = self.get_argument("host", None)
if not host:
return self.render_json(code=1, msg=u"host invalid")
lastcheck = self.get_argument("lastcheck", "")
service = self.get_argument("service", "")
perf_data = self.get_argument("data", "")
logger.info("params: %s %s %s %s %s" %
(lastcheck, host, command, service, perf_data))
if not all([lastcheck, perf_data]):
return self.render_json(code=1, msg=u"lastcheck,perf_data invalid")
data = dict(lastcheck=int(lastcheck),
host=host,
service=service,
command=pref_cmd,
data=parse_funcs[pref_cmd](perf_data))
logger.debug("perfdata_command insert to db %s" % repr(data))
self.mongodb.add_perfdata(host, data)
self.render_json(code=0, msg=u"success")
def process(self, *args, **kwargs):
self.logtimes()
next_interval = self.get_notify_interval()
backup_path = self.config.database.backup_path
backup_file = "trdb_cron_backup_%s.json.gz" % utils.gen_backep_id()
try:
self.db_backup.dumpdb(os.path.join(backup_path, backup_file))
logger.info(u"数据备份完成,下次执行还需等待 %s" %
(self.format_time(next_interval)),
trace="task")
except Exception as err:
logger.info(u"数据备份失败,%s, 下次执行还需等待 %s" %
(repr(err), self.format_time(next_interval)),
trace="task")
logger.exception(err)
try:
bak_list = [
bd for bd in os.listdir(backup_path)
if 'trdb_cron_backup' in bd
]
if len(bak_list) > 7:
logger.info("find expire backup file and remove")
_count = 0
for fname in bak_list:
fpath = os.path.join(backup_path, fname)
if (time.time() - os.path.getctime(fpath)) / (3600 *
24) > 14:
os.remove(fpath)
_count += 1
logger.debug("remove expire backup file %s" % fpath)
logger.info("remove expire backup file total %s" % _count,
trace="task")
except Exception as err:
logger.exception(err)
return next_interval
def post(self):
token = self.get_argument("token",None)
if not token or token not in md5(self.settings.config.system.secret.encode('utf-8')).hexdigest():
return self.render_json(code=1,msg=u"token invalid")
command = self.get_argument("command",None)
if not command:
return self.render_json(code=1,msg=u"cmd invalid")
pref_cmd = ([p for p in parse_funcs.keys() if p in command] or [None])[0]
if not pref_cmd:
return self.render_json(code=1,msg=u"command %s not support" % command)
host = self.get_argument("host",None)
if not host:
return self.render_json(code=1,msg=u"host invalid")
lastcheck = self.get_argument("lastcheck","")
service = self.get_argument("service","")
perf_data = self.get_argument("data","")
logger.info("params: %s %s %s %s %s"%(lastcheck, host,command,service,perf_data))
if not all ([lastcheck,perf_data]):
return self.render_json(code=1,msg=u"lastcheck,perf_data invalid")
data = dict(
lastcheck = int(lastcheck),
host = host,
service = service,
command = pref_cmd,
data = parse_funcs[pref_cmd](perf_data)
)
logger.debug("perfdata_command insert to db %s"%repr(data))
self.mongodb.add_perfdata(host,data)
self.render_json(code=0,msg=u"success")
def processAuth(self, datagram, host, port):
try:
bas = self.find_nas(host)
if not bas:
raise PacketError('[Radiusd] :: Dropping packet from unknown host %s' % host)
secret, vendor_id = bas['bas_secret'], bas['vendor_id']
req = self.createAuthPacket(packet=datagram,
dict=self.dict, secret=six.b(str(secret)),vendor_id=vendor_id)
self.do_stat(req.code)
logger.info("[Radiusd] :: Received radius request: %s" % (repr(req)))
if self.config.system.debug:
logger.debug(req.format_str())
if req.code != packet.AccessRequest:
raise PacketError('non-AccessRequest packet on authentication socket')
reply = req.CreateReply()
reply.vendor_id = req.vendor_id
aaa_request = dict(
account_number=req.get_user_name(),
domain=req.get_domain(),
macaddr=req.client_mac,
nasaddr=req.get_nas_addr(),
vlanid1=req.vlanid1,
vlanid2=req.vlanid2
)
auth_resp = RadiusAuth(self.db_engine,self.mcache,self.aes,aaa_request).authorize()
if auth_resp['code'] > 0:
reply['Reply-Message'] = auth_resp['msg']
reply.code = packet.AccessReject
return reply
if 'bypass' in auth_resp and int(auth_resp['bypass']) == 0:
is_pwd_ok = True
else:
is_pwd_ok = req.is_valid_pwd(auth_resp.get('passwd'))
if not is_pwd_ok:
reply['Reply-Message'] = "password not match"
reply.code = packet.AccessReject
return reply
else:
if u"input_rate" in auth_resp and u"output_rate" in auth_resp:
reply = rate_process.process(
reply, input_rate=auth_resp['input_rate'], output_rate=auth_resp['output_rate'])
attrs = auth_resp.get("attrs") or {}
for attr_name in attrs:
try:
# todo: May have a type matching problem
reply.AddAttribute(utils.safestr(attr_name), attrs[attr_name])
except Exception as err:
errstr = "RadiusError:current radius cannot support attribute {0},{1}".format(
attr_name,utils.safestr(err.message))
logger.error(errstr)
for attr, attr_val in req.resp_attrs.iteritems():
reply[attr] = attr_val
reply['Reply-Message'] = 'success!'
reply.code = packet.AccessAccept
if not req.VerifyReply(reply):
raise PacketError('VerifyReply error')
return reply
except Exception as err:
self.do_stat(0)
errstr = 'RadiusError:Dropping invalid auth packet from {0} {1},{2}'.format(
host, port, utils.safeunicode(err))
logger.error(errstr)
import traceback
traceback.print_exc()
def post(self):
qstr = self.get_argument("qstr", "")
wlan_params = self.get_wlan_params(qstr)
ssid = wlan_params.get("ssid", "default")
ispcode = wlan_params.get("ispcode", "default")
if not wlan_params:
self.render_error(msg=u"Missing parameter: ssid,wlanuserip,wlanacip")
return
start_time = time.time()
nas = self.get_nas(wlan_params.get("wlanacip",'127.0.0.1'))
print nas
if not nas:
self.render_error(msg=u"AC server {0} didn't register ".format(wlan_params.get("wlanacip")))
return
ac_addr = nas['ip_addr']
ac_port = int(nas['ac_port'])
secret = utils.safestr(nas['bas_secret'])
_vendor= utils.safestr(nas['portal_vendor'])
if _vendor not in ('cmccv1','cmccv2','huaweiv1','huaweiv2'):
self.render_error(msg=u"AC server portal_vendor {0} not support ".format(_vendor))
return
hm_mac=(wlan_params.get('wlanstamac','').replace(".",":").replace('-',':'))
macbstr = hm_mac and struct.pack('BBBBBB',*[int(i,base=16) for i in hm_mac.split(':')]) or None
send_portal = functools.partial(
client.send,
secret,
log=logger,
debug=self.settings.debug,
vendor=_vendor,
timeout=5
)
vendor = client.PortalClient.vendors.get(_vendor)
is_chap=self.settings.config.portal.chap in (1, "1", "chap")
userIp=wlan_params.get('wlanuserip', self.request.remote_ip)
username=self.get_argument("username", None)
password=self.get_argument("password", None)
if self.settings.debug:
logger.info( u"Start [username:%s] portal auth, wlan params:%s" % (
username, utils.safeunicode(wlan_params)))
tpl = self.get_template_attrs(wlan_params.get("ssid", "default"),ispcode)
firsturl=tpl.get("home_page", "/portal/index?tpl_name=%s" % tpl.get('tpl_name', 'default'))
def back_login(msg = u''):
self.render(self.get_login_template(tpl['tpl_path']), tpl = tpl, msg = msg, qstr = qstr, **wlan_params)
if not username or not password:
back_login(msg = u"username and password cannot be empty")
return
# checkos
# cli_dev, cli_os = self.chk_os
# domain = yield self.get_domain(wlan_params.get("ssid", "default"))
# username = "******" % (username, cli_dev, cli_os, domain)
try:
challenge_resp = None
if is_chap:
## req challenge ################################
challenge_req=vendor.proto.newReqChallenge(userIp, secret, mac=macbstr, chap = is_chap)
challenge_resp = yield send_portal(data = challenge_req, host=ac_addr, port=ac_port)
if challenge_resp.errCode > 0:
if challenge_resp.errCode == 2:
self.set_session_user(username, userIp, utils.get_currtime(), qstr=qstr)
self.redirect(firsturl)
return
raise Exception(vendor.mod.AckChallengeErrs[challenge_resp.errCode])
if challenge_resp:
## req auth ################################
auth_req = vendor.proto.newReqAuth(
userIp, username, password, challenge_resp.reqId, challenge_resp.get_challenge(),
secret, ac_addr, serialNo=challenge_req.serialNo,mac=macbstr, chap=is_chap)
else:
auth_req = vendor.proto.newReqAuth(userIp, username,password,0,None,secret,ac_addr,chap=is_chap)
auth_resp = yield send_portal(data=auth_req, host=ac_addr, port=ac_port)
if auth_resp.errCode > 0:
if auth_resp.errCode == 2:
self.set_session_user(username, userIp, utils.get_currtime(),qstr=qstr)
self.redirect(firsturl)
return
text_info = auth_resp.get_text_info()
_err_msg=u"{0},{1}".format(
vendor.mod.AckAuthErrs[auth_resp.errCode],
utils.safeunicode(text_info and text_info[0] or "")
)
raise Exception(_err_msg)
### aff_ack ################################
affack_req = vendor.proto.newAffAckAuth(
userIp, secret,ac_addr,auth_req.serialNo,auth_resp.reqId, mac=macbstr,chap = is_chap)
send_portal(data=affack_req, host=ac_addr, port=ac_port,noresp=True)
logger.info( u'Portal [username:{0}] auth success'.format(username))
if self.settings.debug:
logger.debug( u'Portal [username:%s] auth login [cast:%s ms]' % (
username, (time.time() - start_time) * 1000))
self.set_session_user(username, userIp, utils.get_currtime(),qstr=qstr, nasaddr=ac_addr)
self.redirect(firsturl)
except Exception as err:
import traceback
traceback.print_exc()
back_login(msg = u"Portal auth error,%s" % utils.safeunicode(err.message))
def render_result(self, **result):
resp = apiutils.make_message(self.settings.config.system.secret, **result)
if self.settings.debug:
logger.debug("[api debug] :: %s response body: %s" % (self.request.path, utils.safeunicode(resp)))
self.write(resp)
logger.debug(message.format_packet_str(reply))
self.transport.write(reply.ReplyPacket(), (host, port))
def datagramReceived(self, datagram, (host, port)):
try:
radius = self.radloader.getRadius(host)
if not radius:
logger.info('[RADIUSAuthorize] :: Dropping Authorize packet from unknown host ' + host)
return
coa_req = message.CoAMessage(packet=datagram, dict=radius.dict, secret=six.b(radius.secret))
logger.info("[RADIUSAuthorize] :: Received Authorize radius request: %s" % message.format_packet_log(coa_req))
if self.config.radius.debug:
logger.debug(message.format_packet_str(coa_req))
self.processPacket(coa_req, (host, port))
except packet.PacketError as err:
errstr = 'RadiusError:Dropping invalid packet from {0} {1},{2}'.format(
host, port, utils.safeunicode(err))
logger.error(errstr)
def run(config, dbengine=None):
authorize_protocol = RadiusdAuthorize(config, dbengine=dbengine)
reactor.listenUDP(int(config.radius.authorize_port), authorize_protocol, interface=config.radius.host)
def processAuth(self, datagram, host, port):
try:
bas = self.find_nas(host)
if not bas:
raise PacketError('[Radiusd] :: Dropping packet from unknown host %s' % host)
secret, vendor_id = bas['bas_secret'], bas['vendor_id']
req = self.createAuthPacket(packet=datagram,
dict=self.dict, secret=six.b(str(secret)),vendor_id=vendor_id)
self.log_trace(host,port,req)
self.do_stat(req.code)
logger.info("[Radiusd] :: Received radius request: %s" % (repr(req)))
if self.config.system.debug:
logger.debug(req.format_str())
if req.code != packet.AccessRequest:
raise PacketError('non-AccessRequest packet on authentication socket')
reply = req.CreateReply()
reply.vendor_id = req.vendor_id
aaa_request = dict(
account_number=req.get_user_name(),
domain=req.get_domain(),
macaddr=req.client_mac,
nasaddr=req.get_nas_addr() or host,
vlanid1=req.vlanid1,
vlanid2=req.vlanid2
)
auth_resp = RadiusAuth(self.db_engine,self.mcache,self.aes,aaa_request).authorize()
if auth_resp['code'] > 0:
reply['Reply-Message'] = auth_resp['msg']
reply.code = packet.AccessReject
self.log_trace(host,port,req,reply)
return reply
if 'bypass' in auth_resp and int(auth_resp['bypass']) == 0:
is_pwd_ok = True
req.is_valid_pwd(auth_resp.get('passwd'))
else:
is_pwd_ok = req.is_valid_pwd(auth_resp.get('passwd'))
if not is_pwd_ok:
reply['Reply-Message'] = "password not match"
reply.code = packet.AccessReject
self.log_trace(host,port,req,reply)
return reply
else:
if u"input_rate" in auth_resp and u"output_rate" in auth_resp:
reply = rate_process.process(
reply, input_rate=auth_resp['input_rate'], output_rate=auth_resp['output_rate'])
attrs = auth_resp.get("attrs") or {}
for attr_name in attrs:
try:
# todo: May have a type matching problem
reply.AddAttribute(utils.safestr(attr_name), attrs[attr_name])
except Exception as err:
errstr = "RadiusError:current radius cannot support attribute {0},{1}".format(
attr_name,utils.safestr(err.message))
logger.error(RadiusError(err,errstr))
for attr, attr_val in req.resp_attrs.iteritems():
reply[attr] = attr_val
reply['Reply-Message'] = 'success!'
reply.code = packet.AccessAccept
if not req.VerifyReply(reply):
raise PacketError('VerifyReply error')
self.log_trace(host,port,req,reply)
return reply
except Exception as err:
self.do_stat(0)
logger.exception(err)
def logtimes(self):
if self.config.system.debug:
logger.debug(u"%s task execute times : %s"%(self.__name__, self.time_count))
self.time_count += 1
