rezometz/re2o
8
0
Fork 0
mirror of https://gitlab2.federez.net/re2o/re2o synced 2024-11-22 11:23:10 +00:00
Code Issues Releases Wiki Activity

Add Radius Attributes

Browse source
This commit is contained in:
Hugo Levy-Falk 2019-09-09 17:04:30 +02:00 committed by chirac
parent 3bb010b9b8
commit ff058e0cca
8 changed files with 345 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

33
preferences/forms.py
View file

@ -44,7 +44,8 @@ from .models import (
SwitchManagementCred, SwitchManagementCred,
RadiusOption, RadiusOption,
CotisationsOption, CotisationsOption,
DocumentTemplate DocumentTemplate,
RadiusAttribute
) )
from topologie.models import Switch from topologie.models import Switch
@ -411,3 +412,33 @@ class DelDocumentTemplateForm(FormRevMixin, Form):
self.fields['document_templates'].queryset = instances self.fields['document_templates'].queryset = instances
else: else:
self.fields['document_templates'].queryset = Banque.objects.all() self.fields['document_templates'].queryset = Banque.objects.all()
class RadiusAttributeForm(ModelForm):
"""Edit and add RADIUS attributes."""
class Meta:
model = RadiusAttribute
fields = '__all__'
def __init__(self, *args, **kwargs):
prefix = kwargs.pop('prefix', self.Meta.model.__name__)
super(RadiusAttributeForm, self).__init__(*args, prefix=prefix, **kwargs)
class DelRadiusAttributeForm(Form):
"""Delete RADIUS attributes"""
attributes = forms.ModelMultipleChoiceField(
queryset=RadiusAttribute.objects.none(),
label=_("Current attributes"),
widget=forms.CheckboxSelectMultiple
)
def __init__(self, *args, **kwargs):
instances = kwargs.pop('instances', None)
super(DelServiceForm, self).__init__(*args, **kwargs)
if instances:
self.fields['attributes'].queryset = instances
else:
self.fields['attributes'].queryset = Attributes.objects.all()

61
preferences/migrations/0062_radius_attributes.py Normal file
View file

@ -0,0 +1,61 @@
# -*- coding: utf-8 -*-
# Generated by Django 1.11.23 on 2019-09-09 14:13
from __future__ import unicode_literals
from django.db import migrations, models
import re2o.mixins
class Migration(migrations.Migration):
dependencies = [
('preferences', '0061_optionaluser_allow_archived_connexion'),
]
operations = [
migrations.CreateModel(
name='RadiusAttribute',
fields=[
('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
('attribute', models.CharField(help_text='See http://freeradius.org/rfc/attributes.html', max_length=255, verbose_name='Attribute')),
('operator', models.CharField(choices=[('=', '='), (':=', ':='), ('==', '=='), ('+=', '+='), ('!=', '!='), ('>', '>'), ('>=', '>='), ('<', '<'), ('<=', '<='), ('=~', '=~'), ('!~', '!~'), ('=*', '=*'), ('!*', '!*')], default=':=', help_text='See https://wiki.freeradius.org/config/Operators', max_length=2, verbose_name='Operator')),
('value', models.CharField(max_length=255, verbose_name='Value')),
('comment', models.TextField(blank=True, default='', help_text='Use this field to document this attribute.', verbose_name='Comment')),
],
options={
'verbose_name': 'RADIUS attribute',
'verbose_name_plural': 'RADIUS attributes',
},
bases=(re2o.mixins.RevMixin, re2o.mixins.AclMixin, models.Model),
),
migrations.AddField(
model_name='radiusoption',
name='banned_attributes',
field=models.ManyToManyField(blank=True, help_text='Answer attributes for banned users.', related_name='banned_attribute', to='preferences.RadiusAttribute', verbose_name='Banned attributes.'),
),
migrations.AddField(
model_name='radiusoption',
name='non_member_attributes',
field=models.ManyToManyField(blank=True, help_text='Answer attributes for non members.', related_name='non_member_attribute', to='preferences.RadiusAttribute', verbose_name='Non member attributes.'),
),
migrations.AddField(
model_name='radiusoption',
name='ok_attributes',
field=models.ManyToManyField(blank=True, help_text='Answer attributes for accepted users.', related_name='ok_attribute', to='preferences.RadiusAttribute', verbose_name='Accepted users attributes.'),
),
migrations.AddField(
model_name='radiusoption',
name='unknown_machine_attributes',
field=models.ManyToManyField(blank=True, help_text='Answer attributes for unknown machines.', related_name='unknown_machine_attribute', to='preferences.RadiusAttribute', verbose_name='Unknown machines attributes.'),
),
migrations.AddField(
model_name='radiusoption',
name='unknown_port_attributes',
field=models.ManyToManyField(blank=True, help_text='Answer attributes for unknown ports.', related_name='unknown_port_attribute', to='preferences.RadiusAttribute', verbose_name='Unknown ports attributes.'),
),
migrations.AddField(
model_name='radiusoption',
name='unknown_room_attributes',
field=models.ManyToManyField(blank=True, help_text='Answer attributes for unknown rooms.', related_name='unknown_room_attribute', to='preferences.RadiusAttribute', verbose_name='Unknown rooms attributes.'),
),
]

89
preferences/models.py
View file

@ -591,6 +591,53 @@ class MailMessageOption(AclMixin, models.Model):
verbose_name = _("email message options") verbose_name = _("email message options")
class RadiusAttribute(RevMixin, AclMixin, models.Model):
class Meta:
verbose_name = _("RADIUS attribute")
verbose_name_plural = _("RADIUS attributes")
CHOICE_OPERATOR = (
('=' , '=' ),
(':=', ':='),
('==', '=='),
('+=', '+='),
('!=', '!='),
('>' , '>' ),
('>=', '>='),
('<' , '<' ),
('<=', '<='),
('=~', '=~'),
('!~', '!~'),
('=*', '=*'),
('!*', '!*')
)
attribute = models.CharField(
max_length=255,
verbose_name=_("Attribute"),
help_text=_("See http://freeradius.org/rfc/attributes.html"),
)
operator = models.CharField(
max_length=2,
verbose_name=_("Operator"),
help_text=_("See https://wiki.freeradius.org/config/Operators"),
choices=CHOICE_OPERATOR,
default=':='
)
value = models.CharField(
max_length=255,
verbose_name=_("Value")
)
comment = models.TextField(
verbose_name=_("Comment"),
help_text=_("Use this field to document this attribute."),
blank=True,
default=""
)
def __str__(self):
return ' '.join([self.attribute, self.operator, self.value])
class RadiusOption(AclMixin, PreferencesModel): class RadiusOption(AclMixin, PreferencesModel):
class Meta: class Meta:
verbose_name = _("RADIUS policy") verbose_name = _("RADIUS policy")
@ -628,6 +675,13 @@ class RadiusOption(AclMixin, PreferencesModel):
verbose_name=_("Unknown machines VLAN"), verbose_name=_("Unknown machines VLAN"),
help_text=_("VLAN for unknown machines if not rejected") help_text=_("VLAN for unknown machines if not rejected")
) )
unknown_machine_attributes = models.ManyToManyField(
RadiusAttribute,
related_name='unknown_machine_attribute',
blank=True,
verbose_name=_("Unknown machines attributes."),
help_text=_("Answer attributes for unknown machines."),
)
unknown_port = models.CharField( unknown_port = models.CharField(
max_length=32, max_length=32,
choices=CHOICE_POLICY, choices=CHOICE_POLICY,
@ -643,6 +697,13 @@ class RadiusOption(AclMixin, PreferencesModel):
verbose_name=_("Unknown ports VLAN"), verbose_name=_("Unknown ports VLAN"),
help_text=_("VLAN for unknown ports if not rejected") help_text=_("VLAN for unknown ports if not rejected")
) )
unknown_port_attributes = models.ManyToManyField(
RadiusAttribute,
related_name='unknown_port_attribute',
blank=True,
verbose_name=_("Unknown ports attributes."),
help_text=_("Answer attributes for unknown ports."),
)
unknown_room = models.CharField( unknown_room = models.CharField(
max_length=32, max_length=32,
choices=CHOICE_POLICY, choices=CHOICE_POLICY,
@ -659,6 +720,13 @@ class RadiusOption(AclMixin, PreferencesModel):
verbose_name=_("Unknown rooms VLAN"), verbose_name=_("Unknown rooms VLAN"),
help_text=_("VLAN for unknown rooms if not rejected") help_text=_("VLAN for unknown rooms if not rejected")
) )
unknown_room_attributes = models.ManyToManyField(
RadiusAttribute,
related_name='unknown_room_attribute',
blank=True,
verbose_name=_("Unknown rooms attributes."),
help_text=_("Answer attributes for unknown rooms."),
)
non_member = models.CharField( non_member = models.CharField(
max_length=32, max_length=32,
choices=CHOICE_POLICY, choices=CHOICE_POLICY,
@ -674,6 +742,13 @@ class RadiusOption(AclMixin, PreferencesModel):
verbose_name=_("Non members VLAN"), verbose_name=_("Non members VLAN"),
help_text=_("VLAN for non members if not rejected") help_text=_("VLAN for non members if not rejected")
) )
non_member_attributes = models.ManyToManyField(
RadiusAttribute,
related_name='non_member_attribute',
blank=True,
verbose_name=_("Non member attributes."),
help_text=_("Answer attributes for non members."),
)
banned = models.CharField( banned = models.CharField(
max_length=32, max_length=32,
choices=CHOICE_POLICY, choices=CHOICE_POLICY,
@ -689,6 +764,13 @@ class RadiusOption(AclMixin, PreferencesModel):
verbose_name=_("Banned users VLAN"), verbose_name=_("Banned users VLAN"),
help_text=_("VLAN for banned users if not rejected") help_text=_("VLAN for banned users if not rejected")
) )
banned_attributes = models.ManyToManyField(
RadiusAttribute,
related_name='banned_attribute',
blank=True,
verbose_name=_("Banned attributes."),
help_text=_("Answer attributes for banned users."),
)
vlan_decision_ok = models.OneToOneField( vlan_decision_ok = models.OneToOneField(
'machines.Vlan', 'machines.Vlan',
on_delete=models.PROTECT, on_delete=models.PROTECT,
@ -696,6 +778,13 @@ class RadiusOption(AclMixin, PreferencesModel):
blank=True, blank=True,
null=True null=True
) )
ok_attributes = models.ManyToManyField(
RadiusAttribute,
related_name='ok_attribute',
blank=True,
verbose_name=_("Accepted users attributes."),
help_text=_("Answer attributes for accepted users."),
)
def default_invoice(): def default_invoice():

50
preferences/templates/preferences/aff_radiusattributes.html Normal file
View file

@ -0,0 +1,50 @@
{% comment %}
Re2o est un logiciel d'administration développé initiallement au rezometz. Il
se veut agnostique au réseau considéré, de manière à être installable en
quelques clics.
Copyright © 2018 Hugo Levy-Falk
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License along
with this program; if not, write to the Free Software Foundation, Inc.,
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
{% endcomment %}
{% load i18n %}
{% load acl %}
{% load logs_extra %}
<table class="table table-striped">
<thead>
<tr>
<th>{% trans "Attribute" %}</th>
<th>{% trans "Comment" %}</th>
<th></th>
</tr>
</thead>
{% for attribute in radius_attributes %}
<tr>
<td>{{ attribute }}</td>
<td>{{ attribute.comment }}</td>
<td class="text-right">
{% can_edit attribute%}
{% include 'buttons/edit.html' with href='preferences:edit-radiusattribute' id=attribute.id %}
{% acl_end %}
{% can_delete attribute %}
{% include 'buttons/suppr.html' with href='preferences:del-radiusattribute' id=attribute.id %}
{% acl_end %}
{% history_button attribute %}
</td>
</tr>
{% endfor %}
</table>

45
preferences/templates/preferences/aff_radiusoptions.html
View file

@ -32,6 +32,13 @@ with this program; if not, write to the Free Software Foundation, Inc.,
<tr> <tr>
<th>{% trans "VLAN for machines accepted by RADIUS" %}</th> <th>{% trans "VLAN for machines accepted by RADIUS" %}</th>
<td><span class="label label-success">{% blocktrans with vlan_decision_ok=radiusoptions.vlan_decision_ok %}VLAN {{ vlan_decision_ok }}{% endblocktrans %}</span></td> <td><span class="label label-success">{% blocktrans with vlan_decision_ok=radiusoptions.vlan_decision_ok %}VLAN {{ vlan_decision_ok }}{% endblocktrans %}</span></td>
<td>{% trans "Attributes" %}
<ul>
{% for attribute in radiusoptions.ok_attributes.all %}
<li>{{attribute}}</li>
{% endfor %}
</ul>
</td>
</tr> </tr>
</table> </table>
<hr/> <hr/>
@ -40,6 +47,7 @@ with this program; if not, write to the Free Software Foundation, Inc.,
<tr> <tr>
<th>{% trans "Situation" %}</th> <th>{% trans "Situation" %}</th>
<th>{% trans "Behaviour" %}</th> <th>{% trans "Behaviour" %}</th>
<th>{% trans "Attributes" %}</th>
</tr> </tr>
</thead> </thead>
<tr> <tr>
@ -51,6 +59,13 @@ with this program; if not, write to the Free Software Foundation, Inc.,
<span class="label label-success">{% blocktrans with unknown_machine_vlan=radiusoptions.unknown_machine_vlan %}VLAN {{ unknown_machine_vlan }}{% endblocktrans %}</span> <span class="label label-success">{% blocktrans with unknown_machine_vlan=radiusoptions.unknown_machine_vlan %}VLAN {{ unknown_machine_vlan }}{% endblocktrans %}</span>
{% endif %} {% endif %}
</td> </td>
<td>
<ul>
{% for attribute in radiusoptions.unknown_machine_attributes.all %}
<li>{{attribute}}</li>
{% endfor %}
</ul>
</td>
</tr> </tr>
<tr> <tr>
<th>{% trans "Unknown port" %}</th> <th>{% trans "Unknown port" %}</th>
@ -61,6 +76,13 @@ with this program; if not, write to the Free Software Foundation, Inc.,
<span class="label label-success">{% blocktrans with unknown_port_vlan=radiusoptions.unknown_port_vlan %}VLAN {{ unknown_port_vlan }}{% endblocktrans %}</span> <span class="label label-success">{% blocktrans with unknown_port_vlan=radiusoptions.unknown_port_vlan %}VLAN {{ unknown_port_vlan }}{% endblocktrans %}</span>
{% endif %} {% endif %}
</td> </td>
<td>
<ul>
{% for attribute in radiusoptions.unknown_port_attributes.all %}
<li>{{attribute}}</li>
{% endfor %}
</ul>
</td>
</tr> </tr>
<tr> <tr>
<th>{% trans "Unknown room" %}</th> <th>{% trans "Unknown room" %}</th>
@ -71,6 +93,13 @@ with this program; if not, write to the Free Software Foundation, Inc.,
<span class="label label-success">{% blocktrans with unknown_room_vlan=radiusoptions.unknown_room_vlan %}VLAN {{ unknown_room_vlan }}{% endblocktrans %}</span> <span class="label label-success">{% blocktrans with unknown_room_vlan=radiusoptions.unknown_room_vlan %}VLAN {{ unknown_room_vlan }}{% endblocktrans %}</span>
{% endif %} {% endif %}
</td> </td>
<td>
<ul>
{% for attribute in radiusoptions.unknown_room_attributes.all %}
<li>{{attribute}}</li>
{% endfor %}
</ul>
</td>
</tr> </tr>
<tr> <tr>
<th>{% trans "Non member" %}</th> <th>{% trans "Non member" %}</th>
@ -81,16 +110,30 @@ with this program; if not, write to the Free Software Foundation, Inc.,
<span class="label label-success">{% blocktrans with non_member_vlan=radiusoptions.non_member_vlan %}VLAN {{ non_member_vlan }}{% endblocktrans %}</span> <span class="label label-success">{% blocktrans with non_member_vlan=radiusoptions.non_member_vlan %}VLAN {{ non_member_vlan }}{% endblocktrans %}</span>
{% endif %} {% endif %}
</td> </td>
<td>
<ul>
{% for attribute in radiusoptions.non_member_attributes.all %}
<li>{{attribute}}</li>
{% endfor %}
</ul>
</td>
</tr> </tr>
<tr> <tr>
<th>{% trans "Banned user" %}</th> <th>{% trans "Banned user" %}</th>
<td> <td>
{% if radiusoptions.unknown_port == 'REJECT' %} {% if radiusoptions.banned == 'REJECT' %}
<span class="label label-danger">{% trans "Reject" %}</span> <span class="label label-danger">{% trans "Reject" %}</span>
{% else %} {% else %}
<span class="label label-success">{% blocktrans with banned_vlan=radiusoptions.banned_vlan %}VLAN {{ banned_vlan }}{% endblocktrans %}</span> <span class="label label-success">{% blocktrans with banned_vlan=radiusoptions.banned_vlan %}VLAN {{ banned_vlan }}{% endblocktrans %}</span>
{% endif %} {% endif %}
</td> </td>
<td>
<ul>
{% for attribute in radiusoptions.banned_attributes.all %}
<li>{{attribute}}</li>
{% endfor %}
</ul>
</td>
</tr> </tr>
</table> </table>

4
preferences/templates/preferences/display_preferences.html
View file

@ -298,11 +298,15 @@ with this program; if not, write to the Free Software Foundation, Inc.,
<h4 class="panel-title"><a><i class="fa fa-circle"></i> {% trans "RADIUS preferences" %}</h4></a> <h4 class="panel-title"><a><i class="fa fa-circle"></i> {% trans "RADIUS preferences" %}</h4></a>
</div> </div>
<div id="collapse_radius" class="panel-collapse panel-body collapse"> <div id="collapse_radius" class="panel-collapse panel-body collapse">
<h5>{% trans "RADIUS policies" %}</h5>
<a class="btn btn-primary btn-sm" role="button" href="{% url 'preferences:edit-options' 'RadiusOption' %}"> <a class="btn btn-primary btn-sm" role="button" href="{% url 'preferences:edit-options' 'RadiusOption' %}">
<i class="fa fa-edit"></i> <i class="fa fa-edit"></i>
{% trans "Edit" %} {% trans "Edit" %}
</a> </a>
{% include 'preferences/aff_radiusoptions.html' %} {% include 'preferences/aff_radiusoptions.html' %}
<h5>{% trans "Available RADIUS attributes"%}</h5>
<a class="btn btn-primary btn-sm" role="button" href="{% url 'preferences:add-radiusattribute' %}"><i class="fa fa-plus"></i>{% trans " Add an attribute" %}</a>
{% include 'preferences/aff_radiusattributes.html' %}
</div> </div>
</div> </div>

7
preferences/urls.py
View file

@ -126,5 +126,12 @@ urlpatterns = [
views.del_document_template, views.del_document_template,
name='del-document-template' name='del-document-template'
), ),
url(r'^add_radiusattribute/$', views.add_radiusattribute, name='add-radiusattribute'),
url(
r'^edit_radiusattribute/(?P<radiusattributeid>[0-9]+)$',
views.edit_radiusattribute,
name='edit-radiusattribute'
),
url(r'^del_radiusattribute/(?P<radiusattributeid>[0-9]+)$', views.del_radiusattribute, name='del-radiusattribute'),
url(r'^$', views.display_options, name='display-options'), url(r'^$', views.display_options, name='display-options'),
] ]

60
preferences/views.py
View file

@ -52,7 +52,9 @@ from .forms import (
RadiusKeyForm, RadiusKeyForm,
SwitchManagementCredForm, SwitchManagementCredForm,
DocumentTemplateForm, DocumentTemplateForm,
DelDocumentTemplateForm DelDocumentTemplateForm,
RadiusAttributeForm,
DelRadiusAttributeForm
) )
from .models import ( from .models import (
Service, Service,
@ -69,7 +71,8 @@ from .models import (
SwitchManagementCred, SwitchManagementCred,
RadiusOption, RadiusOption,
CotisationsOption, CotisationsOption,
DocumentTemplate DocumentTemplate,
RadiusAttribute
) )
from . import models from . import models
from . import forms from . import forms
@ -94,6 +97,7 @@ def display_options(request):
radiuskey_list = RadiusKey.objects.all() radiuskey_list = RadiusKey.objects.all()
switchmanagementcred_list = SwitchManagementCred.objects.all() switchmanagementcred_list = SwitchManagementCred.objects.all()
radiusoptions, _ = RadiusOption.objects.get_or_create() radiusoptions, _ = RadiusOption.objects.get_or_create()
radius_attributes = RadiusAttribute.objects.all()
cotisationsoptions, _created = CotisationsOption.objects.get_or_create() cotisationsoptions, _created = CotisationsOption.objects.get_or_create()
document_template_list = DocumentTemplate.objects.order_by('name') document_template_list = DocumentTemplate.objects.order_by('name')
@ -114,6 +118,7 @@ def display_options(request):
'radiuskey_list' : radiuskey_list, 'radiuskey_list' : radiuskey_list,
'switchmanagementcred_list': switchmanagementcred_list, 'switchmanagementcred_list': switchmanagementcred_list,
'radiusoptions' : radiusoptions, 'radiusoptions' : radiusoptions,
'radius_attributes' : radius_attributes,
'cotisationsoptions': cotisationsoptions, 'cotisationsoptions': cotisationsoptions,
'optionnal_templates_list': optionnal_templates_list, 'optionnal_templates_list': optionnal_templates_list,
'document_template_list': document_template_list, 'document_template_list': document_template_list,
@ -502,3 +507,54 @@ def del_document_template(request, instances):
'action_name': _("Delete"), 'action_name': _("Delete"),
'title': _("Delete document template") 'title': _("Delete document template")
}, 'preferences/preferences.html', request) }, 'preferences/preferences.html', request)
@login_required
@can_create(RadiusAttribute)
def add_radiusattribute(request):
"""Create a RADIUS attribute."""
attribute = RadiusAttributeForm(request.POST or None)
if attribute.is_valid():
attribute.save()
messages.success(request, _("The attribute was added."))
return redirect(reverse('preferences:display-options'))
return form(
{'preferenceform': attribute, 'action_name': _("Add a RADIUS attribute")},
'preferences/preferences.html',
request
)
@login_required
@can_edit(RadiusAttribute)
def edit_radiusattribute(request, radiusattribute_instance, **_kwargs):
"""Edit a RADIUS attribute."""
attribute = RadiusAttributeForm(
request.POST or None,
instance=radiusattribute_instance
)
if attribute.is_valid():
attribute.save()
messages.success(request, _("The attribute was edited."))
return redirect(reverse('preferences:display-options'))
return form(
{'preferenceform': attribute, 'action_name': _("Edit")},
'preferences/preferences.html',
request
)
@login_required
@can_delete(RadiusAttribute)
def del_radiusattribute(request, radiusattribute_instance, **_kwargs):
"""Delete a RADIUS attribute."""
if request.method == "POST":
radiusattribute_instance.delete()
messages.success(request, _("The attribute was deleted."))
return redirect(reverse('preferences:display-options'))
return form(
{'objet': radiusattribute_instance, 'objet_name': 'attribute'},
'preferences/delete.html',
request
)