Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/usr/bin/env python
- # -*- coding: utf-8 -*-
- import re
- import sys
- import sqlalchemy
- from decorator import decorator
- import radiusd
- import bitstring
- import ipaddress
- from _sql import *
- from _params import *
- engine = None
- RADIUS_TYPE_MAP = (
- (re.compile('^"(.*)"$'), lambda m: m.group(1)),
- (re.compile('^(-?\d+)$'), lambda m: int(m.group(1))),)
- def radius_value(value_string):
- if type(value_string) in (str, unicode):
- for regexp, processor in RADIUS_TYPE_MAP:
- m = regexp.match(value_string)
- if m is not None:
- return processor(m)
- return value_string
- @decorator
- def radius_function(f, params):
- data = dict()
- for name, value in params:
- data[name] = radius_value(value)
- try:
- data = f(data)
- except:
- return radiusd.RLM_MODULE_FAIL
- if type(data) is tuple:
- res = (data[0],) + tuple(map(lambda d: tuple(d.iteritems()), data[1:]))
- else:
- res = data
- return res
- @radius_function
- def attibutes(p):
- return p
- def log(level, s):
- radiusd.radlog(level, s)
- def instantiate(p):
- global engine
- engine = sqlalchemy.create_engine('mysql://root:xcxcxc@2510@localhost:3306/UTM5',pool_size=100, max_overflow=10)
- log(radiusd.L_INFO, 'db connection: ' + str(engine))
- def authorize(p):
- print "*** authorize ***"
- print p
- return radiusd.RLM_MODULE_OK
- def accounting(p):
- print "*** accounting ***"
- print p
- return radiusd.RLM_MODULE_OK
- def pre_proxy(p):
- print "*** pre_proxy ***"
- print p
- return radiusd.RLM_MODULE_OK
- def post_proxy(p):
- print "*** post_proxy ***"
- print p
- return radiusd.RLM_MODULE_OK
- def post_auth(p):
- try:
- dbHandle = engine.connect()
- except sqlalchemy.exc.DatabaseError, e:
- log(radiusd.L_ERR, str(e))
- return radiusd.RLM_MODULE_FAIL
- p = attibutes(p)
- msgtype = p.get('DHCP-Message-Type', None)
- chaddr = p.get('DHCP-Client-Hardware-Address', None)
- vendorid = p.get('DHCP-Vendor-Class-Identifier', None)
- xid = hex(int(p.get('DHCP-Transaction-Id', None)))
- cid = p.get('DHCP-Client-Identifier',None)
- rip = p.get('DHCP-Requested-IP-Address', None) if p.get('DHCP-Requested-IP-Address', None) != '0.0.0.0' else None
- sid = p.get('DHCP-DHCP-Server-Identifier', None) if p.get('DHCP-DHCP-Server-Identifier', None) != '0.0.0.0' else None
- cip = p.get('DHCP-Client-IP-Address', None) if p.get('DHCP-Client-IP-Address', None) != '0.0.0.0' else None
- if msgtype == "DHCP-Discover":
- if ('DHCP-Relay-Remote-Id' in p) and ('DHCP-Relay-Circuit-Id' in p):
- vlan = bitstring.BitArray(p.get('DHCP-Relay-Circuit-Id', None))[16:-16].int
- port = bitstring.BitArray(p.get('DHCP-Relay-Circuit-Id', None))[40:].int
- switch = bitstring.BitArray(p.get('DHCP-Relay-Remote-Id', None))[16:].bytes
- remote_id = ('DHCP-Relay-Remote-Id', '{0}'.format(p.get('DHCP-Relay-Remote-Id', None)))
- circuit_id = ('DHCP-Relay-Circuit-Id', '{0}'.format(p.get('DHCP-Relay-Circuit-Id', None)))
- res = dbHandle.execute(select_mac.format(switch,chaddr)).fetchall()
- if res:
- if len(res) == 1:
- nets = [n for n in res][0]
- ipnet = ipaddress.ip_address(u"{0}".format(nets['ip'])) in ipaddress.ip_network(u'{0}/{1}'.format(nets['net'],nets['mask']))
- if ipnet == True:
- log(radiusd.L_INFO, DHCP_Discover.format(xid,switch,port,vlan,chaddr,vendorid))
- mask = ('DHCP-Subnet-Mask', '{0}'.format(nets['mask']))
- router = ('DHCP-Router-Address', '{0}'.format(nets['gw']))
- yiaddr = ('DHCP-Your-IP-Address', '{0}'.format(nets['ip']))
