mirror of
https://gitlab2.federez.net/re2o/re2o
synced 2024-11-09 19:36:27 +00:00
Fix langue et 802.X radius + divers
This commit is contained in:
parent
2a2a2850bd
commit
4270cd32bc
12 changed files with 245 additions and 117 deletions
|
@ -355,30 +355,47 @@ def decide_vlan_and_register_switch(nas_machine, nas_type, port_number,
|
||||||
port=port_number
|
port=port_number
|
||||||
)
|
)
|
||||||
.first())
|
.first())
|
||||||
|
|
||||||
# Si le port est inconnu, on place sur le vlan defaut
|
# Si le port est inconnu, on place sur le vlan defaut
|
||||||
|
# Aucune information particulière ne permet de déterminer quelle
|
||||||
|
# politique à appliquer sur ce port
|
||||||
if not port:
|
if not port:
|
||||||
return (sw_name, "Chambre inconnue", u'Port inconnu', VLAN_OK)
|
return (sw_name, "Chambre inconnue", u'Port inconnu', VLAN_OK)
|
||||||
|
|
||||||
# On récupère le profil du port
|
# On récupère le profil du port
|
||||||
port_profil = port.get_port_profil
|
port_profil = port.get_port_profil
|
||||||
|
|
||||||
# Si un vlan a été précisé, on l'utilise pour VLAN_OK
|
# Si un vlan a été précisé dans la config du port,
|
||||||
|
# on l'utilise pour VLAN_OK
|
||||||
if port_profil.vlan_untagged:
|
if port_profil.vlan_untagged:
|
||||||
DECISION_VLAN = int(port_profil.vlan_untagged.vlan_id)
|
DECISION_VLAN = int(port_profil.vlan_untagged.vlan_id)
|
||||||
extra_log = u"Force sur vlan " + str(DECISION_VLAN)
|
extra_log = u"Force sur vlan " + str(DECISION_VLAN)
|
||||||
else:
|
else:
|
||||||
DECISION_VLAN = VLAN_OK
|
DECISION_VLAN = VLAN_OK
|
||||||
|
|
||||||
|
# Si le port est désactivé, on rejette sur le vlan de déconnexion
|
||||||
if not port.state:
|
if not port.state:
|
||||||
return (sw_name, port.room, u'Port desactive', VLAN_NOK)
|
return (sw_name, port.room, u'Port desactivé', VLAN_NOK)
|
||||||
|
|
||||||
|
# Si radius est désactivé, on laisse passer
|
||||||
if port_profil.radius_type == 'NO':
|
if port_profil.radius_type == 'NO':
|
||||||
return (sw_name,
|
return (sw_name,
|
||||||
"",
|
"",
|
||||||
u"Pas d'authentification sur ce port" + extra_log,
|
u"Pas d'authentification sur ce port" + extra_log,
|
||||||
DECISION_VLAN)
|
DECISION_VLAN)
|
||||||
|
|
||||||
if port_profil.radius_type == 'STRICT':
|
# Si le 802.1X est activé sur ce port, cela veut dire que la personne a été accept précédemment
|
||||||
|
# Par conséquent, on laisse passer sur le bon vlan
|
||||||
|
if nas_type.port_access_mode == '802.1X' and port_profil.radius_type == '802.1X':
|
||||||
|
room = port.room or "Chambre/local inconnu"
|
||||||
|
return (sw_name, room, u'Acceptation authentification 802.1X', DECISION_VLAN)
|
||||||
|
|
||||||
|
# Sinon, cela veut dire qu'on fait de l'auth radius par mac
|
||||||
|
# Si le port est en mode strict, on vérifie que tous les users
|
||||||
|
# rattachés à ce port sont bien à jour de cotisation. Sinon on rejette (anti squattage)
|
||||||
|
# Il n'est pas possible de se connecter sur une prise strict sans adhérent à jour de cotis
|
||||||
|
# dedans
|
||||||
|
if port_profil.radius_mode == 'STRICT':
|
||||||
room = port.room
|
room = port.room
|
||||||
if not room:
|
if not room:
|
||||||
return (sw_name, "Inconnue", u'Chambre inconnue', VLAN_NOK)
|
return (sw_name, "Inconnue", u'Chambre inconnue', VLAN_NOK)
|
||||||
|
@ -393,7 +410,8 @@ def decide_vlan_and_register_switch(nas_machine, nas_type, port_number,
|
||||||
return (sw_name, room, u'Chambre resident desactive', VLAN_NOK)
|
return (sw_name, room, u'Chambre resident desactive', VLAN_NOK)
|
||||||
# else: user OK, on passe à la verif MAC
|
# else: user OK, on passe à la verif MAC
|
||||||
|
|
||||||
if port_profil.radius_type == 'COMMON' or port_profil.radius_type == 'STRICT':
|
# Si on fait de l'auth par mac, on cherche l'interface via sa mac dans la bdd
|
||||||
|
if port_profil.radius_mode == 'COMMON' or port_profil.radius_mode == 'STRICT':
|
||||||
# Authentification par mac
|
# Authentification par mac
|
||||||
interface = (Interface.objects
|
interface = (Interface.objects
|
||||||
.filter(mac_address=mac_address)
|
.filter(mac_address=mac_address)
|
||||||
|
@ -402,15 +420,19 @@ def decide_vlan_and_register_switch(nas_machine, nas_type, port_number,
|
||||||
.first())
|
.first())
|
||||||
if not interface:
|
if not interface:
|
||||||
room = port.room
|
room = port.room
|
||||||
# On essaye de register la mac
|
# On essaye de register la mac, si l'autocapture a été activée
|
||||||
|
# Sinon on rejette sur vlan_nok
|
||||||
if not nas_type.autocapture_mac:
|
if not nas_type.autocapture_mac:
|
||||||
return (sw_name, "", u'Machine inconnue', VLAN_NOK)
|
return (sw_name, "", u'Machine inconnue', VLAN_NOK)
