Example #1
0
def process(req=None,resp=None,user=None,radiusd=None,**kwargs):
    """执行计费策略校验,用户到期检测,用户余额,时长检测"""
    store = radiusd.store
    acct_policy = user['product_policy'] or PPMonth
    if acct_policy in ( PPMonth,BOMonth):
        if utils.is_expire(user['expire_date']):
            resp['Framed-Pool'] = store.get_param("expire_addrpool")
            
    elif acct_policy in (PPTimes,PPFlow):
        user_balance = store.get_user_balance(user['account_number'])
        if user_balance <= 0:
            return error_auth(resp,'user balance poor')    
            
    elif acct_policy == BOTimes:
        time_length = store.get_user_time_length(user['account_number'])
        if time_length <= 0:
            return error_auth(resp,'user time_length poor')
            
    elif acct_policy == BOFlows:
        flow_length = store.get_user_flow_length(user['account_number'])
        if flow_length <= 0:
            return error_auth(resp,'user flow_length poor')

    if user['user_concur_number'] > 0 :
        if store.count_online(user['account_number']) >= user['user_concur_number']:
            return error_auth(resp,'user session to limit')    

    return resp
Example #2
0
def process(req=None, resp=None, user=None, radiusd=None, **kwargs):
    """check mac bind & vlan bind"""
    store = radiusd.store
    macaddr = req.get_mac_addr()
    if store.is_white_roster(macaddr):
        return resp

    if macaddr and user['mac_addr']:
        if user['bind_mac'] == 1 and macaddr not in user['mac_addr']:
            return error_auth(resp, "macaddr bind not match")
    elif macaddr and not user['mac_addr']:
        store.update_user_mac(user['account_number'], macaddr)

    vlan_id, vlan_id2 = req.get_vlanids()
    print vlan_id, vlan_id2
    if vlan_id and user['vlan_id']:
        if user['bind_vlan'] == 1 and vlan_id != user['vlan_id']:
            return error_auth(resp, "vlan_id bind not match")
    elif vlan_id and not user['vlan_id']:
        user['vlan_id'] = vlan_id
        store.update_user_vlan_id(user['account_number'], vlan_id)

    if vlan_id2 and user['vlan_id2']:
        if user['bind_vlan'] == 1 and vlan_id2 != user['vlan_id2']:
            return error_auth(resp, "vlan_id2 bind not match")
    elif vlan_id2 and not user['vlan_id2']:
        user['vlan_id2'] = vlan_id2
        store.update_user_vlan_id2(user['account_number'], vlan_id2)

    return resp
def process(req=None,resp=None,user=None,radiusd=None,**kwargs):
    """check mac bind & vlan bind"""
    store = radiusd.store
    macaddr = req.get_mac_addr()
    if store.is_white_roster(macaddr):
        return resp
        
    if macaddr and  user['mac_addr']:
        if user['bind_mac'] == 1 and macaddr not in user['mac_addr']:
            return error_auth(resp,"macaddr bind not match")
    elif macaddr and not user['mac_addr'] :
        store.update_user_mac(user['account_number'], macaddr)

    vlan_id,vlan_id2 = req.get_vlanids()
    print vlan_id,vlan_id2
    if vlan_id and user['vlan_id']:
        if user['bind_vlan'] == 1 and vlan_id != user['vlan_id']:
            return error_auth(resp,"vlan_id bind not match")
    elif vlan_id and not user['vlan_id']:
        user['vlan_id'] = vlan_id
        store.update_user_vlan_id(user['account_number'],vlan_id)

    if vlan_id2 and user['vlan_id2']:
        if user['bind_vlan'] == 1 and vlan_id2 != user['vlan_id2']:
            return error_auth(resp,"vlan_id2 bind not match")
    elif vlan_id2 and not user['vlan_id2']:
        user['vlan_id2'] = vlan_id2
        store.update_user_vlan_id2(user['account_number'],vlan_id2)

    return resp
def process(req=None,resp=None,user=None,radiusd=None,**kwargs):
    store = radiusd.store
    if not user:
        return error_auth(resp,'user %s not exists'%req.get_user_name())

    if not req.is_valid_pwd(utils.decrypt(user['password'])):
        return error_auth(resp,'user password not match')
        
    if user['status'] == 4:
        resp['Framed-Pool'] = store.get_param("expire_addrpool")
        return resp

    if  user['status'] in (0,2,3):
        return error_auth(resp,'user status not ok')

    return resp
Example #5
0
def process(req=None, resp=None, user=None, radiusd=None, **kwargs):
    """check block roster"""
    store = radiusd.store
    macaddr = req.get_mac_addr()
    if store.is_black_roster(macaddr):
        return error_auth(resp, "user macaddr in blacklist")
    return resp
def process(req=None,resp=None,user=None,radiusd=None,**kwargs):
    """check block roster"""
    store = radiusd.store
    macaddr = req.get_mac_addr()
    if store.is_black_roster(macaddr):
        return error_auth(resp,"user macaddr in blacklist")
    return resp
def process(req=None, resp=None, user=None, radiusd=None, **kwargs):
    store = radiusd.store

    if store.is_white_roster(req.get_mac_addr()):
        return resp

    if not user:
        return error_auth(resp, "user %s not exists" % req.get_user_name())

    if store.get_param("radiusd_bypass") == "1":
        if not req.is_valid_pwd(utils.decrypt(user["password"])):
            return error_auth(resp, "user password not match")

    if user["status"] == 4:
        resp["Framed-Pool"] = store.get_param("expire_addrpool")
        return resp

    if user["status"] in (0, 2, 3):
        return error_auth(resp, "user status not ok")

    return resp
Example #8
0
def process(req=None, resp=None, user=None, radiusd=None, **kwargs):
    """执行计费策略校验,用户到期检测,用户余额,时长检测"""
    store = radiusd.store

    if store.is_white_roster(req.get_mac_addr()):
        return resp

    acct_policy = user['product_policy'] or PPMonth
    if acct_policy in (PPMonth, BOMonth):
        if utils.is_expire(user['expire_date']):
            resp['Framed-Pool'] = store.get_param("expire_addrpool")

    elif acct_policy in (PPTimes, PPFlow):
        user_balance = store.get_user_balance(user['account_number'])
        if user_balance <= 0:
            return error_auth(resp, 'user balance poor')

    elif acct_policy == BOTimes:
        time_length = store.get_user_time_length(user['account_number'])
        if time_length <= 0:
            return error_auth(resp, 'user time_length poor')

    elif acct_policy == BOFlows:
        flow_length = store.get_user_flow_length(user['account_number'])
        if flow_length <= 0:
            return error_auth(resp, 'user flow_length poor')

    if user['user_concur_number'] > 0:
        if store.count_online(
                user['account_number']) == user['user_concur_number']:
            try:
                auto_unlock = int(store.get_param("auth_auto_unlock") or 0)
                if auto_unlock == 0:
                    return error_auth(resp, 'user session to limit')

                online = store.get_nas_onlines_byuser(
                    user['account_number'])[0]
                coa_client = radiusd.coa_clients.get(online['nas_addr'])
                attrs = {
                    'User-Name': online['account_number'],
                    'Acct-Session-Id': online['acct_session_id'],
                    'NAS-IP-Address': online['nas_addr'],
                    'Framed-IP-Address': online['framed_ipaddr']
                }
                dmeq = coa_client.createDisconnectPacket(**attrs)
                coa_client.sendCoA(dmeq)
                return resp
            except:
                log.err('send dm error')
                return error_auth(resp,
                                  'user session to limit & send dm error')
        elif store.count_online(
                user['account_number']) > user['user_concur_number']:
            return error_auth(resp, 'user session to limit')

    return resp
def process(req=None,resp=None,user=None,radiusd=None,**kwargs):
    """执行计费策略校验,用户到期检测,用户余额,时长检测"""
    store = radiusd.store

    if store.is_white_roster(req.get_mac_addr()):
        return resp

    acct_policy = user['product_policy'] or PPMonth
    if acct_policy in ( PPMonth,BOMonth):
        if utils.is_expire(user['expire_date']):
            resp['Framed-Pool'] = store.get_param("expire_addrpool")
            
    elif acct_policy in (PPTimes,PPFlow):
        user_balance = store.get_user_balance(user['account_number'])
        if user_balance <= 0:
            return error_auth(resp,'user balance poor')    
            
    elif acct_policy == BOTimes:
        time_length = store.get_user_time_length(user['account_number'])
        if time_length <= 0:
            return error_auth(resp,'user time_length poor')
            
    elif acct_policy == BOFlows:
        flow_length = store.get_user_flow_length(user['account_number'])
        if flow_length <= 0:
            return error_auth(resp,'user flow_length poor')

    if user['user_concur_number'] > 0 :
        if store.count_online(user['account_number']) == user['user_concur_number']:
            try:
                auto_unlock = int(store.get_param("auth_auto_unlock") or 0)
                if auto_unlock == 0:
                    return error_auth(resp, 'user session to limit')

                online = store.get_nas_onlines_byuser(user['account_number'])[0]
                coa_client = radiusd.coa_clients.get(online['nas_addr'])
                attrs = {
                    'User-Name': online['account_number'],
                    'Acct-Session-Id': online['acct_session_id'],
                    'NAS-IP-Address': online['nas_addr'],
                    'Framed-IP-Address': online['framed_ipaddr']
                }
                dmeq = coa_client.createDisconnectPacket(**attrs)
                coa_client.sendCoA(dmeq)
                return resp
            except:
                log.err('send dm error')
                return error_auth(resp, 'user session to limit & send dm error')
        elif store.count_online(user['account_number']) > user['user_concur_number']:
            return error_auth(resp, 'user session to limit')

    return resp
Example #10
0
def process(req=None,resp=None,user=None,radiusd=None,**kwargs):
    store = radiusd.store
    session_timeout = int(store.get_param("max_session_timeout"))

    if store.is_white_roster(req.get_mac_addr()):
        resp['Session-Timeout'] = session_timeout
        return resp

    expire_pool = store.get_param("expire_addrpool")
    if "Framed-Pool" in resp:
        if expire_pool in resp['Framed-Pool']:
            expire_session_timeout = int(store.get_param("expire_session_timeout"))
            if expire_session_timeout > 0:
                session_timeout = expire_session_timeout
            else:
                return error_auth(resp,'User has expired')

    acct_interim_intelval = int(store.get_param("acct_interim_intelval"))
    if acct_interim_intelval > 0:
        resp['Acct-Interim-Interval'] = acct_interim_intelval
    
    acct_policy = user['product_policy'] or BOMonth
    product = store.get_product(user['product_id'])
    
    if acct_policy in (PPMonth,BOMonth):
        expire_date = user['expire_date']
        _datetime = datetime.datetime.now()
        if _datetime.strftime("%Y-%m-%d") == expire_date:
            _expire_datetime = datetime.datetime.strptime(expire_date+' 23:59:59',"%Y-%m-%d %H:%M:%S")
            session_timeout = (_expire_datetime - _datetime).seconds 

    elif acct_policy  == BOTimes:
        _session_timeout = user["time_length"]
        if _session_timeout < session_timeout:
            session_timeout = _session_timeout
        
    elif acct_policy  == PPTimes:
        user_balance = store.get_user_balance(user['account_number'])
        fee_price = decimal.Decimal(product['fee_price']) 
        _sstime = user_balance/fee_price*decimal.Decimal(3600)
        _session_timeout = int(_sstime.to_integral_value())
        if _session_timeout < session_timeout:
            session_timeout = _session_timeout

    resp['Session-Timeout'] = session_timeout

    if user['ip_address']:
        resp['Framed-IP-Address'] = user['ip_address']

    _attrs = {}
    for attr in store.get_product_attrs(user['product_id']):
        try:
            _type = resp.dict[attr['attr_name']].type
            attr_name = str(attr['attr_name'])
            attr_value = get_type_val(_type,attr['attr_value'])
            if attr_name in _attrs:
                _attrs[attr_name].append(attr_value)
            else:
                _attrs[attr_name] = [attr_value]
        except:
            radiusd.syslog.error("process product attr error")
            import traceback
            traceback.print_exc()
    
    print _attrs
    for _a in _attrs:        
        resp.AddAttribute(_a,_attrs[_a])
    
    for attr in req.ext_attrs:
        resp[attr] = req.ext_attrs[attr]
    # for attr in store.get_user_attrs(user['account_number']):
    #     try:resp[attr.attr_name] = attr.attr_value
    #     except:pass

    return resp