def process(self,req):
if radiuslog.isEnabledFor(DEBUG):
radiuslog.debug("Received an accounting request")
radiuslog.debug( "Attributes: ")
for attr in req.keys():
radiuslog.debug( "%s: %s" % (attr, req[attr]))
reply = req.CreateReply()
reply.source = req.source
req.sock.sendto(reply.ReplyPacket(), reply.source)
nasaddr = req.get_nasaddr()
nas = service.get_nas(nasaddr)
acct_status_type = req.get_acctstatustype()
if acct_status_type == STATUS_TYPE_START:
return self.start_accounting(req,nas)
elif acct_status_type == STATUS_TYPE_STOP:
return self.stop_accounting(req,nas)
elif acct_status_type == STATUS_TYPE_UPDATE:
return self.update_accounting(req,nas)
elif acct_status_type == STATUS_TYPE_NAS_ON or \
acct_status_type == STATUS_TYPE_NAS_OFF :
return self.nasonoff_accounting(nasaddr,acct_status_type)
else:
return
def process(self, req):
attr_keys = req.keys()
if is_debug():
radiuslog.info("::Received an authentication request")
radiuslog.info("Attributes: ")
for attr in attr_keys:
radiuslog.info("%s: %s" % (attr, req[attr]))
nasaddr = req.get_nasaddr()
macaddr = req.get_macaddr()
nas = service.get_nas(nasaddr)
# check roster
if service.in_black_roster(macaddr):
return self.send_reject(req, nas, 'user in black roster')
vlanid, vlanid2 = req.get_vlanids()
username1 = req.get_username()
domain = None
username2 = username1
if "@" in username1:
username2 = username1[:username1.index("@")]
req["User-Name"] = username2
domain = username1[username1.index("@") + 1:]
if not service.user_exists(username2):
return self.send_reject(req, nas, 'user not exists')
user = service.get_user(username2)
if user.status != 1:
return self.send_reject(req, nas, 'Invalid user status')
if domain and domain not in user.domain_code:
return self.send_reject(req, nas, 'user domain does not match')
if nasaddr not in service.get_nas_ips(user.node_id):
return self.send_reject(req, nas, 'node does not match')
if not utils.is_valid_date(user.auth_begin_date, user.auth_end_date):
return self.send_reject(req, nas,
'user is not effective or expired')
userpwd = utils.decrypt(user.password)
if not req.is_valid_pwd(userpwd):
return self.send_reject(req, nas, 'user password does not match')
uproduct = service.get_product(user.product_id)
if not uproduct:
return self.send_reject(req, nas, 'user product does not match')
if uproduct.policy == service.POLICY_TIMING and user.time_length <= 0:
return self.send_reject(req, nas,
'user does not have the time length')
if not self.verify_macaddr(user, macaddr):
return self.send_reject(req, nas, 'user macaddr bind not match')
valid_vlanid = self.verify_vlan(user, vlanid, vlanid2)
if valid_vlanid == 1:
return self.send_reject(req, nas, 'user vlanid does not match')
elif valid_vlanid == 2:
return self.send_reject(req, nas, 'user vlanid2 does not match')
if user.concur_number > 0:
if user.concur_number <= service.get_online_num(user.user_name):
return self.send_reject(req, nas, 'user concur_number control')
return self.send_accept(
req, nas,
**dict(ipaddr=user.ip_addr,
bandcode=uproduct.bandwidth_code,
input_max_limit=str(uproduct.input_max_limit),
output_max_limit=str(uproduct.output_max_limit),
input_rate_code=uproduct.input_rate_code,
output_rate_code=uproduct.output_rate_code,
domain_code=user.domain_code))
def process(self,req):
attr_keys = req.keys()
if is_debug():
radiuslog.info("::Received an authentication request")
radiuslog.info("Attributes: ")
for attr in attr_keys:
radiuslog.info( "%s: %s" % (attr, req[attr]))
nasaddr = req.get_nasaddr()
macaddr = req.get_macaddr()
nas = service.get_nas(nasaddr)
# check roster
if service.in_black_roster(macaddr):
return self.send_reject(req,nas,'user in black roster')
vlanid,vlanid2 = req.get_vlanids()
username1 = req.get_username()
domain = None
username2 = username1
if "@" in username1:
username2 = username1[:username1.index("@")]
req["User-Name"] = username2
domain = username1[username1.index("@")+1:]
if not service.user_exists(username2):
return self.send_reject(req,nas,'user not exists')
user = service.get_user(username2)
if user.status != 1:
return self.send_reject(req,nas,'Invalid user status')
if domain and domain not in user.domain_code:
return self.send_reject(req,nas,'user domain does not match')
if nasaddr not in service.get_nas_ips(user.node_id):
return self.send_reject(req,nas,'node does not match')
if not utils.is_valid_date(user.auth_begin_date,user.auth_end_date):
return self.send_reject(req,nas,'user is not effective or expired')
userpwd = utils.decrypt(user.password)
if not req.is_valid_pwd(userpwd):
return self.send_reject(req,nas,'user password does not match')
uproduct = service.get_product(user.product_id)
if not uproduct:
return self.send_reject(req,nas,'user product does not match')
if uproduct.policy == service.POLICY_TIMING and user.time_length <= 0:
return self.send_reject(req,nas,'user does not have the time length')
if not self.verify_macaddr(user,macaddr):
return self.send_reject(req,nas,'user macaddr bind not match')
valid_vlanid = self.verify_vlan(user,vlanid,vlanid2)
if valid_vlanid == 1:
return self.send_reject(req,nas,'user vlanid does not match')
elif valid_vlanid == 2:
return self.send_reject(req,nas,'user vlanid2 does not match')
if user.concur_number > 0:
if user.concur_number <= service.get_online_num(user.user_name):
return self.send_reject(req,nas,'user concur_number control')
return self.send_accept(req,nas,**dict(ipaddr=user.ip_addr,
bandcode=uproduct.bandwidth_code,
input_max_limit=str(uproduct.input_max_limit),
output_max_limit=str(uproduct.output_max_limit),
input_rate_code=uproduct.input_rate_code,
output_rate_code=uproduct.output_rate_code,
domain_code=user.domain_code))