- log(radiusd.L_INFO, DHCP_Offer.format(xid,switch,port,vlan,chaddr,yiaddr[1],vendorid))
- if vendorid == 'synet':
- return (radiusd.RLM_MODULE_OK, (circuit_id,remote_id,ns1,ns2,ntp,mask,router,msgoffer,lease,serverid,domain,yiaddr,synet),())
- else:
- return (radiusd.RLM_MODULE_OK, (circuit_id,remote_id,ns1,ns2,ntp,mask,router,msgoffer,lease,serverid,domain,yiaddr),())
- else:
- log(radiusd.L_INFO, DHCP_NAK_error_ip_net.format(xid,switch,port,vlan,chadddr,ciaddr,vendorid))
- return radiusd.RLM_MODULE_NOTFOUND
- else:
- log(radiusd.L_INFO, DHCP_Discover_duble_mac.format(xid,switch,port,vlan,chaddr,vendorid))
- return radiusd.RLM_MODULE_NOOP
- else:
- log(radiusd.L_INFO, DHCP_Discover_free.format(xid,switch,port,vlan,chaddr,vendorid))
- return radiusd.RLM_MODULE_NOOP
- else:
- log(radiusd.L_INFO, DHCP_Discover_not82.format(xid,chaddr,vendorid))
- return radiusd.RLM_MODULE_NOOP
- elif msgtype == "DHCP-Request":
- if sid and not cip: #SELECTING
- if ('DHCP-Relay-Remote-Id' in p) and ('DHCP-Relay-Circuit-Id' in p):
- vlan = bitstring.BitArray(p.get('DHCP-Relay-Circuit-Id', None))[16:-16].int
- port = bitstring.BitArray(p.get('DHCP-Relay-Circuit-Id', None))[40:].int
- switch = bitstring.BitArray(p.get('DHCP-Relay-Remote-Id', None))[16:].bytes
- remote_id = ('DHCP-Relay-Remote-Id', '{0}'.format(p.get('DHCP-Relay-Remote-Id', None)))
- circuit_id = ('DHCP-Relay-Circuit-Id', '{0}'.format(p.get('DHCP-Relay-Circuit-Id', None)))
- res = dbHandle.execute(select_ip.format(switch,rip)).fetchall()
- if res:
- if len(res) == 1:
- nets = [n for n in res][0]
- ipnet = ipaddress.ip_address(u"{0}".format(nets['ip'])) in ipaddress.ip_network(u'{0}/{1}'.format(nets['net'],nets['mask']))
- if ipnet == True:
- mask = ('DHCP-Subnet-Mask', '{0}'.format(nets['mask']))
- router = ('DHCP-Router-Address', '{0}'.format(nets['gw']))
- yiaddr = ('DHCP-Your-IP-Address', '{0}'.format(nets['ip']))
- log(radiusd.L_INFO, DHCP_Request_select.format(xid,switch,port,vlan,chaddr,yiaddr[1],vendorid))
- log(radiusd.L_INFO, DHCP_ASK_select.format(xid,switch,port,vlan,chaddr,yiaddr[1],vendorid))
- if vendorid == 'synet':
- return (radiusd.RLM_MODULE_OK, (circuit_id,remote_id,ns1,ns2,ntp,mask,router,msgask,lease,serverid,domain,yiaddr,synet),())
- else:
- return (radiusd.RLM_MODULE_OK, (circuit_id,remote_id,ns1,ns2,ntp,mask,router,msgask,lease,serverid,domain,yiaddr),())
- else:
- log(radiusd.L_INFO, DHCP_NAK_error_ip_net.format(xid,switch,port,vlan,chaddr,reqipaddr,vendorid))
- return radiusd.RLM_MODULE_NOTFOUND
- else:
- log(radiusd.L_INFO, DHCP_NAK_duble.format(xid,switch,port,vlan,chaddr,reqipaddr,vendorid))
- return radiusd.RLM_MODULE_NOTFOUND
- else:
- log(radiusd.L_INFO, DHCP_NAK_req_free.format(xid,switch,port,vlan,chaddr,reqipaddr,vendorid))
- return radiusd.RLM_MODULE_NOTFOUND
- elif not sid and not cip and rip: #INIT-REBOOT
- print "#INIT-REBOOT"
- elif not sid and cip and not rip: #RENEWING or REBINDING
- print "#RENEWING or REBINDING"
- else:
- return radiusd.RLM_MODULE_NOOP
- elif msgtype == "DHCP-Release":
- return radiusd.RLM_MODULE_NOOP
- elif msgtype == "DHCP-Inform":
- return radiusd.RLM_MODULE_NOOP
- elif msgtype == "DHCP-Decline":
- return radiusd.RLM_MODULE_NOOP
- def recv_coa(p):
- print "*** recv_coa ***"
- print p
- return radiusd.RLM_MODULE_OK
- def send_coa(p):
- print "*** send_coa ***"
- print p
- return radiusd.RLM_MODULE_OK
- def detach(_p):
- print "*** detach ***"
- return radiusd.RLM_MODULE_OK
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement