8
0
Fork 0
mirror of https://gitlab2.federez.net/re2o/re2o synced 2024-11-05 01:16:27 +00:00

premiere version de l'api radius

This commit is contained in:
chapeau 2020-11-28 12:09:36 +01:00
parent 8e370a15d9
commit 8ba9fa2fa0
7 changed files with 270 additions and 0 deletions

0
radius/__init__.py Normal file
View file

0
radius/api/__init__.py Normal file
View file

98
radius/api/serializers.py Normal file
View file

@ -0,0 +1,98 @@
from rest_framework import serializers
import machines.models as machines
import users.models as users
from api.serializers import NamespacedHMSerializer
from rest_framework.serializers import Serializer
class InterfaceSerializer(Serializer):
mac_address = serializers.CharField()
ipv4 = serializers.CharField(source="ipv4.ipv4")
active = serializers.BooleanField(source="is_active")
user_pk = serializers.CharField(source="machine.user.pk")
# machine_type_pk = serializers.CharField(source="machine_type.pk")
# switch_stack = serializers.CharField(source="machine.switch.stack")
machine_short_name = serializers.CharField(source="machine.short_name")
is_ban = serializers.BooleanField(source="machine.user.is_ban")
vlan_id = serializers.IntegerField(
source="machine_type.ip_type.vlan.vlan_id")
class NasSerializer(Serializer):
port_access_mode = serializers.CharField()
autocapture_mac = serializers.BooleanField()
class UserSerializer(Serializer):
access = serializers.BooleanField(source="has_access")
pk = serializers.CharField()
pwd_ntlm = serializers.CharField()
state = serializers.CharField()
email_state = serializers.IntegerField()
is_ban = serializers.BooleanField()
is_connected = serializers.BooleanField()
is_whitelisted = serializers.BooleanField()
class PortSerializer(Serializer):
state = serializers.BooleanField()
room = serializers.CharField()
class VlanSerializer(Serializer):
vlan_id = serializers.IntegerField()
class PortProfileSerializer(Serializer):
vlan_untagged = VlanSerializer()
radius_type = serializers.CharField()
class SwitchSerializer(Serializer):
name = serializers.CharField(source="short_name")
ipv4 = serializers.CharField()
class RadiusAttributeSerializer(Serializer):
attribute = serializers.CharField()
value = serializers.CharField()
class RadiusOptionSerializer(Serializer):
radius_general_policy = serializers.CharField()
unknown_machine = serializers.CharField()
unknown_machine_vlan = VlanSerializer()
unknown_machine_attributes = RadiusAttributeSerializer(many=True)
unknown_port = serializers.CharField()
unknown_port_vlan = VlanSerializer()
unknown_port_attributes = RadiusAttributeSerializer(many=True)
unknown_room = serializers.CharField()
unknown_room_vlan = VlanSerializer()
unknown_room_attributes = RadiusAttributeSerializer(many=True)
non_member = serializers.CharField()
non_member_vlan = VlanSerializer()
non_member_attributes = RadiusAttributeSerializer(many=True)
banned = serializers.CharField()
banned_vlan = VlanSerializer()
banned_attributes = RadiusAttributeSerializer(many=True)
vlan_decision_ok = VlanSerializer()
ok_attributes = RadiusAttributeSerializer(many=True)
class AuthorizeResponseSerializer(Serializer):
nas = NasSerializer(read_only=True)
user = UserSerializer(read_only=True)
user_interface = InterfaceSerializer(read_only=True)
class PostAuthResponseSerializer(Serializer):
nas = NasSerializer(read_only=True)
room_users = UserSerializer(many=True)
port = PortSerializer()
port_profile = PortProfileSerializer(partial=True)
switch = SwitchSerializer()
user_interface = InterfaceSerializer()
radius_option = RadiusOptionSerializer()
EMAIL_STATE_UNVERIFIED = serializers.IntegerField()
RADIUS_OPTION_REJECT = serializers.CharField()

35
radius/api/urls.py Normal file
View file

@ -0,0 +1,35 @@
# -*- mode: python; coding: utf-8 -*-
# Re2o est un logiciel d'administration développé initiallement au rezometz. Il
# se veut agnostique au réseau considéré, de manière à être installable en
# quelques clics.
#
# Copyright © 2020 Corentin Canebier
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License along
# with this program; if not, write to the Free Software Foundation, Inc.,
# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
from . import views
urls_view = [
# (r"radius/nas-interface-from-id/(?P<nas_id>.+)$", views.nas_from_id_view),
# (r"radius/nas-from-machine-type/(?P<machine_type>.+)$", views.NasFromMachineTypeView),
# (r"radius/user-from-username/(?P<username>.+)$", views.UserFromUsernameView),
# (r"radius/interface-from-mac-address/(?P<mac_address>.+)$", views.InterfaceFromMacAddressView),
]
urls_functional_view = [
(r"radius/authorize/(?P<nas_id>[^/]+)/(?P<username>.+)/(?P<mac_address>[0-9a-fA-F:\-]{17})$",
views.authorize, None),
(r"radius/post_auth/(?P<nas_id>[^/]+)/(?P<nas_port>.+)/(?P<user_mac>[0-9a-fA-F:\-]{17})$",
views.post_auth, None),
]

