mirror of
https://gitlab2.federez.net/re2o/re2o
synced 2024-11-05 01:16:27 +00:00
premiere version de l'api radius
This commit is contained in:
parent
8e370a15d9
commit
8ba9fa2fa0
7 changed files with 270 additions and 0 deletions
0
radius/__init__.py
Normal file
0
radius/__init__.py
Normal file
0
radius/api/__init__.py
Normal file
0
radius/api/__init__.py
Normal file
98
radius/api/serializers.py
Normal file
98
radius/api/serializers.py
Normal file
|
@ -0,0 +1,98 @@
|
|||
from rest_framework import serializers
|
||||
|
||||
import machines.models as machines
|
||||
import users.models as users
|
||||
from api.serializers import NamespacedHMSerializer
|
||||
from rest_framework.serializers import Serializer
|
||||
|
||||
|
||||
class InterfaceSerializer(Serializer):
|
||||
mac_address = serializers.CharField()
|
||||
ipv4 = serializers.CharField(source="ipv4.ipv4")
|
||||
active = serializers.BooleanField(source="is_active")
|
||||
user_pk = serializers.CharField(source="machine.user.pk")
|
||||
# machine_type_pk = serializers.CharField(source="machine_type.pk")
|
||||
# switch_stack = serializers.CharField(source="machine.switch.stack")
|
||||
machine_short_name = serializers.CharField(source="machine.short_name")
|
||||
is_ban = serializers.BooleanField(source="machine.user.is_ban")
|
||||
vlan_id = serializers.IntegerField(
|
||||
source="machine_type.ip_type.vlan.vlan_id")
|
||||
|
||||
|
||||
class NasSerializer(Serializer):
|
||||
port_access_mode = serializers.CharField()
|
||||
autocapture_mac = serializers.BooleanField()
|
||||
|
||||
|
||||
class UserSerializer(Serializer):
|
||||
access = serializers.BooleanField(source="has_access")
|
||||
pk = serializers.CharField()
|
||||
pwd_ntlm = serializers.CharField()
|
||||
state = serializers.CharField()
|
||||
email_state = serializers.IntegerField()
|
||||
is_ban = serializers.BooleanField()
|
||||
is_connected = serializers.BooleanField()
|
||||
is_whitelisted = serializers.BooleanField()
|
||||
|
||||
|
||||
class PortSerializer(Serializer):
|
||||
state = serializers.BooleanField()
|
||||
room = serializers.CharField()
|
||||
|
||||
|
||||
class VlanSerializer(Serializer):
|
||||
vlan_id = serializers.IntegerField()
|
||||
|
||||
|
||||
class PortProfileSerializer(Serializer):
|
||||
vlan_untagged = VlanSerializer()
|
||||
radius_type = serializers.CharField()
|
||||
|
||||
|
||||
class SwitchSerializer(Serializer):
|
||||
name = serializers.CharField(source="short_name")
|
||||
ipv4 = serializers.CharField()
|
||||
|
||||
|
||||
class RadiusAttributeSerializer(Serializer):
|
||||
attribute = serializers.CharField()
|
||||
value = serializers.CharField()
|
||||
|
||||
|
||||
class RadiusOptionSerializer(Serializer):
|
||||
radius_general_policy = serializers.CharField()
|
||||
unknown_machine = serializers.CharField()
|
||||
unknown_machine_vlan = VlanSerializer()
|
||||
unknown_machine_attributes = RadiusAttributeSerializer(many=True)
