コード例 #1
0
ファイル: api_authorize.py プロジェクト: Evan-hu/ToughRADIUS
 def post(self):
     try:
         req_msg = self.parse_request()
         app = self.application
         auth = RadiusAuth(app.db_engine,app.mcache,app.aes,req_msg)
         self.render_result(**auth.authorize())
     except Exception as err:
         return self.render_result(code=1,msg=utils.safeunicode(err.message))
コード例 #2
0
 def post(self):
     try:
         req_msg = self.parse_request()
         app = self.application
         auth = RadiusAuth(app.db_engine, app.mcache, app.aes, req_msg)
         self.render_result(**auth.authorize())
     except Exception as err:
         return self.render_result(code=1,
                                   msg=utils.safeunicode(err.message))
コード例 #3
0
ファイル: api_authorize.py プロジェクト: kozora/ToughRADIUS
 def post(self):
     try:
         req_msg = self.parse_request()
         if "username" not in req_msg:
             raise ValueError("username is empty")
         app = self.application
         auth = RadiusAuth(app.db_engine, app.mcache, app.aes, req_msg)
         self.render_result(**auth.authorize())
     except Exception as err:
         return self.render_result(msg=utils.safeunicode(err.message))
コード例 #4
0
 def post(self):
     try:
         req_msg = self.parse_request()
         if 'username' not in req_msg:
             raise ValueError('username is empty')
     except Exception as err:
         return self.render_result(msg=utils.safeunicode(err.message))
         
     self.render_result(**RadiusAuth(self.application, req_msg).authorize())
コード例 #5
0
    def processPacket(self, req, bas=None):
        if req.code != packet.AccessRequest:
            raise PacketError(
                'non-AccessRequest packet on authentication socket')

        try:
            reply = req.CreateReply()
            reply.vendor_id = req.vendor_id

            aaa_request = dict(account_number=req.get_user_name(),
                               domain=req.get_domain(),
                               macaddr=req.client_mac,
                               nasaddr=req.get_nas_addr(),
                               vlanid1=req.vlanid1,
                               vlanid2=req.vlanid2)

            auth_resp = RadiusAuth(self, aaa_request).authorize()
            print auth_resp

            if auth_resp['code'] > 0:
                reply['Reply-Message'] = auth_resp['msg']
                reply.code = packet.AccessReject
                return reply

            if 'bypass' in auth_resp and int(auth_resp['bypass']) == 0:
                is_pwd_ok = True
            else:
                is_pwd_ok = req.is_valid_pwd(auth_resp.get('passwd'))

            if not is_pwd_ok:
                reply['Reply-Message'] = "password not match"
                reply.code = packet.AccessReject
                return reply
            else:
                if u"input_rate" in auth_resp and u"output_rate" in auth_resp:
                    reply = rate_process.process(
                        reply,
                        input_rate=auth_resp['input_rate'],
                        output_rate=auth_resp['output_rate'])

                attrs = auth_resp.get("attrs") or {}
                for attr_name in attrs:
                    try:
                        # todo: May have a type matching problem
                        reply.AddAttribute(utils.safestr(attr_name),
                                           attrs[attr_name])
                    except Exception as err:
                        errstr = "RadiusError:current radius cannot support attribute {0},{1}".format(
                            attr_name, utils.safestr(err.message))
                        dispatch.pub(logger.EVENT_ERROR, errstr)

                for attr, attr_val in req.resp_attrs.iteritems():
                    reply[attr] = attr_val

            reply['Reply-Message'] = 'success!'
            reply.code = packet.AccessAccept
            if not req.VerifyReply(reply):
                raise PacketError('VerifyReply error')
            return reply
        except Exception as err:
            reply['Reply-Message'] = "auth failure, %s" % utils.safeunicode(
                err.message)
            reply.code = packet.AccessReject
            return reply
コード例 #6
0
ファイル: radiusd.py プロジェクト: Evan-hu/ToughRADIUS
    def processAuth(self, datagram, host, port):
        try:
            bas = self.find_nas(host)
            if not bas:
                raise PacketError('[Radiusd] :: Dropping packet from unknown host %s' % host)

            secret, vendor_id = bas['bas_secret'], bas['vendor_id']
            req = self.createAuthPacket(packet=datagram, 
                dict=self.dict, secret=six.b(str(secret)),vendor_id=vendor_id)

            self.do_stat(req.code)

            logger.info("[Radiusd] :: Received radius request: %s" % (repr(req)))
            if self.config.system.debug:
                logger.debug(req.format_str())

            if req.code != packet.AccessRequest:
                raise PacketError('non-AccessRequest packet on authentication socket')

            reply = req.CreateReply()
            reply.vendor_id = req.vendor_id

            aaa_request = dict(
                account_number=req.get_user_name(),
                domain=req.get_domain(),
                macaddr=req.client_mac,
                nasaddr=req.get_nas_addr(),
                vlanid1=req.vlanid1,
                vlanid2=req.vlanid2
            )

            auth_resp = RadiusAuth(self.db_engine,self.mcache,self.aes,aaa_request).authorize()

            if auth_resp['code'] > 0:
                reply['Reply-Message'] = auth_resp['msg']
                reply.code = packet.AccessReject
                return reply

            if 'bypass' in auth_resp and int(auth_resp['bypass']) == 0:
                is_pwd_ok = True
            else:
                is_pwd_ok = req.is_valid_pwd(auth_resp.get('passwd'))

            if not is_pwd_ok:
                reply['Reply-Message'] =  "password not match"
                reply.code = packet.AccessReject
                return reply
            else:
                if u"input_rate" in auth_resp and u"output_rate" in auth_resp:
                    reply = rate_process.process(
                        reply, input_rate=auth_resp['input_rate'], output_rate=auth_resp['output_rate'])

                attrs = auth_resp.get("attrs") or {}
                for attr_name in attrs:
                    try:
                        # todo: May have a type matching problem
                        reply.AddAttribute(utils.safestr(attr_name), attrs[attr_name])
                    except Exception as err:
                        errstr = "RadiusError:current radius cannot support attribute {0},{1}".format(
                            attr_name,utils.safestr(err.message))
                        logger.error(errstr)

                for attr, attr_val in req.resp_attrs.iteritems():
                    reply[attr] = attr_val

            reply['Reply-Message'] = 'success!'
            reply.code = packet.AccessAccept
            if not req.VerifyReply(reply):
                raise PacketError('VerifyReply error')
            return reply
        except Exception as err:
            self.do_stat(0)
            errstr = 'RadiusError:Dropping invalid auth packet from {0} {1},{2}'.format(
                host, port, utils.safeunicode(err))
            logger.error(errstr)
            import traceback
            traceback.print_exc()
コード例 #7
0
ファイル: radiusd.py プロジェクト: zhangzhezh/ToughRADIUS
    def processAuth(self, datagram, host, port):
        try:
            bas = self.find_nas(host)
            if not bas:
                raise PacketError('[Radiusd] :: Dropping packet from unknown host %s' % host)

            secret, vendor_id = bas['bas_secret'], bas['vendor_id']
            req = self.createAuthPacket(packet=datagram, 
                dict=self.dict, secret=six.b(str(secret)),vendor_id=vendor_id)

            self.log_trace(host,port,req)

            self.do_stat(req.code)

            logger.info("[Radiusd] :: Received radius request: %s" % (repr(req)))
            if self.config.system.debug:
                logger.debug(req.format_str())

            if req.code != packet.AccessRequest:
                raise PacketError('non-AccessRequest packet on authentication socket')

            reply = req.CreateReply()
            reply.vendor_id = req.vendor_id

            aaa_request = dict(
                account_number=req.get_user_name(),
                domain=req.get_domain(),
                macaddr=req.client_mac,
                nasaddr=req.get_nas_addr() or host,
                vlanid1=req.vlanid1,
                vlanid2=req.vlanid2
            )

            auth_resp = RadiusAuth(self.db_engine,self.mcache,self.aes,aaa_request).authorize()

            if auth_resp['code'] > 0:
                reply['Reply-Message'] = auth_resp['msg']
                reply.code = packet.AccessReject
                self.log_trace(host,port,req,reply)
                return reply

            if 'bypass' in auth_resp and int(auth_resp['bypass']) == 0:
                is_pwd_ok = True
                req.is_valid_pwd(auth_resp.get('passwd'))
            else:
                is_pwd_ok = req.is_valid_pwd(auth_resp.get('passwd'))

            if not is_pwd_ok:
                reply['Reply-Message'] =  "password not match"
                reply.code = packet.AccessReject
                self.log_trace(host,port,req,reply)
                return reply
            else:
                if u"input_rate" in auth_resp and u"output_rate" in auth_resp:
                    reply = rate_process.process(
                        reply, input_rate=auth_resp['input_rate'], output_rate=auth_resp['output_rate'])

                attrs = auth_resp.get("attrs") or {}
                for attr_name in attrs:
                    try:
                        # todo: May have a type matching problem
                        reply.AddAttribute(utils.safestr(attr_name), attrs[attr_name])
                    except Exception as err:
                        errstr = "RadiusError:current radius cannot support attribute {0},{1}".format(
                            attr_name,utils.safestr(err.message))
                        logger.error(RadiusError(err,errstr))

                for attr, attr_val in req.resp_attrs.iteritems():
                    reply[attr] = attr_val

            reply['Reply-Message'] = 'success!'
            reply.code = packet.AccessAccept
            if not req.VerifyReply(reply):
                raise PacketError('VerifyReply error')
            self.log_trace(host,port,req,reply)
            return reply
        except Exception as err:
            self.do_stat(0)
            logger.exception(err)
コード例 #8
0
ファイル: radiusd.py プロジェクト: leigf/ToughRADIUS
    def processPacket(self, req,bas=None):
        if req.code != packet.AccessRequest:
            raise PacketError('non-AccessRequest packet on authentication socket')

        try:
            reply = req.CreateReply()
            reply.vendor_id = req.vendor_id

            aaa_request = dict(
                account_number=req.get_user_name(),
                domain=req.get_domain(),
                macaddr=req.client_mac,
                nasaddr=req.get_nas_addr(),
                vlanid1=req.vlanid1,
                vlanid2=req.vlanid2
            )

            auth_resp = RadiusAuth(self,aaa_request).authorize()
            print auth_resp

            if auth_resp['code'] > 0:
                reply['Reply-Message'] = auth_resp['msg']
                reply.code = packet.AccessReject
                return reply

            if 'bypass' in auth_resp and int(auth_resp['bypass']) == 0:
                is_pwd_ok = True
            else:
                is_pwd_ok = req.is_valid_pwd(auth_resp.get('passwd'))

            if not is_pwd_ok:
                reply['Reply-Message'] =  "password not match"
                reply.code = packet.AccessReject
                return reply
            else:
                if u"input_rate" in auth_resp and u"output_rate" in auth_resp:
                    reply = rate_process.process(
                        reply, input_rate=auth_resp['input_rate'], output_rate=auth_resp['output_rate'])

                attrs = auth_resp.get("attrs") or {}
                for attr_name in attrs:
                    try:
                        # todo: May have a type matching problem
                        reply.AddAttribute(utils.safestr(attr_name), attrs[attr_name])
                    except Exception as err:
                        errstr = "RadiusError:current radius cannot support attribute {0},{1}".format(
                            attr_name,utils.safestr(err.message))
                        dispatch.pub(logger.EVENT_ERROR,errstr)

                for attr, attr_val in req.resp_attrs.iteritems():
                    reply[attr] = attr_val

            reply['Reply-Message'] = 'success!'
            reply.code = packet.AccessAccept
            if not req.VerifyReply(reply):
                raise PacketError('VerifyReply error')
            return reply
        except Exception as err:
            reply['Reply-Message'] =  "auth failure, %s" % utils.safeunicode(err.message)
            reply.code = packet.AccessReject
            return reply