def send_accept(self, req, nas, **args):
service.incr_stat(service.STAT_AUTH_ACCEPT)
reply = req.CreateReply()
reply.source = req.source
reply.code = packet.AccessAccept
if args:
reply.set_framed_ip_addr(args.get("ipaddr"))
reply.set_filter_id(nas.vendor_id, args.get("bandcode"))
reply.set_special_str(nas.vendor_id, "context",
args.get("domain_code"))
reply.set_special_int(nas.vendor_id, "input_max_limit",
args.get("input_max_limit"))
reply.set_special_int(nas.vendor_id, "output_max_limit",
args.get("output_max_limit"))
reply.set_special_str(nas.vendor_id, "input_rate_code",
args.get("input_rate_code"))
reply.set_special_str(nas.vendor_id, "output_rate_code",
args.get("output_rate_code"))
req.sock.sendto(reply.ReplyPacket(), reply.source)
if is_debug():
radiuslog.debug("[Auth] send an authentication accept,user[%s],nas[%s]"\
%(req.get_username(),nas.ip_addr))
def send_accept(self,req,nas,**args):
service.incr_stat(service.STAT_AUTH_ACCEPT)
reply = req.CreateReply()
reply.source = req.source
reply.code=packet.AccessAccept
if args:
reply.set_framed_ip_addr(args.get("ipaddr"))
reply.set_filter_id(nas.vendor_id,args.get("bandcode"))
reply.set_special_str(nas.vendor_id,"context",args.get("domain_code"))
reply.set_special_int(nas.vendor_id,"input_max_limit",args.get("input_max_limit"))
reply.set_special_int(nas.vendor_id,"output_max_limit",args.get("output_max_limit"))
reply.set_special_str(nas.vendor_id,"input_rate_code",args.get("input_rate_code"))
reply.set_special_str(nas.vendor_id,"output_rate_code",args.get("output_rate_code"))
req.sock.sendto(reply.ReplyPacket(), reply.source)
if is_debug():
radiuslog.debug("[Auth] send an authentication accept,user[%s],nas[%s]"\
%(req.get_username(),nas.ip_addr))
def process(self, req):
attr_keys = req.keys()
if is_debug():
radiuslog.info("::Received an authentication request")
radiuslog.info("Attributes: ")
for attr in attr_keys:
radiuslog.info("%s: %s" % (attr, req[attr]))
nasaddr = req.get_nasaddr()
macaddr = req.get_macaddr()
nas = service.get_nas(nasaddr)
# check roster
if service.in_black_roster(macaddr):
return self.send_reject(req, nas, 'user in black roster')
vlanid, vlanid2 = req.get_vlanids()
username1 = req.get_username()
domain = None
username2 = username1
if "@" in username1:
username2 = username1[:username1.index("@")]
req["User-Name"] = username2
domain = username1[username1.index("@") + 1:]
if not service.user_exists(username2):
return self.send_reject(req, nas, 'user not exists')
user = service.get_user(username2)
if user.status != 1:
return self.send_reject(req, nas, 'Invalid user status')
if domain and domain not in user.domain_code:
return self.send_reject(req, nas, 'user domain does not match')
if nasaddr not in service.get_nas_ips(user.node_id):
return self.send_reject(req, nas, 'node does not match')
if not utils.is_valid_date(user.auth_begin_date, user.auth_end_date):
return self.send_reject(req, nas,
'user is not effective or expired')
userpwd = utils.decrypt(user.password)
if not req.is_valid_pwd(userpwd):
return self.send_reject(req, nas, 'user password does not match')
uproduct = service.get_product(user.product_id)
if not uproduct:
return self.send_reject(req, nas, 'user product does not match')
if uproduct.policy == service.POLICY_TIMING and user.time_length <= 0:
return self.send_reject(req, nas,
'user does not have the time length')
if not self.verify_macaddr(user, macaddr):
return self.send_reject(req, nas, 'user macaddr bind not match')
valid_vlanid = self.verify_vlan(user, vlanid, vlanid2)
if valid_vlanid == 1:
return self.send_reject(req, nas, 'user vlanid does not match')
elif valid_vlanid == 2:
return self.send_reject(req, nas, 'user vlanid2 does not match')
