Есть DHCP сервер на питоне работает с опцией 82 работает совместно с UTM5 Radius, DHCP передает Radius'u логин & пароль , дальше идет запрос в пул и выбирается первый из пула(свободный), но вот в чем трабла первый адрес пула является шлюзом у нас...
Сам собсственно вопрос !!! где можно и можно ли указать радиусу чтобы он выдавал со второго адреса пула ?
Можно указать радиусу чтобы он не брал первый IP из пула ?
-
Chrst
- Сообщения: 370
- Зарегистрирован: Пт май 11, 2007 09:28
- Откуда: Медиахолдинг "ЛеККС"
- Контактная информация:
Re: Можно указать радиусу чтобы он не брал первый IP из пула
Вообще адрес отдает DHCP, поэтому и крутить, по всей видимости, надо его. Что то типа excluded...solomon писал(а):Сам собсственно вопрос !!! где можно и можно ли указать радиусу чтобы он выдавал со второго адреса пула ?
Это чисто теоретически...
Код: Выделить всё
import select
import threading
import time
import src.conf_buffer as conf
import src.logging
import src.sql
import random
import libpydhcpserver.dhcp_network
from libpydhcpserver.type_rfc import (
ipToList, ipsToList,
intToList, intsToList,
longToList, longsToList,
strToList,rfc3046_decode,
)
import pyrad.packet
from pyrad.client import Client
from pyrad.dictionary import Dictionary
import MySQLdb
import ipaddr
#from libpydhcpserver.dhcp_packet import *
_dhcp_servers = [] #: A collection of all instantiated DHCP servers; this should only ever be one element long.
_cache = {}
_cacheage = {}
def hex2str(ar):
x = '';
for i in ar :
x = x + chr(i)
return x
def hex2dec(s):
res = str(int(s,16))
return res
def getRadiusIp(packet,relay_agent_r,mac):
relay_agent = {}
if relay_agent_r:
#try:
relay_agent = rfc3046_decode(relay_agent_r)
src.logging.writeLog('getIPRadius: relay_agent')
src.logging.writeLog(relay_agent)
src.logging.writeLog('getIPRadius: circuit-id')
src.logging.writeLog(relay_agent[1])
src.logging.writeLog('getIPRadius: remote-id')
src.logging.writeLog(relay_agent[2])
if not relay_agent:
return None
if (mac in _cache) :
src.logging.writeLog('found mac address in cache : '+str(mac))
_cacheage[mac]['age'] = time.time()
return _cache[mac]
srv=Client(server="localhost", secret="secret",
dict=Dictionary("dictionary"))
#получить из БД имя пользователя и пароль
#cisco
vlan = relay_agent[1][2]*256+relay_agent[1][3]
modul = relay_agent[1][4]
port = relay_agent[1][5]
# port = vlan
#qtech
# vlan = relay_agent[1][0]*256+relay_agent[1][1]
# modul = relay_agent[1][2]
# port = relay_agent[1][3]
#cisco
remoteid = hex2str(relay_agent[2][2:])
#qtech
# remoteid = hex2str(relay_agent[2])
src.logging.writeLog('getRadiusIp: vlan='+str(vlan)+' modul='+str(modul)+' port='+str(port))
# src.logging.writeLog(port)
src.logging.writeLog('getRadiusIp: remoteid')
src.logging.writeLog(remoteid)
db = MySQLdb.connect(host="localhost", port=3306, user="root", passwd="", db="UTM5007")
cursor = db.cursor()
# query = "select u.login,u.password from users u left join user_additional_params a on (u.id=a.userid) where a.paramid=8 and a.value='%s' LIMIT 1" % (str(vlan)+'|'+str(port)+'|'+str(remoteid))
query = "select u.login,u.password from users u left join user_additional_params a on (u.id=a.userid) where a.paramid=8 and a.value='%s' LIMIT 1" % (str(vlan)+'|'+str(remoteid))
src.logging.writeLog(query)
cursor.execute(query)
data = cursor.fetchall()
src.logging.writeLog(data)
if not data:
return None
#отправим стоповый пакет
req=srv.CreateAcctPacket(User_Name=data[0][0])
src.logging.writeLog('radius send acct-stop')
# req["NAS-IP-Address"]=remoteid
req["NAS-Port"]=vlan
# req["NAS-Port"]=2
req["NAS-Identifier"]="trillian"
req["Called-Station-Id"]=mac
req["Calling-Station-Id"]=mac
# req["Framed-IP-Address"]=reply['Framed-IP-Address'][0]
print "Sending accounting stop packet"
req["Acct-Status-Type"]="Stop"
req["Acct-Session-Id"] = mac
req["Acct-Input-Octets"] = random.randrange(2**10, 2**30)
