Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/usr/bin/env python
- # -*- coding: utf-8 -*-
- import re
- import sys
- import time
- import sqlalchemy
- from decorator import decorator
- import radiusd
- import bitstring
- import ipaddress
- from _sql import *
- from _params import *
- engine = None
- RADIUS_TYPE_MAP = (
- (re.compile('^"(.*)"$'), lambda m: m.group(1)),
- (re.compile('^(-?\d+)$'), lambda m: int(m.group(1))),)
- def radius_value(value_string):
- if type(value_string) in (str, unicode):
- for regexp, processor in RADIUS_TYPE_MAP:
- m = regexp.match(value_string)
- if m is not None:
- return processor(m)
- return value_string
- @decorator
- def radius_function(f, params):
- data = dict()
- for name, value in params:
- data[name] = radius_value(value)
- try:
- data = f(data)
- except:
- return radiusd.RLM_MODULE_FAIL
- if type(data) is tuple:
- res = (data[0],) + tuple(map(lambda d: tuple(d.iteritems()), data[1:]))
- else:
- res = data
- return res
- @radius_function
- def attibutes(p):
- return p
- def log(level, s):
- radiusd.radlog(level, s)
- def instantiate(p):
- global engine
- engine = sqlalchemy.create_engine('mysql://root:dfdfd@localhost:3306/UTM5',pool_size=100, max_overflow=10)
- log(radiusd.L_INFO, 'db connection: ' + str(engine))
- def authorize(p):
- print "*** authorize ***"
- return radiusd.RLM_MODULE_OK
- def accounting(p):
- print "*** accounting ***"
- return radiusd.RLM_MODULE_OK
- def pre_proxy(p):
- print "*** pre_proxy ***"
- return radiusd.RLM_MODULE_OK
- def post_proxy(p):
- print "*** post_proxy ***"
- return radiusd.RLM_MODULE_OK
- def answer(venid,ans):
- if venid == 'synet':
- return synet,ans
- else:
- return ans
- def extract(nets):
- mask = ('DHCP-Subnet-Mask', nets['mask'])
- router = ('DHCP-Router-Address', nets['gw'])
- yiaddr = ('DHCP-Your-IP-Address', nets['ip'])
- return (mask, router, yiaddr)
- def extract2(p):
- if ('DHCP-Relay-Remote-Id' in p) and ('DHCP-Relay-Circuit-Id' in p):
- vlan = bitstring.BitArray(p.get('DHCP-Relay-Circuit-Id', None))[16:-16].int
- port = bitstring.BitArray(p.get('DHCP-Relay-Circuit-Id', None))[40:].int
- switch = bitstring.BitArray(p.get('DHCP-Relay-Remote-Id', None))[16:].bytes
- return (vlan, port, switch)
- else:
- vlan = 0
- port = 0
- switch = ''
- return (vlan,port,switch)
- def post_auth(p):
- try:
- dbHandle = engine.connect()
- except sqlalchemy.exc.DatabaseError, e:
- log(radiusd.L_ERR, str(e))
- return radiusd.RLM_MODULE_FAIL
- t = int(time.time())
- p = attibutes(p)
- msgtype = p.get('DHCP-Message-Type', None)
- chaddr = p.get('DHCP-Client-Hardware-Address', None)
- venid = p.get('DHCP-Vendor-Class-Identifier', None)
- xid = '%x' %int(p.get('DHCP-Transaction-Id', None))
- cid = p.get('DHCP-Client-Identifier',None)
- rip = p.get('DHCP-Requested-IP-Address', None) if p.get('DHCP-Requested-IP-Address', None) != '0.0.0.0' else None
- sid = p.get('DHCP-DHCP-Server-Identifier', None) if p.get('DHCP-DHCP-Server-Identifier', None) != '0.0.0.0' else None
- cip = p.get('DHCP-Client-IP-Address', None) if p.get('DHCP-Client-IP-Address', None) != '0.0.0.0' else None
- if msgtype == "DHCP-Discover":
- (vlan, port, switch) = extract2(p);
- res = dbHandle.execute(select_mac.format(switch,chaddr)).fetchall()
- if res:
- if len(res) == 1:
- nets = [n for n in res][0]
- ipnet = ipaddress.ip_address(unicode(nets['ip'])) in ipaddress.ip_network(unicode(nets['net']+'/'+nets['mask']))
- if ipnet == True:
- log(radiusd.L_INFO, dhcp_log.format('DHCP-Discover:',xid,switch,port,vlan,chaddr,venid,nets['ip'],'ok'))
- dbHandle.execute(insert_log.format(t,xid,"DHCP-Discover",chaddr,venid,"ok",switch,port,vlan,nets['ip']))
- (mask, router, yiaddr) = extract(nets)
- log(radiusd.L_INFO, dhcp_log.format('DHCP-Offer:',xid,switch,port,vlan,chaddr,venid,nets['ip'],'ok'))
- dbHandle.execute(insert_log.format(t,xid,"DHCP-Offer",chaddr,venid,"ok",switch,port,vlan,nets['ip']))
- return (radiusd.RLM_MODULE_OK, (ns1,ns2,ntp,mask,router,lease,serverid,domain,yiaddr,answer(venid,msgoffer)),())
- else:
- log(radiusd.L_INFO, dhcp_log.format('DHCP-Discover:',xid,switch,port,vlan,chaddr,venid,nets['ip'],'error_nets'))
- dbHandle.execute(insert_log.format(t,xid,"DHCP-Discover",chaddr,venid,"error_nets",switch,port,vlan,nets['ip']))
- return radiusd.RLM_MODULE_NOOP
- else:
- log(radiusd.L_INFO, dhcp_log.format('DHCP-Discover:',xid,switch,port,vlan,chaddr,venid,0,'duble_mac'))
- dbHandle.execute(insert_log.format(t,xid,"DHCP-Discover",chaddr,venid,"duble_mac",switch,port,vlan,""))
- return radiusd.RLM_MODULE_NOOP
- else:
- log(radiusd.L_INFO, dhcp_log.format('DHCP-Discover:',xid,switch,port,vlan,chaddr,venid,0,'free_res_82'))
- dbHandle.execute(insert_log.format(t,xid,"DHCP-Discover",chaddr,venid,"free_res_82",switch,port,vlan,""))
- return radiusd.RLM_MODULE_NOOP
- elif msgtype == "DHCP-Request":
- if sid and not cip: #SELECTING
- (vlan, port, switch) = extract2(p);
- log(radiusd.L_INFO, dhcp_log.format('DHCP-Request:',xid,switch,port,vlan,chaddr,venid,rip,'ok_sel'))
- dbHandle.execute(insert_log.format(t,xid,"DHCP-Request",chaddr,venid,"ok_sel",switch,port,vlan,rip))
- res = dbHandle.execute(select_ip.format(switch,rip)).fetchall()
- if res:
- if len(res) == 1:
- nets = [n for n in res][0]
- ipnet = ipaddress.ip_address(unicode(nets['ip'])) in ipaddress.ip_network(unicode(nets['net']+'/'+nets['mask']))
- if ipnet == True:
- (mask, router, yiaddr) = extract(nets)
- log(radiusd.L_INFO, dhcp_log.format('DHCP-Ask:',xid,switch,port,vlan,chaddr,venid,nets['ip'],'ok_sel'))
- dbHandle.execute(insert_log.format(t,xid,"DHCP-Ask",chaddr,venid,"ok_sel",switch,port,vlan,nets['ip']))
- dbHandle.execute(insert_lease.format(t,t+lease_time,xid,nets['ip'],chaddr,switch,port,'active'))
- return (radiusd.RLM_MODULE_OK, (ns1,ns2,ntp,mask,router,lease,serverid,domain,yiaddr,answer(venid,msgask)),())
- else:
- log(radiusd.L_INFO, dhcp_log.format('DHCP-NAK:',xid,switch,port,vlan,chaddr,venid,rip,'nak_error_nets_sel'))
- dbHandle.execute(insert_log.format(t,xid,"DHCP-NAK",chaddr,venid,"nak_error_nets_sel",switch,port,vlan,rip))
- return radiusd.RLM_MODULE_NOTFOUND
- else:
- log(radiusd.L_INFO, dhcp_log.format('DHCP-NAK:',xid,switch,port,vlan,chaddr,venid,rip,'nak_duble_mac_sel'))
- dbHandle.execute(insert_log.format(t,xid,"DHCP-NAK",chaddr,venid,"nak_duble_mac_sel",switch,port,vlan,rip))
- return radiusd.RLM_MODULE_NOTFOUND
- else:
- log(radiusd.L_INFO, dhcp_log.format('DHCP-NAK:',xid,switch,port,vlan,chaddr,venid,rip,'nak_res_82_sel'))
- dbHandle.execute(insert_log.format(t,xid,"DHCP-NAK",chaddr,venid,"nak_res_82_sel",switch,port,vlan,rip))
- return radiusd.RLM_MODULE_NOTFOUND
- elif not sid and not cip and rip: #INIT-REBOOT
- (vlan, port, switch) = extract2(p);
- log(radiusd.L_INFO, dhcp_log.format('DHCP-Request:',xid,switch,port,vlan,chaddr,venid,rip,'ok_init'))
- dbHandle.execute(insert_log.format(t,xid,"DHCP-Request",chaddr,venid,"ok_init",switch,port,vlan,rip))
- res = dbHandle.execute(select_ip.format(switch,rip)).fetchall()
- if res:
- if len(res) == 1:
- nets = [n for n in res][0]
- ipnet = ipaddress.ip_address(unicode(nets['ip'])) in ipaddress.ip_network(unicode(nets['net']+'/'+nets['mask']))
- if ipnet == True:
- (mask, router, yiaddr) = extract(nets)
- log(radiusd.L_INFO, dhcp_log.format('DHCP-Ask:',xid,switch,port,vlan,chaddr,venid,nets['ip'],'ok_init'))
- dbHandle.execute(insert_log.format(t,xid,"DHCP-Ask",chaddr,venid,"ok_init",switch,port,vlan,nets['ip']))
- dbHandle.execute(insert_lease.format(lease_time,xid,nets['ip'],chaddr,switch,port,'active'))
- return (radiusd.RLM_MODULE_OK, (ns1,ns2,ntp,mask,router,lease,serverid,domain,yiaddr,answer(venid,msgask)),())
- else:
- log(radiusd.L_INFO, dhcp_log.format('DHCP-NAK:',xid,switch,port,vlan,chaddr,venid,rip,'nak_error_nets_init'))
- dbHandle.execute(insert_log.format(t,xid,"DHCP-NAK",chaddr,venid,"nak_error_nets_init",switch,port,vlan,rip))
- return radiusd.RLM_MODULE_NOTFOUND
- else:
- log(radiusd.L_INFO, dhcp_log.format('DHCP-NAK:',xid,switch,port,vlan,chaddr,venid,rip,'nak_duble_mac_init'))
- dbHandle.execute(insert_log.format(t,xid,"DHCP-NAK",chaddr,venid,"nak_duble_mac_init",switch,port,vlan,rip))
- return radiusd.RLM_MODULE_NOTFOUND
- else:
- log(radiusd.L_INFO, dhcp_log.format('DHCP-NAK:',xid,switch,port,vlan,chaddr,venid,0,'nak_res_82_init'))
- dbHandle.execute(insert_log.format(t,xid,"DHCP-NAK",chaddr,venid,"nak_res_82_init",switch,port,vlan,rip))
- return radiusd.RLM_MODULE_NOTFOUND
- elif not sid and cip and not rip: #RENEWING or REBINDING
- res = dbHandle.execute(select_lease.format(t,xid,cip,chaddr)).fetchall()
- (vlan, port, switch) = extract2(p);
- log(radiusd.L_INFO, dhcp_log.format('DHCP-Request:',xid,switch,port,vlan,chaddr,venid,rip,'ok_renew'))
- dbHandle.execute(insert_log.format(t,xid,"DHCP-Request",chaddr,venid,"ok_renew",switch,port,vlan,cip))
- if res:
- res2 = dbHandle.execute(select_ip.format(res[0]['switch'],cip)).fetchall()
- if len(res2) == 1:
- nets = [n for n in res2][0]
- ipnet = ipaddress.ip_address(unicode(nets['ip'])) in ipaddress.ip_network(unicode(nets['net']+'/'+nets['mask']))
- if ipnet == True:
- (mask, router, yiaddr) = extract(nets)
- log(radiusd.L_INFO, dhcp_log.format('DHCP-Ask:',xid,switch,port,vlan,chaddr,venid,nets['ip'],'ok_renew'))
- dbHandle.execute(insert_log.format(t,xid,"DHCP-Ask",chaddr,venid,"ok_renew",switch,port,vlan,nets['ip']))
- dbHandle.execute(update_lease.format(t,t+lease_time,res[0]['id']))
- return (radiusd.RLM_MODULE_OK, (ns1,ns2,ntp,mask,router,lease,serverid,domain,yiaddr,answer(venid,msgask)),())
- else:
- log(radiusd.L_INFO, dhcp_log.format('DHCP-NAK:',xid,switch,port,vlan,chaddr,venid,rip,'nak_duble_mac_renew'))
- dbHandle.execute(insert_log.format(t,xid,"DHCP-NAK",chaddr,venid,"nak_duble_mac_renew",switch,port,vlan,cip))
- return radiusd.RLM_MODULE_NOTFOUND
- else:
- log(radiusd.L_INFO, dhcp_log.format('DHCP-NAK:',xid,switch,port,vlan,chaddr,venid,0,'nak_res_82_renew'))
- dbHandle.execute(insert_log.format(t,xid,"DHCP-NAK",chaddr,venid,"nak_res_82_renew",switch,port,vlan,cip))
- else:
- log(radiusd.L_INFO, 'DHCP-Request: not_if')
- return radiusd.RLM_MODULE_NOOP
- elif msgtype == "DHCP-Release":
- return radiusd.RLM_MODULE_NOOP
- elif msgtype == "DHCP-Inform":
- return (radiusd.RLM_MODULE_OK, (msgask,),())
- elif msgtype == "DHCP-Decline":
- return radiusd.RLM_MODULE_NOOP
- def recv_coa(p):
- print "*** recv_coa ***"
- print p
- return radiusd.RLM_MODULE_OK
- def send_coa(p):
- print "*** send_coa ***"
- print p
- return radiusd.RLM_MODULE_OK
- def detach(_p):
- print "*** detach ***"
- return radiusd.RLM_MODULE_OK
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement