rezometz
/
re2o
mirror of https://gitlab.federez.net/re2o/re2o
8
0
Fork 0
Code Issues Releases Wiki Activity
Browse Source

Merge branch 'switch_conf_json' into crans

design-preferences
Gabriel Detraz 8 years ago
parent
e42b8f9be0 a07e0d922a
commit
115c91caad
21 changed files with 728 additions and 38 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 52
      freeradius_utils/auth.py
  2. 1
      re2o/templatetags/acl.py
  3. 1
      re2o/views.py
  4. 4
      search/views.py
  5. 7
      topologie/admin.py
  6. 23
      topologie/forms.py
  7. 44
      topologie/migrations/0061_portprofile.py
  8. 25
      topologie/migrations/0062_auto_20180627_0123.py
  9. 21
      topologie/migrations/0063_port_custom_profil.py
  10. 53
      topologie/migrations/0064_createprofil.py
  11. 23
      topologie/migrations/0065_auto_20180630_1703.py
  12. 25
      topologie/migrations/0066_auto_20180630_1855.py
  13. 75
      topologie/migrations/0067_auto_20180701_0016.py
  14. 176
      topologie/models.py
  15. 14
      topologie/templates/topologie/aff_port.html
  16. 85
      topologie/templates/topologie/aff_port_profile.html
  17. 1
      topologie/templates/topologie/index.html
  18. 43
      topologie/templates/topologie/index_portprofile.html
  19. 6
      topologie/templates/topologie/sidebar.html
  20. 12
      topologie/urls.py
  21. 75
      topologie/views.py

52
freeradius_utils/auth.py
View File

@ -355,27 +355,47 @@ def decide_vlan_and_register_switch(nas_machine, nas_type, port_number,
port=port_number
)
.first())
# Si le port est inconnu, on place sur le vlan defaut
# Aucune information particulière ne permet de déterminer quelle
# politique à appliquer sur ce port
if not port:
return (sw_name, "Chambre inconnue", u'Port inconnu', VLAN_OK)
# Si un vlan a été précisé, on l'utilise pour VLAN_OK
if port.vlan_force:
DECISION_VLAN = int(port.vlan_force.vlan_id)
# On récupère le profil du port
port_profil = port.get_port_profil
# Si un vlan a été précisé dans la config du port,
# on l'utilise pour VLAN_OK
if port_profil.vlan_untagged:
DECISION_VLAN = int(port_profil.vlan_untagged.vlan_id)
extra_log = u"Force sur vlan " + str(DECISION_VLAN)
else:
DECISION_VLAN = VLAN_OK
if port.radius == 'NO':
# Si le port est désactivé, on rejette sur le vlan de déconnexion
if not port.state:
return (sw_name, port.room, u'Port desactivé', VLAN_NOK)
# Si radius est désactivé, on laisse passer
if port_profil.radius_type == 'NO':
return (sw_name,
"",
u"Pas d'authentification sur ce port" + extra_log,
DECISION_VLAN)
if port.radius == 'BLOQ':
return (sw_name, port.room, u'Port desactive', VLAN_NOK)
if port.radius == 'STRICT':
# Si le 802.1X est activé sur ce port, cela veut dire que la personne a été accept précédemment
# Par conséquent, on laisse passer sur le bon vlan
if nas_type.port_access_mode == '802.1X' and port_profil.radius_type == '802.1X':
room = port.room or "Chambre/local inconnu"
return (sw_name, room, u'Acceptation authentification 802.1X', DECISION_VLAN)
# Sinon, cela veut dire qu'on fait de l'auth radius par mac
# Si le port est en mode strict, on vérifie que tous les users
# rattachés à ce port sont bien à jour de cotisation. Sinon on rejette (anti squattage)
# Il n'est pas possible de se connecter sur une prise strict sans adhérent à jour de cotis
# dedans
if port_profil.radius_mode == 'STRICT':
room = port.room
if not room:
return (sw_name, "Inconnue", u'Chambre inconnue', VLAN_NOK)
@ -390,7 +410,8 @@ def decide_vlan_and_register_switch(nas_machine, nas_type, port_number,
return (sw_name, room, u'Chambre resident desactive', VLAN_NOK)
# else: user OK, on passe à la verif MAC
if port.radius == 'COMMON' or port.radius == 'STRICT':
# Si on fait de l'auth par mac, on cherche l'interface via sa mac dans la bdd
if port_profil.radius_mode == 'COMMON' or port_profil.radius_mode == 'STRICT':
# Authentification par mac
interface = (Interface.objects
.filter(mac_address=mac_address)
@ -399,15 +420,19 @@ def decide_vlan_and_register_switch(nas_machine, nas_type, port_number,
.first())
if not interface:
room = port.room
# On essaye de register la mac
# On essaye de register la mac, si l'autocapture a été activée
# Sinon on rejette sur vlan_nok
if not nas_type.autocapture_mac:
return (sw_name, "", u'Machine inconnue', VLAN_NOK)
# On ne peut autocapturer que si on connait la chambre et donc l'user correspondant
elif not room:
return (sw_name,
"Inconnue",
u'Chambre et machine inconnues',
VLAN_NOK)
else:
# Si la chambre est vide (local club, prises en libre services)
# Impossible d'autocapturer
if not room_user:
room_user = User.objects.filter(
Q(club__room=port.room) | Q(adherent__room=port.room)
@ -418,6 +443,8 @@ def decide_vlan_and_register_switch(nas_machine, nas_type, port_number,
u'Machine et propriétaire de la chambre '
'inconnus',
VLAN_NOK)
# Si il y a plus d'un user dans la chambre, impossible de savoir à qui
# Ajouter la machine
elif room_user.count() > 1:
return (sw_name,
room,
@ -425,11 +452,13 @@ def decide_vlan_and_register_switch(nas_machine, nas_type, port_number,
'dans la chambre/local -> ajout de mac '
'automatique impossible',
VLAN_NOK)
# Si l'adhérent de la chambre n'est pas à jour de cotis, pas d'autocapture
elif not room_user.first().has_access():
return (sw_name,
room,
u'Machine inconnue et adhérent non cotisant',
VLAN_NOK)
# Sinon on capture et on laisse passer sur le bon vlan
else:
result, reason = (room_user
.first()
@ -449,6 +478,9 @@ def decide_vlan_and_register_switch(nas_machine, nas_type, port_number,
reason + str(mac_address)
),
VLAN_NOK)
# L'interface a été trouvée, on vérifie qu'elle est active, sinon on reject
# Si elle n'a pas d'ipv4, on lui en met une
# Enfin on laisse passer sur le vlan pertinent
else:
room = port.room
if not interface.is_active:

1
re2o/templatetags/acl.py
View File

@ -134,6 +134,7 @@ MODEL_NAME = {
'Room': topologie.models.Room,
'Building': topologie.models.Building,
'SwitchBay': topologie.models.SwitchBay,
'PortProfile': topologie.models.PortProfile,
# users
'User': users.models.User,
'MailAlias': users.models.MailAlias,

1
re2o/views.py
View File

@ -114,6 +114,7 @@ HISTORY_BIND = {
'accesspoint': topologie.models.AccessPoint,
'switchbay': topologie.models.SwitchBay,
'building': topologie.models.Building,
'portprofile': topologie.models.PortProfile,
},
'machines': {
'machine': machines.models.Machine,

4
search/views.py
View File

@ -262,9 +262,9 @@ def search_single_word(word, filters, user,
) | Q(
related__switch__interface__domain__name__icontains=word
) | Q(
radius__icontains=word
custom_profile__name__icontains=word
) | Q(
vlan_force__name__icontains=word
custom_profile__profil_default__icontains=word
) | Q(
details__icontains=word
)

7
topologie/admin.py
View File

@ -38,7 +38,8 @@ from .models import (
ConstructorSwitch,
AccessPoint,
SwitchBay,
Building
Building,
PortProfile,
)
@ -86,6 +87,9 @@ class BuildingAdmin(VersionAdmin):
"""Administration d'un batiment"""
pass
class PortProfileAdmin(VersionAdmin):
"""Administration of a port profile"""
pass
admin.site.register(Port, PortAdmin)
admin.site.register(AccessPoint, AccessPointAdmin)
@ -96,3 +100,4 @@ admin.site.register(ModelSwitch, ModelSwitchAdmin)
admin.site.register(ConstructorSwitch, ConstructorSwitchAdmin)
admin.site.register(Building, BuildingAdmin)
admin.site.register(SwitchBay, SwitchBayAdmin)
admin.site.register(PortProfile, PortProfileAdmin)

23
topologie/forms.py
View File

@ -35,6 +35,7 @@ from __future__ import unicode_literals
from django import forms
from django.forms import ModelForm
from django.db.models import Prefetch
from django.utils.translation import ugettext_lazy as _
from machines.models import Interface
from machines.forms import (
@ -53,6 +54,7 @@ from .models import (
AccessPoint,
SwitchBay,
Building,
PortProfile,
)
@ -78,8 +80,8 @@ class EditPortForm(FormRevMixin, ModelForm):
optimiser le temps de chargement avec select_related (vraiment
lent sans)"""
class Meta(PortForm.Meta):
fields = ['room', 'related', 'machine_interface', 'radius',
'vlan_force', 'details']
fields = ['room', 'related', 'machine_interface', 'custom_profile',
'state', 'details']
def __init__(self, *args, **kwargs):
prefix = kwargs.pop('prefix', self.Meta.model.__name__)
@ -107,8 +109,8 @@ class AddPortForm(FormRevMixin, ModelForm):
'room',
'machine_interface',
'related',
'radius',
'vlan_force',
'custom_profile',
'state',
'details'
]
@ -262,3 +264,16 @@ class EditBuildingForm(FormRevMixin, ModelForm):
def __init__(self, *args, **kwargs):
prefix = kwargs.pop('prefix', self.Meta.model.__name__)
super(EditBuildingForm, self).__init__(*args, prefix=prefix, **kwargs)
class EditPortProfileForm(FormRevMixin, ModelForm):
"""Form to edit a port profile"""
class Meta:
model = PortProfile
fields = '__all__'
def __init__(self, *args, **kwargs):
prefix = kwargs.pop('prefix', self.Meta.model.__name__)
super(EditPortProfileForm, self).__init__(*args,
prefix=prefix,
**kwargs)

44
topologie/migrations/0061_portprofile.py
View File

@ -0,0 +1,44 @@
# -*- coding: utf-8 -*-
# Generated by Django 1.10.7 on 2018-06-26 16:37
from __future__ import unicode_literals
from django.db import migrations, models
import django.db.models.deletion
import re2o.mixins
class Migration(migrations.Migration):
dependencies = [
('machines', '0082_auto_20180525_2209'),
('topologie', '0060_server'),
]
operations = [
migrations.CreateModel(
name='PortProfile',
fields=[
('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
('name', models.CharField(max_length=255, verbose_name='Name')),
('profil_default', models.CharField(blank=True, choices=[('room', 'room'), ('nothing', 'nothing'), ('accespoint', 'accesspoint'), ('uplink', 'uplink'), ('asso_machine', 'asso_machine')], max_length=32, null=True, unique=True, verbose_name='profil default')),
('radius_type', models.CharField(choices=[('NO', 'NO'), ('802.1X', '802.1X'), ('MAC-radius', 'MAC-radius')], max_length=32, verbose_name='RADIUS type')),
('radius_mode', models.CharField(choices=[('STRICT', 'STRICT'), ('COMMON', 'COMMON')], default='COMMON', max_length=32, verbose_name='RADIUS mode')),
('speed', models.CharField(choices=[('10-half', '10-half'), ('100-half', '100-half'), ('10-full', '10-full'), ('100-full', '100-full'), ('1000-full', '1000-full'), ('auto', 'auto'), ('auto-10', 'auto-10'), ('auto-100', 'auto-100')], default='auto', help_text='Mode de transmission et vitesse du port', max_length=32, verbose_name='Speed')),
('mac_limit', models.IntegerField(blank=True, help_text='Limit du nombre de mac sur le port', null=True, verbose_name='Mac limit')),
('flow_control', models.BooleanField(default=False, help_text='Gestion des débits', verbose_name='Flow control')),
('dhcp_snooping', models.BooleanField(default=False, help_text='Protection dhcp pirate', verbose_name='Dhcp snooping')),
('dhcpv6_snooping', models.BooleanField(default=False, help_text='Protection dhcpv6 pirate', verbose_name='Dhcpv6 snooping')),
('arp_protect', models.BooleanField(default=False, help_text="Verification assignation de l'IP par dhcp", verbose_name='Arp protect')),
('ra_guard', models.BooleanField(default=False, help_text='Protection contre ra pirate', verbose_name='Ra guard')),
('loop_protect', models.BooleanField(default=False, help_text='Protection contre les boucles', verbose_name='Loop Protect')),
('vlan_tagged', models.ManyToManyField(blank=True, related_name='vlan_tagged', to='machines.Vlan', verbose_name='VLAN(s) tagged')),
('vlan_untagged', models.ForeignKey(blank=True, null=True, on_delete=django.db.models.deletion.SET_NULL, related_name='vlan_untagged', to='machines.Vlan', verbose_name='VLAN untagged')),
],
options={
'verbose_name': 'Port profile',
'permissions': (('view_port_profile', 'Can view a port profile object'),),
'verbose_name_plural': 'Port profiles',
},
bases=(re2o.mixins.AclMixin, re2o.mixins.RevMixin, models.Model),
),
]

25
topologie/migrations/0062_auto_20180627_0123.py
View File

@ -0,0 +1,25 @@
# -*- coding: utf-8 -*-
# Generated by Django 1.10.7 on 2018-06-26 23:23
from __future__ import unicode_literals
from django.db import migrations, models
class Migration(migrations.Migration):
dependencies = [
('topologie', '0061_portprofile'),
]
operations = [
migrations.AlterField(
model_name='portprofile',
name='radius_mode',
field=models.CharField(choices=[('STRICT', 'STRICT'), ('COMMON', 'COMMON')], default='COMMON', help_text="En cas d'auth par mac, auth common ou strcit sur le port", max_length=32, verbose_name='RADIUS mode'),
),
migrations.AlterField(
model_name='portprofile',
name='radius_type',
field=models.CharField(choices=[('NO', 'NO'), ('802.1X', '802.1X'), ('MAC-radius', 'MAC-radius')], help_text="Choix du type d'authentification radius : non actif, mac ou 802.1X", max_length=32, verbose_name='RADIUS type'),
),
]

21
topologie/migrations/0063_port_custom_profil.py
View File

@ -0,0 +1,21 @@
# -*- coding: utf-8 -*-
# Generated by Django 1.10.7 on 2018-06-28 07:49
from __future__ import unicode_literals
from django.db import migrations, models
import django.db.models.deletion
class Migration(migrations.Migration):
dependencies = [
('topologie', '0062_auto_20180627_0123'),
]
operations = [
migrations.AddField(
model_name='port',
name='custom_profil',
field=models.ForeignKey(blank=True, null=True, on_delete=django.db.models.deletion.PROTECT, to='topologie.PortProfile'),
),
]

53
topologie/migrations/0064_createprofil.py
View File

@ -0,0 +1,53 @@
# -*- coding: utf-8 -*-
# Generated by Django 1.10.7 on 2017-12-31 19:53
from __future__ import unicode_literals
from django.db import migrations
def transfer_profil(apps, schema_editor):
db_alias = schema_editor.connection.alias
port = apps.get_model("topologie", "Port")
profil = apps.get_model("topologie", "PortProfile")
vlan = apps.get_model("machines", "Vlan")
port_list = port.objects.using(db_alias).all()
profil_nothing = profil.objects.using(db_alias).create(name='nothing', profil_default='nothing', radius_type='NO')
profil_uplink = profil.objects.using(db_alias).create(name='uplink', profil_default='uplink', radius_type='NO')
profil_machine = profil.objects.using(db_alias).create(name='asso_machine', profil_default='asso_machine', radius_type='NO')
profil_room = profil.objects.using(db_alias).create(name='room', profil_default='room', radius_type='NO')
profil_borne = profil.objects.using(db_alias).create(name='accesspoint', profil_default='accesspoint', radius_type='NO')
for vlan_instance in vlan.objects.using(db_alias).all():
if port.objects.using(db_alias).filter(vlan_force=vlan_instance):
custom_profil = profil.objects.using(db_alias).create(name='vlan-force-' + str(vlan_instance.vlan_id), radius_type='NO', vlan_untagged=vlan_instance)
port.objects.using(db_alias).filter(vlan_force=vlan_instance).update(custom_profil=custom_profil)
if port.objects.using(db_alias).filter(room__isnull=False).filter(radius='STRICT').count() > port.objects.using(db_alias).filter(room__isnull=False).filter(radius='NO').count() and port.objects.using(db_alias).filter(room__isnull=False).filter(radius='STRICT').count() > port.objects.using(db_alias).filter(room__isnull=False).filter(radius='COMMON').count():
profil_room.radius_type = 'MAC-radius'
profil_room.radius_mode = 'STRICT'
common_profil = profil.objects.using(db_alias).create(name='mac-radius-common', radius_type='MAC-radius', radius_mode='COMMON')
no_rad_profil = profil.objects.using(db_alias).create(name='no-radius', radius_type='NO')
port.objects.using(db_alias).filter(room__isnull=False).filter(radius='COMMON').update(custom_profil=common_profil)
port.objects.using(db_alias).filter(room__isnull=False).filter(radius='NO').update(custom_profil=no_rad_profil)
elif port.objects.using(db_alias).filter(room__isnull=False).filter(radius='COMMON').count() > port.objects.using(db_alias).filter(room__isnull=False).filter(radius='NO').count() and port.objects.using(db_alias).filter(room__isnull=False).filter(radius='COMMON').count() > port.objects.using(db_alias).filter(room__isnull=False).filter(radius='STRICT').count():
profil_room.radius_type = 'MAC-radius'
profil_room.radius_mode = 'COMMON'
strict_profil = profil.objects.using(db_alias).create(name='mac-radius-strict', radius_type='MAC-radius', radius_mode='STRICT')
no_rad_profil = profil.objects.using(db_alias).create(name='no-radius', radius_type='NO')
port.objects.using(db_alias).filter(room__isnull=False).filter(radius='STRICT').update(custom_profil=strict_profil)
port.objects.using(db_alias).filter(room__isnull=False).filter(radius='NO').update(custom_profil=no_rad_profil)
else:
strict_profil = profil.objects.using(db_alias).create(name='mac-radius-strict', radius_type='MAC-radius', radius_mode='STRICT')
common_profil = profil.objects.using(db_alias).create(name='mac-radius-common', radius_type='MAC-radius', radius_mode='COMMON')
port.objects.using(db_alias).filter(room__isnull=False).filter(radius='STRICT').update(custom_profil=strict_profil)
port.objects.using(db_alias).filter(room__isnull=False).filter(radius='NO').update(custom_profil=common_profil)
profil_room.save()
class Migration(migrations.Migration):
dependencies = [
('topologie', '0063_port_custom_profil'),
]
operations = [
migrations.RunPython(transfer_profil),
]

23
topologie/migrations/0065_auto_20180630_1703.py
View File

@ -0,0 +1,23 @@
# -*- coding: utf-8 -*-
# Generated by Django 1.10.7 on 2018-06-30 15:03
from __future__ import unicode_literals
from django.db import migrations
class Migration(migrations.Migration):
dependencies = [
('topologie', '0064_createprofil'),
]
operations = [
migrations.RemoveField(
model_name='port',
name='radius',
),
migrations.RemoveField(
model_name='port',
name='vlan_force',
),
]

25
topologie/migrations/0066_auto_20180630_1855.py
View File

@ -0,0 +1,25 @@
# -*- coding: utf-8 -*-
# Generated by Django 1.10.7 on 2018-06-30 16:55
from __future__ import unicode_literals
from django.db import migrations, models
class Migration(migrations.Migration):
dependencies = [
('topologie', '0065_auto_20180630_1703'),
]
operations = [
migrations.AddField(
model_name='port',
name='state',
field=models.BooleanField(default=True, help_text='Etat du port Actif', verbose_name='Etat du port Actif'),
),
migrations.AlterField(
model_name='portprofile',
name='profil_default',
field=models.CharField(blank=True, choices=[('room', 'room'), ('accespoint', 'accesspoint'), ('uplink', 'uplink'), ('asso_machine', 'asso_machine'), ('nothing', 'nothing')], max_length=32, null=True, unique=True, verbose_name='profil default'),
),
]

75
topologie/migrations/0067_auto_20180701_0016.py
View File

@ -0,0 +1,75 @@
# -*- coding: utf-8 -*-
# Generated by Django 1.10.7 on 2018-06-30 22:16
from __future__ import unicode_literals
from django.db import migrations, models
class Migration(migrations.Migration):
dependencies = [
('topologie', '0066_auto_20180630_1855'),
]
operations = [
migrations.RenameField(
model_name='port',
old_name='custom_profil',
new_name='custom_profile',
),
migrations.AlterField(
model_name='port',
name='state',
field=models.BooleanField(default=True, help_text='Port state Active', verbose_name='Port State Active'),
),
migrations.AlterField(
model_name='portprofile',
name='arp_protect',
field=models.BooleanField(default=False, help_text='Check if ip is dhcp assigned', verbose_name='Arp protect'),
),
migrations.AlterField(
model_name='portprofile',
name='dhcp_snooping',
field=models.BooleanField(default=False, help_text='Protect against rogue dhcp', verbose_name='Dhcp snooping'),
),
migrations.AlterField(
model_name='portprofile',
name='dhcpv6_snooping',
field=models.BooleanField(default=False, help_text='Protect against rogue dhcpv6', verbose_name='Dhcpv6 snooping'),
),
migrations.AlterField(
model_name='portprofile',
name='flow_control',
field=models.BooleanField(default=False, help_text='Flow control', verbose_name='Flow control'),
),
migrations.AlterField(
model_name='portprofile',
name='loop_protect',
field=models.BooleanField(default=False, help_text='Protect again loop', verbose_name='Loop Protect'),
),
migrations.AlterField(
model_name='portprofile',
name='mac_limit',
field=models.IntegerField(blank=True, help_text='Limit of mac-address on this port', null=True, verbose_name='Mac limit'),
),
migrations.AlterField(
model_name='portprofile',
name='ra_guard',
field=models.BooleanField(default=False, help_text='Protect against rogue ra', verbose_name='Ra guard'),
),
migrations.AlterField(
model_name='portprofile',
name='radius_mode',
field=models.CharField(choices=[('STRICT', 'STRICT'), ('COMMON', 'COMMON')], default='COMMON', help_text='In case of mac-auth : mode common or strict on this port', max_length=32, verbose_name='RADIUS mode'),
),
migrations.AlterField(
model_name='portprofile',
name='radius_type',
field=models.CharField(choices=[('NO', 'NO'), ('802.1X', '802.1X'), ('MAC-radius', 'MAC-radius')], help_text='Type of radius auth : inactive, mac-address or 802.1X', max_length=32, verbose_name='RADIUS type'),
),
migrations.AlterField(
model_name='portprofile',
name='speed',
field=models.CharField(choices=[('10-half', '10-half'), ('100-half', '100-half'), ('10-full', '10-full'), ('100-full', '100-full'), ('1000-full', '1000-full'), ('auto', 'auto'), ('auto-10', 'auto-10'), ('auto-100', 'auto-100')], default='auto', help_text='Port speed limit', max_length=32, verbose_name='Speed'),
),
]

176
topologie/models.py
View File

@ -46,6 +46,7 @@ from django.dispatch import receiver
from django.core.exceptions import ValidationError
from django.db import IntegrityError
from django.db import transaction
from django.utils.translation import ugettext_lazy as _
from reversion import revisions as reversion
from machines.models import Machine, regen
@ -361,12 +362,6 @@ class Port(AclMixin, RevMixin, models.Model):
de forcer un port sur un vlan particulier. S'additionne à la politique
RADIUS"""
PRETTY_NAME = "Port de switch"
STATES = (
('NO', 'NO'),
('STRICT', 'STRICT'),
('BLOQ', 'BLOQ'),
('COMMON', 'COMMON'),
)
switch = models.ForeignKey(
'Switch',
@ -392,13 +387,17 @@ class Port(AclMixin, RevMixin, models.Model):
blank=True,
related_name='related_port'
)
radius = models.CharField(max_length=32, choices=STATES, default='NO')
vlan_force = models.ForeignKey(
'machines.Vlan',
on_delete=models.SET_NULL,
custom_profile = models.ForeignKey(
'PortProfile',
on_delete=models.PROTECT,
blank=True,
null=True
)
state = models.BooleanField(
default=True,
help_text='Port state Active',
verbose_name=_("Port State Active")
)
details = models.CharField(max_length=255, blank=True)
class Meta:
@ -407,6 +406,34 @@ class Port(AclMixin, RevMixin, models.Model):
("view_port", "Peut voir un objet port"),
)
@cached_property
def get_port_profil(self):
"""Return the config profil for this port
:returns: the profile of self (port)"""
def profil_or_nothing(profil):
port_profil = PortProfile.objects.filter(profil_default=profil).first()
if port_profil:
return port_profil
else:
nothing = PortProfile.objects.filter(profil_default='nothing').first()
if not nothing:
nothing = PortProfile.objects.create(profil_default='nothing', name='nothing', radius_type='NO')
return nothing
if self.custom_profile:
return self.custom_profile
elif self.related:
return profil_or_nothing('uplink')
elif self.machine_interface:
if hasattr(self.machine_interface.machine, 'accesspoint'):
return profil_or_nothing('access_point')
else:
return profil_or_nothing('asso_machine')
elif self.room:
return profil_or_nothing('room')
else:
return profil_or_nothing('nothing')
@classmethod
def get_instance(cls, portid, *_args, **kwargs):
return (cls.objects
@ -484,6 +511,135 @@ class Room(AclMixin, RevMixin, models.Model):
return self.name
class PortProfile(AclMixin, RevMixin, models.Model):
"""Contains the information of the ports' configuration for a switch"""
TYPES = (
('NO', 'NO'),
('802.1X', '802.1X'),
('MAC-radius', 'MAC-radius'),
)
MODES = (
('STRICT', 'STRICT'),
('COMMON', 'COMMON'),
)
SPEED = (
('10-half', '10-half'),
('100-half', '100-half'),
('10-full', '10-full'),
('100-full', '100-full'),
('1000-full', '1000-full'),
('auto', 'auto'),
('auto-10', 'auto-10'),
('auto-100', 'auto-100'),
)
PROFIL_DEFAULT= (
('room', 'room'),
('accespoint', 'accesspoint'),
('uplink', 'uplink'),
('asso_machine', 'asso_machine'),
('nothing', 'nothing'),
)
name = models.CharField(max_length=255, verbose_name=_("Name"))
profil_default = models.CharField(
max_length=32,
choices=PROFIL_DEFAULT,
blank=True,
null=True,
unique=True,
verbose_name=_("profil default")
)
vlan_untagged = models.ForeignKey(
'machines.Vlan',
related_name='vlan_untagged',
on_delete=models.SET_NULL,
blank=True,
null=True,
verbose_name=_("VLAN untagged")
)
vlan_tagged = models.ManyToManyField(
'machines.Vlan',
related_name='vlan_tagged',
blank=True,
verbose_name=_("VLAN(s) tagged")
)
radius_type = models.CharField(
max_length=32,
choices=TYPES,
help_text="Type of radius auth : inactive, mac-address or 802.1X",
verbose_name=_("RADIUS type")
)
radius_mode = models.CharField(
max_length=32,
choices=MODES,
default='COMMON',
help_text="In case of mac-auth : mode common or strict on this port",
verbose_name=_("RADIUS mode")
)
speed = models.CharField(
max_length=32,
choices=SPEED,
default='auto',
help_text='Port speed limit',
verbose_name=_("Speed")
)
mac_limit = models.IntegerField(
null=True,
blank=True,
help_text='Limit of mac-address on this port',
verbose_name=_("Mac limit")
)
flow_control = models.BooleanField(
default=False,
help_text='Flow control',
verbose_name=_("Flow control")
)
dhcp_snooping = models.BooleanField(
default=False,
help_text='Protect against rogue dhcp',
verbose_name=_("Dhcp snooping")
)
dhcpv6_snooping = models.BooleanField(
default=False,
help_text='Protect against rogue dhcpv6',
verbose_name=_("Dhcpv6 snooping")
)
arp_protect = models.BooleanField(
default=False,
help_text='Check if ip is dhcp assigned',
verbose_name=_("Arp protect")
)
ra_guard = models.BooleanField(
default=False,
help_text='Protect against rogue ra',
verbose_name=_("Ra guard")
)
loop_protect = models.BooleanField(
default=False,
help_text='Protect again loop',
verbose_name=_("Loop Protect")
)
class Meta:
permissions = (
("view_port_profile", _("Can view a port profile object")),
)
verbose_name = _("Port profile")
verbose_name_plural = _("Port profiles")
security_parameters_fields = ['loop_protect', 'ra_guard', 'arp_protect', 'dhcpv6_snooping', 'dhcp_snooping', 'flow_control']
@cached_property
def security_parameters_enabled(self):
return [parameter for parameter in self.security_parameters_fields if getattr(self, parameter)]
@cached_property
def security_parameters_as_str(self):
return ','.join(self.security_parameters_enabled)
def __str__(self):
return self.name
@receiver(post_save, sender=AccessPoint)
def ap_post_save(**_kwargs):
"""Regeneration des noms des bornes vers le controleur"""

14
topologie/templates/topologie/aff_port.html
View File

@ -32,8 +32,8 @@ with this program; if not, write to the Free Software Foundation, Inc.,
<th>{% include "buttons/sort.html" with prefix='port' col='room' text='Room' %}</th>
<th>{% include "buttons/sort.html" with prefix='port' col='interface' text='Interface machine' %}</th>
<th>{% include "buttons/sort.html" with prefix='port' col='related' text='Related' %}</th>
<th>{% include "buttons/sort.html" with prefix='port' col='radius' text='Radius' %}</th>
<th>{% include "buttons/sort.html" with prefix='port' col='vlan' text='Vlan forcé' %}</th>
<th>Etat du port</th>
<th>Profil du port</th>
<th>Détails</th>
<th></th>
</tr>
@ -66,8 +66,8 @@ with this program; if not, write to the Free Software Foundation, Inc.,
{% acl_end %}
{% endif %}
</td>
<td>{{ port.radius }}</td>
<td>{% if not port.vlan_force %}Aucun{% else %}{{ port.vlan_force }}{% endif %}</td>
<td>{% if port.state %} <i class="text-success">Actif</i>{% else %}<i class="text-danger">Désactivé</i>{% endif %}</td>
<td>{% if not port.custom_profile %}<u>Par défaut</u> : {% endif %}{{port.get_port_profil}}</td>
<td>{{ port.details }}</td>
<td class="text-right">
<a class="btn btn-info btn-sm" role="button" title="Historique" href="{% url 'topologie:history' 'port' port.pk %}">
@ -77,10 +77,10 @@ with this program; if not, write to the Free Software Foundation, Inc.,
<a class="btn btn-primary btn-sm" role="button" title="Éditer" href="{% url 'topologie:edit-port' port.id %}">
<i class="fa fa-edit"></i>
</a>
{% acl_end %}
{% acl_end %}
{% can_delete port %}
<a class="btn btn-danger btn-sm" role="button" title="Supprimer" href="{% url 'topologie:del-port' port.pk %}">
<i class="fa fa-trash"></i>
<a class="btn btn-danger btn-sm" role="button" title="Supprimer" href="{% url 'topologie:del-port' port.pk %}">
<i class="fa fa-trash"></i>
</a>
{% acl_end %}
</td>

85
topologie/templates/topologie/aff_port_profile.html
View File

@ -0,0 +1,85 @@
{% comment %}
Re2o est un logiciel d'administration développé initiallement au rezometz. Il
se veut agnostique au réseau considéré, de manière à être installable en
quelques clics.
Copyright © 2018 Gabriel Détraz
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License along
with this program; if not, write to the Free Software Foundation, Inc.,
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
{% endcomment %}
{% load acl %}
{% load i18n %}
<div class="table-responsive">
{% if port_profile_list.paginator %}
{% include "pagination.html" with list=port_profile_list %}
{% endif %}
<thead>
<table class="table table-striped">
<tr>
<th>{% trans "Name" %}</th>
<th>{% trans "Default for" %}</th>
<th>{% trans "VLANs" %}</th>
<th>{% trans "RADIUS settings" %}</th>
<th>{% trans "Speed" %}</th>
<th>{% trans "Mac address limit" %}</th>
<th>{% trans "Security" %}</th>
<th></th>
</tr>
</thead>
{% for port_profile in port_profile_list %}
<tr>
<td>{{port_profile.name}}</td>
<td>{{port_profile.profil_default}}</td>
<td>
{% if port_profile.vlan_untagged %}
<b>Untagged : </b>{{port_profile.vlan_untagged}}
<br>
{% endif %}
{% if port_profile.vlan_tagged.all %}
<b>Tagged : </b>{{port_profile.vlan_tagged.all|join:", "}}
{% endif %}
</td>
<td>
<b>Type : </b>{{port_profile.radius_type}}
{% if port_profile.radius_type == "MAC-radius" %}
<br>
<b>Mode : </b>{{port_profile.radius_mode}}</td>
{% endif %}
<td>{{port_profile.speed}}</td>
<td>{{port_profile.mac_limit}}</td>
<td>{{port_profile.security_parameters_enabled|join:"<br>"}}</td>
<td class="text-right">
{% include 'buttons/history.html' with href='topologie:history' name='portprofile' id=port_profile.pk %}
{% can_edit port_profile %}
{% include 'buttons/edit.html' with href='topologie:edit-port-profile' id=port_profile.pk %}
{% acl_end %}
{% can_delete port_profile %}
{% include 'buttons/suppr.html' with href='topologie:del-port-profile' id=port_profile.pk %}
{% acl_end %}
</td>
</tr>
{% endfor %}
</table>
{% if port_profile_list.paginator %}
{% include "pagination.html" with list=port_profile_list %}
{% endif %}
</div>

1
topologie/templates/topologie/index.html
View File

@ -72,5 +72,4 @@ Topologie des Switchs
<br />
<br />
{% endblock %}

43
topologie/templates/topologie/index_portprofile.html
View File

@ -0,0 +1,43 @@
{% extends "topologie/sidebar.html" %}
{% comment %}
Re2o est un logiciel d'administration développé initiallement au rezometz. Il
se veut agnostique au réseau considéré, de manière à être installable en
quelques clics.
Copyright © 2018 Gabriel Détraz
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License along
with this program; if not, write to the Free Software Foundation, Inc.,
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
{% endcomment %}
{% load bootstrap3 %}
{% load acl %}
{% load i18n %}
{% block title %}Switchs{% endblock %}
{% block content %}
<h2>{% trans "Port profiles" %}</h2>
{% can_create PortProfile %}
<a class="btn btn-primary btn-sm" role="button" href="{% url 'topologie:new-port-profile' %}"><i class="fa fa-plus"></i>{% trans " Add a port profile" %}</a>
<hr>
{% acl_end %}
{% include "topologie/aff_port_profile.html" with port_profile_list=port_profile_list %}
<br />
<br />
<br />
{% endblock %}

6
topologie/templates/topologie/sidebar.html
View File

@ -33,7 +33,11 @@ with this program; if not, write to the Free Software Foundation, Inc.,
<i class="fa fa-microchip"></i>
Switchs
</a>
<a class="list-group-item list-group-item-info" href="{% url "topologie:index-ap" %}">
<a class="list-group-item list-group-item-info" href="{% url "topologie:index-port-profile" %}">
<i class="fa fa-cogs"></i>
Config des ports switchs
</a>
<a class="list-group-item list-group-item-info" href="{% url "topologie:index-ap" %}">
<i class="fa fa-wifi"></i>
Bornes WiFi
</a>

12
topologie/urls.py
View File

@ -113,4 +113,16 @@ urlpatterns = [
url(r'^del_building/(?P<buildingid>[0-9]+)$',
views.del_building,
name='del-building'),
url(r'^index_port_profile/$',
views.index_port_profile,
name='index-port-profile'),
url(r'^new_port_profile/$',
views.new_port_profile,
name='new-port-profile'),
url(r'^edit_port_profile/(?P<portprofileid>[0-9]+)$',
views.edit_port_profile,
name='edit-port-profile'),
url(r'^del_port_profile/(?P<portprofileid>[0-9]+)$',
views.del_port_profile,
name='del-port-profile'),
]

75
topologie/views.py
View File

@ -47,6 +47,7 @@ from django.template.loader import get_template
from django.template import Context, Template, loader
from django.db.models.signals import post_save
from django.dispatch import receiver
from django.utils.translation import ugettext as _
import tempfile
@ -80,6 +81,7 @@ from .models import (
SwitchBay,
Building,
Server,
PortProfile,
)
from .forms import (
EditPortForm,
@ -94,7 +96,8 @@ from .forms import (
AddAccessPointForm,
EditAccessPointForm,
EditSwitchBayForm,
EditBuildingForm
EditBuildingForm,
EditPortProfileForm,
)
from subprocess import (
@ -124,10 +127,12 @@ def index(request):
request.GET.get('order'),
SortTable.TOPOLOGIE_INDEX
)
pagination_number = GeneralOption.get_cached_value('pagination_number')
switch_list = re2o_paginator(request, switch_list, pagination_number)
if any(service_link.need_regen() for service_link in Service_link.objects.filter(service__service_type='graph_topo')):
if any(service_link.need_regen for service_link in Service_link.objects.filter(service__service_type='graph_topo')):
make_machine_graph()
for service_link in Service_link.objects.filter(service__service_type='graph_topo'):
service_link.done_regen()
@ -141,6 +146,19 @@ def index(request):
)
@login_required
@can_view_all(PortProfile)
def index_port_profile(request):
pagination_number = GeneralOption.get_cached_value('pagination_number')
port_profile_list = PortProfile.objects.all().select_related('vlan_untagged')
port_profile_list = re2o_paginator(request, port_profile_list, pagination_number)
return render(
request,
'topologie/index_portprofile.html',
{'port_profile_list': port_profile_list}
)
@login_required
@can_view_all(Port)
@can_view(Switch)
@ -955,6 +973,59 @@ def del_constructor_switch(request, constructor_switch, **_kwargs):
}, 'topologie/delete.html', request)
@login_required
@can_create(PortProfile)
def new_port_profile(request):
"""Create a new port profile"""
port_profile = EditPortProfileForm(request.POST or None)
if port_profile.is_valid():
port_profile.save()
messages.success(request, _("Port profile created"))
return redirect(reverse('topologie:index'))
return form(
{'topoform': port_profile, 'action_name': _("Create")},
'topologie/topo.html',
request
)
@login_required
@can_edit(PortProfile)
def edit_port_profile(request, port_profile, **_kwargs):
"""Edit a port profile"""
port_profile = EditPortProfileForm(request.POST or None, instance=port_profile)
if port_profile.is_valid():
if port_profile.changed_data:
port_profile.save()
messages.success(request, _("Port profile modified"))
return redirect(reverse('topologie:index'))
return form(
{'topoform': port_profile, 'action_name': _("Edit")},
'topologie/topo.html',
request
)
@login_required
@can_delete(PortProfile)
def del_port_profile(request, port_profile, **_kwargs):
"""Delete a port profile"""
if request.method == 'POST':
try:
port_profile.delete()
messages.success(request,
_("The port profile was successfully deleted"))
except ProtectedError:
messages.success(request,
_("Impossible to delete the port profile"))
return redirect(reverse('topologie:index'))
return form(
{'objet': port_profile, 'objet_name': _("Port profile")},
'topologie/delete.html',
request
)
def make_machine_graph():
"""
Create the graph of switchs, machines and access points.

Write Preview
Loading…
Cancel
Save