|
||||||
|
# On ne peut autocapturer que si on connait la chambre et donc l'user correspondant
|
||||||
elif not room:
|
elif not room:
|
||||||
return (sw_name,
|
return (sw_name,
|
||||||
"Inconnue",
|
"Inconnue",
|
||||||
u'Chambre et machine inconnues',
|
u'Chambre et machine inconnues',
|
||||||
VLAN_NOK)
|
VLAN_NOK)
|
||||||
else:
|
else:
|
||||||
|
# Si la chambre est vide (local club, prises en libre services)
|
||||||
|
# Impossible d'autocapturer
|
||||||
if not room_user:
|
if not room_user:
|
||||||
room_user = User.objects.filter(
|
room_user = User.objects.filter(
|
||||||
Q(club__room=port.room) | Q(adherent__room=port.room)
|
Q(club__room=port.room) | Q(adherent__room=port.room)
|
||||||
|
@ -421,6 +443,8 @@ def decide_vlan_and_register_switch(nas_machine, nas_type, port_number,
|
||||||
u'Machine et propriétaire de la chambre '
|
u'Machine et propriétaire de la chambre '
|
||||||
'inconnus',
|
'inconnus',
|
||||||
VLAN_NOK)
|
VLAN_NOK)
|
||||||
|
# Si il y a plus d'un user dans la chambre, impossible de savoir à qui
|
||||||
|
# Ajouter la machine
|
||||||
elif room_user.count() > 1:
|
elif room_user.count() > 1:
|
||||||
return (sw_name,
|
return (sw_name,
|
||||||
room,
|
room,
|
||||||
|
@ -428,11 +452,13 @@ def decide_vlan_and_register_switch(nas_machine, nas_type, port_number,
|
||||||
'dans la chambre/local -> ajout de mac '
|
'dans la chambre/local -> ajout de mac '
|
||||||
'automatique impossible',
|
'automatique impossible',
|
||||||
VLAN_NOK)
|
VLAN_NOK)
|
||||||
|
# Si l'adhérent de la chambre n'est pas à jour de cotis, pas d'autocapture
|
||||||
elif not room_user.first().has_access():
|
elif not room_user.first().has_access():
|
||||||
return (sw_name,
|
return (sw_name,
|
||||||
room,
|
room,
|
||||||
u'Machine inconnue et adhérent non cotisant',
|
u'Machine inconnue et adhérent non cotisant',
|
||||||
VLAN_NOK)
|
VLAN_NOK)
|
||||||
|
# Sinon on capture et on laisse passer sur le bon vlan
|
||||||
else:
|
else:
|
||||||
result, reason = (room_user
|
result, reason = (room_user
|
||||||
.first()
|
.first()
|
||||||
|
@ -452,6 +478,9 @@ def decide_vlan_and_register_switch(nas_machine, nas_type, port_number,
|
||||||
reason + str(mac_address)
|
reason + str(mac_address)
|
||||||
),
|
),
|
||||||
VLAN_NOK)
|
VLAN_NOK)
|
||||||
|
# L'interface a été trouvée, on vérifie qu'elle est active, sinon on reject
|
||||||
|
# Si elle n'a pas d'ipv4, on lui en met une
|
||||||
|
# Enfin on laisse passer sur le vlan pertinent
|
||||||
else:
|
else:
|
||||||
room = port.room
|
room = port.room
|
||||||
if not interface.is_active:
|
if not interface.is_active:
|
||||||
|
|
|
@ -262,9 +262,9 @@ def search_single_word(word, filters, user,
|
||||||
) | Q(
|
) | Q(
|
||||||
related__switch__interface__domain__name__icontains=word
|
related__switch__interface__domain__name__icontains=word
|
||||||
) | Q(
|
) | Q(
|
||||||
custom_profil__name__icontains=word
|
custom_profile__name__icontains=word
|
||||||
) | Q(
|
) | Q(
|
||||||
custom_profil__profil_default__icontains=word
|
custom_profile__profil_default__icontains=word
|
||||||
) | Q(
|
) | Q(
|
||||||
details__icontains=word
|
details__icontains=word
|
||||||
)
|
)
|
||||||
|
|
|
@ -80,8 +80,8 @@ class EditPortForm(FormRevMixin, ModelForm):
|
||||||
optimiser le temps de chargement avec select_related (vraiment
|
optimiser le temps de chargement avec select_related (vraiment
|
||||||
lent sans)"""
|
lent sans)"""
|
||||||
class Meta(PortForm.Meta):
|
class Meta(PortForm.Meta):
|
||||||
fields = ['room', 'related', 'machine_interface', 'custom_profil',
|
fields = ['room', 'related', 'machine_interface', 'custom_profile',
|
||||||
'state', 'details']
|
'state', 'details']
|
||||||
|
|
||||||
def __init__(self, *args, **kwargs):
|
def __init__(self, *args, **kwargs):
|
||||||
prefix = kwargs.pop('prefix', self.Meta.model.__name__)
|
prefix = kwargs.pop('prefix', self.Meta.model.__name__)
|
||||||
|
@ -101,7 +101,7 @@ class AddPortForm(FormRevMixin, ModelForm):
|
||||||
'room',
|
'room',
|
||||||
'machine_interface',
|
'machine_interface',
|
||||||
'related',
|
'related',
|
||||||
'custom_profil',
|
'custom_profile',
|
||||||
'state',
|
'state',
|
||||||
'details'
|
'details'
|
||||||
]
|
]
|
||||||
|
|
|
@ -5,53 +5,49 @@ from __future__ import unicode_literals
|
||||||
from django.db import migrations
|
from django.db import migrations
|
||||||
|
|
||||||
|
|
||||||
|
def transfer_profil(apps, schema_editor):
|
||||||
|
db_alias = schema_editor.connection.alias
|
||||||
|
port = apps.get_model("topologie", "Port")
|
||||||
|
profil = apps.get_model("topologie", "PortProfile")
|
||||||
|
vlan = apps.get_model("machines", "Vlan")
|
||||||
|
port_list = port.objects.using(db_alias).all()
|
||||||
|
profil_nothing = profil.objects.using(db_alias).create(name='nothing', profil_default='nothing', radius_type='NO')
|
||||||
|
profil_uplink = profil.objects.using(db_alias).create(name='uplink', profil_default='uplink', radius_type='NO')
|
||||||
|
profil_machine = profil.objects.using(db_alias).create(name='asso_machine', profil_default='asso_machine', radius_type='NO')
|
||||||
|
profil_room = profil.objects.using(db_alias).create(name='room', profil_default='room', radius_type='NO')
|
||||||
|
profil_borne = profil.objects.using(db_alias).create(name='accesspoint', profil_default='accesspoint', radius_type='NO')
|
||||||
|
for vlan_instance in vlan.objects.using(db_alias).all():
|
||||||
|
if port.objects.using(db_alias).filter(vlan_force=vlan_instance):
|
||||||
|
custom_profil = profil.objects.using(db_alias).create(name='vlan-force-' + str(vlan_instance.vlan_id), radius_type='NO', vlan_untagged=vlan_instance)
|
||||||
|
port.objects.using(db_alias).filter(vlan_force=vlan_instance).update(custom_profil=custom_profil)
|
||||||
|
if port.objects.using(db_alias).filter(room__isnull=False).filter(radius='STRICT').count() > port.objects.using(db_alias).filter(room__isnull=False).filter(radius='NO').count() and port.objects.using(db_alias).filter(room__isnull=False).filter(radius='STRICT').count() > port.objects.using(db_alias).filter(room__isnull=False).filter(radius='COMMON').count():
|
||||||
|
profil_room.radius_type = 'MAC-radius'
|
||||||
|
profil_room.radius_mode = 'STRICT'
|
||||||
|
common_profil = profil.objects.using(db_alias).create(name='mac-radius-common', radius_type='MAC-radius', radius_mode='COMMON')
|
||||||
|
no_rad_profil = profil.objects.using(db_alias).create(name='no-radius', radius_type='NO')
|
||||||
|
port.objects.using(db_alias).filter(room__isnull=False).filter(radius='COMMON').update(custom_profil=common_profil)
|
||||||
|
port.objects.using(db_alias).filter(room__isnull=False).filter(radius='NO').update(custom_profil=no_rad_profil)
|
||||||
|
elif port.objects.using(db_alias).filter(room__isnull=False).filter(radius='COMMON').count() > port.objects.using(db_alias).filter(room__isnull=False).filter(radius='NO').count() and port.objects.using(db_alias).filter(room__isnull=False).filter(radius='COMMON').count() > port.objects.using(db_alias).filter(room__isnull=False).filter(radius='STRICT').count():
|
||||||
|
profil_room.radius_type = 'MAC-radius'
|
||||||
|
profil_room.radius_mode = 'COMMON'
|
||||||
|
strict_profil = profil.objects.using(db_alias).create(name='mac-radius-strict', radius_type='MAC-radius', radius_mode='STRICT')
|
||||||
|
no_rad_profil = profil.objects.using(db_alias).create(name='no-radius', radius_type='NO')
|
||||||
|
port.objects.using(db_alias).filter(room__isnull=False).filter(radius='STRICT').update(custom_profil=strict_profil)
|
||||||
|
port.objects.using(db_alias).filter(room__isnull=False).filter(radius='NO').update(custom_profil=no_rad_profil)
|
||||||
|
else:
|
||||||
|
strict_profil = profil.objects.using(db_alias).create(name='mac-radius-strict', radius_type='MAC-radius', radius_mode='STRICT')
|
||||||
|
common_profil = profil.objects.using(db_alias).create(name='mac-radius-common', radius_type='MAC-radius', radius_mode='COMMON')
|
||||||
|
port.objects.using(db_alias).filter(room__isnull=False).filter(radius='STRICT').update(custom_profil=strict_profil)
|
||||||
|
port.objects.using(db_alias).filter(room__isnull=False).filter(radius='NO').update(custom_profil=common_profil)
|
||||||
|
profil_room.save()
|
||||||
|
|
||||||
|
|
||||||
class Migration(migrations.Migration):
|
class Migration(migrations.Migration):
|
||||||
|
|
||||||
dependencies = [
|
dependencies = [
|
||||||
('topologie', '0063_port_custom_profil'),
|
('topologie', '0063_port_custom_profil'),
|
||||||
]
|
]
|
||||||
|
|
||||||
def transfer_profil(apps, schema_editor):
|
|
||||||
db_alias = schema_editor.connection.alias
|
|
||||||
port = apps.get_model("topologie", "Port")
|
|
||||||
profil = apps.get_model("topologie", "PortProfile")
|
|
||||||
vlan = apps.get_model("machines", "Vlan")
|
|
||||||
port_list = port.objects.using(db_alias).all()
|
|
||||||
profil_nothing = profil.objects.using(db_alias).create(name='nothing', profil_default='nothing', radius_type='NO')
|
|
||||||
profil_uplink = profil.objects.using(db_alias).create(name='uplink', profil_default='uplink', radius_type='NO')
|
|
||||||
profil_machine = profil.objects.using(db_alias).create(name='asso_machine', profil_default='asso_machine', radius_type='NO')
|
|
||||||
profil_room = profil.objects.using(db_alias).create(name='room', profil_default='room', radius_type='NO')
|
|
||||||
profil_borne = profil.objects.using(db_alias).create(name='accesspoint', profil_default='accesspoint', radius_type='NO')
|
|
||||||
for vlan_instance in vlan.objects.using(db_alias).all():
|
|
||||||
if port.objects.using(db_alias).filter(vlan_force=vlan_instance):
|
|
||||||
custom_profil = profil.objects.using(db_alias).create(name='vlan-force-' + str(vlan_instance.vlan_id), radius_type='NO', vlan_untagged=vlan_instance)
|
|
||||||
port.objects.using(db_alias).filter(vlan_force=vlan_instance).update(custom_profil=custom_profil)
|
|
||||||
if port.objects.using(db_alias).filter(room__isnull=False).filter(radius='STRICT').count() > port.objects.using(db_alias).filter(room__isnull=False).filter(radius='NO').count() and port.objects.using(db_alias).filter(room__isnull=False).filter(radius='STRICT').count() > port.objects.using(db_alias).filter(room__isnull=False).filter(radius='COMMON').count():
|
|
||||||
profil_room.radius_type = 'MAC-radius'
|
|
||||||
profil_room.radius_mode = 'STRICT'
|
|
||||||
common_profil = profil.objects.using(db_alias).create(name='mac-radius-common', radius_type='MAC-radius', radius_mode='COMMON')
|
|
||||||
no_rad_profil = profil.objects.using(db_alias).create(name='no-radius', radius_type='NO')
|
|
||||||
port.objects.using(db_alias).filter(room__isnull=False).filter(radius='COMMON').update(custom_profil=common_profil)
|
|
||||||
port.objects.using(db_alias).filter(room__isnull=False).filter(radius='NO').update(custom_profil=no_rad_profil)
|
|
||||||
elif port.objects.using(db_alias).filter(room__isnull=False).filter(radius='COMMON').count() > port.objects.using(db_alias).filter(room__isnull=False).filter(radius='NO').count() and port.objects.using(db_alias).filter(room__isnull=False).filter(radius='COMMON').count() > port.objects.using(db_alias).filter(room__isnull=False).filter(radius='STRICT').count():
|
|
||||||
profil_room.radius_type = 'MAC-radius'
|
|
||||||
profil_room.radius_mode = 'COMMON'
|
|
||||||
strict_profil = profil.objects.using(db_alias).create(name='mac-radius-strict', radius_type='MAC-radius', radius_mode='STRICT')
|
|
||||||
no_rad_profil = profil.objects.using(db_alias).create(name='no-radius', radius_type='NO')
|
|
||||||
port.objects.using(db_alias).filter(room__isnull=False).filter(radius='STRICT').update(custom_profil=strict_profil)
|
|
||||||
port.objects.using(db_alias).filter(room__isnull=False).filter(radius='NO').update(custom_profil=no_rad_profil)
|
|
||||||
else:
|
|
||||||
strict_profil = profil.objects.using(db_alias).create(name='mac-radius-strict', radius_type='MAC-radius', radius_mode='STRICT')
|
|
||||||
common_profil = profil.objects.using(db_alias).create(name='mac-radius-common', radius_type='MAC-radius', radius_mode='COMMON')
|
|
||||||
port.objects.using(db_alias).filter(room__isnull=False).filter(radius='STRICT').update(custom_profil=strict_profil)
|
|
||||||
port.objects.using(db_alias).filter(room__isnull=False).filter(radius='NO').update(custom_profil=common_profil)
|
|
||||||
profil_room.save()
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
def untransfer_profil(apps, schema_editor):
|
|
||||||
return
|
|
||||||
|
|
||||||
operations = [
|
operations = [
|
||||||
migrations.RunPython(transfer_profil, untransfer_profil),
|
migrations.RunPython(transfer_profil),
|
||||||
]
|
]
|
||||||
|
|
75
topologie/migrations/0067_auto_20180701_0016.py
Normal file
75
topologie/migrations/0067_auto_20180701_0016.py
Normal file
|
@ -0,0 +1,75 @@
|
||||||
|
# -*- coding: utf-8 -*-
|
||||||
|
# Generated by Django 1.10.7 on 2018-06-30 22:16
|
||||||
|
from __future__ import unicode_literals
|
||||||
|
|
||||||
|
from django.db import migrations, models
|
||||||
|
|
||||||
|
|
||||||
|
class Migration(migrations.Migration):
|
||||||
|
|
||||||
|
dependencies = [
|
||||||
|
('topologie', '0066_auto_20180630_1855'),
|
||||||
|
]
|
||||||
|
|
||||||
|
operations = [
|
||||||
|
migrations.RenameField(
|
||||||
|
model_name='port',
|
||||||
|
old_name='custom_profil',
|
||||||
|
new_name='custom_profile',
|
||||||
|
),
|
||||||
|
migrations.AlterField(
|
||||||
|
model_name='port',
|
||||||
|
name='state',
|
||||||
|
field=models.BooleanField(default=True, help_text='Port state Active', verbose_name='Port State Active'),
|
||||||
|
),
|
||||||
|
migrations.AlterField(
|
||||||
|
model_name='portprofile',
|
||||||
|
name='arp_protect',
|
||||||
|
field=models.BooleanField(default=False, help_text='Check if ip is dhcp assigned', verbose_name='Arp protect'),
|
||||||
|
),
|
||||||
|
migrations.AlterField(
|
||||||
|
model_name='portprofile',
|
||||||
|
name='dhcp_snooping',
|
||||||
|
field=models.BooleanField(default=False, help_text='Protect against rogue dhcp', verbose_name='Dhcp snooping'),
|
||||||
|
),
|
||||||
|
migrations.AlterField(
|
||||||
|
model_name='portprofile',
|
||||||
|
name='dhcpv6_snooping',
|
||||||
|
field=models.BooleanField(default=False, help_text='Protect against rogue dhcpv6', verbose_name='Dhcpv6 snooping'),
|
||||||
|
),
|
||||||
|
migrations.AlterField(
|
||||||
|
model_name='portprofile',
|
||||||
|
name='flow_control',
|
||||||
|
field=models.BooleanField(default=False, help_text='Flow control', verbose_name='Flow control'),
|
||||||
|
),
|
||||||
|
migrations.AlterField(
|
||||||
|
model_name='portprofile',
|
||||||
|
name='loop_protect',
|
||||||
|
field=models.BooleanField(default=False, help_text='Protect again loop', verbose_name='Loop Protect'),
|
||||||
|
),
|
||||||
|
migrations.AlterField(
|
||||||
|
model_name='portprofile',
|
||||||
|
name='mac_limit',
|
||||||
|
field=models.IntegerField(blank=True, help_text='Limit of mac-address on this port', null=True, verbose_name='Mac limit'),
|
||||||
|
),
|
||||||
|
migrations.AlterField(
|
||||||
|
model_name='portprofile',
|
||||||
|
name='ra_guard',
|
||||||
|
field=models.BooleanField(default=False, help_text='Protect against rogue ra', verbose_name='Ra guard'),
|
||||||
|
),
|
||||||
|
migrations.AlterField(
|
||||||
|
model_name='portprofile',
|
||||||
|
name='radius_mode',
|
||||||
|
field=models.CharField(choices=[('STRICT', 'STRICT'), ('COMMON', 'COMMON')], default='COMMON', help_text='In case of mac-auth : mode common or strict on this port', max_length=32, verbose_name='RADIUS mode'),
|
||||||
|
),
|
||||||
|
migrations.AlterField(
|
||||||
|
model_name='portprofile',
|
||||||
|
name='radius_type',
|
||||||
|
field=models.CharField(choices=[('NO', 'NO'), ('802.1X', '802.1X'), ('MAC-radius', 'MAC-radius')], help_text='Type of radius auth : inactive, mac-address or 802.1X', max_length=32, verbose_name='RADIUS type'),
|
||||||
|
),
|
||||||
|
migrations.AlterField(
|
||||||
|
model_name='portprofile',
|
||||||
|
name='speed',
|
||||||
|
field=models.CharField(choices=[('10-half', '10-half'), ('100-half', '100-half'), ('10-full', '10-full'), ('100-full', '100-full'), ('1000-full', '1000-full'), ('auto', 'auto'), ('auto-10', 'auto-10'), ('auto-100', 'auto-100')], default='auto', help_text='Port speed limit', max_length=32, verbose_name='Speed'),
|
||||||
|
),
|
||||||
|
]
|
|
@ -395,7 +395,7 @@ class Port(AclMixin, RevMixin, models.Model):
|
||||||
blank=True,
|
blank=True,
|
||||||
related_name='related_port'
|
related_name='related_port'
|
||||||
)
|
)
|
||||||
custom_profil = models.ForeignKey(
|
custom_profile = models.ForeignKey(
|
||||||
'PortProfile',
|
'PortProfile',
|
||||||
on_delete=models.PROTECT,
|
on_delete=models.PROTECT,
|
||||||
blank=True,
|
blank=True,
|
||||||
|
@ -403,8 +403,8 @@ class Port(AclMixin, RevMixin, models.Model):
|
||||||
)
|
)
|
||||||
state = models.BooleanField(
|
state = models.BooleanField(
|
||||||
default=True,
|
default=True,
|
||||||
help_text='Etat du port Actif',
|
help_text='Port state Active',
|
||||||
verbose_name=_("Etat du port Actif")
|
verbose_name=_("Port State Active")
|
||||||
)
|
)
|
||||||
details = models.CharField(max_length=255, blank=True)
|
details = models.CharField(max_length=255, blank=True)
|
||||||
|
|
||||||
|
@ -416,7 +416,8 @@ class Port(AclMixin, RevMixin, models.Model):
|
||||||
|
|
||||||
@cached_property
|
@cached_property
|
||||||
def get_port_profil(self):
|
def get_port_profil(self):
|
||||||
"""Return the config profil for this port"""
|
"""Return the config profil for this port
|
||||||
|
:returns: the profile of self (port)"""
|
||||||
def profil_or_nothing(profil):
|
def profil_or_nothing(profil):
|
||||||
port_profil = PortProfile.objects.filter(profil_default=profil).first()
|
port_profil = PortProfile.objects.filter(profil_default=profil).first()
|
||||||
if port_profil:
|
if port_profil:
|
||||||
|
@ -427,8 +428,8 @@ class Port(AclMixin, RevMixin, models.Model):
|
||||||
nothing = PortProfile.objects.create(profil_default='nothing', name='nothing', radius_type='NO')
|
nothing = PortProfile.objects.create(profil_default='nothing', name='nothing', radius_type='NO')
|
||||||
return nothing
|
return nothing
|
||||||
|
|
||||||
if self.custom_profil:
|
if self.custom_profile:
|
||||||
return self.custom_profil
|
return self.custom_profile
|
||||||
elif self.related:
|
elif self.related:
|
||||||
return profil_or_nothing('uplink')
|
return profil_or_nothing('uplink')
|
||||||
elif self.machine_interface:
|
elif self.machine_interface:
|
||||||
|
