rezometz/re2o
8
0
Fork 0
mirror of https://gitlab2.federez.net/re2o/re2o synced 2025-01-12 19:24:28 +00:00
Code Issues Releases Wiki Activity

Les reglages sur le type de nas sont dans la bdd

Browse source
This commit is contained in:
Gabriel Detraz 2017-09-14 14:42:50 +00:00 committed by root
parent 35671da0ad
commit 2a49566ee5
1 changed files with 26 additions and 20 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

38
freeradius_utils/auth.py
View file

@ -59,7 +59,7 @@ application = get_wsgi_application()
import argparse
from django.db.models import Q
from machines.models import Interface, IpList, Domain
from machines.models import Interface, IpList, Nas, Domain
from topologie.models import Room, Port, Switch
from users.models import User
from preferences.models import OptionalTopologie
@ -141,14 +141,25 @@ def instantiate(*_):
@radius_event
def authorize(data):
user = data.get('User-Name', None)
# Pour les requetes proxifiees, on split
nas_type = data.get('NAS-Port-Type', None)
if nas_type == "Wireless-802.11":
user = user.split('@', 1)[0]
mac = data.get('Calling-Station-Id', None)
nas = data.get('NAS-IP-Address', data.get('NAS-Identifier', None))
result, log, password = check_user_machine_and_register(nas, user, mac)
nas_instance = find_nas_from_request(nas)
# Toutes les reuquètes non proxifiées
if nas != '127.0.0.1':
if not nas_instance:
logger.info("Nas inconnu")
return radiusd.RLM_MODULE_REJECT
nas_type = Nas.objects.filter(nas_type=nas_instance.type).first()
if not nas_type:
logger.info("Type de nas non enregistré dans la bdd!".encode('utf-8'))
return radiusd.RLM_MODULE_REJECT
else:
nas_type = None
if not nas_type or nas_type.port_access_mode == '802.1X':
user = data.get('User-Name', '')
user = user.split('@', 1)[0]
mac = data.get('Calling-Station-Id', '')
result, log, password = check_user_machine_and_register(nas_type, user, mac)
logger.info(log.encode('utf-8'))
if not result:
@ -215,15 +226,10 @@ def find_nas_from_request(nas_id):
nas = Interface.objects.filter(Q(domain=Domain.objects.filter(name=nas_id)) | Q(ipv4=IpList.objects.filter(ipv4=nas_id)))
return nas.first()
def check_user_machine_and_register(nas_id, username, mac_address):
def check_user_machine_and_register(nas_type, username, mac_address):
""" Verifie le username et la mac renseignee. L'enregistre si elle est inconnue.
Renvoie le mot de passe ntlm de l'user si tout est ok
Utilise pour les authentifications en 802.1X"""
nas = find_nas_from_request(nas_id)
if not nas and nas_id != '127.0.0.1':
return (False, u'Nas inconnu %s ' % nas_id, '')
interface = Interface.objects.filter(mac_address=mac_address).first()
user = User.objects.filter(pseudo=username).first()
if not user:
@ -237,9 +243,9 @@ def check_user_machine_and_register(nas_id, username, mac_address):
return (False, u"Machine desactivée", '')
else:
return (True, u"Access ok", user.pwd_ntlm)
elif MAC_AUTOCAPTURE and nas_id!='127.0.0.1':
ipv4 = nas.ipv4
result, reason = user.autoregister_machine(mac_address, ipv4)
elif nas_type:
if nas_type.mac_autocapture:
result, reason = user.autoregister_machine(mac_address, nas_type)
if result:
return (True, u'Access Ok, Capture de la mac...', user.pwd_ntlm)
else: