def render_json(self, **template_vars): if not template_vars.has_key("code"): template_vars["code"] = 0 resp = json.dumps(template_vars, ensure_ascii=False) if self.settings.debug: logger.debug("[api debug] :: %s response body: %s" % (self.request.path, utils.safeunicode(resp))) self.write(resp)
def process(self, *args, **kwargs): self.logtimes() next_interval = self.get_notify_interval() backup_path = self.config.database.backup_path backup_file = "trdb_cron_backup_%s.json.gz" % utils.gen_backep_id() try: self.db_backup.dumpdb(os.path.join(backup_path, backup_file)) logger.info(u"数据备份完成,下次执行还需等待 %s"%(self.format_time(next_interval)),trace="task") except Exception as err: logger.info(u"数据备份失败,%s, 下次执行还需等待 %s"%( repr(err), self.format_time(next_interval)),trace="task") logger.exception(err) try: bak_list = [ bd for bd in os.listdir(backup_path) if 'trdb_cron_backup' in bd] if len(bak_list) > 7: logger.info("find expire backup file and remove") _count = 0 for fname in bak_list: fpath = os.path.join(backup_path, fname) if (time.time() - os.path.getctime(fpath))/(3600*24) > 14: os.remove(fpath) _count += 1 logger.debug("remove expire backup file %s"%fpath) logger.info("remove expire backup file total %s"%_count,trace="task") except Exception as err: logger.exception(err) return next_interval
def render_result(self, **result): resp = apiutils.make_message(self.settings.config.system.secret, **result) if self.settings.debug: logger.debug("[api debug] :: %s response body: %s" % (self.request.path, utils.safeunicode(resp))) self.write(resp)
def process(self, message): datagram, host, port = umsgpack.unpackb(message[0]) reply = self.processAuth(datagram, host, port) logger.info("[Radiusd] :: Send radius response: %s" % repr(reply)) if self.config.system.debug: logger.debug(reply.format_str()) self.pusher.push(umsgpack.packb([reply.ReplyPacket(),host,port]))
def processAcct(self, datagram, host, port): try: bas = self.find_nas(host) if not bas: raise PacketError('[Radiusd] :: Dropping packet from unknown host %s' % host) secret, vendor_id = bas['bas_secret'], bas['vendor_id'] req = self.createAcctPacket(packet=datagram, dict=self.dict, secret=six.b(str(secret)),vendor_id=vendor_id) logger.info("[Radiusd] :: Received radius request: %s" % (repr(req))) if self.config.system.debug: logger.debug(req.format_str()) if req.code != packet.AccountingRequest: raise PacketError('non-AccountingRequest packet on authentication socket') if not req.VerifyAcctRequest(): raise PacketError('VerifyAcctRequest error') reply = req.CreateReply() status_type = req.get_acct_status_type() if status_type in self.acct_class: acct_func = self.acct_class[status_type](self,req.get_ticket()).acctounting reactor.callLater(0.1,acct_func) return reply except Exception as err: errstr = 'RadiusError:Dropping invalid acct packet from {0} {1},{2}'.format( host, port, utils.safeunicode(err)) logger.error(errstr) import traceback traceback.print_exc()
def render_json(self, **template_vars): if not template_vars.has_key("code"): template_vars["code"] = 0 resp = json.dumps(template_vars, ensure_ascii=False) if self.settings.debug: logger.debug("[api debug] :: %s response body: %s" % (self.request.path, utils.safestr(resp))) self.write(resp)
def process(self, message): datagram, host, port = msgpack.unpackb(message[0]) reply = self.processAuth(datagram, host, port) if not reply: return self.do_stat(reply.code) logger.info("[Radiusd] :: Send radius response: %s" % repr(reply)) if self.config.system.debug: logger.debug(reply.format_str()) self.pusher.push(msgpack.packb([reply.ReplyPacket(), host, port]))
def process(self, message): datagram, host, port = msgpack.unpackb(message[0]) reply = self.processAuth(datagram, host, port) if not reply: return logger.info("[Radiusd] :: Send radius response: %s" % repr(reply)) if self.config.system.debug: logger.debug(reply.format_str()) self.pusher.push(msgpack.packb([reply.ReplyPacket(),host,port])) # self.transport.write(reply.ReplyPacket(), (host,port)) self.do_stat(reply.code)
def processAcct(self, datagram, host, port): try: bas = self.find_nas(host) if not bas: raise PacketError( '[Radiusd] :: Dropping packet from unknown host %s' % host) secret, vendor_id = bas['bas_secret'], bas['vendor_id'] req = self.createAcctPacket(packet=datagram, dict=self.dict, secret=six.b(str(secret)), vendor_id=vendor_id) self.do_stat(req.code, req.get_acct_status_type()) logger.info("[Radiusd] :: Received radius request: %s" % (repr(req))) if self.config.system.debug: logger.debug(req.format_str()) if req.code != packet.AccountingRequest: raise PacketError( 'non-AccountingRequest packet on authentication socket') if not req.VerifyAcctRequest(): raise PacketError('VerifyAcctRequest error') reply = req.CreateReply() self.pusher.push(msgpack.packb([reply.ReplyPacket(), host, port])) self.do_stat(reply.code) logger.info("[Radiusd] :: Send radius response: %s" % repr(reply)) if self.config.system.debug: logger.debug(reply.format_str()) status_type = req.get_acct_status_type() if status_type in self.acct_class: ticket = req.get_ticket() if not ticket.get('nas_addr'): ticket['nas_addr'] = host acct_func = self.acct_class[status_type](self.db_engine, self.mcache, None, ticket).acctounting reactor.callLater(0.1, acct_func) else: logger.error('status_type <%s> not support' % status_type) except Exception as err: self.do_stat(0) errstr = 'RadiusError:Dropping invalid acct packet from {0} {1},{2}'.format( host, port, utils.safeunicode(err)) logger.error(errstr) import traceback traceback.print_exc()
def processAcct(self, datagram, host, port): try: bas = self.find_nas(host) if not bas: raise PacketError('[Radiusd] :: Dropping packet from unknown host %s' % host) secret, vendor_id = bas['bas_secret'], bas['vendor_id'] req = self.createAcctPacket(packet=datagram, dict=self.dict, secret=six.b(str(secret)),vendor_id=vendor_id) self.do_stat(req.code, req.get_acct_status_type()) logger.info("[Radiusd] :: Received radius request: %s" % (repr(req))) if self.config.system.debug: logger.debug(req.format_str()) if req.code != packet.AccountingRequest: raise PacketError('non-AccountingRequest packet on authentication socket') if not req.VerifyAcctRequest(): raise PacketError('VerifyAcctRequest error') reply = req.CreateReply() self.pusher.push(msgpack.packb([reply.ReplyPacket(),host,port])) self.do_stat(reply.code) logger.info("[Radiusd] :: Send radius response: %s" % repr(reply)) if self.config.system.debug: logger.debug(reply.format_str()) status_type = req.get_acct_status_type() if status_type in self.acct_class: ticket = req.get_ticket() if not ticket.get('nas_addr'): ticket['nas_addr'] = host acct_func = self.acct_class[status_type]( self.db_engine,self.mcache,None,ticket).acctounting reactor.callLater(0.1,acct_func) else: logger.error('status_type <%s> not support' % status_type) except Exception as err: self.do_stat(0) errstr = 'RadiusError:Dropping invalid acct packet from {0} {1},{2}'.format( host, port, utils.safeunicode(err)) logger.error(errstr) import traceback traceback.print_exc()
def post(self): token = self.get_argument("token", None) if not token or token not in md5( self.settings.config.system.secret.encode( 'utf-8')).hexdigest(): return self.render_json(code=1, msg=u"token invalid") command = self.get_argument("command", None) if not command: return self.render_json(code=1, msg=u"cmd invalid") pref_cmd = ([p for p in parse_funcs.keys() if p in command] or [None])[0] if not pref_cmd: return self.render_json(code=1, msg=u"command %s not support" % command) host = self.get_argument("host", None) if not host: return self.render_json(code=1, msg=u"host invalid") lastcheck = self.get_argument("lastcheck", "") service = self.get_argument("service", "") perf_data = self.get_argument("data", "") logger.info("params: %s %s %s %s %s" % (lastcheck, host, command, service, perf_data)) if not all([lastcheck, perf_data]): return self.render_json(code=1, msg=u"lastcheck,perf_data invalid") data = dict(lastcheck=int(lastcheck), host=host, service=service, command=pref_cmd, data=parse_funcs[pref_cmd](perf_data)) logger.debug("perfdata_command insert to db %s" % repr(data)) self.mongodb.add_perfdata(host, data) self.render_json(code=0, msg=u"success")
