Ограничение доступа для различных групп пользователей для BGRadiusDialup
Материал из BiTel WiKi
(Различия между версиями)
Lda (Обсуждение | вклад) |
Amir (Обсуждение | вклад) |
||
(1 промежуточная версия не показана) | |||
Строка 7: | Строка 7: | ||
- | + | '''Событие "Модуль Dialup => Radius - аутентификация"''' (с 5.1) | |
- | '''Событие "Модуль Dialup => Radius - аутентификация"''' | + | |
<source lang="java"> | <source lang="java"> | ||
- | |||
import bitel.billing.server.call.bean.*; | import bitel.billing.server.call.bean.*; | ||
import bitel.billing.server.radius.*; | import bitel.billing.server.radius.*; | ||
Строка 21: | Строка 19: | ||
import java.util.*; | import java.util.*; | ||
- | + | mid = 1; | |
- | + | ||
- | + | ||
- | + | ||
- | |||
- | |||
- | |||
- | |||
- | |||
- | |||
- | |||
- | |||
- | |||
- | |||
- | |||
- | |||
- | |||
- | |||
- | |||
- | |||
- | |||
- | |||
- | |||
- | |||
- | |||
- | |||
- | |||
- | |||
- | |||
private WriteErrorLogin() | private WriteErrorLogin() | ||
{ | { | ||
Строка 61: | Строка 31: | ||
} | } | ||
log_rec_id = rs.getInt(1); | log_rec_id = rs.getInt(1); | ||
- | query = "SELECT | + | query = "SELECT * FROM log_error_"+mid+"_"+TimeUtils.format(DateNow, "yyyyMM")+" WHERE log_rec_id='"+log_rec_id+"'"; |
+ | ps = con.prepareStatement(query); | ||
+ | rs = ps.executeQuery(); | ||
+ | if ( rs.next() ) | ||
+ | { | ||
+ | return; | ||
+ | } | ||
+ | query = "INSERT INTO log_error_"+mid+"_"+TimeUtils.format(DateNow, "yyyyMM")+" (dt,cid,lid,login,nas_id,error_code,log_rec_id) "+ | ||
+ | "VALUES ('"+TimeUtils.format(DateNow, "yyyy-MM-dd HH:mm:ss")+"', '"+cid+"', '"+login_id+"', '"+User_Name+"', '"+nas_id+"', '27', '"+log_rec_id+"')"; | ||
+ | psUpdate = con.prepareStatement( query ); | ||
+ | psUpdate.executeUpdate(); | ||
+ | } | ||
+ | |||
+ | public void processRequest( request, response, setup, con, conSlave ) | ||
+ | { | ||
+ | //Не проверять Calling_Station_Id | ||
+ | GROUP_NOT_Calling_Station_Id = 20; | ||
+ | |||
+ | errCode = event.getErrorCode(); | ||
+ | if (errCode != 0) | ||
+ | { | ||
+ | return; | ||
+ | }; | ||
+ | |||
+ | request = event.getRequest(); | ||
+ | response = event.getResponse(); | ||
+ | |||
+ | User_Name = request.getStringAttribute(RadiusStandartAttributes.User_Name); | ||
+ | nas_id = nas.getID(); | ||
+ | nas_ip = nas.getNASIPAddress(); | ||
+ | |||
+ | if (nas_id == 3) | ||
+ | { | ||
+ | //Модемный пул | ||
+ | return; | ||
+ | }; | ||
+ | |||
+ | login = event.getLogin(); | ||
+ | if (login == null) | ||
+ | { | ||
+ | return; | ||
+ | }; | ||
+ | |||
+ | login_ip = request.getStringAttribute(RadiusStandartAttributes.Calling_Station_Id); | ||
+ | login_id = login.getId(); | ||
+ | |||
+ | cid = login.getCid(); | ||
+ | contract = new ContractManager(con).getContractByID(cid); | ||
+ | contract_firma = contract.getFirmID(); | ||
+ | contract_fc = contract.getFc(); | ||
+ | contract_groups = contract.getGroups(); | ||
+ | |||
+ | DateNow = new GregorianCalendar(); | ||
+ | |||
+ | if (contract_firma == null) | ||
+ | { | ||
+ | return; | ||
+ | }; | ||
+ | if ((contract_groups & (1L<<GROUP_NOT_Calling_Station_Id )) > 0) | ||
+ | { | ||
+ | return; | ||
+ | }; | ||
+ | |||
+ | if (login_ip.matches("^10\\.0\\.2\\.[0-9]{1,3}$")) | ||
+ | { | ||
+ | //Админский сегмент | ||
+ | return; | ||
+ | }; | ||
+ | |||
+ | //физики тип1 | ||
+ | if (contract_firma == 2 && contract_fc == 0 && !login_ip.matches("^10\\.[1-4]\\.[0-9]{1,3}\\.[0-9]{1,3}$")) | ||
+ | { | ||
+ | response.setPacketType(RadiusPacket.AUTHENTICATION_REJECT); | ||
+ | print("Drop "+User_Name+" "+login_ip); | ||
+ | WriteErrorLogin(); | ||
+ | return; | ||
+ | } | ||
+ | |||
+ | //Остальные физики | ||
+ | if ((contract_firma == 1 || contract_firma == 4) && contract_fc == 0 && login_ip.matches("^10\\.[1-4]\\.[0-9]{1,3}\\.[0-9]{1,3}$|^10\\.33\\.[0-9]{1,3}\\.[0-9]{1,3}$|^10\\.64\\.[0-9]{1,3}\\.[0-9] {1,3}$")) | ||
+ | { | ||
+ | response.setPacketType(RadiusPacket.AUTHENTICATION_REJECT); | ||
+ | print("Drop "+User_Name+" "+login_ip); | ||
+ | WriteErrorLogin(); | ||
+ | return; | ||
+ | } | ||
+ | } | ||
+ | </source> | ||
+ | |||
+ | |||
+ | |||
+ | '''Событие "Модуль Dialup => Radius - аутентификация"''' (4.6) | ||
+ | <source lang="java"> | ||
+ | import bitel.billing.server.call.bean.*; | ||
+ | import bitel.billing.server.radius.*; | ||
+ | import bitel.billing.server.dialup.bean.*; | ||
+ | import bitel.billing.server.contract.bean.*; | ||
+ | import bitel.billing.server.script.event.*; | ||
+ | import bitel.billing.server.util.*; | ||
+ | |||
+ | import java.sql.*; | ||
+ | import java.util.*; | ||
+ | |||
+ | private WriteErrorLogin() | ||
+ | { | ||
+ | query = "SELECT max(id) FROM log_server_"+mid+"_"+TimeUtils.format(DateNow, "yyyyMM")+" WHERE requests LIKE '%User-Name="+User_Name+"\n%'"; | ||
ps = con.prepareStatement(query); | ps = con.prepareStatement(query); | ||
rs = ps.executeQuery(); | rs = ps.executeQuery(); | ||
Строка 68: | Строка 143: | ||
return; | return; | ||
} | } | ||
- | + | log_rec_id = rs.getInt(1); | |
query = "SELECT * FROM log_error_"+mid+"_"+TimeUtils.format(DateNow, "yyyyMM")+" WHERE log_rec_id='"+log_rec_id+"'"; | query = "SELECT * FROM log_error_"+mid+"_"+TimeUtils.format(DateNow, "yyyyMM")+" WHERE log_rec_id='"+log_rec_id+"'"; | ||
ps = con.prepareStatement(query); | ps = con.prepareStatement(query); | ||
Строка 85: | Строка 160: | ||
//Не проверять Calling_Station_Id | //Не проверять Calling_Station_Id | ||
GROUP_NOT_Calling_Station_Id = 20; | GROUP_NOT_Calling_Station_Id = 20; | ||
+ | |||
+ | errCode = event.getErrorCode(); | ||
+ | if (errCode != 0) | ||
+ | { | ||
+ | return; | ||
+ | }; | ||
request = event.getRequest(); | request = event.getRequest(); | ||
response = event.getResponse(); | response = event.getResponse(); | ||
- | |||
User_Name = request.getStringAttribute(RadiusStandartAttributes.User_Name); | User_Name = request.getStringAttribute(RadiusStandartAttributes.User_Name); | ||
nas = request.getNAS(); | nas = request.getNAS(); | ||
+ | nas_id = nas.getID(); | ||
nas_ip = nas.getNASIPAddress(); | nas_ip = nas.getNASIPAddress(); | ||
- | login = | + | |
+ | if (nas_id == 3) | ||
+ | { | ||
+ | //Модемный пул | ||
+ | return; | ||
+ | }; | ||
+ | |||
+ | login = event.getLogin(); | ||
if (login == null) | if (login == null) | ||
{ | { | ||
- | |||
return; | return; | ||
}; | }; | ||
Строка 110: | Строка 197: | ||
DateNow = new GregorianCalendar(); | DateNow = new GregorianCalendar(); | ||
+ | |||
if (contract_firma == null) | if (contract_firma == null) | ||
{ | { | ||
- | |||
return; | return; | ||
}; | }; | ||
- | |||
- | |||
- | |||
- | |||
- | |||
- | |||
if ((contract_groups & (1L<<GROUP_NOT_Calling_Station_Id )) > 0) | if ((contract_groups & (1L<<GROUP_NOT_Calling_Station_Id )) > 0) | ||
{ | { | ||