if user.concur_number > 0:
if user.concur_number <= service.get_online_num(user.user_name):
return self.send_reject(req, nas, 'user concur_number control')
return self.send_accept(
req, nas,
**dict(ipaddr=user.ip_addr,
bandcode=uproduct.bandwidth_code,
input_max_limit=str(uproduct.input_max_limit),
output_max_limit=str(uproduct.output_max_limit),
input_rate_code=uproduct.input_rate_code,
output_rate_code=uproduct.output_rate_code,
domain_code=user.domain_code))
if len(results) >= 200:
message = "Listen er begrenset til 200 termer"
elif len(results) == 1:
message = "Fant " + str(len(results)) + " term"
elif results:
message = "Fant " + str(len(results)) + " termer"
else:
message = "Fant ingen termer"
return render_template('index.html', page=page, query=query,
mode=mode, option=option,
message=message, results=results)
@app.route("/dictionary/about", methods=['GET'])
def dict_about():
return render_template('index.html', page='about')
@app.route("/dictionary/help", methods=['GET'])
def dict_help():
return render_template('index.html', page='help')
@app.route("/dictionary/eng", methods=['GET'])
def dict_eng():
return render_template('index.html', page='eng')
if __name__ == '__main__':
if settings.is_debug():
logger.info("DEBUG mode enabled")
app.debug = True
app.run(host='0.0.0.0', port=5000)
def process(self,req):
attr_keys = req.keys()
if is_debug():
radiuslog.info("::Received an authentication request")
radiuslog.info("Attributes: ")
for attr in attr_keys:
radiuslog.info( "%s: %s" % (attr, req[attr]))
nasaddr = req.get_nasaddr()
macaddr = req.get_macaddr()
nas = service.get_nas(nasaddr)
# check roster
if service.in_black_roster(macaddr):
return self.send_reject(req,nas,'user in black roster')
vlanid,vlanid2 = req.get_vlanids()
username1 = req.get_username()
domain = None
username2 = username1
if "@" in username1:
username2 = username1[:username1.index("@")]
req["User-Name"] = username2
domain = username1[username1.index("@")+1:]
if not service.user_exists(username2):
return self.send_reject(req,nas,'user not exists')
user = service.get_user(username2)
if user.status != 1:
return self.send_reject(req,nas,'Invalid user status')
if domain and domain not in user.domain_code:
return self.send_reject(req,nas,'user domain does not match')
if nasaddr not in service.get_nas_ips(user.node_id):
return self.send_reject(req,nas,'node does not match')
if not utils.is_valid_date(user.auth_begin_date,user.auth_end_date):
return self.send_reject(req,nas,'user is not effective or expired')
userpwd = utils.decrypt(user.password)
if not req.is_valid_pwd(userpwd):
return self.send_reject(req,nas,'user password does not match')
uproduct = service.get_product(user.product_id)
if not uproduct:
return self.send_reject(req,nas,'user product does not match')
if uproduct.policy == service.POLICY_TIMING and user.time_length <= 0:
return self.send_reject(req,nas,'user does not have the time length')
if not self.verify_macaddr(user,macaddr):
return self.send_reject(req,nas,'user macaddr bind not match')
valid_vlanid = self.verify_vlan(user,vlanid,vlanid2)
if valid_vlanid == 1:
return self.send_reject(req,nas,'user vlanid does not match')
elif valid_vlanid == 2:
return self.send_reject(req,nas,'user vlanid2 does not match')
if user.concur_number > 0:
if user.concur_number <= service.get_online_num(user.user_name):
return self.send_reject(req,nas,'user concur_number control')
return self.send_accept(req,nas,**dict(ipaddr=user.ip_addr,
bandcode=uproduct.bandwidth_code,
input_max_limit=str(uproduct.input_max_limit),
output_max_limit=str(uproduct.output_max_limit),
input_rate_code=uproduct.input_rate_code,
output_rate_code=uproduct.output_rate_code,
domain_code=user.domain_code))