@ -572,57 +573,57 @@ class PortProfile(AclMixin, RevMixin, models.Model):
|
||||||
radius_type = models.CharField(
|
radius_type = models.CharField(
|
||||||
max_length=32,
|
max_length=32,
|
||||||
choices=TYPES,
|
choices=TYPES,
|
||||||
help_text="Choix du type d'authentification radius : non actif, mac ou 802.1X",
|
help_text="Type of radius auth : inactive, mac-address or 802.1X",
|
||||||
verbose_name=_("RADIUS type")
|
verbose_name=_("RADIUS type")
|
||||||
)
|
)
|
||||||
radius_mode = models.CharField(
|
radius_mode = models.CharField(
|
||||||
max_length=32,
|
max_length=32,
|
||||||
choices=MODES,
|
choices=MODES,
|
||||||
default='COMMON',
|
default='COMMON',
|
||||||
help_text="En cas d'auth par mac, auth common ou strcit sur le port",
|
help_text="In case of mac-auth : mode common or strict on this port",
|
||||||
verbose_name=_("RADIUS mode")
|
verbose_name=_("RADIUS mode")
|
||||||
)
|
)
|
||||||
speed = models.CharField(
|
speed = models.CharField(
|
||||||
max_length=32,
|
max_length=32,
|
||||||
choices=SPEED,
|
choices=SPEED,
|
||||||
default='auto',
|
default='auto',
|
||||||
help_text='Mode de transmission et vitesse du port',
|
help_text='Port speed limit',
|
||||||
verbose_name=_("Speed")
|
verbose_name=_("Speed")
|
||||||
)
|
)
|
||||||
mac_limit = models.IntegerField(
|
mac_limit = models.IntegerField(
|
||||||
null=True,
|
null=True,
|
||||||
blank=True,
|
blank=True,
|
||||||
help_text='Limit du nombre de mac sur le port',
|
help_text='Limit of mac-address on this port',
|
||||||
verbose_name=_("Mac limit")
|
verbose_name=_("Mac limit")
|
||||||
)
|
)
|
||||||
flow_control = models.BooleanField(
|
flow_control = models.BooleanField(
|
||||||
default=False,
|
default=False,
|
||||||
help_text='Gestion des débits',
|
help_text='Flow control',
|
||||||
verbose_name=_("Flow control")
|
verbose_name=_("Flow control")
|
||||||
)
|
)
|
||||||
dhcp_snooping = models.BooleanField(
|
dhcp_snooping = models.BooleanField(
|
||||||
default=False,
|
default=False,
|
||||||
help_text='Protection dhcp pirate',
|
help_text='Protect against rogue dhcp',
|
||||||
verbose_name=_("Dhcp snooping")
|
verbose_name=_("Dhcp snooping")
|
||||||
)
|
)
|
||||||
dhcpv6_snooping = models.BooleanField(
|
dhcpv6_snooping = models.BooleanField(
|
||||||
default=False,
|
default=False,
|
||||||
help_text='Protection dhcpv6 pirate',
|
help_text='Protect against rogue dhcpv6',
|
||||||
verbose_name=_("Dhcpv6 snooping")
|
verbose_name=_("Dhcpv6 snooping")
|
||||||
)
|
)
|
||||||
arp_protect = models.BooleanField(
|
arp_protect = models.BooleanField(
|
||||||
default=False,
|
default=False,
|
||||||
help_text='Verification assignation de l\'IP par dhcp',
|
help_text='Check if ip is dhcp assigned',
|
||||||
verbose_name=_("Arp protect")
|
verbose_name=_("Arp protect")
|
||||||
)
|
)
|
||||||
ra_guard = models.BooleanField(
|
ra_guard = models.BooleanField(
|
||||||
default=False,
|
default=False,
|
||||||
help_text='Protection contre ra pirate',
|
help_text='Protect against rogue ra',
|
||||||
verbose_name=_("Ra guard")
|
verbose_name=_("Ra guard")
|
||||||
)
|
)
|
||||||
loop_protect = models.BooleanField(
|
loop_protect = models.BooleanField(
|
||||||
default=False,
|
default=False,
|
||||||
help_text='Protection contre les boucles',
|
help_text='Protect again loop',
|
||||||
verbose_name=_("Loop Protect")
|
verbose_name=_("Loop Protect")
|
||||||
)
|
)
|
||||||
|
|
||||||
|
@ -639,6 +640,10 @@ class PortProfile(AclMixin, RevMixin, models.Model):
|
||||||
def security_parameters_enabled(self):
|
def security_parameters_enabled(self):
|
||||||
return [parameter for parameter in self.security_parameters_fields if getattr(self, parameter)]
|
return [parameter for parameter in self.security_parameters_fields if getattr(self, parameter)]
|
||||||
|
|
||||||
|
@cached_property
|
||||||
|
def security_parameters_as_str(self):
|
||||||
|
return ','.join(self.security_parameters_enabled)
|
||||||
|
|
||||||
def __str__(self):
|
def __str__(self):
|
||||||
return self.name
|
return self.name
|
||||||
|
|
||||||
|
|
|
@ -60,9 +60,6 @@ with this program; if not, write to the Free Software Foundation, Inc.,
|
||||||
</a>
|
</a>
|
||||||
{% acl_else %}
|
{% acl_else %}
|
||||||
{{ port.related }}
|
{{ port.related }}
|
||||||
</a>
|
|
||||||
{% acl_else %}
|
|
||||||
{{ port.related }}
|
|
||||||
{% acl_end %}
|
{% acl_end %}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
</td>
|
</td>
|
||||||
|
|
|
@ -1,3 +1,25 @@
|
||||||
|
{% comment %}
|
||||||
|
Re2o est un logiciel d'administration développé initiallement au rezometz. Il
|
||||||
|
se veut agnostique au réseau considéré, de manière à être installable en
|
||||||
|
quelques clics.
|
||||||
|
|
||||||
|
Copyright © 2018 Gabriel Détraz
|
||||||
|
|
||||||
|
This program is free software; you can redistribute it and/or modify
|
||||||
|
it under the terms of the GNU General Public License as published by
|
||||||
|
the Free Software Foundation; either version 2 of the License, or
|
||||||
|
(at your option) any later version.
|
||||||
|
|
||||||
|
This program is distributed in the hope that it will be useful,
|
||||||
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
GNU General Public License for more details.
|
||||||
|
|
||||||
|
You should have received a copy of the GNU General Public License along
|
||||||
|
with this program; if not, write to the Free Software Foundation, Inc.,
|
||||||
|
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||||
|
{% endcomment %}
|
||||||
|
|
||||||
{% load acl %}
|
{% load acl %}
|
||||||
{% load i18n %}
|
{% load i18n %}
|
||||||
|
|
||||||
|
@ -7,45 +29,51 @@
|
||||||
{% include "pagination.html" with list=port_profile_list %}
|
{% include "pagination.html" with list=port_profile_list %}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
|
<thead>
|
||||||
|
|
||||||
<table class="table table-striped">
|
<table class="table table-striped">
|
||||||
<tr>
|
<tr>
|
||||||
<th>{% trans "Nom" %}</th>
|
<th>{% trans "Name" %}</th>
|
||||||
<th>{% trans "Default pour" %}</th>
|
<th>{% trans "Default for" %}</th>
|
||||||
<th>{% trans "VLANs" %}</th>
|
<th>{% trans "VLANs" %}</th>
|
||||||
<th>{% trans "Réglages RADIUS" %}</th>
|
<th>{% trans "RADIUS settings" %}</th>
|
||||||
<th>{% trans "Vitesse" %}</th>
|
<th>{% trans "Speed" %}</th>
|
||||||
<th>{% trans "Mac address limit" %}</th>
|
<th>{% trans "Mac address limit" %}</th>
|
||||||
<th>{% trans "Sécurité" %}</th>
|
<th>{% trans "Security" %}</th>
|
||||||
<th></th>
|
<th></th>
|
||||||
</tr>
|
</tr>
|
||||||
</thead>
|
</thead>
|
||||||
{% for port_profile in port_profile_list %}
|
{% for port_profile in port_profile_list %}
|
||||||
<tr>
|
<tr>
|
||||||
<td>{{port_profile.name}}</td>
|
<td>{{port_profile.name}}</td>
|
||||||
<td>{{port_profile.profil_default}}</td>
|
<td>{{port_profile.profil_default}}</td>
|
||||||
<td>
|
<td>
|
||||||
<b>Untagged : </b>{{port_profile.vlan_untagged}}
|
{% if port_profile.vlan_untagged %}
|
||||||
<br>
|
<b>Untagged : </b>{{port_profile.vlan_untagged}}
|
||||||
<b>Tagged : </b>{{port_profile.vlan_tagged.all|join:", "}}
|
<br>
|
||||||
</td>
|
{% endif %}
|
||||||
<td>
|
{% if port_profile.vlan_untagged %}
|
||||||
<b>Type : </b>{{port_profile.radius_type}}
|
<b>Tagged : </b>{{port_profile.vlan_tagged.all|join:", "}}
|
||||||
{% if port_profile.radius_type == "MAC-radius" %}
|
{% endif %}
|
||||||
<br>
|
</td>
|
||||||
<b>Mode : </b>{{port_profile.radius_mode}}</td>
|
<td>
|
||||||
{% endif %}
|
<b>Type : </b>{{port_profile.radius_type}}
|
||||||
<td>{{port_profile.speed}}</td>
|
{% if port_profile.radius_type == "MAC-radius" %}
|
||||||
<td>{{port_profile.mac_limit}}</td>
|
<br>
|
||||||
<td>{{port_profile.security_parameters_enabled|join:"<br>"}}</td>
|
<b>Mode : </b>{{port_profile.radius_mode}}</td>
|
||||||
<td class="text-right">
|
{% endif %}
|
||||||
{% include 'buttons/history.html' with href='topologie:history' name='portprofile' id=port_profile.pk %}
|
<td>{{port_profile.speed}}</td>
|
||||||
{% can_edit port_profile %}
|
<td>{{port_profile.mac_limit}}</td>
|
||||||
{% include 'buttons/edit.html' with href='topologie:edit-port-profile' id=port_profile.pk %}
|
<td>{{port_profile.security_parameters_enabled|join:"<br>"}}</td>
|
||||||
{% acl_end %}
|
<td class="text-right">
|
||||||
{% can_delete port_profile %}
|
{% include 'buttons/history.html' with href='topologie:history' name='portprofile' id=port_profile.pk %}
|
||||||
{% include 'buttons/suppr.html' with href='topologie:del-port-profile' id=port_profile.pk %}
|
{% can_edit port_profile %}
|
||||||