def process(self, *args, **kwargs): self.logtimes() next_interval = self.get_notify_interval() backup_path = self.config.database.backup_path backup_file = "trdb_cron_backup_%s.json.gz" % utils.gen_backep_id() try: self.db_backup.dumpdb(os.path.join(backup_path, backup_file)) logger.info(u"数据备份完成,下次执行还需等待 %s" % (self.format_time(next_interval)), trace="task") except Exception as err: logger.info(u"数据备份失败,%s, 下次执行还需等待 %s" % (repr(err), self.format_time(next_interval)), trace="task") logger.exception(err) try: bak_list = [ bd for bd in os.listdir(backup_path) if 'trdb_cron_backup' in bd ] if len(bak_list) > 7: logger.info("find expire backup file and remove") _count = 0 for fname in bak_list: fpath = os.path.join(backup_path, fname) if (time.time() - os.path.getctime(fpath)) / (3600 * 24) > 14: os.remove(fpath) _count += 1 logger.debug("remove expire backup file %s" % fpath) logger.info("remove expire backup file total %s" % _count, trace="task") except Exception as err: logger.exception(err) return next_interval
def post(self): token = self.get_argument("token",None) if not token or token not in md5(self.settings.config.system.secret.encode('utf-8')).hexdigest(): return self.render_json(code=1,msg=u"token invalid") command = self.get_argument("command",None) if not command: return self.render_json(code=1,msg=u"cmd invalid") pref_cmd = ([p for p in parse_funcs.keys() if p in command] or [None])[0] if not pref_cmd: return self.render_json(code=1,msg=u"command %s not support" % command) host = self.get_argument("host",None) if not host: return self.render_json(code=1,msg=u"host invalid") lastcheck = self.get_argument("lastcheck","") service = self.get_argument("service","") perf_data = self.get_argument("data","") logger.info("params: %s %s %s %s %s"%(lastcheck, host,command,service,perf_data)) if not all ([lastcheck,perf_data]): return self.render_json(code=1,msg=u"lastcheck,perf_data invalid") data = dict( lastcheck = int(lastcheck), host = host, service = service, command = pref_cmd, data = parse_funcs[pref_cmd](perf_data) ) logger.debug("perfdata_command insert to db %s"%repr(data)) self.mongodb.add_perfdata(host,data) self.render_json(code=0,msg=u"success")
def processAuth(self, datagram, host, port): try: bas = self.find_nas(host) if not bas: raise PacketError('[Radiusd] :: Dropping packet from unknown host %s' % host) secret, vendor_id = bas['bas_secret'], bas['vendor_id'] req = self.createAuthPacket(packet=datagram, dict=self.dict, secret=six.b(str(secret)),vendor_id=vendor_id) self.do_stat(req.code) logger.info("[Radiusd] :: Received radius request: %s" % (repr(req))) if self.config.system.debug: logger.debug(req.format_str()) if req.code != packet.AccessRequest: raise PacketError('non-AccessRequest packet on authentication socket') reply = req.CreateReply() reply.vendor_id = req.vendor_id aaa_request = dict( account_number=req.get_user_name(), domain=req.get_domain(), macaddr=req.client_mac, nasaddr=req.get_nas_addr(), vlanid1=req.vlanid1, vlanid2=req.vlanid2 ) auth_resp = RadiusAuth(self.db_engine,self.mcache,self.aes,aaa_request).authorize() if auth_resp['code'] > 0: reply['Reply-Message'] = auth_resp['msg'] reply.code = packet.AccessReject return reply if 'bypass' in auth_resp and int(auth_resp['bypass']) == 0: is_pwd_ok = True else: is_pwd_ok = req.is_valid_pwd(auth_resp.get('passwd')) if not is_pwd_ok: reply['Reply-Message'] = "password not match" reply.code = packet.AccessReject return reply else: if u"input_rate" in auth_resp and u"output_rate" in auth_resp: reply = rate_process.process( reply, input_rate=auth_resp['input_rate'], output_rate=auth_resp['output_rate']) attrs = auth_resp.get("attrs") or {} for attr_name in attrs: try: # todo: May have a type matching problem reply.AddAttribute(utils.safestr(attr_name), attrs[attr_name]) except Exception as err: errstr = "RadiusError:current radius cannot support attribute {0},{1}".format( attr_name,utils.safestr(err.message)) logger.error(errstr) for attr, attr_val in req.resp_attrs.iteritems(): reply[attr] = attr_val reply['Reply-Message'] = 'success!' reply.code = packet.AccessAccept if not req.VerifyReply(reply): raise PacketError('VerifyReply error') return reply except Exception as err: self.do_stat(0) errstr = 'RadiusError:Dropping invalid auth packet from {0} {1},{2}'.format( host, port, utils.safeunicode(err)) logger.error(errstr) import traceback traceback.print_exc()
def post(self): qstr = self.get_argument("qstr", "") wlan_params = self.get_wlan_params(qstr) ssid = wlan_params.get("ssid", "default") ispcode = wlan_params.get("ispcode", "default") if not wlan_params: self.render_error(msg=u"Missing parameter: ssid,wlanuserip,wlanacip") return start_time = time.time() nas = self.get_nas(wlan_params.get("wlanacip",'127.0.0.1')) print nas if not nas: self.render_error(msg=u"AC server {0} didn't register ".format(wlan_params.get("wlanacip"))) return ac_addr = nas['ip_addr'] ac_port = int(nas['ac_port']) secret = utils.safestr(nas['bas_secret']) _vendor= utils.safestr(nas['portal_vendor']) if _vendor not in ('cmccv1','cmccv2','huaweiv1','huaweiv2'): self.render_error(msg=u"AC server portal_vendor {0} not support ".format(_vendor)) return hm_mac=(wlan_params.get('wlanstamac','').replace(".",":").replace('-',':')) macbstr = hm_mac and struct.pack('BBBBBB',*[int(i,base=16) for i in hm_mac.split(':')]) or None send_portal = functools.partial( client.send, secret, log=logger, debug=self.settings.debug, vendor=_vendor, timeout=5 ) vendor = client.PortalClient.vendors.get(_vendor) is_chap=self.settings.config.portal.chap in (1, "1", "chap") userIp=wlan_params.get('wlanuserip', self.request.remote_ip) username=self.get_argument("username", None) password=self.get_argument("password", None) if self.settings.debug: logger.info( u"Start [username:%s] portal auth, wlan params:%s" % ( username, utils.safeunicode(wlan_params))) tpl = self.get_template_attrs(wlan_params.get("ssid", "default"),ispcode) firsturl=tpl.get("home_page", "/portal/index?tpl_name=%s" % tpl.get('tpl_name', 'default')) def back_login(msg = u''): self.render(self.get_login_template(tpl['tpl_path']), tpl = tpl, msg = msg, qstr = qstr, **wlan_params) if not username or not password: back_login(msg = u"username and password cannot be empty") return # checkos # cli_dev, cli_os = self.chk_os # domain = yield self.get_domain(wlan_params.get("ssid", "default")) # username = "******" % (username, cli_dev, cli_os, domain) try: challenge_resp = None if is_chap: ## req challenge ################################ challenge_req=vendor.proto.newReqChallenge(userIp, secret, mac=macbstr, chap = is_chap) challenge_resp = yield send_portal(data = challenge_req, host=ac_addr, port=ac_port) if challenge_resp.errCode > 0: if challenge_resp.errCode == 2: self.set_session_user(username, userIp, utils.get_currtime(), qstr=qstr) self.redirect(firsturl) return raise Exception(vendor.mod.AckChallengeErrs[challenge_resp.errCode]) if challenge_resp: ## req auth ################################ auth_req = vendor.proto.newReqAuth( userIp, username, password, challenge_resp.reqId, challenge_resp.get_challenge(), secret, ac_addr, serialNo=challenge_req.serialNo,mac=macbstr, chap=is_chap) else: auth_req = vendor.proto.newReqAuth(userIp, username,password,0,None,secret,ac_addr,chap=is_chap) auth_resp = yield send_portal(data=auth_req, host=ac_addr, port=ac_port) if auth_resp.errCode > 0: if auth_resp.errCode == 2: self.set_session_user(username, userIp, utils.get_currtime(),qstr=qstr) self.redirect(firsturl) return text_info = auth_resp.get_text_info() _err_msg=u"{0},{1}".format( vendor.mod.AckAuthErrs[auth_resp.errCode], utils.safeunicode(text_info and text_info[0] or "") ) raise Exception(_err_msg) ### aff_ack ################################ affack_req = vendor.proto.newAffAckAuth( userIp, secret,ac_addr,auth_req.serialNo,auth_resp.reqId, mac=macbstr,chap = is_chap) send_portal(data=affack_req, host=ac_addr, port=ac_port,noresp=True) logger.info( u'Portal [username:{0}] auth success'.format(username)) if self.settings.debug: logger.debug( u'Portal [username:%s] auth login [cast:%s ms]' % ( username, (time.time() - start_time) * 1000)) self.set_session_user(username, userIp, utils.get_currtime(),qstr=qstr, nasaddr=ac_addr) self.redirect(firsturl) except Exception as err: import traceback traceback.print_exc() back_login(msg = u"Portal auth error,%s" % utils.safeunicode(err.message))
logger.debug(message.format_packet_str(reply)) self.transport.write(reply.ReplyPacket(), (host, port)) def datagramReceived(self, datagram, (host, port)): try: radius = self.radloader.getRadius(host) if not radius: logger.info('[RADIUSAuthorize] :: Dropping Authorize packet from unknown host ' + host) return coa_req = message.CoAMessage(packet=datagram, dict=radius.dict, secret=six.b(radius.secret)) logger.info("[RADIUSAuthorize] :: Received Authorize radius request: %s" % message.format_packet_log(coa_req)) if self.config.radius.debug: logger.debug(message.format_packet_str(coa_req)) self.processPacket(coa_req, (host, port)) except packet.PacketError as err: errstr = 'RadiusError:Dropping invalid packet from {0} {1},{2}'.format( host, port, utils.safeunicode(err)) logger.error(errstr) def run(config, dbengine=None): authorize_protocol = RadiusdAuthorize(config, dbengine=dbengine) reactor.listenUDP(int(config.radius.authorize_port), authorize_protocol, interface=config.radius.host)
def processAuth(self, datagram, host, port): try: bas = self.find_nas(host) if not bas: raise PacketError('[Radiusd] :: Dropping packet from unknown host %s' % host) secret, vendor_id = bas['bas_secret'], bas['vendor_id'] req = self.createAuthPacket(packet=datagram, dict=self.dict, secret=six.b(str(secret)),vendor_id=vendor_id) self.log_trace(host,port,req) self.do_stat(req.code) logger.info("[Radiusd] :: Received radius request: %s" % (repr(req))) if self.config.system.debug: logger.debug(req.format_str()) if req.code != packet.AccessRequest: raise PacketError('non-AccessRequest packet on authentication socket') reply = req.CreateReply() reply.vendor_id = req.vendor_id aaa_request = dict( account_number=req.get_user_name(), domain=req.get_domain(), macaddr=req.client_mac, nasaddr=req.get_nas_addr() or host, vlanid1=req.vlanid1, vlanid2=req.vlanid2 ) auth_resp = RadiusAuth(self.db_engine,self.mcache,self.aes,aaa_request).authorize() if auth_resp['code'] > 0: reply['Reply-Message'] = auth_resp['msg'] reply.code = packet.AccessReject self.log_trace(host,port,req,reply) return reply if 'bypass' in auth_resp and int(auth_resp['bypass']) == 0: is_pwd_ok = True req.is_valid_pwd(auth_resp.get('passwd')) else: is_pwd_ok = req.is_valid_pwd(auth_resp.get('passwd')) if not is_pwd_ok: reply['Reply-Message'] = "password not match" reply.code = packet.AccessReject self.log_trace(host,port,req,reply) return reply else: if u"input_rate" in auth_resp and u"output_rate" in auth_resp: reply = rate_process.process( reply, input_rate=auth_resp['input_rate'], output_rate=auth_resp['output_rate']) attrs = auth_resp.get("attrs") or {} for attr_name in attrs: try: # todo: May have a type matching problem reply.AddAttribute(utils.safestr(attr_name), attrs[attr_name]) except Exception as err: errstr = "RadiusError:current radius cannot support attribute {0},{1}".format( attr_name,utils.safestr(err.message)) logger.error(RadiusError(err,errstr)) for attr, attr_val in req.resp_attrs.iteritems(): reply[attr] = attr_val reply['Reply-Message'] = 'success!' reply.code = packet.AccessAccept if not req.VerifyReply(reply): raise PacketError('VerifyReply error') self.log_trace(host,port,req,reply) return reply except Exception as err: self.do_stat(0) logger.exception(err)
def logtimes(self): if self.config.system.debug: logger.debug(u"%s task execute times : %s"%(self.__name__, self.time_count)) self.time_count += 1