req["Acct-Output-Octets"] = random.randrange(2**10, 2**30)
req["Acct-Session-Time"] = random.randrange(120, 3600)
req["Acct-Terminate-Cause"] = random.choice(["User-Request", "Idle-Timeout"])
srv.SendPacket(req)
req=srv.CreateAuthPacket(code=pyrad.packet.AccessRequest,User_Name=data[0][0], NAS_Identifier=remoteid, NAS_Port=vlan)
req["User-Password"]=req.PwCrypt(data[0][1])
reply=srv.SendPacket(req)
result = []
if reply.code==pyrad.packet.AccessAccept:
src.logging.writeLog('radius access granted')
src.logging.writeLog(reply['Framed-IP-Address'][0])
#сформируем пакет acct
#ip
result.append(reply['Framed-IP-Address'][0])
#hostname
result.append(data[0][0])
#вычислим шлюз
xx = ipaddr.IPv4Network(str(reply['Framed-IP-Address'][0])+'/255.255.255.0')
gw = xx.network+254
# gw = '192.168.1.1'
src.logging.writeLog('gateway: '+str(gw))
src.logging.writeLog('broadcast: '+str(xx.broadcast))
#gateway
result.append(str(gw))
#dns-servers
#result.append("8.8.8.8")
#'subnet_mask'
result.append("255.255.0.0")
#'broadcast_address'
result.append(str(xx.broadcast))
#'domain_name'
result.append('company.org')
#'domain_name_servers'
#result.append("8.8.8.8")
result.append("")
#'ntp_servers'
result.append('')
#'lease_time' sec
result.append(120)
#'subnet'
result.append('255.255.0.0')
#'serial'
result.append(0)
src.logging.writeLog("Sending accounting start packet")
req=srv.CreateAcctPacket(User_Name=data[0][0])
req["Acct-Status-Type"]="Start"
req["Acct-Session-Id"] = mac
#mine
req["NAS-Port"]=vlan
srv.SendPacket(req)
src.logging.writeLog('radius send acct-start')
_cache[mac] = result
#_cacheage[mac]['age'] = time.time()
#_cacheage[mac]['vlan'] = vlan
#_cacheage[mac]['User_Name'] = data[0][0]
_cacheage[mac] = {'mac':mac,'age':time.time(),'vlan':vlan,'User_Name':data[0][0]}
else:
return None
src.logging.writeLog('result=')
src.logging.writeLog(result)
return result
def flushCache():
"""
Flushes all cached DHCP data.
"""
for dhcp_server in _dhcp_servers:
dhcp_server.flushCache()
def _logInvalidValue(name, value, subnet, serial):
src.logging.writeLog("Invalid value for %(subnet)s:%(serial)i:%(name)s: %(value)s" % {
'subnet': subnet,
'serial': serial,
'name': name,
'value': value,
})
class _DHCPServer(libpydhcpserver.dhcp_network.DHCPNetwork):
"""
The handler that responds to all received DHCP requests.
"""
_sql_broker = None #: The SQL broker to be used when handling MAC lookups.
_stats_lock = None #: A lock used to ensure synchronous access to performance statistics.
_dhcp_assignments = None #: The MACs and the number of DHCP "leases" granted to each since the last polling interval.
_ignored_addresses = None #: A list of all MACs currently ignored, plus the time remaining until requests will be honoured again.
_packets_discarded = 0 #: The number of packets discarded since the last polling interval.
_packets_processed = 0 #: The number of packets processed since the last polling interval.
_time_taken = 0.0 #: The amount of time taken since the last polling interval.
def __init__(self, server_address, server_port, client_port, pxe_port):
"""
Constructs the DHCP handler.
@type server_address: basestring
@param server_address: The IP of the interface from which DHCP responses
are to be sent.
@type server_port: int
@param server_port: The port on which DHCP requests are expected to
arrive.
@type client_port: int
@param client_port: The port on which clients expect DHCP responses to
be sent.
@type pxe_port: int|NoneType
@param pxe_port: The port on which to listen for PXE requests, or a
NoneType if PXE support is disabled.
@raise Exception: If a problem occurs while initializing the sockets
required to process DHCP messages.
"""
self._stats_lock = threading.Lock()
self._dhcp_assignments = {}
self._ignored_addresses = []
libpydhcpserver.dhcp_network.DHCPNetwork.__init__(
self, server_address, server_port, client_port, pxe_port
)
self._sql_broker = src.sql.SQL_BROKER()