8
0
Fork 0
mirror of https://gitlab2.federez.net/re2o/re2o synced 2024-11-22 19:33:11 +00:00

Les reglages sur le type de nas sont dans la bdd

This commit is contained in:
Gabriel Detraz 2017-09-14 14:42:50 +00:00 committed by root
parent 37f0c3bb57
commit 838ac6a56f

View file

@ -59,7 +59,7 @@ application = get_wsgi_application()
import argparse import argparse
from django.db.models import Q from django.db.models import Q
from machines.models import Interface, IpList, Domain from machines.models import Interface, IpList, Nas, Domain
from topologie.models import Room, Port, Switch from topologie.models import Room, Port, Switch
from users.models import User from users.models import User
from preferences.models import OptionalTopologie from preferences.models import OptionalTopologie
@ -141,14 +141,25 @@ def instantiate(*_):
@radius_event @radius_event
def authorize(data): def authorize(data):
user = data.get('User-Name', None)
# Pour les requetes proxifiees, on split # Pour les requetes proxifiees, on split
nas_type = data.get('NAS-Port-Type', None)
if nas_type == "Wireless-802.11":
user = user.split('@', 1)[0]
mac = data.get('Calling-Station-Id', None)
nas = data.get('NAS-IP-Address', data.get('NAS-Identifier', None)) nas = data.get('NAS-IP-Address', data.get('NAS-Identifier', None))
result, log, password = check_user_machine_and_register(nas, user, mac) nas_instance = find_nas_from_request(nas)
# Toutes les reuquètes non proxifiées
if nas != '127.0.0.1':
if not nas_instance:
logger.info("Nas inconnu")
return radiusd.RLM_MODULE_REJECT
nas_type = Nas.objects.filter(nas_type=nas_instance.type).first()
if not nas_type:
logger.info("Type de nas non enregistré dans la bdd!".encode('utf-8'))
return radiusd.RLM_MODULE_REJECT
else:
nas_type = None
if not nas_type or nas_type.port_access_mode == '802.1X':
user = data.get('User-Name', '')
user = user.split('@', 1)[0]
mac = data.get('Calling-Station-Id', '')
result, log, password = check_user_machine_and_register(nas_type, user, mac)
logger.info(log.encode('utf-8')) logger.info(log.encode('utf-8'))
if not result: if not result:
@ -215,15 +226,10 @@ def find_nas_from_request(nas_id):
nas = Interface.objects.filter(Q(domain=Domain.objects.filter(name=nas_id)) | Q(ipv4=IpList.objects.filter(ipv4=nas_id))) nas = Interface.objects.filter(Q(domain=Domain.objects.filter(name=nas_id)) | Q(ipv4=IpList.objects.filter(ipv4=nas_id)))
return nas.first() return nas.first()
def check_user_machine_and_register(nas_id, username, mac_address): def check_user_machine_and_register(nas_type, username, mac_address):
""" Verifie le username et la mac renseignee. L'enregistre si elle est inconnue. """ Verifie le username et la mac renseignee. L'enregistre si elle est inconnue.
Renvoie le mot de passe ntlm de l'user si tout est ok Renvoie le mot de passe ntlm de l'user si tout est ok
Utilise pour les authentifications en 802.1X""" Utilise pour les authentifications en 802.1X"""
nas = find_nas_from_request(nas_id)
if not nas and nas_id != '127.0.0.1':
return (False, u'Nas inconnu %s ' % nas_id, '')
interface = Interface.objects.filter(mac_address=mac_address).first() interface = Interface.objects.filter(mac_address=mac_address).first()
user = User.objects.filter(pseudo=username).first() user = User.objects.filter(pseudo=username).first()
if not user: if not user:
@ -237,9 +243,9 @@ def check_user_machine_and_register(nas_id, username, mac_address):
return (False, u"Machine desactivée", '') return (False, u"Machine desactivée", '')
else: else:
return (True, u"Access ok", user.pwd_ntlm) return (True, u"Access ok", user.pwd_ntlm)
elif MAC_AUTOCAPTURE and nas_id!='127.0.0.1': elif nas_type:
ipv4 = nas.ipv4 if nas_type.mac_autocapture:
result, reason = user.autoregister_machine(mac_address, ipv4) result, reason = user.autoregister_machine(mac_address, nas_type)
if result: if result:
return (True, u'Access Ok, Capture de la mac...', user.pwd_ntlm) return (True, u'Access Ok, Capture de la mac...', user.pwd_ntlm)
else: else: