mirror of
https://gitlab2.federez.net/re2o/re2o
synced 2025-01-26 18:14:20 +00:00
Ajout du mode d'authentification dans le réglage nas
This commit is contained in:
parent
078cf40a82
commit
c0124daa51
5 changed files with 72 additions and 23 deletions
|
@ -149,9 +149,9 @@ def authorize(data):
|
||||||
mac = data.get('Calling-Station-Id', None)
|
mac = data.get('Calling-Station-Id', None)
|
||||||
nas = data.get('NAS-IP-Address', data.get('NAS-Identifier', None))
|
nas = data.get('NAS-IP-Address', data.get('NAS-Identifier', None))
|
||||||
result, log, password = check_user_machine_and_register(nas, user, mac)
|
result, log, password = check_user_machine_and_register(nas, user, mac)
|
||||||
|
logger.info(log.encode('utf-8'))
|
||||||
|
|
||||||
if not result:
|
if not result:
|
||||||
logger.info(log)
|
|
||||||
return radiusd.RLM_MODULE_REJECT
|
return radiusd.RLM_MODULE_REJECT
|
||||||
else:
|
else:
|
||||||
return (radiusd.RLM_MODULE_UPDATED,
|
return (radiusd.RLM_MODULE_UPDATED,
|
||||||
|
@ -222,36 +222,36 @@ def check_user_machine_and_register(nas_id, username, mac_address):
|
||||||
nas = find_nas_from_request(nas_id)
|
nas = find_nas_from_request(nas_id)
|
||||||
|
|
||||||
if not nas and nas_id != '127.0.0.1':
|
if not nas and nas_id != '127.0.0.1':
|
||||||
return (False, 'Nas inconnu %s ' % nas_id, '')
|
return (False, u'Nas inconnu %s ' % nas_id, '')
|
||||||
|
|
||||||
interface = Interface.objects.filter(mac_address=mac_address).first()
|
interface = Interface.objects.filter(mac_address=mac_address).first()
|
||||||
user = User.objects.filter(pseudo=username).first()
|
user = User.objects.filter(pseudo=username).first()
|
||||||
if not user:
|
if not user:
|
||||||
return (False, "User inconnu", '')
|
return (False, u"User inconnu", '')
|
||||||
if not user.has_access:
|
if not user.has_access():
|
||||||
return (False, "Adherent non cotisant", '')
|
return (False, u"Adhérent non cotisant", '')
|
||||||
if interface:
|
if interface:
|
||||||
if interface.machine.user != user:
|
if interface.machine.user != user:
|
||||||
return (False, u"Machine enregistrée sur le compte d'un autre user...", '')
|
return (False, u"Machine enregistrée sur le compte d'un autre user...", '')
|
||||||
elif not interface.is_active:
|
elif not interface.is_active:
|
||||||
return (False, u"Machine desactivée", '')
|
return (False, u"Machine desactivée", '')
|
||||||
else:
|
else:
|
||||||
return (True, "Access ok", user.pwd_ntlm)
|
return (True, u"Access ok", user.pwd_ntlm)
|
||||||
elif MAC_AUTOCAPTURE and nas_id!='127.0.0.1':
|
elif MAC_AUTOCAPTURE and nas_id!='127.0.0.1':
|
||||||
ipv4 = nas.ipv4
|
ipv4 = nas.ipv4
|
||||||
result, reason = user.autoregister_machine(mac_address, ipv4)
|
result, reason = user.autoregister_machine(mac_address, ipv4)
|
||||||
if result:
|
if result:
|
||||||
return (True, 'Access Ok, Capture de la mac...', user.pwd_ntlm)
|
return (True, u'Access Ok, Capture de la mac...', user.pwd_ntlm)
|
||||||
else:
|
else:
|
||||||
return (False, u'Erreur dans le register mac %s' % reason, '')
|
return (False, u'Erreur dans le register mac %s' % reason, '')
|
||||||
else:
|
else:
|
||||||
return (False, "Machine inconnue", '')
|
return (False, u"Machine inconnue", '')
|
||||||
|
|
||||||
|
|
||||||
def decide_vlan_and_register_switch(nas, port_number, mac_address):
|
def decide_vlan_and_register_switch(nas, port_number, mac_address):
|
||||||
# Get port from switch and port number
|
# Get port from switch and port number
|
||||||
if not nas:
|
if not nas:
|
||||||
return ('?', 'Nas inconnu', VLAN_OK)
|
return ('?', u'Nas inconnu', VLAN_OK)
|
||||||
|
|
||||||
ipv4 = nas.ipv4
|
ipv4 = nas.ipv4
|
||||||
|
|
||||||
|
@ -259,25 +259,25 @@ def decide_vlan_and_register_switch(nas, port_number, mac_address):
|
||||||
|
|
||||||
port = Port.objects.filter(switch=Switch.objects.filter(switch_interface=nas), port=port_number)
|
port = Port.objects.filter(switch=Switch.objects.filter(switch_interface=nas), port=port_number)
|
||||||
if not port:
|
if not port:
|
||||||
return (sw_name, 'Port inconnu', VLAN_OK)
|
return (sw_name, u'Port inconnu', VLAN_OK)
|
||||||
|
|
||||||
port = port.first()
|
port = port.first()
|
||||||
|
|
||||||
if port.radius == 'NO':
|
if port.radius == 'NO':
|
||||||
return (sw_name, "Pas d'authentification sur ce port", VLAN_OK)
|
return (sw_name, u"Pas d'authentification sur ce port", VLAN_OK)
|
||||||
|
|
||||||
if port.radius == 'BLOQ':
|
if port.radius == 'BLOQ':
|
||||||
return (sw_name, 'Port desactive', VLAN_NOK)
|
return (sw_name, u'Port desactive', VLAN_NOK)
|
||||||
|
|
||||||
if port.radius == 'STRICT':
|
if port.radius == 'STRICT':
|
||||||
if not port.room:
|
if not port.room:
|
||||||
return (sw_name, 'Chambre inconnue', VLAN_NOK)
|
return (sw_name, u'Chambre inconnue', VLAN_NOK)
|
||||||
|
|
||||||
room_user = User.objects.filter(room=Room.objects.filter(name=port.room))
|
room_user = User.objects.filter(room=Room.objects.filter(name=port.room))
|
||||||
if not room_user:
|
if not room_user:
|
||||||
return (sw_name, 'Chambre non cotisante', VLAN_NOK)
|
return (sw_name, u'Chambre non cotisante', VLAN_NOK)
|
||||||
elif not room_user.first().has_access():
|
elif not room_user.first().has_access():
|
||||||
return (sw_name, 'Chambre resident desactive', VLAN_NOK)
|
return (sw_name, u'Chambre resident desactive', VLAN_NOK)
|
||||||
# else: user OK, on passe à la verif MAC
|
# else: user OK, on passe à la verif MAC
|
||||||
|
|
||||||
if port.radius == 'COMMON' or port.radius == 'STRICT':
|
if port.radius == 'COMMON' or port.radius == 'STRICT':
|
||||||
|
@ -286,28 +286,28 @@ def decide_vlan_and_register_switch(nas, port_number, mac_address):
|
||||||
if not interface:
|
if not interface:
|
||||||
# On essaye de register la mac
|
# On essaye de register la mac
|
||||||
if not MAC_AUTOCAPTURE:
|
if not MAC_AUTOCAPTURE:
|
||||||
return (sw_name, 'Machine inconnue', VLAN_NOK)
|
return (sw_name, u'Machine inconnue', VLAN_NOK)
|
||||||
elif not port.room:
|
elif not port.room:
|
||||||
return (sw_name, 'Chambre et machine inconnues', VLAN_NOK)
|
return (sw_name, u'Chambre et machine inconnues', VLAN_NOK)
|
||||||
else:
|
else:
|
||||||
room_user = User.objects.filter(room=Room.objects.filter(name=port.room))
|
room_user = User.objects.filter(room=Room.objects.filter(name=port.room))
|
||||||
if not room_user:
|
if not room_user:
|
||||||
return (sw_name, 'Machine et propriétaire de la chambre inconnus', VLAN_NOK)
|
return (sw_name, u'Machine et propriétaire de la chambre inconnus', VLAN_NOK)
|
||||||
elif not room_user.first().has_access():
|
elif not room_user.first().has_access():
|
||||||
return (sw_name, 'Machine inconnue et adhérent non cotisant', VLAN_NOK)
|
return (sw_name, u'Machine inconnue et adhérent non cotisant', VLAN_NOK)
|
||||||
else:
|
else:
|
||||||
result, reason = room_user.first().autoregister_machine(mac_address, ipv4)
|
result, reason = room_user.first().autoregister_machine(mac_address, ipv4)
|
||||||
if result:
|
if result:
|
||||||
return (sw_name, 'Access Ok, Capture de la mac...', VLAN_OK)
|
return (sw_name, u'Access Ok, Capture de la mac...', VLAN_OK)
|
||||||
else:
|
else:
|
||||||
return (sw_name, u'Erreur dans le register mac %s' % reason + unicode(mac_address), VLAN_NOK)
|
return (sw_name, u'Erreur dans le register mac %s' % reason + unicode(mac_address), VLAN_NOK)
|
||||||
elif not interface.first().is_active:
|
elif not interface.first().is_active:
|
||||||
return (sw_name, 'Machine non active / adherent non cotisant', VLAN_NOK)
|
return (sw_name, u'Machine non active / adherent non cotisant', VLAN_NOK)
|
||||||
else:
|
else:
|
||||||
return (sw_name, 'Machine OK', VLAN_OK)
|
return (sw_name, u'Machine OK', VLAN_OK)
|
||||||
|
|
||||||
# On gere bien tous les autres états possibles, il ne reste que le VLAN en dur
|
# On gere bien tous les autres états possibles, il ne reste que le VLAN en dur
|
||||||
return (sw_name, 'VLAN impose', int(port.radius))
|
return (sw_name, u'VLAN impose', int(port.radius))
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
20
machines/migrations/0056_nas_port_access_mode.py
Normal file
20
machines/migrations/0056_nas_port_access_mode.py
Normal file
|
@ -0,0 +1,20 @@
|
||||||
|
# -*- coding: utf-8 -*-
|
||||||
|
# Generated by Django 1.10.7 on 2017-09-13 13:03
|
||||||
|
from __future__ import unicode_literals
|
||||||
|
|
||||||
|
from django.db import migrations, models
|
||||||
|
|
||||||
|
|
||||||
|
class Migration(migrations.Migration):
|
||||||
|
|
||||||
|
dependencies = [
|
||||||
|
('machines', '0055_nas'),
|
||||||
|
]
|
||||||
|
|
||||||
|
operations = [
|
||||||
|
migrations.AddField(
|
||||||
|
model_name='nas',
|
||||||
|
name='port_access_mode',
|
||||||
|
field=models.CharField(choices=[('802.1X', '802.1X'), ('Mac-address', 'Mac-address')], default='802.1X', max_length=32),
|
||||||
|
),
|
||||||
|
]
|
|
@ -144,9 +144,16 @@ class Vlan(models.Model):
|
||||||
class Nas(models.Model):
|
class Nas(models.Model):
|
||||||
PRETTY_NAME = "Correspondance entre les nas et les machines connectées"
|
PRETTY_NAME = "Correspondance entre les nas et les machines connectées"
|
||||||
|
|
||||||
|
default_mode = '802.1X'
|
||||||
|
AUTH = (
|
||||||
|
('802.1X', '802.1X'),
|
||||||
|
('Mac-address', 'Mac-address'),
|
||||||
|
)
|
||||||
|
|
||||||
name = models.CharField(max_length=255, unique=True)
|
name = models.CharField(max_length=255, unique=True)
|
||||||
nas_type = models.ForeignKey('MachineType', on_delete=models.PROTECT, related_name='nas_type')
|
nas_type = models.ForeignKey('MachineType', on_delete=models.PROTECT, related_name='nas_type')
|
||||||
machine_type = models.ForeignKey('MachineType', on_delete=models.PROTECT, related_name='machinetype_on_nas')
|
machine_type = models.ForeignKey('MachineType', on_delete=models.PROTECT, related_name='machinetype_on_nas')
|
||||||
|
port_access_mode = models.CharField(choices=AUTH, default=default_mode, max_length=32)
|
||||||
|
|
||||||
def __str__(self):
|
def __str__(self):
|
||||||
return self.name
|
return self.name
|
||||||
|
|
|
@ -28,6 +28,7 @@ with this program; if not, write to the Free Software Foundation, Inc.,
|
||||||
<th>Nom</th>
|
<th>Nom</th>
|
||||||
<th>Type du nas</th>
|
<th>Type du nas</th>
|
||||||
<th>Type de machine reliées au nas</th>
|
<th>Type de machine reliées au nas</th>
|
||||||
|
<th>Mode d'accès</th>
|
||||||
<th></th>
|
<th></th>
|
||||||
</tr>
|
</tr>
|
||||||
</thead>
|
</thead>
|
||||||
|
@ -36,6 +37,7 @@ with this program; if not, write to the Free Software Foundation, Inc.,
|
||||||
<td>{{ nas.name }}</td>
|
<td>{{ nas.name }}</td>
|
||||||
<td>{{ nas.nas_type }}</td>
|
<td>{{ nas.nas_type }}</td>
|
||||||
<td>{{ nas.machine_type }}</td>
|
<td>{{ nas.machine_type }}</td>
|
||||||
|
<td>{{ nas.port_access_mode }}</td>
|
||||||
<td class="text-right">
|
<td class="text-right">
|
||||||
{% if is_infra %}
|
{% if is_infra %}
|
||||||
{% include 'buttons/edit.html' with href='machines:edit-nas' id=nas.id %}
|
{% include 'buttons/edit.html' with href='machines:edit-nas' id=nas.id %}
|
||||||
|
|
20
topologie/migrations/0028_auto_20170913_1503.py
Normal file
20
topologie/migrations/0028_auto_20170913_1503.py
Normal file
|
@ -0,0 +1,20 @@
|
||||||
|
# -*- coding: utf-8 -*-
|
||||||
|
# Generated by Django 1.10.7 on 2017-09-13 13:03
|
||||||
|
from __future__ import unicode_literals
|
||||||
|
|
||||||
|
from django.db import migrations, models
|
||||||
|
|
||||||
|
|
||||||
|
class Migration(migrations.Migration):
|
||||||
|
|
||||||
|
dependencies = [
|
||||||
|
('topologie', '0027_auto_20170905_1442'),
|
||||||
|
]
|
||||||
|
|
||||||
|
operations = [
|
||||||
|
migrations.AlterField(
|
||||||
|
model_name='port',
|
||||||
|
name='radius',
|
||||||
|
field=models.CharField(choices=[('NO', 'NO'), ('STRICT', 'STRICT'), ('BLOQ', 'BLOQ'), ('COMMON', 'COMMON'), ('2', '2'), ('4', '4'), ('5', '5'), ('6', '6'), ('7', '7'), ('20', '20')], default='NO', max_length=32),
|
||||||
|
),
|
||||||
|
]
|
Loading…
Add table
Reference in a new issue