133
radius/api/views.py Normal file
View file

@ -0,0 +1,133 @@
# -*- mode: python; coding: utf-8 -*-
# Re2o est un logiciel d'administration développé initiallement au rezometz. Il
# se veut agnostique au réseau considéré, de manière à être installable en
# quelques clics.
#
# Copyright © 2020 Corentin Canebier
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License along
# with this program; if not, write to the Free Software Foundation, Inc.,
# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
from rest_framework.decorators import api_view
from rest_framework.response import Response
from django.db.models import Q
from . import serializers
from machines.models import Domain, IpList, Interface, Nas
from users.models import User
from preferences.models import RadiusOption
from topologie.models import Port, Switch
class AuthorizeResponse:
def __init__(self, nas, user, user_interface):
self.nas = nas
self.user = user
self.user_interface = user_interface
def can_view(self, user):
return [True]
@api_view(['GET'])
def authorize(request, nas_id, username, mac_address):
nas_interface = Interface.objects.filter(
Q(domain=Domain.objects.filter(name=nas_id))
| Q(ipv4=IpList.objects.filter(ipv4=nas_id))
).first()
nas_type = None
if nas_interface:
nas_type = Nas.objects.filter(
nas_type=nas_interface.machine_type).first()
user = User.objects.filter(pseudo__iexact=username).first()
user_interface = Interface.objects.filter(mac_address=mac_address).first()
serialized = serializers.AuthorizeResponseSerializer(
AuthorizeResponse(nas_type, user, user_interface))
return Response(data=serialized.data)
class PostAuthResponse:
def __init__(self, nas, room_users, port, port_profile, switch, user_interface, radius_option, EMAIL_STATE_UNVERIFIED, RADIUS_OPTION_REJECT):
self.nas = nas
self.room_users = room_users
self.port = port
self.port_profile = port_profile
self.switch = switch
self.user_interface = user_interface
self.radius_option = radius_option
self.EMAIL_STATE_UNVERIFIED = EMAIL_STATE_UNVERIFIED
self.RADIUS_OPTION_REJECT = RADIUS_OPTION_REJECT
def can_view(self, user):
return [True]
@api_view(['GET'])
def post_auth(request, nas_id, nas_port, user_mac):
# get nas_type
nas_interface = Interface.objects.prefetch_related("machine__switch__stack").filter(
Q(domain=Domain.objects.filter(name=nas_id))
| Q(ipv4=IpList.objects.filter(ipv4=nas_id))
).first()
print(nas_id)
nas_type = None
if nas_interface:
nas_type = Nas.objects.filter(
nas_type=nas_interface.machine_type).first()
# get switch
switch = Switch.objects.filter(machine_ptr=nas_interface.machine).first()
if hasattr(nas_interface.machine, "switch"):
stack = nas_interface.machine.switch.stack
if stack:
id_stack_member = nas_port.split("-")[1].split("/")[0]
switch = (
Switch.objects.filter(stack=stack)
.filter(stack_member_id=id_stack_member)
.first()
)
# get port
port_number = nas_port.split(".")[0].split("/")[-1][-2:]
port = Port.objects.filter(switch=switch, port=port_number).first()
port_profile = port.get_port_profile
# get user_interface
user_interface = (
Interface.objects.filter(mac_address=user_mac)
.select_related("machine__user")
.select_related("ipv4")
.first()
)
# get room users
room_users = User.objects.filter(
Q(club__room=port.room) | Q(adherent__room=port.room)
)
# get radius options
radius_option = RadiusOption.objects.first()
print(radius_option)
EMAIL_STATE_UNVERIFIED = User.EMAIL_STATE_UNVERIFIED
RADIUS_OPTION_REJECT = RadiusOption.REJECT
serialized = serializers.PostAuthResponseSerializer(
PostAuthResponse(nas_type, room_users, port, port_profile, switch, user_interface, radius_option, EMAIL_STATE_UNVERIFIED, RADIUS_OPTION_REJECT))
return Response(data=serialized.data)

4
radius/urls.py Normal file
View file

@ -0,0 +1,4 @@
from . import views
urlpatterns = []

0
radius/views.py Normal file
View file