From df5861424e27486df6da0ce1055b09212b50b2b9 Mon Sep 17 00:00:00 2001 From: Charlie Jacomme Date: Fri, 10 Aug 2018 16:45:17 +0200 Subject: [PATCH 1/2] radius, make python compatible, and add traceback --- machines/models.py | 14 +++---- users/models.py | 94 +++++++++++++++++++++++----------------------- 2 files changed, 55 insertions(+), 53 deletions(-) diff --git a/machines/models.py b/machines/models.py index 2e77f25c..1ede490e 100644 --- a/machines/models.py +++ b/machines/models.py @@ -1005,7 +1005,7 @@ class Interface(RevMixin, AclMixin, FieldPermissionModelMixin, models.Model): @cached_property def gen_ipv6_dhcpv6(self): """Cree une ip, à assigner avec dhcpv6 sur une machine""" - prefix_v6 = self.type.ip_type.prefix_v6 + prefix_v6 = self.type.ip_type.prefix_v6.encode().decode('utf-8') if not prefix_v6: return None return IPv6Address( @@ -1331,14 +1331,14 @@ class Ipv6List(RevMixin, AclMixin, FieldPermissionModelMixin, models.Model): def check_and_replace_prefix(self, prefix=None): """Si le prefixe v6 est incorrect, on maj l'ipv6""" - prefix_v6 = prefix or self.interface.type.ip_type.prefix_v6 + prefix_v6 = prefix or self.interface.type.ip_type.prefix_v6.encode().decode('utf-8') if not prefix_v6: return - if (IPv6Address(self.ipv6).exploded[:20] != + if (IPv6Address(self.ipv6.encode().decode('utf-8')).exploded[:20] != IPv6Address(prefix_v6).exploded[:20]): self.ipv6 = IPv6Address( IPv6Address(prefix_v6).exploded[:20] + - IPv6Address(self.ipv6).exploded[20:] + IPv6Address(self.ipv6.encode().decode('utf-8')).exploded[20:] ) self.save() @@ -1347,9 +1347,9 @@ class Ipv6List(RevMixin, AclMixin, FieldPermissionModelMixin, models.Model): .filter(interface=self.interface, slaac_ip=True) .exclude(id=self.id)): raise ValidationError("Une ip slaac est déjà enregistrée") - prefix_v6 = self.interface.type.ip_type.prefix_v6 + prefix_v6 = self.interface.type.ip_type.prefix_v6.encode().decode('utf-8') if prefix_v6: - if (IPv6Address(self.ipv6).exploded[:20] != + if (IPv6Address(self.ipv6.encode().decode('utf-8')).exploded[:20] != IPv6Address(prefix_v6).exploded[:20]): raise ValidationError( "Le prefixv6 est incorrect et ne correspond pas au type " @@ -1850,7 +1850,7 @@ def machine_post_save(**kwargs): """Synchronisation ldap et régen parefeu/dhcp lors de la modification d'une machine""" user = kwargs['instance'].user - user.ldap_sync(base=False, access_refresh=False, mac_refresh=True) + #user.ldap_sync(base=False, access_refresh=False, mac_refresh=True) regen('dhcp') regen('mac_ip_list') diff --git a/users/models.py b/users/models.py index 73982b49..66bff7c6 100755 --- a/users/models.py +++ b/users/models.py @@ -48,6 +48,7 @@ from __future__ import unicode_literals import re import uuid import datetime +import sys from django.db import models from django.db.models import Q @@ -67,7 +68,7 @@ from django.contrib.auth.models import ( Group ) from django.core.validators import RegexValidator - +import traceback from reversion import revisions as reversion import ldapdb.models @@ -539,51 +540,52 @@ class User(RevMixin, FieldPermissionModelMixin, AbstractBaseUser, mac_refresh : synchronise les machines de l'user group_refresh : synchronise les group de l'user Si l'instance n'existe pas, on crée le ldapuser correspondant""" - self.refresh_from_db() - try: - user_ldap = LdapUser.objects.get(uidNumber=self.uid_number) - except LdapUser.DoesNotExist: - user_ldap = LdapUser(uidNumber=self.uid_number) - base = True - access_refresh = True - mac_refresh = True - if base: - user_ldap.name = self.pseudo - user_ldap.sn = self.pseudo - user_ldap.dialupAccess = str(self.has_access()) - user_ldap.home_directory = '/home/' + self.pseudo - user_ldap.mail = self.get_mail - user_ldap.given_name = self.surname.lower() + '_'\ - + self.name.lower()[:3] - user_ldap.gid = LDAP['user_gid'] - if '{SSHA}' in self.password or '{SMD5}' in self.password: - # We remove the extra $ added at import from ldap - user_ldap.user_password = self.password[:6] + self.password[7:] - elif '{crypt}' in self.password: - # depending on the length, we need to remove or not a $ - if len(self.password)==41: - user_ldap.user_password = self.password - else: - user_ldap.user_password = self.password[:7] + self.password[8:] + if sys.version_info[0] >= 3: + self.refresh_from_db() + try: + user_ldap = LdapUser.objects.get(uidNumber=self.uid_number) + except LdapUser.DoesNotExist: + user_ldap = LdapUser(uidNumber=self.uid_number) + base = True + access_refresh = True + mac_refresh = True + if base: + user_ldap.name = self.pseudo + user_ldap.sn = self.pseudo + user_ldap.dialupAccess = str(self.has_access()) + user_ldap.home_directory = '/home/' + self.pseudo + user_ldap.mail = self.get_mail + user_ldap.given_name = self.surname.lower() + '_'\ + + self.name.lower()[:3] + user_ldap.gid = LDAP['user_gid'] + if '{SSHA}' in self.password or '{SMD5}' in self.password: + # We remove the extra $ added at import from ldap + user_ldap.user_password = self.password[:6] + self.password[7:] + elif '{crypt}' in self.password: + # depending on the length, we need to remove or not a $ + if len(self.password)==41: + user_ldap.user_password = self.password + else: + user_ldap.user_password = self.password[:7] + self.password[8:] - user_ldap.sambat_nt_password = self.pwd_ntlm.upper() - if self.get_shell: - user_ldap.login_shell = str(self.get_shell) - user_ldap.shadowexpire = self.get_shadow_expire - if access_refresh: - user_ldap.dialupAccess = str(self.has_access()) - if mac_refresh: - user_ldap.macs = [str(mac) for mac in Interface.objects.filter( - machine__user=self - ).values_list('mac_address', flat=True).distinct()] - if group_refresh: - # Need to refresh all groups because we don't know which groups - # were updated during edition of groups and the user may no longer - # be part of the updated group (case of group removal) - for group in Group.objects.all(): - if hasattr(group, 'listright'): - group.listright.ldap_sync() - user_ldap.save() + user_ldap.sambat_nt_password = self.pwd_ntlm.upper() + if self.get_shell: + user_ldap.login_shell = str(self.get_shell) + user_ldap.shadowexpire = self.get_shadow_expire + if access_refresh: + user_ldap.dialupAccess = str(self.has_access()) + if mac_refresh: + user_ldap.macs = [str(mac) for mac in Interface.objects.filter( + machine__user=self + ).values_list('mac_address', flat=True).distinct()] + if group_refresh: + # Need to refresh all groups because we don't know which groups + # were updated during edition of groups and the user may no longer + # be part of the updated group (case of group removal) + for group in Group.objects.all(): + if hasattr(group, 'listright'): + group.listright.ldap_sync() + user_ldap.save() def ldap_del(self): """ Supprime la version ldap de l'user""" @@ -679,7 +681,7 @@ class User(RevMixin, FieldPermissionModelMixin, AbstractBaseUser, domain.save() self.notif_auto_newmachine(interface_cible) except Exception as error: - return False, error + return False, traceback.format_exc() return interface_cible, "Ok" def notif_auto_newmachine(self, interface): From 0409031c402e5c7d541e3abf64f4ecb1baf087fe Mon Sep 17 00:00:00 2001 From: Gabriel Le Bouder Date: Fri, 10 Aug 2018 20:22:03 +0200 Subject: [PATCH 2/2] removing spurius comment line --- machines/models.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/machines/models.py b/machines/models.py index 1ede490e..f201f667 100644 --- a/machines/models.py +++ b/machines/models.py @@ -1850,7 +1850,7 @@ def machine_post_save(**kwargs): """Synchronisation ldap et régen parefeu/dhcp lors de la modification d'une machine""" user = kwargs['instance'].user - #user.ldap_sync(base=False, access_refresh=False, mac_refresh=True) + user.ldap_sync(base=False, access_refresh=False, mac_refresh=True) regen('dhcp') regen('mac_ip_list')