def process(req=None,resp=None,user=None,radiusd=None,**kwargs):
"""执行计费策略校验,用户到期检测,用户余额,时长检测"""
store = radiusd.store
acct_policy = user['product_policy'] or PPMonth
if acct_policy in ( PPMonth,BOMonth):
if utils.is_expire(user['expire_date']):
resp['Framed-Pool'] = store.get_param("expire_addrpool")
elif acct_policy in (PPTimes,PPFlow):
user_balance = store.get_user_balance(user['account_number'])
if user_balance <= 0:
return error_auth(resp,'user balance poor')
elif acct_policy == BOTimes:
time_length = store.get_user_time_length(user['account_number'])
if time_length <= 0:
return error_auth(resp,'user time_length poor')
elif acct_policy == BOFlows:
flow_length = store.get_user_flow_length(user['account_number'])
if flow_length <= 0:
return error_auth(resp,'user flow_length poor')
if user['user_concur_number'] > 0 :
if store.count_online(user['account_number']) >= user['user_concur_number']:
return error_auth(resp,'user session to limit')
return resp
def process(req=None, resp=None, user=None, radiusd=None, **kwargs):
"""check mac bind & vlan bind"""
store = radiusd.store
macaddr = req.get_mac_addr()
if store.is_white_roster(macaddr):
return resp
if macaddr and user['mac_addr']:
if user['bind_mac'] == 1 and macaddr not in user['mac_addr']:
return error_auth(resp, "macaddr bind not match")
elif macaddr and not user['mac_addr']:
store.update_user_mac(user['account_number'], macaddr)
vlan_id, vlan_id2 = req.get_vlanids()
print vlan_id, vlan_id2
if vlan_id and user['vlan_id']:
if user['bind_vlan'] == 1 and vlan_id != user['vlan_id']:
return error_auth(resp, "vlan_id bind not match")
elif vlan_id and not user['vlan_id']:
user['vlan_id'] = vlan_id
store.update_user_vlan_id(user['account_number'], vlan_id)
if vlan_id2 and user['vlan_id2']:
if user['bind_vlan'] == 1 and vlan_id2 != user['vlan_id2']:
return error_auth(resp, "vlan_id2 bind not match")
elif vlan_id2 and not user['vlan_id2']:
user['vlan_id2'] = vlan_id2
store.update_user_vlan_id2(user['account_number'], vlan_id2)
return resp
def process(req=None,resp=None,user=None,radiusd=None,**kwargs):
"""check mac bind & vlan bind"""
store = radiusd.store
macaddr = req.get_mac_addr()
if store.is_white_roster(macaddr):
return resp
if macaddr and user['mac_addr']:
if user['bind_mac'] == 1 and macaddr not in user['mac_addr']:
return error_auth(resp,"macaddr bind not match")
elif macaddr and not user['mac_addr'] :
store.update_user_mac(user['account_number'], macaddr)
vlan_id,vlan_id2 = req.get_vlanids()
print vlan_id,vlan_id2
if vlan_id and user['vlan_id']:
if user['bind_vlan'] == 1 and vlan_id != user['vlan_id']:
return error_auth(resp,"vlan_id bind not match")
elif vlan_id and not user['vlan_id']:
user['vlan_id'] = vlan_id
store.update_user_vlan_id(user['account_number'],vlan_id)
if vlan_id2 and user['vlan_id2']:
if user['bind_vlan'] == 1 and vlan_id2 != user['vlan_id2']:
return error_auth(resp,"vlan_id2 bind not match")
elif vlan_id2 and not user['vlan_id2']:
user['vlan_id2'] = vlan_id2
store.update_user_vlan_id2(user['account_number'],vlan_id2)
return resp
def process(req=None,resp=None,user=None,radiusd=None,**kwargs):
store = radiusd.store
if not user:
return error_auth(resp,'user %s not exists'%req.get_user_name())
if not req.is_valid_pwd(utils.decrypt(user['password'])):
return error_auth(resp,'user password not match')
if user['status'] == 4:
resp['Framed-Pool'] = store.get_param("expire_addrpool")
return resp
if user['status'] in (0,2,3):
return error_auth(resp,'user status not ok')
return resp
def process(req=None, resp=None, user=None, radiusd=None, **kwargs):
"""check block roster"""
store = radiusd.store
macaddr = req.get_mac_addr()
if store.is_black_roster(macaddr):
return error_auth(resp, "user macaddr in blacklist")
return resp
def process(req=None,resp=None,user=None,radiusd=None,**kwargs):
"""check block roster"""
store = radiusd.store
macaddr = req.get_mac_addr()
if store.is_black_roster(macaddr):
return error_auth(resp,"user macaddr in blacklist")
return resp
def process(req=None, resp=None, user=None, radiusd=None, **kwargs):
store = radiusd.store
if store.is_white_roster(req.get_mac_addr()):
return resp
if not user:
return error_auth(resp, "user %s not exists" % req.get_user_name())
if store.get_param("radiusd_bypass") == "1":
if not req.is_valid_pwd(utils.decrypt(user["password"])):
return error_auth(resp, "user password not match")
if user["status"] == 4:
resp["Framed-Pool"] = store.get_param("expire_addrpool")
return resp
if user["status"] in (0, 2, 3):
return error_auth(resp, "user status not ok")
return resp
def process(req=None, resp=None, user=None, radiusd=None, **kwargs):
"""执行计费策略校验,用户到期检测,用户余额,时长检测"""
store = radiusd.store
if store.is_white_roster(req.get_mac_addr()):
return resp
acct_policy = user['product_policy'] or PPMonth
if acct_policy in (PPMonth, BOMonth):
if utils.is_expire(user['expire_date']):
resp['Framed-Pool'] = store.get_param("expire_addrpool")
elif acct_policy in (PPTimes, PPFlow):
user_balance = store.get_user_balance(user['account_number'])
if user_balance <= 0:
return error_auth(resp, 'user balance poor')
elif acct_policy == BOTimes:
time_length = store.get_user_time_length(user['account_number'])
if time_length <= 0:
return error_auth(resp, 'user time_length poor')
elif acct_policy == BOFlows:
flow_length = store.get_user_flow_length(user['account_number'])
if flow_length <= 0:
return error_auth(resp, 'user flow_length poor')
if user['user_concur_number'] > 0:
if store.count_online(
user['account_number']) == user['user_concur_number']:
try:
auto_unlock = int(store.get_param("auth_auto_unlock") or 0)
if auto_unlock == 0:
return error_auth(resp, 'user session to limit')
online = store.get_nas_onlines_byuser(
user['account_number'])[0]
coa_client = radiusd.coa_clients.get(online['nas_addr'])
attrs = {
'User-Name': online['account_number'],
'Acct-Session-Id': online['acct_session_id'],
'NAS-IP-Address': online['nas_addr'],
'Framed-IP-Address': online['framed_ipaddr']
}
dmeq = coa_client.createDisconnectPacket(**attrs)
coa_client.sendCoA(dmeq)
return resp
except:
log.err('send dm error')
return error_auth(resp,
'user session to limit & send dm error')
elif store.count_online(
user['account_number']) > user['user_concur_number']:
return error_auth(resp, 'user session to limit')
return resp
def process(req=None,resp=None,user=None,radiusd=None,**kwargs):
"""执行计费策略校验,用户到期检测,用户余额,时长检测"""
store = radiusd.store
if store.is_white_roster(req.get_mac_addr()):
return resp
acct_policy = user['product_policy'] or PPMonth
if acct_policy in ( PPMonth,BOMonth):
if utils.is_expire(user['expire_date']):
resp['Framed-Pool'] = store.get_param("expire_addrpool")
elif acct_policy in (PPTimes,PPFlow):
user_balance = store.get_user_balance(user['account_number'])
if user_balance <= 0:
return error_auth(resp,'user balance poor')
elif acct_policy == BOTimes:
time_length = store.get_user_time_length(user['account_number'])