- | |||
- | |||
return; | return; | ||
}; | }; | ||
Строка 130: | Строка 209: | ||
if (login_ip.matches("^10\\.0\\.2\\.[0-9]{1,3}$")) | if (login_ip.matches("^10\\.0\\.2\\.[0-9]{1,3}$")) | ||
{ | { | ||
- | //Админский | + | //Админский сегмент |
- | + | ||
return; | return; | ||
}; | }; | ||
Строка 141: | Строка 219: | ||
print("Drop "+User_Name+" "+login_ip); | print("Drop "+User_Name+" "+login_ip); | ||
WriteErrorLogin(); | WriteErrorLogin(); | ||
- | |||
return; | return; | ||
} | } | ||
Строка 151: | Строка 228: | ||
print("Drop "+User_Name+" "+login_ip); | print("Drop "+User_Name+" "+login_ip); | ||
WriteErrorLogin(); | WriteErrorLogin(); | ||
- | |||
return; | return; | ||
} | } | ||
- | |||
- | |||
- | |||
</source> | </source> |
Текущая версия на 12:13, 26 августа 2011
Появилась необходимость ограничить доступ к VPN серверу для определенных категорий пользователей.
Описание: Определяем IP, с которого происходит подключение, и категорию пользователя. Если ему не разрешено подключаться с этого IP, то клиент получает ошибку 691. В мониторе ошибок появляется ошибка с кодом 27 "Запрещен вход с данного телефона".
Договора, которые входят в группу с кодом 20, не проверяются.
Событие "Модуль Dialup => Radius - аутентификация" (с 5.1)
import bitel.billing.server.call.bean.*; import bitel.billing.server.radius.*; import bitel.billing.server.dialup.bean.*; import bitel.billing.server.contract.bean.*; import bitel.billing.server.script.event.*; import bitel.billing.server.util.*; import java.sql.*; import java.util.*; mid = 1; private WriteErrorLogin() { query = "SELECT max(id) FROM log_server_"+mid+"_"+TimeUtils.format(DateNow, "yyyyMM")+" WHERE requests LIKE '%User-Name="+User_Name+"\n%'"; ps = con.prepareStatement(query); rs = ps.executeQuery(); if ( !rs.next() ) { return; } log_rec_id = rs.getInt(1); query = "SELECT * FROM log_error_"+mid+"_"+TimeUtils.format(DateNow, "yyyyMM")+" WHERE log_rec_id='"+log_rec_id+"'"; ps = con.prepareStatement(query); rs = ps.executeQuery(); if ( rs.next() ) { return; } query = "INSERT INTO log_error_"+mid+"_"+TimeUtils.format(DateNow, "yyyyMM")+" (dt,cid,lid,login,nas_id,error_code,log_rec_id) "+ "VALUES ('"+TimeUtils.format(DateNow, "yyyy-MM-dd HH:mm:ss")+"', '"+cid+"', '"+login_id+"', '"+User_Name+"', '"+nas_id+"', '27', '"+log_rec_id+"')"; psUpdate = con.prepareStatement( query ); psUpdate.executeUpdate(); } public void processRequest( request, response, setup, con, conSlave ) { //Не проверять Calling_Station_Id GROUP_NOT_Calling_Station_Id = 20; errCode = event.getErrorCode(); if (errCode != 0) { return; }; request = event.getRequest(); response = event.getResponse(); User_Name = request.getStringAttribute(RadiusStandartAttributes.User_Name); nas_id = nas.getID(); nas_ip = nas.getNASIPAddress(); if (nas_id == 3) { //Модемный пул return; }; login = event.getLogin(); if (login == null) { return; }; login_ip = request.getStringAttribute(RadiusStandartAttributes.Calling_Station_Id); login_id = login.getId(); cid = login.getCid(); contract = new ContractManager(con).getContractByID(cid); contract_firma = contract.getFirmID(); contract_fc = contract.getFc(); contract_groups = contract.getGroups(); DateNow = new GregorianCalendar(); if (contract_firma == null) { return; }; if ((contract_groups & (1L<<GROUP_NOT_Calling_Station_Id )) > 0) { return; }; if (login_ip.matches("^10\\.0\\.2\\.[0-9]{1,3}$")) { //Админский сегмент return; }; //физики тип1 if (contract_firma == 2 && contract_fc == 0 && !login_ip.matches("^10\\.[1-4]\\.[0-9]{1,3}\\.[0-9]{1,3}$")) { response.setPacketType(RadiusPacket.AUTHENTICATION_REJECT); print("Drop "+User_Name+" "+login_ip); WriteErrorLogin(); return; } //Остальные физики if ((contract_firma == 1 || contract_firma == 4) && contract_fc == 0 && login_ip.matches("^10\\.[1-4]\\.[0-9]{1,3}\\.[0-9]{1,3}$|^10\\.33\\.[0-9]{1,3}\\.[0-9]{1,3}$|^10\\.64\\.[0-9]{1,3}\\.[0-9] {1,3}$")) { response.setPacketType(RadiusPacket.AUTHENTICATION_REJECT); print("Drop "+User_Name+" "+login_ip); WriteErrorLogin(); return; } }
Событие "Модуль Dialup => Radius - аутентификация" (4.6)
import bitel.billing.server.call.bean.*; import bitel.billing.server.radius.*; import bitel.billing.server.dialup.bean.*; import bitel.billing.server.contract.bean.*; import bitel.billing.server.script.event.*; import bitel.billing.server.util.*; import java.sql.*; import java.util.*; private WriteErrorLogin() { query = "SELECT max(id) FROM log_server_"+mid+"_"+TimeUtils.format(DateNow, "yyyyMM")+" WHERE requests LIKE '%User-Name="+User_Name+"\n%'"; ps = con.prepareStatement(query); rs = ps.executeQuery(); if ( !rs.next() ) { return; } log_rec_id = rs.getInt(1); query = "SELECT * FROM log_error_"+mid+"_"+TimeUtils.format(DateNow, "yyyyMM")+" WHERE log_rec_id='"+log_rec_id+"'"; ps = con.prepareStatement(query); rs = ps.executeQuery(); if ( rs.next() ) { return; } query = "INSERT INTO log_error_"+mid+"_"+TimeUtils.format(DateNow, "yyyyMM")+" (dt,cid,lid,login,nas_id,error_code,log_rec_id) "+ "VALUES ('"+TimeUtils.format(DateNow, "yyyy-MM-dd HH:mm:ss")+"', '"+cid+"', '"+login_id+"', '"+User_Name+"', '"+nas_id+"', '27', '"+log_rec_id+"')"; psUpdate = con.prepareStatement( query ); psUpdate.executeUpdate(); } mid = 1; //Не проверять Calling_Station_Id GROUP_NOT_Calling_Station_Id = 20; errCode = event.getErrorCode(); if (errCode != 0) { return; }; request = event.getRequest(); response = event.getResponse(); User_Name = request.getStringAttribute(RadiusStandartAttributes.User_Name); nas = request.getNAS(); nas_id = nas.getID(); nas_ip = nas.getNASIPAddress(); if (nas_id == 3) { //Модемный пул return; }; login = event.getLogin(); if (login == null) { return; }; login_ip = request.getStringAttribute(RadiusStandartAttributes.Calling_Station_Id); login_id = login.getId(); cid = login.getCid(); contract = new ContractManager(con).getContractByID(cid); contract_firma = contract.getFirmID(); contract_fc = contract.getFc(); contract_groups = contract.getGroups(); DateNow = new GregorianCalendar(); if (contract_firma == null) { return; }; if ((contract_groups & (1L<<GROUP_NOT_Calling_Station_Id )) > 0) { return; }; if (login_ip.matches("^10\\.0\\.2\\.[0-9]{1,3}$")) { //Админский сегмент return; }; //физики тип1 if (contract_firma == 2 && contract_fc == 0 && !login_ip.matches("^10\\.[1-4]\\.[0-9]{1,3}\\.[0-9]{1,3}$")) { response.setPacketType(RadiusPacket.AUTHENTICATION_REJECT); print("Drop "+User_Name+" "+login_ip); WriteErrorLogin(); return; } //Остальные физики if ((contract_firma == 1 || contract_firma == 4) && contract_fc == 0 && login_ip.matches("^10\\.[1-4]\\.[0-9]{1,3}\\.[0-9]{1,3}$|^10\\.33\\.[0-9]{1,3}\\.[0-9]{1,3}$|^10\\.64\\.[0-9]{1,3}\\.[0-9]{1,3}$")) { response.setPacketType(RadiusPacket.AUTHENTICATION_REJECT); print("Drop "+User_Name+" "+login_ip); WriteErrorLogin(); return; }