From a230b95c27a6f1a90252d807d1443bf10b48a509 Mon Sep 17 00:00:00 2001 From: root Date: Sun, 15 Jan 2017 11:40:45 +0100 Subject: [PATCH] Revert "Simplify logic & improve readability. Harmonize log string language" This reverts commit 365f163ab3cb6ed472364755a4e73a4dbd1735d6. --- freeradius_utils/authenticate_filaire.py | 88 +++++++++++++----------- 1 file changed, 46 insertions(+), 42 deletions(-) mode change 100644 => 100755 freeradius_utils/authenticate_filaire.py diff --git a/freeradius_utils/authenticate_filaire.py b/freeradius_utils/authenticate_filaire.py old mode 100644 new mode 100755 index 45a87667..3640240a --- a/freeradius_utils/authenticate_filaire.py +++ b/freeradius_utils/authenticate_filaire.py @@ -24,49 +24,53 @@ VLAN_NOK = RADIUS_VLAN_DECISION['VLAN_NOK'] VLAN_OK = RADIUS_VLAN_DECISION['VLAN_OK'] def decide_vlan(switch_ip, port_number, mac_address): - # Get port from switch and port number - switch = Switch.objects.filter(switch_interface=Interface.objects.filter(ipv4=IpList.objects.filter(ipv4=switch_ip))) - if not switch: - return ('?', 'Switch inconnu', VLAN_OK) - - sw_name = str(switch[0].switch_interface) - - port = Port.objects.filter(switch=switch[0], port=port_number) - if not port: - return (sw_name, 'Port inconnu', VLAN_OK) - - port = port[0] - - if port.radius == 'NO': - return (sw_name, "Pas d'authentification sur ce port", VLAN_OK) - - if port.radius == 'BLOQ': - return (sw_name, 'Port desactive', VLAN_NOK) - - if port.radius == 'STRICT': - if not port.room: - return (sw_name, 'Chambre inconnue', VLAN_NOK) - - room_user = User.objects.filter(room=Room.objects.filter(name=port.room)) - if not room_user: - return (sw_name, 'Chambre non cotisante', VLAN_NOK) - elif not room_user[0].has_access(): - return (sw_name, 'Chambre resident desactive', VLAN_NOK) - # else: user OK, on passe à la verif MAC - - if port.radius == 'COMMON' or port.radius == 'STRICT': - # Authentification par mac - interface = Interface.objects.filter(mac_address=mac_address) - if not interface: - return (sw_name, 'Machine inconnue', VLAN_NOK) - elif not interface[0].is_active(): - return (sw_name, 'Machine non active / adherent non cotisant', VLAN_NOK) + # Get port from switch and port number + switch = Switch.objects.filter(switch_interface=Interface.objects.filter(ipv4=IpList.objects.filter(ipv4=switch_ip))) + if switch: + sw_name = str(switch[0].switch_interface) + port = Port.objects.filter(switch=switch[0], port=port_number) + if port: + port = port[0] + if port.radius == 'NO': + # Aucune authentification sur ce port + decision = (sw_name, "Pas d'authentification sur ce port", VLAN_OK) + elif port.radius == 'BLOQ': + # Prise désactivée + decision = (sw_name, 'Port desactive', VLAN_NOK) + elif port.radius == 'COMMON': + # Authentification par mac + interface = Interface.objects.filter(mac_address=mac_address) + if not interface: + decision = (sw_name, 'Mac not found', VLAN_NOK) + elif not interface[0].is_active(): + decision = (sw_name, 'Machine non active / adherent non cotisant', VLAN_NOK) + else: + decision = (sw_name, 'Machine OK', VLAN_OK) + elif port.radius == 'STRICT': + if port.room: + user = User.objects.filter(room=Room.objects.filter(name=port.room)) + if not user: + decision = (sw_name, 'Chambre non cotisante', VLAN_NOK) + elif not user[0].has_access(): + decision = (sw_name, 'Resident desactive', VLAN_NOK) + else: + # Verification de la mac + interface = Interface.objects.filter(mac_address=mac_address) + if not interface: + decision = (sw_name, 'Chambre Ok, but mac not found', VLAN_NOK) + elif not interface[0].is_active(): + decision = (sw_name, 'Chambre Ok, but machine non active / adherent non cotisant', VLAN_NOK) + else: + decision = (sw_name, 'Machine OK, Proprio OK', VLAN_OK) + else: + decision = (sw_name, 'Chambre inconnue', VLAN_NOK) + else: + decision = (sw_name, 'VLAN forced', int(port.radius)) + else: + decision = (sw_name, 'port not found!', VLAN_OK) else: - return (sw_name, 'Machine OK', VLAN_OK) - - # On gere bien tous les autres états possibles, il ne reste que le VLAN en dur - return (sw_name, 'VLAN impose', int(port.radius)) - + decision = ('?', 'switch not found!', VLAN_OK) + return decision if __name__ == '__main__': parser = argparse.ArgumentParser(description='Decide radius vlan attribution')