def start(self, username, password, challenge=None, chap_pwd=None, **kwargs):
loginfo = []
auth_req = {'User-Name' : username}
auth_req["NAS-IP-Address"] = kwargs.pop("NAS-IP-Address",self.config.radius.nasaddr)
auth_req["NAS-Port"] = kwargs.pop("NAS-Port",0)
auth_req["Service-Type"] = kwargs.pop("Service-Type","Login-User")
auth_req["NAS-Identifier"] = kwargs.pop("NAS-Identifier",self.config.radius.nasid)
auth_req["Calling-Station-Id"] = kwargs.pop("Calling-Station-Id",self.random_mac)
auth_req["Framed-IP-Address"] = kwargs.pop("Framed-IP-Address",self.next_ip)
auth_req.update(kwargs)
auth_resp = {}
if challenge and chap_pwd:
auth_req['CHAP-Challenge'] = challenge
auth_req['CHAP-Password'] = chap_pwd
loginfo.append(repr(auth_req))
auth_resp = yield self.radius.send_auth(**auth_req)
else:
auth_req['User-Password'] = password
loginfo.append(repr(auth_req))
auth_resp = yield self.radius.send_auth(**auth_req)
loginfo.append(message.format_packet_log(auth_resp))
if auth_resp.code== packet.AccessReject:
defer.returnValue(dict(code=1,
msg=auth_resp.get("Reply-Message", "auth reject"),
loginfo='<br><br>'.join(loginfo)))
if auth_resp.code== packet.AccessAccept:
self.session_data['User-Name'] = username
self.session_data['Acct-Session-Time'] = 0
self.session_data['Acct-Status-Type'] = 1
self.session_data['Session-Timeout'] = message.get_session_timeout(auth_resp)
self.session_data['Acct-Session-Id'] = self.session_id
self.session_data["NAS-IP-Address"] = kwargs.pop("NAS-IP-Address",self.config.radius.nasaddr)
self.session_data["NAS-Port"] = kwargs.pop("NAS-Port",0)
self.session_data["NAS-Identifier"] = kwargs.pop("NAS-Identifier",self.config.radius.nasid)
self.session_data["Calling-Station-Id"] = kwargs.pop("Calling-Station-Id",self.random_mac)
self.session_data["Framed-IP-Address"] = kwargs.pop("Framed-IP-Address",self.next_ip)
self.session_data["Acct-Output-Octets"] = 0
self.session_data["Acct-Input-Octets"] = 0
self.session_data["NAS-Port-Id"] = kwargs.pop("NAS-Port-Id","3/0/1:0.0")
self.session_data.update(kwargs)
if 'Acct-Interim-Interval' in auth_resp:
self.interim_update = message.get_interim_update(auth_resp)
loginfo.append(repr(self.session_data))
acct_resp = yield self.radius.send_acct(**self.session_data)
loginfo.append(message.format_packet_log(acct_resp))
if acct_resp.code == packet.AccountingResponse:
self.running = True
logger.info('Start session %s' % self.session_id)
RadiusSession.sessions[self.session_id] = self
reactor.callLater(self.interim_update,self.check_session)
defer.returnValue(dict(code=0,msg=u"success",loginfo='<br><br>'.join(loginfo)))
else:
defer.returnValue(dict(code=1,msg=u"error",loginfo='<br><br>'.join(loginfo)))
def log_trace(self,host,port,req,reply=None):
if not self.is_trace_on():
return
if not self.user_exists(req.get_user_name()):
return
try:
if reply is None:
msg = message.format_packet_log(req)
logger.info(u"Radius请求来自 Nas(%s:%s) %s"%(host,port,utils.safeunicode(msg)),
trace="radius",username=req.get_user_name())
else:
msg = message.format_packet_log(reply)
logger.info(u"Radius响应至 Nas(%s:%s) %s"%(host,port,utils.safeunicode(msg)),
trace="radius",username=req.get_user_name())
except Exception as err:
logger.exception(err)
def log_trace(self,host,port,req,reply=None):
if not self.is_trace_on():
return
if not self.user_exists(req.get_user_name()):
return
try:
if reply is None:
msg = message.format_packet_log(req)
logger.info(u"Radius请求来自 Nas(%s:%s) %s"%(host,port,utils.safeunicode(msg)),
trace="radius",username=req.get_user_name())
else:
msg = message.format_packet_log(reply)
logger.info(u"Radius响应至 Nas(%s:%s) %s"%(host,port,utils.safeunicode(msg)),
trace="radius",username=req.get_user_name())
except Exception as err:
logger.exception(err)
reply = coareq.CreateReply()
logger.info("[RADIUSAuthorize] :: Send Authorize radius response: %s" % (repr(reply)))
if self.config.radius.debug:
logger.debug(message.format_packet_str(reply))
self.transport.write(reply.ReplyPacket(), (host, port))
def datagramReceived(self, datagram, (host, port)):
try:
radius = self.radloader.getRadius(host)
if not radius:
logger.info('[RADIUSAuthorize] :: Dropping Authorize packet from unknown host ' + host)
return
coa_req = message.CoAMessage(packet=datagram, dict=radius.dict, secret=six.b(radius.secret))
logger.info("[RADIUSAuthorize] :: Received Authorize radius request: %s" % message.format_packet_log(coa_req))
if self.config.radius.debug:
logger.debug(message.format_packet_str(coa_req))
self.processPacket(coa_req, (host, port))
except packet.PacketError as err:
errstr = 'RadiusError:Dropping invalid packet from {0} {1},{2}'.format(
host, port, utils.safeunicode(err))
logger.error(errstr)
def run(config, dbengine=None):
authorize_protocol = RadiusdAuthorize(config, dbengine=dbengine)
reactor.listenUDP(int(config.radius.authorize_port), authorize_protocol, interface=config.radius.host)
reply = coareq.CreateReply()
logger.info("[RADIUSAuthorize] :: Send Authorize radius response: %s" % (repr(reply)))
if self.config.radius.debug:
logger.debug(message.format_packet_str(reply))
self.transport.write(reply.ReplyPacket(), (host, port))
def datagramReceived(self, datagram, (host, port)):
try:
radius = self.radloader.getRadius(host)
if not radius:
logger.info('[RADIUSAuthorize] :: Dropping Authorize packet from unknown host ' + host)
return
coa_req = message.CoAMessage(packet=datagram, dict=radius.dict, secret=six.b(radius.secret))
logger.info("[RADIUSAuthorize] :: Received Authorize radius request: %s" % message.format_packet_log(coa_req))
if self.config.radius.debug:
logger.debug(message.format_packet_str(coa_req))
self.processPacket(coa_req, (host, port))
except packet.PacketError as err:
errstr = 'RadiusError:Dropping invalid packet from {0} {1},{2}'.format(
host, port, utils.safeunicode(err))
logger.error(errstr)
def run(config, dbengine=None):
authorize_protocol = RadiusdAuthorize(config, dbengine=dbengine)
reactor.listenUDP(int(config.radius.authorize_port), authorize_protocol, interface=config.radius.host)
