From 2d8782a6c6dbe316257b7a2a77f890012d8c0ba7 Mon Sep 17 00:00:00 2001 From: lhark Date: Sun, 15 Jan 2017 08:47:56 +0100 Subject: [PATCH] Simplify logic & improve readability. Harmonize log string language --- freeradius_utils/authenticate_filaire.py | 88 +++++++++++------------- 1 file changed, 42 insertions(+), 46 deletions(-) mode change 100755 => 100644 freeradius_utils/authenticate_filaire.py diff --git a/freeradius_utils/authenticate_filaire.py b/freeradius_utils/authenticate_filaire.py old mode 100755 new mode 100644 index 3640240a..45a87667 --- a/freeradius_utils/authenticate_filaire.py +++ b/freeradius_utils/authenticate_filaire.py @@ -24,53 +24,49 @@ VLAN_NOK = RADIUS_VLAN_DECISION['VLAN_NOK'] VLAN_OK = RADIUS_VLAN_DECISION['VLAN_OK'] def decide_vlan(switch_ip, port_number, mac_address): - # Get port from switch and port number - switch = Switch.objects.filter(switch_interface=Interface.objects.filter(ipv4=IpList.objects.filter(ipv4=switch_ip))) - if switch: - sw_name = str(switch[0].switch_interface) - port = Port.objects.filter(switch=switch[0], port=port_number) - if port: - port = port[0] - if port.radius == 'NO': - # Aucune authentification sur ce port - decision = (sw_name, "Pas d'authentification sur ce port", VLAN_OK) - elif port.radius == 'BLOQ': - # Prise désactivée - decision = (sw_name, 'Port desactive', VLAN_NOK) - elif port.radius == 'COMMON': - # Authentification par mac - interface = Interface.objects.filter(mac_address=mac_address) - if not interface: - decision = (sw_name, 'Mac not found', VLAN_NOK) - elif not interface[0].is_active(): - decision = (sw_name, 'Machine non active / adherent non cotisant', VLAN_NOK) - else: - decision = (sw_name, 'Machine OK', VLAN_OK) - elif port.radius == 'STRICT': - if port.room: - user = User.objects.filter(room=Room.objects.filter(name=port.room)) - if not user: - decision = (sw_name, 'Chambre non cotisante', VLAN_NOK) - elif not user[0].has_access(): - decision = (sw_name, 'Resident desactive', VLAN_NOK) - else: - # Verification de la mac - interface = Interface.objects.filter(mac_address=mac_address) - if not interface: - decision = (sw_name, 'Chambre Ok, but mac not found', VLAN_NOK) - elif not interface[0].is_active(): - decision = (sw_name, 'Chambre Ok, but machine non active / adherent non cotisant', VLAN_NOK) - else: - decision = (sw_name, 'Machine OK, Proprio OK', VLAN_OK) - else: - decision = (sw_name, 'Chambre inconnue', VLAN_NOK) - else: - decision = (sw_name, 'VLAN forced', int(port.radius)) - else: - decision = (sw_name, 'port not found!', VLAN_OK) + # Get port from switch and port number + switch = Switch.objects.filter(switch_interface=Interface.objects.filter(ipv4=IpList.objects.filter(ipv4=switch_ip))) + if not switch: + return ('?', 'Switch inconnu', VLAN_OK) + + sw_name = str(switch[0].switch_interface) + + port = Port.objects.filter(switch=switch[0], port=port_number) + if not port: + return (sw_name, 'Port inconnu', VLAN_OK) + + port = port[0] + + if port.radius == 'NO': + return (sw_name, "Pas d'authentification sur ce port", VLAN_OK) + + if port.radius == 'BLOQ': + return (sw_name, 'Port desactive', VLAN_NOK) + + if port.radius == 'STRICT': + if not port.room: + return (sw_name, 'Chambre inconnue', VLAN_NOK) + + room_user = User.objects.filter(room=Room.objects.filter(name=port.room)) + if not room_user: + return (sw_name, 'Chambre non cotisante', VLAN_NOK) + elif not room_user[0].has_access(): + return (sw_name, 'Chambre resident desactive', VLAN_NOK) + # else: user OK, on passe à la verif MAC + + if port.radius == 'COMMON' or port.radius == 'STRICT': + # Authentification par mac + interface = Interface.objects.filter(mac_address=mac_address) + if not interface: + return (sw_name, 'Machine inconnue', VLAN_NOK) + elif not interface[0].is_active(): + return (sw_name, 'Machine non active / adherent non cotisant', VLAN_NOK) else: - decision = ('?', 'switch not found!', VLAN_OK) - return decision + return (sw_name, 'Machine OK', VLAN_OK) + + # On gere bien tous les autres états possibles, il ne reste que le VLAN en dur + return (sw_name, 'VLAN impose', int(port.radius)) + if __name__ == '__main__': parser = argparse.ArgumentParser(description='Decide radius vlan attribution')