API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Aug 16th, 2013
183
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Python 12.39 KB | None | 0 0
raw download clone embed print report
  1. #!/usr/bin/env python
  2. # -*- coding: utf-8 -*-
  3.  
  4. import re
  5. import sys
  6. import time
  7. import sqlalchemy
  8. from decorator import decorator
  9. import radiusd
  10. import bitstring
  11. import ipaddress
  12. from _sql import *
  13. from _params import *
  14.  
  15.  
  16. engine = None
  17. RADIUS_TYPE_MAP = (
  18.     (re.compile('^"(.*)"$'), lambda m: m.group(1)),
  19.     (re.compile('^(-?\d+)$'), lambda m: int(m.group(1))),)
  20.  
  21.  
  22. def radius_value(value_string):
  23.     if type(value_string) in (str, unicode):
  24.         for regexp, processor in RADIUS_TYPE_MAP:
  25.             m = regexp.match(value_string)
  26.             if m is not None:
  27.                 return processor(m)
  28.     return value_string
  29.  
  30.  
  31. @decorator
  32. def radius_function(f, params):
  33.     data = dict()
  34.     for name, value in params:
  35.         data[name] = radius_value(value)
  36.     try:
  37.         data = f(data)
  38.     except:
  39.         return radiusd.RLM_MODULE_FAIL
  40.     if type(data) is tuple:
  41.         res = (data[0],) + tuple(map(lambda d: tuple(d.iteritems()), data[1:]))
  42.     else:
  43.         res = data
  44.     return res
  45.  
  46.  
  47. @radius_function
  48. def attibutes(p):
  49.     return p
  50.  
  51.  
  52. def log(level, s):
  53.     radiusd.radlog(level, s)
  54.  
  55.  
  56. def instantiate(p):
  57.     global engine
  58.     engine = sqlalchemy.create_engine('mysql://root:dfdfd@localhost:3306/UTM5',pool_size=100, max_overflow=10)
  59.     log(radiusd.L_INFO, 'db connection: ' + str(engine))
  60.  
  61.  
  62. def authorize(p):
  63.     print "*** authorize ***"
  64.     return radiusd.RLM_MODULE_OK
  65.  
  66.  
  67. def accounting(p):
  68.     print "*** accounting ***"
  69.     return radiusd.RLM_MODULE_OK
  70.  
  71.  
  72. def pre_proxy(p):
  73.     print "*** pre_proxy ***"
  74.     return radiusd.RLM_MODULE_OK
  75.  
  76.  
  77. def post_proxy(p):
  78.     print "*** post_proxy ***"
  79.     return radiusd.RLM_MODULE_OK
  80.  
  81. def answer(venid,ans):
  82.     if venid == 'synet':
  83.         return synet,ans
  84.     else:
  85.         return ans
  86.  
  87.  
  88. def extract(nets):
  89.     mask = ('DHCP-Subnet-Mask', nets['mask'])
  90.     router = ('DHCP-Router-Address', nets['gw'])
  91.     yiaddr = ('DHCP-Your-IP-Address', nets['ip'])
  92.     return (mask, router, yiaddr)
  93.  
  94.  
  95. def extract2(p):
  96.     if ('DHCP-Relay-Remote-Id' in p) and ('DHCP-Relay-Circuit-Id' in p):
  97.         vlan = bitstring.BitArray(p.get('DHCP-Relay-Circuit-Id', None))[16:-16].int
  98.         port = bitstring.BitArray(p.get('DHCP-Relay-Circuit-Id', None))[40:].int
  99.         switch = bitstring.BitArray(p.get('DHCP-Relay-Remote-Id', None))[16:].bytes
  100.         return (vlan, port, switch)
  101.     else:
  102.         vlan = 0
  103.         port = 0
  104.         switch = ''
  105.         return (vlan,port,switch)
  106.  
  107.  
  108. def post_auth(p):
  109.     try:
  110.         dbHandle = engine.connect()
  111.     except sqlalchemy.exc.DatabaseError, e:
  112.         log(radiusd.L_ERR, str(e))
  113.         return radiusd.RLM_MODULE_FAIL
  114.  
  115.     t = int(time.time())
  116.     p = attibutes(p)
  117.     msgtype = p.get('DHCP-Message-Type', None)
  118.     chaddr = p.get('DHCP-Client-Hardware-Address', None)
  119.     venid = p.get('DHCP-Vendor-Class-Identifier', None)
  120.     xid = '%x' %int(p.get('DHCP-Transaction-Id', None))
  121.     cid = p.get('DHCP-Client-Identifier',None)
  122.     rip = p.get('DHCP-Requested-IP-Address', None) if p.get('DHCP-Requested-IP-Address', None) != '0.0.0.0' else None
  123.     sid = p.get('DHCP-DHCP-Server-Identifier', None) if p.get('DHCP-DHCP-Server-Identifier', None) != '0.0.0.0' else None
  124.     cip = p.get('DHCP-Client-IP-Address', None) if p.get('DHCP-Client-IP-Address', None) != '0.0.0.0' else None
  125.  
  126.  
  127.     if msgtype == "DHCP-Discover":
  128.         (vlan, port, switch) = extract2(p);
  129.         res = dbHandle.execute(select_mac.format(switch,chaddr)).fetchall()
  130.         if res:
  131.             if len(res) == 1:
  132.                 nets = [n for n in res][0]
  133.                 ipnet = ipaddress.ip_address(unicode(nets['ip'])) in ipaddress.ip_network(unicode(nets['net']+'/'+nets['mask']))
  134.                 if ipnet == True:
  135.                     log(radiusd.L_INFO, dhcp_log.format('DHCP-Discover:',xid,switch,port,vlan,chaddr,venid,nets['ip'],'ok'))
  136.                     dbHandle.execute(insert_log.format(t,xid,"DHCP-Discover",chaddr,venid,"ok",switch,port,vlan,nets['ip']))
  137.                     (mask, router, yiaddr) = extract(nets)
  138.                     log(radiusd.L_INFO, dhcp_log.format('DHCP-Offer:',xid,switch,port,vlan,chaddr,venid,nets['ip'],'ok'))
  139.                     dbHandle.execute(insert_log.format(t,xid,"DHCP-Offer",chaddr,venid,"ok",switch,port,vlan,nets['ip']))
  140.                     return (radiusd.RLM_MODULE_OK, (ns1,ns2,ntp,mask,router,lease,serverid,domain,yiaddr,answer(venid,msgoffer)),())
  141.                 else:
  142.                     log(radiusd.L_INFO, dhcp_log.format('DHCP-Discover:',xid,switch,port,vlan,chaddr,venid,nets['ip'],'error_nets'))
  143.                     dbHandle.execute(insert_log.format(t,xid,"DHCP-Discover",chaddr,venid,"error_nets",switch,port,vlan,nets['ip']))
  144.                     return radiusd.RLM_MODULE_NOOP
  145.             else:
  146.                 log(radiusd.L_INFO, dhcp_log.format('DHCP-Discover:',xid,switch,port,vlan,chaddr,venid,0,'duble_mac'))
  147.                 dbHandle.execute(insert_log.format(t,xid,"DHCP-Discover",chaddr,venid,"duble_mac",switch,port,vlan,""))
  148.                 return radiusd.RLM_MODULE_NOOP
  149.         else:
  150.             log(radiusd.L_INFO, dhcp_log.format('DHCP-Discover:',xid,switch,port,vlan,chaddr,venid,0,'free_res_82'))
  151.             dbHandle.execute(insert_log.format(t,xid,"DHCP-Discover",chaddr,venid,"free_res_82",switch,port,vlan,""))
  152.             return radiusd.RLM_MODULE_NOOP
  153.  
  154.  
  155.     elif msgtype == "DHCP-Request":
  156.         if sid and not cip: #SELECTING
  157.             (vlan, port, switch) = extract2(p);
  158.             log(radiusd.L_INFO, dhcp_log.format('DHCP-Request:',xid,switch,port,vlan,chaddr,venid,rip,'ok_sel'))                                              
  159.             dbHandle.execute(insert_log.format(t,xid,"DHCP-Request",chaddr,venid,"ok_sel",switch,port,vlan,rip))
  160.             res = dbHandle.execute(select_ip.format(switch,rip)).fetchall()
  161.             if res:
  162.                 if len(res) == 1:
  163.                     nets = [n for n in res][0]
  164.                     ipnet = ipaddress.ip_address(unicode(nets['ip'])) in ipaddress.ip_network(unicode(nets['net']+'/'+nets['mask']))
  165.                     if ipnet == True:
  166.                         (mask, router, yiaddr) = extract(nets)
  167.                         log(radiusd.L_INFO, dhcp_log.format('DHCP-Ask:',xid,switch,port,vlan,chaddr,venid,nets['ip'],'ok_sel'))
  168.                         dbHandle.execute(insert_log.format(t,xid,"DHCP-Ask",chaddr,venid,"ok_sel",switch,port,vlan,nets['ip']))
  169.                         dbHandle.execute(insert_lease.format(t,t+lease_time,xid,nets['ip'],chaddr,switch,port,'active'))
  170.                         return (radiusd.RLM_MODULE_OK, (ns1,ns2,ntp,mask,router,lease,serverid,domain,yiaddr,answer(venid,msgask)),())
  171.                     else:
  172.                         log(radiusd.L_INFO, dhcp_log.format('DHCP-NAK:',xid,switch,port,vlan,chaddr,venid,rip,'nak_error_nets_sel'))
  173.                         dbHandle.execute(insert_log.format(t,xid,"DHCP-NAK",chaddr,venid,"nak_error_nets_sel",switch,port,vlan,rip))
  174.                         return radiusd.RLM_MODULE_NOTFOUND
  175.                 else:
  176.                     log(radiusd.L_INFO, dhcp_log.format('DHCP-NAK:',xid,switch,port,vlan,chaddr,venid,rip,'nak_duble_mac_sel'))
  177.                     dbHandle.execute(insert_log.format(t,xid,"DHCP-NAK",chaddr,venid,"nak_duble_mac_sel",switch,port,vlan,rip))
  178.                     return radiusd.RLM_MODULE_NOTFOUND
  179.             else:
  180.                 log(radiusd.L_INFO, dhcp_log.format('DHCP-NAK:',xid,switch,port,vlan,chaddr,venid,rip,'nak_res_82_sel'))
  181.                 dbHandle.execute(insert_log.format(t,xid,"DHCP-NAK",chaddr,venid,"nak_res_82_sel",switch,port,vlan,rip))
  182.                 return radiusd.RLM_MODULE_NOTFOUND
  183.  
  184.  
  185.         elif not sid and not cip and rip: #INIT-REBOOT
  186.             (vlan, port, switch) = extract2(p);
  187.             log(radiusd.L_INFO, dhcp_log.format('DHCP-Request:',xid,switch,port,vlan,chaddr,venid,rip,'ok_init'))
  188.             dbHandle.execute(insert_log.format(t,xid,"DHCP-Request",chaddr,venid,"ok_init",switch,port,vlan,rip))
  189.             res = dbHandle.execute(select_ip.format(switch,rip)).fetchall()
  190.             if res:
  191.                 if len(res) == 1:
  192.                     nets = [n for n in res][0]
  193.                     ipnet = ipaddress.ip_address(unicode(nets['ip'])) in ipaddress.ip_network(unicode(nets['net']+'/'+nets['mask']))
  194.                     if ipnet == True:
  195.                         (mask, router, yiaddr) = extract(nets)
  196.                         log(radiusd.L_INFO, dhcp_log.format('DHCP-Ask:',xid,switch,port,vlan,chaddr,venid,nets['ip'],'ok_init'))
  197.                         dbHandle.execute(insert_log.format(t,xid,"DHCP-Ask",chaddr,venid,"ok_init",switch,port,vlan,nets['ip']))
  198.                         dbHandle.execute(insert_lease.format(lease_time,xid,nets['ip'],chaddr,switch,port,'active'))
  199.                         return (radiusd.RLM_MODULE_OK, (ns1,ns2,ntp,mask,router,lease,serverid,domain,yiaddr,answer(venid,msgask)),())
  200.                     else:
  201.                         log(radiusd.L_INFO, dhcp_log.format('DHCP-NAK:',xid,switch,port,vlan,chaddr,venid,rip,'nak_error_nets_init'))
  202.                         dbHandle.execute(insert_log.format(t,xid,"DHCP-NAK",chaddr,venid,"nak_error_nets_init",switch,port,vlan,rip))
  203.                         return radiusd.RLM_MODULE_NOTFOUND
  204.                 else:
  205.                     log(radiusd.L_INFO, dhcp_log.format('DHCP-NAK:',xid,switch,port,vlan,chaddr,venid,rip,'nak_duble_mac_init'))
  206.                     dbHandle.execute(insert_log.format(t,xid,"DHCP-NAK",chaddr,venid,"nak_duble_mac_init",switch,port,vlan,rip))
  207.                     return radiusd.RLM_MODULE_NOTFOUND
  208.             else:
  209.                 log(radiusd.L_INFO, dhcp_log.format('DHCP-NAK:',xid,switch,port,vlan,chaddr,venid,0,'nak_res_82_init'))
  210.                 dbHandle.execute(insert_log.format(t,xid,"DHCP-NAK",chaddr,venid,"nak_res_82_init",switch,port,vlan,rip))
  211.                 return radiusd.RLM_MODULE_NOTFOUND
  212.  
  213.  
  214.         elif not sid and cip and not rip: #RENEWING or REBINDING
  215.             res = dbHandle.execute(select_lease.format(t,xid,cip,chaddr)).fetchall()
  216.             (vlan, port, switch) = extract2(p);
  217.             log(radiusd.L_INFO, dhcp_log.format('DHCP-Request:',xid,switch,port,vlan,chaddr,venid,rip,'ok_renew'))
  218.             dbHandle.execute(insert_log.format(t,xid,"DHCP-Request",chaddr,venid,"ok_renew",switch,port,vlan,cip))
  219.             if res:
  220.                 res2 = dbHandle.execute(select_ip.format(res[0]['switch'],cip)).fetchall()
  221.                 if len(res2) == 1:
  222.                     nets = [n for n in res2][0]
  223.                     ipnet = ipaddress.ip_address(unicode(nets['ip'])) in ipaddress.ip_network(unicode(nets['net']+'/'+nets['mask']))
  224.                     if ipnet == True:
  225.                         (mask, router, yiaddr) = extract(nets)
  226.                         log(radiusd.L_INFO, dhcp_log.format('DHCP-Ask:',xid,switch,port,vlan,chaddr,venid,nets['ip'],'ok_renew'))
  227.                         dbHandle.execute(insert_log.format(t,xid,"DHCP-Ask",chaddr,venid,"ok_renew",switch,port,vlan,nets['ip']))
  228.                         dbHandle.execute(update_lease.format(t,t+lease_time,res[0]['id']))
  229.                         return (radiusd.RLM_MODULE_OK, (ns1,ns2,ntp,mask,router,lease,serverid,domain,yiaddr,answer(venid,msgask)),())
  230.                 else:
  231.                     log(radiusd.L_INFO, dhcp_log.format('DHCP-NAK:',xid,switch,port,vlan,chaddr,venid,rip,'nak_duble_mac_renew'))
  232.                     dbHandle.execute(insert_log.format(t,xid,"DHCP-NAK",chaddr,venid,"nak_duble_mac_renew",switch,port,vlan,cip))
  233.                     return radiusd.RLM_MODULE_NOTFOUND
  234.             else:
  235.                 log(radiusd.L_INFO, dhcp_log.format('DHCP-NAK:',xid,switch,port,vlan,chaddr,venid,0,'nak_res_82_renew'))
  236.                 dbHandle.execute(insert_log.format(t,xid,"DHCP-NAK",chaddr,venid,"nak_res_82_renew",switch,port,vlan,cip))
  237.         else:
  238.             log(radiusd.L_INFO, 'DHCP-Request: not_if')
  239.             return radiusd.RLM_MODULE_NOOP
  240.  
  241.  
  242.     elif msgtype == "DHCP-Release":
  243.         return radiusd.RLM_MODULE_NOOP
  244.  
  245.  
  246.     elif msgtype == "DHCP-Inform":
  247.         return (radiusd.RLM_MODULE_OK, (msgask,),())
  248.  
  249.  
  250.     elif msgtype == "DHCP-Decline":
  251.         return radiusd.RLM_MODULE_NOOP
  252.  
  253. def recv_coa(p):
  254.     print "*** recv_coa ***"
  255.     print p
  256.     return radiusd.RLM_MODULE_OK
  257.  
  258.  
  259. def send_coa(p):
  260.     print "*** send_coa ***"
  261.     print p
  262.     return radiusd.RLM_MODULE_OK
  263.  
  264.  
  265. def detach(_p):
  266.     print "*** detach ***"
  267.     return radiusd.RLM_MODULE_OK
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!