{% acl_end %}
|
{% include 'buttons/edit.html' with href='topologie:edit-port-profile' id=port_profile.pk %}
|
||||||
</td>
|
{% acl_end %}
|
||||||
|
{% can_delete port_profile %}
|
||||||
|
{% include 'buttons/suppr.html' with href='topologie:del-port-profile' id=port_profile.pk %}
|
||||||
|
{% acl_end %}
|
||||||
|
</td>
|
||||||
</tr>
|
</tr>
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
</table>
|
</table>
|
||||||
|
|
|
@ -25,7 +25,6 @@ with this program; if not, write to the Free Software Foundation, Inc.,
|
||||||
|
|
||||||
{% load bootstrap3 %}
|
{% load bootstrap3 %}
|
||||||
{% load acl %}
|
{% load acl %}
|
||||||
{% load i18n %}
|
|
||||||
|
|
||||||
{% block title %}Switchs{% endblock %}
|
{% block title %}Switchs{% endblock %}
|
||||||
|
|
||||||
|
|
|
@ -4,9 +4,8 @@ Re2o est un logiciel d'administration développé initiallement au rezometz. Il
|
||||||
se veut agnostique au réseau considéré, de manière à être installable en
|
se veut agnostique au réseau considéré, de manière à être installable en
|
||||||
quelques clics.
|
quelques clics.
|
||||||
|
|
||||||
Copyright © 2017 Gabriel Détraz
|
Copyright © 2018 Gabriel Détraz
|
||||||
Copyright © 2017 Goulven Kermarec
|
|
||||||
Copyright © 2017 Augustin Lemesle
|
|
||||||
|
|
||||||
This program is free software; you can redistribute it and/or modify
|
This program is free software; you can redistribute it and/or modify
|
||||||
it under the terms of the GNU General Public License as published by
|
it under the terms of the GNU General Public License as published by
|
||||||
|
@ -36,9 +35,9 @@ with this program; if not, write to the Free Software Foundation, Inc.,
|
||||||
<a class="btn btn-primary btn-sm" role="button" href="{% url 'topologie:new-port-profile' %}"><i class="fa fa-plus"></i>{% trans " Add a port profile" %}</a>
|
<a class="btn btn-primary btn-sm" role="button" href="{% url 'topologie:new-port-profile' %}"><i class="fa fa-plus"></i>{% trans " Add a port profile" %}</a>
|
||||||
<hr>
|
<hr>
|
||||||
{% acl_end %}
|
{% acl_end %}
|
||||||
{% include "topologie/aff_port_profile.html" with port_profile_list=port_profile_list %}
|
{% include "topologie/aff_port_profile.html" with port_profile_list=port_profile_list %}
|
||||||
<br />
|
<br />
|
||||||
<br />
|
<br />
|
||||||
<br />
|
<br />
|
||||||
|
|
||||||
{% endblock %}
|
{% endblock %}
|
||||||
|
|
|
@ -33,7 +33,7 @@ with this program; if not, write to the Free Software Foundation, Inc.,
|
||||||
<i class="fa fa-microchip"></i>
|
<i class="fa fa-microchip"></i>
|
||||||
Switchs
|
Switchs
|
||||||
</a>
|
</a>
|
||||||
<a class="list-group-item list-group-item-info" href="{% url "topologie:index-port-profile" %}">
|
<a class="list-group-item list-group-item-info" href="{% url "topologie:index-port-profile" %}">
|
||||||
<i class="fa fa-cogs"></i>
|
<i class="fa fa-cogs"></i>
|
||||||
Config des ports switchs
|
Config des ports switchs
|
||||||
</a>
|
</a>
|
||||||
|
|
|
@ -1014,11 +1014,11 @@ def del_port_profile(request, port_profile, **_kwargs):
|
||||||
if request.method == 'POST':
|
if request.method == 'POST':
|
||||||
try:
|
try:
|
||||||
port_profile.delete()
|
port_profile.delete()
|
||||||
messages.success(request, _("The port profile was successfully"
|
messages.success(request,
|
||||||
" deleted"))
|
_("The port profile was successfully deleted"))
|
||||||
except ProtectedError:
|
except ProtectedError:
|
||||||
messages.success(request, _("Impossible to delete the port"
|
messages.success(request,
|
||||||
" profile"))
|
_("Impossible to delete the port profile"))
|
||||||
return redirect(reverse('topologie:index'))
|
return redirect(reverse('topologie:index'))
|
||||||
return form(
|
return form(
|
||||||
{'objet': port_profile, 'objet_name': _("Port profile")},
|
{'objet': port_profile, 'objet_name': _("Port profile")},
|
||||||
|
|
Loading…
Reference in a new issue