def process(self,req): if radiuslog.isEnabledFor(DEBUG): radiuslog.debug("Received an accounting request") radiuslog.debug( "Attributes: ") for attr in req.keys(): radiuslog.debug( "%s: %s" % (attr, req[attr])) reply = req.CreateReply() reply.source = req.source req.sock.sendto(reply.ReplyPacket(), reply.source) nasaddr = req.get_nasaddr() nas = service.get_nas(nasaddr) acct_status_type = req.get_acctstatustype() if acct_status_type == STATUS_TYPE_START: return self.start_accounting(req,nas) elif acct_status_type == STATUS_TYPE_STOP: return self.stop_accounting(req,nas) elif acct_status_type == STATUS_TYPE_UPDATE: return self.update_accounting(req,nas) elif acct_status_type == STATUS_TYPE_NAS_ON or \ acct_status_type == STATUS_TYPE_NAS_OFF : return self.nasonoff_accounting(nasaddr,acct_status_type) else: return
def process(self, req): attr_keys = req.keys() if is_debug(): radiuslog.info("::Received an authentication request") radiuslog.info("Attributes: ") for attr in attr_keys: radiuslog.info("%s: %s" % (attr, req[attr])) nasaddr = req.get_nasaddr() macaddr = req.get_macaddr() nas = service.get_nas(nasaddr) # check roster if service.in_black_roster(macaddr): return self.send_reject(req, nas, 'user in black roster') vlanid, vlanid2 = req.get_vlanids() username1 = req.get_username() domain = None username2 = username1 if "@" in username1: username2 = username1[:username1.index("@")] req["User-Name"] = username2 domain = username1[username1.index("@") + 1:] if not service.user_exists(username2): return self.send_reject(req, nas, 'user not exists') user = service.get_user(username2) if user.status != 1: return self.send_reject(req, nas, 'Invalid user status') if domain and domain not in user.domain_code: return self.send_reject(req, nas, 'user domain does not match') if nasaddr not in service.get_nas_ips(user.node_id): return self.send_reject(req, nas, 'node does not match') if not utils.is_valid_date(user.auth_begin_date, user.auth_end_date): return self.send_reject(req, nas, 'user is not effective or expired') userpwd = utils.decrypt(user.password) if not req.is_valid_pwd(userpwd): return self.send_reject(req, nas, 'user password does not match') uproduct = service.get_product(user.product_id) if not uproduct: return self.send_reject(req, nas, 'user product does not match') if uproduct.policy == service.POLICY_TIMING and user.time_length <= 0: return self.send_reject(req, nas, 'user does not have the time length') if not self.verify_macaddr(user, macaddr): return self.send_reject(req, nas, 'user macaddr bind not match') valid_vlanid = self.verify_vlan(user, vlanid, vlanid2) if valid_vlanid == 1: return self.send_reject(req, nas, 'user vlanid does not match') elif valid_vlanid == 2: return self.send_reject(req, nas, 'user vlanid2 does not match') if user.concur_number > 0: if user.concur_number <= service.get_online_num(user.user_name): return self.send_reject(req, nas, 'user concur_number control') return self.send_accept( req, nas, **dict(ipaddr=user.ip_addr, bandcode=uproduct.bandwidth_code, input_max_limit=str(uproduct.input_max_limit), output_max_limit=str(uproduct.output_max_limit), input_rate_code=uproduct.input_rate_code, output_rate_code=uproduct.output_rate_code, domain_code=user.domain_code))
def process(self,req): attr_keys = req.keys() if is_debug(): radiuslog.info("::Received an authentication request") radiuslog.info("Attributes: ") for attr in attr_keys: radiuslog.info( "%s: %s" % (attr, req[attr])) nasaddr = req.get_nasaddr() macaddr = req.get_macaddr() nas = service.get_nas(nasaddr) # check roster if service.in_black_roster(macaddr): return self.send_reject(req,nas,'user in black roster') vlanid,vlanid2 = req.get_vlanids() username1 = req.get_username() domain = None username2 = username1 if "@" in username1: username2 = username1[:username1.index("@")] req["User-Name"] = username2 domain = username1[username1.index("@")+1:] if not service.user_exists(username2): return self.send_reject(req,nas,'user not exists') user = service.get_user(username2) if user.status != 1: return self.send_reject(req,nas,'Invalid user status') if domain and domain not in user.domain_code: return self.send_reject(req,nas,'user domain does not match') if nasaddr not in service.get_nas_ips(user.node_id): return self.send_reject(req,nas,'node does not match') if not utils.is_valid_date(user.auth_begin_date,user.auth_end_date): return self.send_reject(req,nas,'user is not effective or expired') userpwd = utils.decrypt(user.password) if not req.is_valid_pwd(userpwd): return self.send_reject(req,nas,'user password does not match') uproduct = service.get_product(user.product_id) if not uproduct: return self.send_reject(req,nas,'user product does not match') if uproduct.policy == service.POLICY_TIMING and user.time_length <= 0: return self.send_reject(req,nas,'user does not have the time length') if not self.verify_macaddr(user,macaddr): return self.send_reject(req,nas,'user macaddr bind not match') valid_vlanid = self.verify_vlan(user,vlanid,vlanid2) if valid_vlanid == 1: return self.send_reject(req,nas,'user vlanid does not match') elif valid_vlanid == 2: return self.send_reject(req,nas,'user vlanid2 does not match') if user.concur_number > 0: if user.concur_number <= service.get_online_num(user.user_name): return self.send_reject(req,nas,'user concur_number control') return self.send_accept(req,nas,**dict(ipaddr=user.ip_addr, bandcode=uproduct.bandwidth_code, input_max_limit=str(uproduct.input_max_limit), output_max_limit=str(uproduct.output_max_limit), input_rate_code=uproduct.input_rate_code, output_rate_code=uproduct.output_rate_code, domain_code=user.domain_code))