if time_length <= 0:
return error_auth(resp,'user time_length poor')
elif acct_policy == BOFlows:
flow_length = store.get_user_flow_length(user['account_number'])
if flow_length <= 0:
return error_auth(resp,'user flow_length poor')
if user['user_concur_number'] > 0 :
if store.count_online(user['account_number']) == user['user_concur_number']:
try:
auto_unlock = int(store.get_param("auth_auto_unlock") or 0)
if auto_unlock == 0:
return error_auth(resp, 'user session to limit')
online = store.get_nas_onlines_byuser(user['account_number'])[0]
coa_client = radiusd.coa_clients.get(online['nas_addr'])
attrs = {
'User-Name': online['account_number'],
'Acct-Session-Id': online['acct_session_id'],
'NAS-IP-Address': online['nas_addr'],
'Framed-IP-Address': online['framed_ipaddr']
}
dmeq = coa_client.createDisconnectPacket(**attrs)
coa_client.sendCoA(dmeq)
return resp
except:
log.err('send dm error')
return error_auth(resp, 'user session to limit & send dm error')
elif store.count_online(user['account_number']) > user['user_concur_number']:
return error_auth(resp, 'user session to limit')
return resp
def process(req=None,resp=None,user=None,radiusd=None,**kwargs):
store = radiusd.store
session_timeout = int(store.get_param("max_session_timeout"))
if store.is_white_roster(req.get_mac_addr()):
resp['Session-Timeout'] = session_timeout
return resp
expire_pool = store.get_param("expire_addrpool")
if "Framed-Pool" in resp:
if expire_pool in resp['Framed-Pool']:
expire_session_timeout = int(store.get_param("expire_session_timeout"))
if expire_session_timeout > 0:
session_timeout = expire_session_timeout
else:
return error_auth(resp,'User has expired')
acct_interim_intelval = int(store.get_param("acct_interim_intelval"))
if acct_interim_intelval > 0:
resp['Acct-Interim-Interval'] = acct_interim_intelval
acct_policy = user['product_policy'] or BOMonth
product = store.get_product(user['product_id'])
if acct_policy in (PPMonth,BOMonth):
expire_date = user['expire_date']
_datetime = datetime.datetime.now()
if _datetime.strftime("%Y-%m-%d") == expire_date:
_expire_datetime = datetime.datetime.strptime(expire_date+' 23:59:59',"%Y-%m-%d %H:%M:%S")
session_timeout = (_expire_datetime - _datetime).seconds
elif acct_policy == BOTimes:
_session_timeout = user["time_length"]
if _session_timeout < session_timeout:
session_timeout = _session_timeout
elif acct_policy == PPTimes:
user_balance = store.get_user_balance(user['account_number'])
fee_price = decimal.Decimal(product['fee_price'])
_sstime = user_balance/fee_price*decimal.Decimal(3600)
_session_timeout = int(_sstime.to_integral_value())
if _session_timeout < session_timeout:
session_timeout = _session_timeout
resp['Session-Timeout'] = session_timeout
if user['ip_address']:
resp['Framed-IP-Address'] = user['ip_address']
_attrs = {}
for attr in store.get_product_attrs(user['product_id']):
try:
_type = resp.dict[attr['attr_name']].type
attr_name = str(attr['attr_name'])
attr_value = get_type_val(_type,attr['attr_value'])
if attr_name in _attrs:
_attrs[attr_name].append(attr_value)
else:
_attrs[attr_name] = [attr_value]
except:
radiusd.syslog.error("process product attr error")
import traceback
traceback.print_exc()
print _attrs
for _a in _attrs:
resp.AddAttribute(_a,_attrs[_a])
for attr in req.ext_attrs:
resp[attr] = req.ext_attrs[attr]
# for attr in store.get_user_attrs(user['account_number']):
# try:resp[attr.attr_name] = attr.attr_value
# except:pass
return resp