8
0
Fork 0
mirror of https://gitlab2.federez.net/re2o/re2o synced 2024-11-05 01:16:27 +00:00

Ajout du mode d'authentification dans le réglage nas

This commit is contained in:
Gabriel Detraz 2017-09-13 13:04:09 +00:00 committed by root
parent c9081517f1
commit 41fd4cf341
5 changed files with 72 additions and 23 deletions

View file

@ -149,9 +149,9 @@ def authorize(data):
mac = data.get('Calling-Station-Id', None) mac = data.get('Calling-Station-Id', None)
nas = data.get('NAS-IP-Address', data.get('NAS-Identifier', None)) nas = data.get('NAS-IP-Address', data.get('NAS-Identifier', None))
result, log, password = check_user_machine_and_register(nas, user, mac) result, log, password = check_user_machine_and_register(nas, user, mac)
logger.info(log.encode('utf-8'))
if not result: if not result:
logger.info(log)
return radiusd.RLM_MODULE_REJECT return radiusd.RLM_MODULE_REJECT
else: else:
return (radiusd.RLM_MODULE_UPDATED, return (radiusd.RLM_MODULE_UPDATED,
@ -222,36 +222,36 @@ def check_user_machine_and_register(nas_id, username, mac_address):
nas = find_nas_from_request(nas_id) nas = find_nas_from_request(nas_id)
if not nas and nas_id != '127.0.0.1': if not nas and nas_id != '127.0.0.1':
return (False, 'Nas inconnu %s ' % nas_id, '') return (False, u'Nas inconnu %s ' % nas_id, '')
interface = Interface.objects.filter(mac_address=mac_address).first() interface = Interface.objects.filter(mac_address=mac_address).first()
user = User.objects.filter(pseudo=username).first() user = User.objects.filter(pseudo=username).first()
if not user: if not user:
return (False, "User inconnu", '') return (False, u"User inconnu", '')
if not user.has_access: if not user.has_access():
return (False, "Adherent non cotisant", '') return (False, u"Adhérent non cotisant", '')
if interface: if interface:
if interface.machine.user != user: if interface.machine.user != user:
return (False, u"Machine enregistrée sur le compte d'un autre user...", '') return (False, u"Machine enregistrée sur le compte d'un autre user...", '')
elif not interface.is_active: elif not interface.is_active:
return (False, u"Machine desactivée", '') return (False, u"Machine desactivée", '')
else: else:
return (True, "Access ok", user.pwd_ntlm) return (True, u"Access ok", user.pwd_ntlm)
elif MAC_AUTOCAPTURE and nas_id!='127.0.0.1': elif MAC_AUTOCAPTURE and nas_id!='127.0.0.1':
ipv4 = nas.ipv4 ipv4 = nas.ipv4
result, reason = user.autoregister_machine(mac_address, ipv4) result, reason = user.autoregister_machine(mac_address, ipv4)
if result: if result:
return (True, 'Access Ok, Capture de la mac...', user.pwd_ntlm) return (True, u'Access Ok, Capture de la mac...', user.pwd_ntlm)
else: else:
return (False, u'Erreur dans le register mac %s' % reason, '') return (False, u'Erreur dans le register mac %s' % reason, '')
else: else:
return (False, "Machine inconnue", '') return (False, u"Machine inconnue", '')
def decide_vlan_and_register_switch(nas, port_number, mac_address): def decide_vlan_and_register_switch(nas, port_number, mac_address):
# Get port from switch and port number # Get port from switch and port number
if not nas: if not nas:
return ('?', 'Nas inconnu', VLAN_OK) return ('?', u'Nas inconnu', VLAN_OK)
ipv4 = nas.ipv4 ipv4 = nas.ipv4
@ -259,25 +259,25 @@ def decide_vlan_and_register_switch(nas, port_number, mac_address):
port = Port.objects.filter(switch=Switch.objects.filter(switch_interface=nas), port=port_number) port = Port.objects.filter(switch=Switch.objects.filter(switch_interface=nas), port=port_number)
if not port: if not port:
return (sw_name, 'Port inconnu', VLAN_OK) return (sw_name, u'Port inconnu', VLAN_OK)
port = port.first() port = port.first()
if port.radius == 'NO': if port.radius == 'NO':
return (sw_name, "Pas d'authentification sur ce port", VLAN_OK) return (sw_name, u"Pas d'authentification sur ce port", VLAN_OK)
if port.radius == 'BLOQ': if port.radius == 'BLOQ':
return (sw_name, 'Port desactive', VLAN_NOK) return (sw_name, u'Port desactive', VLAN_NOK)
if port.radius == 'STRICT': if port.radius == 'STRICT':
if not port.room: if not port.room:
return (sw_name, 'Chambre inconnue', VLAN_NOK) return (sw_name, u'Chambre inconnue', VLAN_NOK)
room_user = User.objects.filter(room=Room.objects.filter(name=port.room)) room_user = User.objects.filter(room=Room.objects.filter(name=port.room))
if not room_user: if not room_user:
return (sw_name, 'Chambre non cotisante', VLAN_NOK) return (sw_name, u'Chambre non cotisante', VLAN_NOK)
elif not room_user.first().has_access(): elif not room_user.first().has_access():
return (sw_name, 'Chambre resident desactive', VLAN_NOK) return (sw_name, u'Chambre resident desactive', VLAN_NOK)
# else: user OK, on passe à la verif MAC # else: user OK, on passe à la verif MAC
if port.radius == 'COMMON' or port.radius == 'STRICT': if port.radius == 'COMMON' or port.radius == 'STRICT':
@ -286,28 +286,28 @@ def decide_vlan_and_register_switch(nas, port_number, mac_address):
if not interface: if not interface:
# On essaye de register la mac # On essaye de register la mac
if not MAC_AUTOCAPTURE: if not MAC_AUTOCAPTURE:
return (sw_name, 'Machine inconnue', VLAN_NOK) return (sw_name, u'Machine inconnue', VLAN_NOK)
elif not port.room: elif not port.room:
return (sw_name, 'Chambre et machine inconnues', VLAN_NOK) return (sw_name, u'Chambre et machine inconnues', VLAN_NOK)
else: else:
room_user = User.objects.filter(room=Room.objects.filter(name=port.room)) room_user = User.objects.filter(room=Room.objects.filter(name=port.room))
if not room_user: if not room_user:
return (sw_name, 'Machine et propriétaire de la chambre inconnus', VLAN_NOK) return (sw_name, u'Machine et propriétaire de la chambre inconnus', VLAN_NOK)
elif not room_user.first().has_access(): elif not room_user.first().has_access():
return (sw_name, 'Machine inconnue et adhérent non cotisant', VLAN_NOK) return (sw_name, u'Machine inconnue et adhérent non cotisant', VLAN_NOK)
else: else:
result, reason = room_user.first().autoregister_machine(mac_address, ipv4) result, reason = room_user.first().autoregister_machine(mac_address, ipv4)
if result: if result:
return (sw_name, 'Access Ok, Capture de la mac...', VLAN_OK) return (sw_name, u'Access Ok, Capture de la mac...', VLAN_OK)
else: else:
return (sw_name, u'Erreur dans le register mac %s' % reason + unicode(mac_address), VLAN_NOK) return (sw_name, u'Erreur dans le register mac %s' % reason + unicode(mac_address), VLAN_NOK)
elif not interface.first().is_active: elif not interface.first().is_active:
return (sw_name, 'Machine non active / adherent non cotisant', VLAN_NOK) return (sw_name, u'Machine non active / adherent non cotisant', VLAN_NOK)
else: else:
return (sw_name, 'Machine OK', VLAN_OK) return (sw_name, u'Machine OK', VLAN_OK)
# On gere bien tous les autres états possibles, il ne reste que le VLAN en dur # On gere bien tous les autres états possibles, il ne reste que le VLAN en dur
return (sw_name, 'VLAN impose', int(port.radius)) return (sw_name, u'VLAN impose', int(port.radius))

