From 41fd4cf3418aa725c55ab080c971216fff1b3754 Mon Sep 17 00:00:00 2001
From: Gabriel Detraz <detraz@crans.org>
Date: Wed, 13 Sep 2017 13:04:09 +0000
Subject: [PATCH] =?UTF-8?q?Ajout=20du=20mode=20d'authentification=20dans?=
 =?UTF-8?q?=20le=20r=C3=A9glage=20nas?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 freeradius_utils/auth.py                      | 46 +++++++++----------
 .../migrations/0056_nas_port_access_mode.py   | 20 ++++++++
 machines/models.py                            |  7 +++
 machines/templates/machines/aff_nas.html      |  2 +
 .../migrations/0028_auto_20170913_1503.py     | 20 ++++++++
 5 files changed, 72 insertions(+), 23 deletions(-)
 create mode 100644 machines/migrations/0056_nas_port_access_mode.py
 create mode 100644 topologie/migrations/0028_auto_20170913_1503.py

diff --git a/freeradius_utils/auth.py b/freeradius_utils/auth.py
index c70442eb..4f6c36f6 100644
--- a/freeradius_utils/auth.py
+++ b/freeradius_utils/auth.py
@@ -149,9 +149,9 @@ def authorize(data):
         mac = data.get('Calling-Station-Id', None)
         nas = data.get('NAS-IP-Address', data.get('NAS-Identifier', None))
         result, log, password = check_user_machine_and_register(nas, user, mac) 
+        logger.info(log.encode('utf-8'))
         
         if not result:
-            logger.info(log)
             return radiusd.RLM_MODULE_REJECT
         else:
             return (radiusd.RLM_MODULE_UPDATED,
@@ -222,36 +222,36 @@ def check_user_machine_and_register(nas_id, username, mac_address):
     nas = find_nas_from_request(nas_id)
 
     if not nas and nas_id != '127.0.0.1':
-        return (False, 'Nas inconnu %s ' % nas_id, '')
+        return (False, u'Nas inconnu %s ' % nas_id, '')
 
     interface = Interface.objects.filter(mac_address=mac_address).first()
     user = User.objects.filter(pseudo=username).first()
     if not user:
-        return (False, "User inconnu", '')
-    if not user.has_access:
-        return (False, "Adherent non cotisant", '')
+        return (False, u"User inconnu", '')
+    if not user.has_access():
+        return (False, u"Adhérent non cotisant", '')
     if interface:
         if interface.machine.user != user:
             return (False, u"Machine enregistrée sur le compte d'un autre user...", '')
         elif not interface.is_active:
             return (False, u"Machine desactivée", '')
         else:
-            return (True, "Access ok", user.pwd_ntlm)
+            return (True, u"Access ok", user.pwd_ntlm)
     elif MAC_AUTOCAPTURE and nas_id!='127.0.0.1':
         ipv4 = nas.ipv4   
         result, reason = user.autoregister_machine(mac_address, ipv4)
         if result:
-            return (True, 'Access Ok, Capture de la mac...', user.pwd_ntlm)
+            return (True, u'Access Ok, Capture de la mac...', user.pwd_ntlm)
         else:
             return (False, u'Erreur dans le register mac %s' % reason, '')        
     else:
-        return (False, "Machine inconnue", '')
+        return (False, u"Machine inconnue", '')
 
 
 def decide_vlan_and_register_switch(nas, port_number, mac_address):
     # Get port from switch and port number
     if not nas:
-        return ('?', 'Nas inconnu', VLAN_OK)
+        return ('?', u'Nas inconnu', VLAN_OK)
 
     ipv4 = nas.ipv4
 
@@ -259,25 +259,25 @@ def decide_vlan_and_register_switch(nas, port_number, mac_address):
 
     port = Port.objects.filter(switch=Switch.objects.filter(switch_interface=nas), port=port_number)
     if not port:
-        return (sw_name, 'Port inconnu', VLAN_OK)
+        return (sw_name, u'Port inconnu', VLAN_OK)
 
     port = port.first()
 
     if port.radius == 'NO':
-        return (sw_name, "Pas d'authentification sur ce port", VLAN_OK)
+        return (sw_name, u"Pas d'authentification sur ce port", VLAN_OK)
 
     if port.radius == 'BLOQ':
-        return (sw_name, 'Port desactive', VLAN_NOK)
+        return (sw_name, u'Port desactive', VLAN_NOK)
 
     if port.radius == 'STRICT':
         if not port.room:
-            return (sw_name, 'Chambre inconnue', VLAN_NOK)
+            return (sw_name, u'Chambre inconnue', VLAN_NOK)
 
         room_user = User.objects.filter(room=Room.objects.filter(name=port.room))
         if not room_user:
-            return (sw_name, 'Chambre non cotisante', VLAN_NOK)
+            return (sw_name, u'Chambre non cotisante', VLAN_NOK)
         elif not room_user.first().has_access():
-            return (sw_name, 'Chambre resident desactive', VLAN_NOK)
+            return (sw_name, u'Chambre resident desactive', VLAN_NOK)
         # else: user OK, on passe à la verif MAC
 
     if port.radius == 'COMMON' or port.radius == 'STRICT':
@@ -286,28 +286,28 @@ def decide_vlan_and_register_switch(nas, port_number, mac_address):
         if not interface:
             # On essaye de register la mac
             if not MAC_AUTOCAPTURE:
-                return (sw_name, 'Machine inconnue', VLAN_NOK)
+                return (sw_name, u'Machine inconnue', VLAN_NOK)
             elif not port.room:
-                return (sw_name, 'Chambre et machine inconnues', VLAN_NOK)
+                return (sw_name, u'Chambre et machine inconnues', VLAN_NOK)
             else:
                 room_user = User.objects.filter(room=Room.objects.filter(name=port.room))
                 if not room_user:
-                    return (sw_name, 'Machine et propriétaire de la chambre inconnus', VLAN_NOK)
+                    return (sw_name, u'Machine et propriétaire de la chambre inconnus', VLAN_NOK)
                 elif not room_user.first().has_access():
-                    return (sw_name, 'Machine inconnue et adhérent non cotisant', VLAN_NOK)
+                    return (sw_name, u'Machine inconnue et adhérent non cotisant', VLAN_NOK)
                 else:
                     result, reason = room_user.first().autoregister_machine(mac_address, ipv4)
                     if result:
-                        return (sw_name, 'Access Ok, Capture de la mac...', VLAN_OK)
+                        return (sw_name, u'Access Ok, Capture de la mac...', VLAN_OK)
                     else:
                         return (sw_name, u'Erreur dans le register mac %s' % reason + unicode(mac_address), VLAN_NOK) 
         elif not interface.first().is_active:
-            return (sw_name, 'Machine non active / adherent non cotisant', VLAN_NOK)
+            return (sw_name, u'Machine non active / adherent non cotisant', VLAN_NOK)
         else:
-            return (sw_name, 'Machine OK', VLAN_OK)
+            return (sw_name, u'Machine OK', VLAN_OK)
 
     # On gere bien tous les autres états possibles, il ne reste que le VLAN en dur
-    return (sw_name, 'VLAN impose', int(port.radius))
+    return (sw_name, u'VLAN impose', int(port.radius))
 
 
 
diff --git a/machines/migrations/0056_nas_port_access_mode.py b/machines/migrations/0056_nas_port_access_mode.py
new file mode 100644
index 00000000..20e5ba42
--- /dev/null
+++ b/machines/migrations/0056_nas_port_access_mode.py
@@ -0,0 +1,20 @@
+# -*- coding: utf-8 -*-
+# Generated by Django 1.10.7 on 2017-09-13 13:03
+from __future__ import unicode_literals
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('machines', '0055_nas'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='nas',
+            name='port_access_mode',
+            field=models.CharField(choices=[('802.1X', '802.1X'), ('Mac-address', 'Mac-address')], default='802.1X', max_length=32),
+        ),
+    ]
diff --git a/machines/models.py b/machines/models.py
index 769cd237..c6c80a38 100644
--- a/machines/models.py
+++ b/machines/models.py
@@ -144,9 +144,16 @@ class Vlan(models.Model):
 class Nas(models.Model):
     PRETTY_NAME = "Correspondance entre les nas et les machines connectées"
 
+    default_mode = '802.1X'
+    AUTH = (
+        ('802.1X', '802.1X'),
+        ('Mac-address', 'Mac-address'),
+    )
+
     name = models.CharField(max_length=255, unique=True)
     nas_type = models.ForeignKey('MachineType', on_delete=models.PROTECT, related_name='nas_type')
     machine_type = models.ForeignKey('MachineType', on_delete=models.PROTECT, related_name='machinetype_on_nas')
+    port_access_mode = models.CharField(choices=AUTH, default=default_mode, max_length=32)
 
     def __str__(self):
         return self.name
diff --git a/machines/templates/machines/aff_nas.html b/machines/templates/machines/aff_nas.html
index f9aa73c8..8d0f35ed 100644
--- a/machines/templates/machines/aff_nas.html
+++ b/machines/templates/machines/aff_nas.html
@@ -28,6 +28,7 @@ with this program; if not, write to the Free Software Foundation, Inc.,
                 <th>Nom</th>
 		<th>Type du nas</th>
                 <th>Type de machine reliées au nas</th>
+		<th>Mode d'accès</th>
     		<th></th>
             </tr>
         </thead>
@@ -36,6 +37,7 @@ with this program; if not, write to the Free Software Foundation, Inc.,
             <td>{{ nas.name }}</td>
             <td>{{ nas.nas_type  }}</td>
 	    <td>{{ nas.machine_type }}</td>
+	    <td>{{ nas.port_access_mode }}</td>
 	    <td class="text-right">
             {% if is_infra %}
                 {% include 'buttons/edit.html' with href='machines:edit-nas' id=nas.id %}
diff --git a/topologie/migrations/0028_auto_20170913_1503.py b/topologie/migrations/0028_auto_20170913_1503.py
new file mode 100644
index 00000000..139af559
--- /dev/null
+++ b/topologie/migrations/0028_auto_20170913_1503.py
@@ -0,0 +1,20 @@
+# -*- coding: utf-8 -*-
+# Generated by Django 1.10.7 on 2017-09-13 13:03
+from __future__ import unicode_literals
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('topologie', '0027_auto_20170905_1442'),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='port',
+            name='radius',
+            field=models.CharField(choices=[('NO', 'NO'), ('STRICT', 'STRICT'), ('BLOQ', 'BLOQ'), ('COMMON', 'COMMON'), ('2', '2'), ('4', '4'), ('5', '5'), ('6', '6'), ('7', '7'), ('20', '20')], default='NO', max_length=32),
+        ),
+    ]