mirror of
https://gitlab2.federez.net/re2o/re2o
synced 2024-11-22 19:33:11 +00:00
Les reglages sur le type de nas sont dans la bdd
This commit is contained in:
parent
37f0c3bb57
commit
838ac6a56f
1 changed files with 26 additions and 20 deletions
|
@ -59,7 +59,7 @@ application = get_wsgi_application()
|
||||||
import argparse
|
import argparse
|
||||||
|
|
||||||
from django.db.models import Q
|
from django.db.models import Q
|
||||||
from machines.models import Interface, IpList, Domain
|
from machines.models import Interface, IpList, Nas, Domain
|
||||||
from topologie.models import Room, Port, Switch
|
from topologie.models import Room, Port, Switch
|
||||||
from users.models import User
|
from users.models import User
|
||||||
from preferences.models import OptionalTopologie
|
from preferences.models import OptionalTopologie
|
||||||
|
@ -141,14 +141,25 @@ def instantiate(*_):
|
||||||
|
|
||||||
@radius_event
|
@radius_event
|
||||||
def authorize(data):
|
def authorize(data):
|
||||||
user = data.get('User-Name', None)
|
|
||||||
# Pour les requetes proxifiees, on split
|
# Pour les requetes proxifiees, on split
|
||||||
nas_type = data.get('NAS-Port-Type', None)
|
|
||||||
if nas_type == "Wireless-802.11":
|
|
||||||
user = user.split('@', 1)[0]
|
|
||||||
mac = data.get('Calling-Station-Id', None)
|
|
||||||
nas = data.get('NAS-IP-Address', data.get('NAS-Identifier', None))
|
nas = data.get('NAS-IP-Address', data.get('NAS-Identifier', None))
|
||||||
result, log, password = check_user_machine_and_register(nas, user, mac)
|
nas_instance = find_nas_from_request(nas)
|
||||||
|
# Toutes les reuquètes non proxifiées
|
||||||
|
if nas != '127.0.0.1':
|
||||||
|
if not nas_instance:
|
||||||
|
logger.info("Nas inconnu")
|
||||||
|
return radiusd.RLM_MODULE_REJECT
|
||||||
|
nas_type = Nas.objects.filter(nas_type=nas_instance.type).first()
|
||||||
|
if not nas_type:
|
||||||
|
logger.info("Type de nas non enregistré dans la bdd!".encode('utf-8'))
|
||||||
|
return radiusd.RLM_MODULE_REJECT
|
||||||
|
else:
|
||||||
|
nas_type = None
|
||||||
|
if not nas_type or nas_type.port_access_mode == '802.1X':
|
||||||
|
user = data.get('User-Name', '')
|
||||||
|
user = user.split('@', 1)[0]
|
||||||
|
mac = data.get('Calling-Station-Id', '')
|
||||||
|
result, log, password = check_user_machine_and_register(nas_type, user, mac)
|
||||||
logger.info(log.encode('utf-8'))
|
logger.info(log.encode('utf-8'))
|
||||||
|
|
||||||
if not result:
|
if not result:
|
||||||
|
@ -215,15 +226,10 @@ def find_nas_from_request(nas_id):
|
||||||
nas = Interface.objects.filter(Q(domain=Domain.objects.filter(name=nas_id)) | Q(ipv4=IpList.objects.filter(ipv4=nas_id)))
|
nas = Interface.objects.filter(Q(domain=Domain.objects.filter(name=nas_id)) | Q(ipv4=IpList.objects.filter(ipv4=nas_id)))
|
||||||
return nas.first()
|
return nas.first()
|
||||||
|
|
||||||
def check_user_machine_and_register(nas_id, username, mac_address):
|
def check_user_machine_and_register(nas_type, username, mac_address):
|
||||||
""" Verifie le username et la mac renseignee. L'enregistre si elle est inconnue.
|
""" Verifie le username et la mac renseignee. L'enregistre si elle est inconnue.
|
||||||
Renvoie le mot de passe ntlm de l'user si tout est ok
|
Renvoie le mot de passe ntlm de l'user si tout est ok
|
||||||
Utilise pour les authentifications en 802.1X"""
|
Utilise pour les authentifications en 802.1X"""
|
||||||
nas = find_nas_from_request(nas_id)
|
|
||||||
|
|
||||||
if not nas and nas_id != '127.0.0.1':
|
|
||||||
return (False, u'Nas inconnu %s ' % nas_id, '')
|
|
||||||
|
|
||||||
interface = Interface.objects.filter(mac_address=mac_address).first()
|
interface = Interface.objects.filter(mac_address=mac_address).first()
|
||||||
user = User.objects.filter(pseudo=username).first()
|
user = User.objects.filter(pseudo=username).first()
|
||||||
if not user:
|
if not user:
|
||||||
|
@ -237,9 +243,9 @@ def check_user_machine_and_register(nas_id, username, mac_address):
|
||||||
return (False, u"Machine desactivée", '')
|
return (False, u"Machine desactivée", '')
|
||||||
else:
|
else:
|
||||||
return (True, u"Access ok", user.pwd_ntlm)
|
return (True, u"Access ok", user.pwd_ntlm)
|
||||||
elif MAC_AUTOCAPTURE and nas_id!='127.0.0.1':
|
elif nas_type:
|
||||||
ipv4 = nas.ipv4
|
if nas_type.mac_autocapture:
|
||||||
result, reason = user.autoregister_machine(mac_address, ipv4)
|
result, reason = user.autoregister_machine(mac_address, nas_type)
|
||||||
if result:
|
if result:
|
||||||
return (True, u'Access Ok, Capture de la mac...', user.pwd_ntlm)
|
return (True, u'Access Ok, Capture de la mac...', user.pwd_ntlm)
|
||||||
else:
|
else:
|
||||||
|
|
Loading…
Reference in a new issue