View file

@ -0,0 +1,20 @@
# -*- coding: utf-8 -*-
# Generated by Django 1.10.7 on 2017-09-13 13:03
from __future__ import unicode_literals
from django.db import migrations, models
class Migration(migrations.Migration):
dependencies = [
('machines', '0055_nas'),
]
operations = [
migrations.AddField(
model_name='nas',
name='port_access_mode',
field=models.CharField(choices=[('802.1X', '802.1X'), ('Mac-address', 'Mac-address')], default='802.1X', max_length=32),
),
]

View file

@ -144,9 +144,16 @@ class Vlan(models.Model):
class Nas(models.Model): class Nas(models.Model):
PRETTY_NAME = "Correspondance entre les nas et les machines connectées" PRETTY_NAME = "Correspondance entre les nas et les machines connectées"
default_mode = '802.1X'
AUTH = (
('802.1X', '802.1X'),
('Mac-address', 'Mac-address'),
)
name = models.CharField(max_length=255, unique=True) name = models.CharField(max_length=255, unique=True)
nas_type = models.ForeignKey('MachineType', on_delete=models.PROTECT, related_name='nas_type') nas_type = models.ForeignKey('MachineType', on_delete=models.PROTECT, related_name='nas_type')
machine_type = models.ForeignKey('MachineType', on_delete=models.PROTECT, related_name='machinetype_on_nas') machine_type = models.ForeignKey('MachineType', on_delete=models.PROTECT, related_name='machinetype_on_nas')
port_access_mode = models.CharField(choices=AUTH, default=default_mode, max_length=32)
def __str__(self): def __str__(self):
return self.name return self.name

View file

@ -28,6 +28,7 @@ with this program; if not, write to the Free Software Foundation, Inc.,
<th>Nom</th> <th>Nom</th>
<th>Type du nas</th> <th>Type du nas</th>
<th>Type de machine reliées au nas</th> <th>Type de machine reliées au nas</th>
<th>Mode d'accès</th>
<th></th> <th></th>
</tr> </tr>
</thead> </thead>
@ -36,6 +37,7 @@ with this program; if not, write to the Free Software Foundation, Inc.,
<td>{{ nas.name }}</td> <td>{{ nas.name }}</td>
<td>{{ nas.nas_type }}</td> <td>{{ nas.nas_type }}</td>
<td>{{ nas.machine_type }}</td> <td>{{ nas.machine_type }}</td>
<td>{{ nas.port_access_mode }}</td>
<td class="text-right"> <td class="text-right">
{% if is_infra %} {% if is_infra %}
{% include 'buttons/edit.html' with href='machines:edit-nas' id=nas.id %} {% include 'buttons/edit.html' with href='machines:edit-nas' id=nas.id %}

View file

@ -0,0 +1,20 @@
# -*- coding: utf-8 -*-
# Generated by Django 1.10.7 on 2017-09-13 13:03
from __future__ import unicode_literals
from django.db import migrations, models
class Migration(migrations.Migration):
dependencies = [
('topologie', '0027_auto_20170905_1442'),
]
operations = [
migrations.AlterField(
model_name='port',
name='radius',
field=models.CharField(choices=[('NO', 'NO'), ('STRICT', 'STRICT'), ('BLOQ', 'BLOQ'), ('COMMON', 'COMMON'), ('2', '2'), ('4', '4'), ('5', '5'), ('6', '6'), ('7', '7'), ('20', '20')], default='NO', max_length=32),
),
]