|
||||
unknown_port = serializers.CharField()
|
||||
unknown_port_vlan = VlanSerializer()
|
||||
unknown_port_attributes = RadiusAttributeSerializer(many=True)
|
||||
unknown_room = serializers.CharField()
|
||||
unknown_room_vlan = VlanSerializer()
|
||||
unknown_room_attributes = RadiusAttributeSerializer(many=True)
|
||||
non_member = serializers.CharField()
|
||||
non_member_vlan = VlanSerializer()
|
||||
non_member_attributes = RadiusAttributeSerializer(many=True)
|
||||
banned = serializers.CharField()
|
||||
banned_vlan = VlanSerializer()
|
||||
banned_attributes = RadiusAttributeSerializer(many=True)
|
||||
vlan_decision_ok = VlanSerializer()
|
||||
ok_attributes = RadiusAttributeSerializer(many=True)
|
||||
|
||||
|
||||
class AuthorizeResponseSerializer(Serializer):
|
||||
nas = NasSerializer(read_only=True)
|
||||
user = UserSerializer(read_only=True)
|
||||
user_interface = InterfaceSerializer(read_only=True)
|
||||
|
||||
|
||||
class PostAuthResponseSerializer(Serializer):
|
||||
nas = NasSerializer(read_only=True)
|
||||
room_users = UserSerializer(many=True)
|
||||
port = PortSerializer()
|
||||
port_profile = PortProfileSerializer(partial=True)
|
||||
switch = SwitchSerializer()
|
||||
user_interface = InterfaceSerializer()
|
||||
radius_option = RadiusOptionSerializer()
|
||||
EMAIL_STATE_UNVERIFIED = serializers.IntegerField()
|
||||
RADIUS_OPTION_REJECT = serializers.CharField()
|
35
radius/api/urls.py
Normal file
35
radius/api/urls.py
Normal file
|
@ -0,0 +1,35 @@
|
|||
# -*- mode: python; coding: utf-8 -*-
|
||||
# Re2o est un logiciel d'administration développé initiallement au rezometz. Il
|
||||
# se veut agnostique au réseau considéré, de manière à être installable en
|
||||
# quelques clics.
|
||||
#
|
||||
# Copyright © 2020 Corentin Canebier
|
||||
#
|
||||
# This program is free software; you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation; either version 2 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# This program is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License along
|
||||
# with this program; if not, write to the Free Software Foundation, Inc.,
|
||||
# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||
|
||||
from . import views
|
||||
|
||||
urls_view = [
|
||||
# (r"radius/nas-interface-from-id/(?P<nas_id>.+)$", views.nas_from_id_view),
|
||||
# (r"radius/nas-from-machine-type/(?P<machine_type>.+)$", views.NasFromMachineTypeView),
|
||||
# (r"radius/user-from-username/(?P<username>.+)$", views.UserFromUsernameView),
|
||||
# (r"radius/interface-from-mac-address/(?P<mac_address>.+)$", views.InterfaceFromMacAddressView),
|
||||
]
|
||||
urls_functional_view = [
|
||||
(r"radius/authorize/(?P<nas_id>[^/]+)/(?P<username>.+)/(?P<mac_address>[0-9a-fA-F:\-]{17})$",
|
||||
views.authorize, None),
|
||||
(r"radius/post_auth/(?P<nas_id>[^/]+)/(?P<nas_port>.+)/(?P<user_mac>[0-9a-fA-F:\-]{17})$",
|
||||
views.post_auth, None),
|
||||
]
|
133
radius/api/views.py
Normal file
133
radius/api/views.py
Normal file
|
@ -0,0 +1,133 @@
|
|||
# -*- mode: python; coding: utf-8 -*-
|
||||
# Re2o est un logiciel d'administration développé initiallement au rezometz. Il
|
||||
# se veut agnostique au réseau considéré, de manière à être installable en
|
||||
# quelques clics.
|
||||
#
|
||||
# Copyright © 2020 Corentin Canebier
|
||||
#
|
||||
# This program is free software; you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation; either version 2 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# This program is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License along
|
||||
# with this program; if not, write to the Free Software Foundation, Inc.,
|
||||
# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||
|
||||
from rest_framework.decorators import api_view
|
||||
from rest_framework.response import Response
|
||||
from django.db.models import Q
|
||||
|
||||
from . import serializers
|
||||
from machines.models import Domain, IpList, Interface, Nas
|
||||
from users.models import User
|
||||
from preferences.models import RadiusOption
|
||||
from topologie.models import Port, Switch
|
||||
|
||||
|
||||
class AuthorizeResponse:
|
||||
def __init__(self, nas, user, user_interface):
|
||||
self.nas = nas
|
||||
self.user = user
|
||||
self.user_interface = user_interface
|
||||
|
||||
def can_view(self, user):
|
||||
return [True]
|
||||
|
||||
|
||||
@api_view(['GET'])
|
||||
def authorize(request, nas_id, username, mac_address):
|
||||
|
||||
nas_interface = Interface.objects.filter(
|
||||
Q(domain=Domain.objects.filter(name=nas_id))
|
||||
| Q(ipv4=IpList.objects.filter(ipv4=nas_id))
|
||||
).first()
|
||||
nas_type = None
|
||||
if nas_interface:
|
||||
nas_type = Nas.objects.filter(
|
||||
nas_type=nas_interface.machine_type).first()
|
||||
|
||||
user = User.objects.filter(pseudo__iexact=username).first()
|
||||
user_interface = Interface.objects.filter(mac_address=mac_address).first()
|
||||
|
||||
serialized = serializers.AuthorizeResponseSerializer(
|
||||
AuthorizeResponse(nas_type, user, user_interface))
|
||||
|
||||
return Response(data=serialized.data)
|
||||
|
||||
|
||||
class PostAuthResponse:
|
||||
def __init__(self, nas, room_users, port, port_profile, switch, user_interface, radius_option, EMAIL_STATE_UNVERIFIED, RADIUS_OPTION_REJECT):
|
||||
self.nas = nas
|
||||
self.room_users = room_users
|
||||
self.port = port
|
||||
self.port_profile = port_profile
|
||||
self.switch = switch
|
||||
self.user_interface = user_interface
|
||||
self.radius_option = radius_option
|
||||
self.EMAIL_STATE_UNVERIFIED = EMAIL_STATE_UNVERIFIED
|
||||
self.RADIUS_OPTION_REJECT = RADIUS_OPTION_REJECT
|
||||
|
||||
def can_view(self, user):
|
||||
return [True]
|
||||
|
||||
|
||||
@api_view(['GET'])
|
||||
def post_auth(request, nas_id, nas_port, user_mac):
|
||||
# get nas_type
|
||||
nas_interface = Interface.objects.prefetch_related("machine__switch__stack").filter(
|
||||
Q(domain=Domain.objects.filter(name=nas_id))
|
||||
| Q(ipv4=IpList.objects.filter(ipv4=nas_id))
|
||||
).first()
|
||||
print(nas_id)
|
||||
nas_type = None
|
||||
if nas_interface:
|
||||
nas_type = Nas.objects.filter(
|
||||
nas_type=nas_interface.machine_type).first()
|
||||
|
||||
# get switch
|
||||
switch = Switch.objects.filter(machine_ptr=nas_interface.machine).first()
|
||||
if hasattr(nas_interface.machine, "switch"):
|
||||
stack = nas_interface.machine.switch.stack
|
||||
if stack:
|
||||
id_stack_member = nas_port.split("-")[1].split("/")[0]
|
||||
switch = (
|
||||
Switch.objects.filter(stack=stack)
|
||||
.filter(stack_member_id=id_stack_member)
|
||||
.first()
|
||||
)
|
||||
|
||||
# get port
|
||||
port_number = nas_port.split(".")[0].split("/")[-1][-2:]
|
||||
port = Port.objects.filter(switch=switch, port=port_number).first()
|
||||
|
||||
port_profile = port.get_port_profile
|
||||
|
||||
# get user_interface
|
||||
user_interface = (
|
||||
Interface.objects.filter(mac_address=user_mac)
|
||||
.select_related("machine__user")
|
||||
.select_related("ipv4")
|
||||
.first()
|
||||
)
|
||||
|
||||
# get room users
|
||||
room_users = User.objects.filter(
|
||||
Q(club__room=port.room) | Q(adherent__room=port.room)
|
||||
)
|
||||
|
||||
# get radius options
|
||||
radius_option = RadiusOption.objects.first()
|
||||
print(radius_option)
|
||||
|
||||
EMAIL_STATE_UNVERIFIED = User.EMAIL_STATE_UNVERIFIED
|
||||
RADIUS_OPTION_REJECT = RadiusOption.REJECT
|
||||
serialized = serializers.PostAuthResponseSerializer(
|
||||
PostAuthResponse(nas_type, room_users, port, port_profile, switch, user_interface, radius_option, EMAIL_STATE_UNVERIFIED, RADIUS_OPTION_REJECT))
|
||||
|
||||
return Response(data=serialized.data)
|
4
radius/urls.py
Normal file
4
radius/urls.py
Normal file
|
@ -0,0 +1,4 @@
|
|||
from . import views
|
||||
|
||||
urlpatterns = []
|
||||
|
0
radius/views.py
Normal file
0
radius/views.py
Normal file
Loading…
Reference in a new issue