def start(self, username, password, challenge=None, chap_pwd=None, **kwargs): loginfo = [] auth_req = {'User-Name' : username} auth_req["NAS-IP-Address"] = kwargs.pop("NAS-IP-Address",self.config.radius.nasaddr) auth_req["NAS-Port"] = kwargs.pop("NAS-Port",0) auth_req["Service-Type"] = kwargs.pop("Service-Type","Login-User") auth_req["NAS-Identifier"] = kwargs.pop("NAS-Identifier",self.config.radius.nasid) auth_req["Calling-Station-Id"] = kwargs.pop("Calling-Station-Id",self.random_mac) auth_req["Framed-IP-Address"] = kwargs.pop("Framed-IP-Address",self.next_ip) auth_req.update(kwargs) auth_resp = {} if challenge and chap_pwd: auth_req['CHAP-Challenge'] = challenge auth_req['CHAP-Password'] = chap_pwd loginfo.append(repr(auth_req)) auth_resp = yield self.radius.send_auth(**auth_req) else: auth_req['User-Password'] = password loginfo.append(repr(auth_req)) auth_resp = yield self.radius.send_auth(**auth_req) loginfo.append(message.format_packet_log(auth_resp)) if auth_resp.code== packet.AccessReject: defer.returnValue(dict(code=1, msg=auth_resp.get("Reply-Message", "auth reject"), loginfo='<br><br>'.join(loginfo))) if auth_resp.code== packet.AccessAccept: self.session_data['User-Name'] = username self.session_data['Acct-Session-Time'] = 0 self.session_data['Acct-Status-Type'] = 1 self.session_data['Session-Timeout'] = message.get_session_timeout(auth_resp) self.session_data['Acct-Session-Id'] = self.session_id self.session_data["NAS-IP-Address"] = kwargs.pop("NAS-IP-Address",self.config.radius.nasaddr) self.session_data["NAS-Port"] = kwargs.pop("NAS-Port",0) self.session_data["NAS-Identifier"] = kwargs.pop("NAS-Identifier",self.config.radius.nasid) self.session_data["Calling-Station-Id"] = kwargs.pop("Calling-Station-Id",self.random_mac) self.session_data["Framed-IP-Address"] = kwargs.pop("Framed-IP-Address",self.next_ip) self.session_data["Acct-Output-Octets"] = 0 self.session_data["Acct-Input-Octets"] = 0 self.session_data["NAS-Port-Id"] = kwargs.pop("NAS-Port-Id","3/0/1:0.0") self.session_data.update(kwargs) if 'Acct-Interim-Interval' in auth_resp: self.interim_update = message.get_interim_update(auth_resp) loginfo.append(repr(self.session_data)) acct_resp = yield self.radius.send_acct(**self.session_data) loginfo.append(message.format_packet_log(acct_resp)) if acct_resp.code == packet.AccountingResponse: self.running = True logger.info('Start session %s' % self.session_id) RadiusSession.sessions[self.session_id] = self reactor.callLater(self.interim_update,self.check_session) defer.returnValue(dict(code=0,msg=u"success",loginfo='<br><br>'.join(loginfo))) else: defer.returnValue(dict(code=1,msg=u"error",loginfo='<br><br>'.join(loginfo)))
def log_trace(self,host,port,req,reply=None): if not self.is_trace_on(): return if not self.user_exists(req.get_user_name()): return try: if reply is None: msg = message.format_packet_log(req) logger.info(u"Radius请求来自 Nas(%s:%s) %s"%(host,port,utils.safeunicode(msg)), trace="radius",username=req.get_user_name()) else: msg = message.format_packet_log(reply) logger.info(u"Radius响应至 Nas(%s:%s) %s"%(host,port,utils.safeunicode(msg)), trace="radius",username=req.get_user_name()) except Exception as err: logger.exception(err)
reply = coareq.CreateReply() logger.info("[RADIUSAuthorize] :: Send Authorize radius response: %s" % (repr(reply))) if self.config.radius.debug: logger.debug(message.format_packet_str(reply)) self.transport.write(reply.ReplyPacket(), (host, port)) def datagramReceived(self, datagram, (host, port)): try: radius = self.radloader.getRadius(host) if not radius: logger.info('[RADIUSAuthorize] :: Dropping Authorize packet from unknown host ' + host) return coa_req = message.CoAMessage(packet=datagram, dict=radius.dict, secret=six.b(radius.secret)) logger.info("[RADIUSAuthorize] :: Received Authorize radius request: %s" % message.format_packet_log(coa_req)) if self.config.radius.debug: logger.debug(message.format_packet_str(coa_req)) self.processPacket(coa_req, (host, port)) except packet.PacketError as err: errstr = 'RadiusError:Dropping invalid packet from {0} {1},{2}'.format( host, port, utils.safeunicode(err)) logger.error(errstr) def run(config, dbengine=None): authorize_protocol = RadiusdAuthorize(config, dbengine=dbengine) reactor.listenUDP(int(config.radius.authorize_port), authorize_protocol, interface=config.radius.host)