rezometz
/
re2o
mirror of https://gitlab.federez.net/re2o/re2o
8
0
Fork 0
Code Issues Releases Wiki Activity
Browse Source

fix: Fix autocapture

fix-dependencies
chapeau 4 years ago
committed by jr-garnier
parent
ca2e999089
commit
6bf8494a5d
4 changed files with 32 additions and 25 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 30
      freeradius_utils/auth.py
  2. 2
      radius/api/serializers.py
  3. 4
      radius/api/urls.py
  4. 21
      radius/api/views.py

30
freeradius_utils/auth.py
View File

@ -141,19 +141,15 @@ def authorize(data):
if not nas_type or nas_type.port_access_mode == "802.1X": if not nas_type or nas_type.port_access_mode == "802.1X":
user = data.get("User-Name", "") user = data.get("User-Name", "")
user = user.split("@", 1)[0] user = user.split("@", 1)[0]
mac = data.get("Calling-Station-Id", "") user = User.objects.filter(pseudo__iexact=user).first()
result, log, password = check_user_machine_and_register(nas_type, user, mac) if not user:
logger.info(str(log)) return (False, "User unknown", "")
logger.info(str(user)) password = user.pwd_ntlm
return (
if not result: radiusd.RLM_MODULE_UPDATED,
return radiusd.RLM_MODULE_REJECT (),
else: ((str("NT-Password"), str(password)),),
return ( )
radiusd.RLM_MODULE_UPDATED,
(),
((str("NT-Password"), str(password)),),
)
else: else:
return (radiusd.RLM_MODULE_UPDATED, (), (("Auth-Type", "Accept"),)) return (radiusd.RLM_MODULE_UPDATED, (), (("Auth-Type", "Accept"),))
@ -234,6 +230,14 @@ def post_auth(data):
return (radiusd.RLM_MODULE_REJECT, tuple(attributes), ()) return (radiusd.RLM_MODULE_REJECT, tuple(attributes), ())
else: else:
user = data.get("User-Name", "")
user = user.split("@", 1)[0]
result, log, password = check_user_machine_and_register(nas_type, user, mac)
logger.info(str(log))
logger.info(str(user))
if not result:
return radiusd.RLM_MODULE_REJECT
return radiusd.RLM_MODULE_OK return radiusd.RLM_MODULE_OK

2
radius/api/serializers.py
View File

@ -110,7 +110,6 @@ class AuthorizeResponseSerializer(Serializer):
nas = NasSerializer(read_only=True) nas = NasSerializer(read_only=True)
user = UserSerializer(read_only=True) user = UserSerializer(read_only=True)
user_interface = InterfaceSerializer(read_only=True)
class PostAuthResponseSerializer(Serializer): class PostAuthResponseSerializer(Serializer):
@ -123,6 +122,7 @@ class PostAuthResponseSerializer(Serializer):
port = PortSerializer() port = PortSerializer()
port_profile = PortProfileSerializer(partial=True) port_profile = PortProfileSerializer(partial=True)
switch = SwitchSerializer() switch = SwitchSerializer()
user = UserSerializer(read_only=True)
user_interface = InterfaceSerializer() user_interface = InterfaceSerializer()
radius_option = RadiusOptionSerializer() radius_option = RadiusOptionSerializer()
EMAIL_STATE_UNVERIFIED = serializers.IntegerField() EMAIL_STATE_UNVERIFIED = serializers.IntegerField()

4
radius/api/urls.py
View File

@ -23,12 +23,12 @@ from . import views
urls_functional_view = [ urls_functional_view = [
( (
r"radius/authorize/(?P<nas_id>[^/]+)/(?P<username>.+)/(?P<mac_address>[^/]{17})$", r"radius/authorize/(?P<nas_id>[^/]+)/(?P<username>.+)$",
views.authorize, views.authorize,
None, None,
), ),
( (
r"radius/post_auth/(?P<nas_id>[^/]+)/(?P<nas_port>.+)/(?P<user_mac>[^/]{17})$", r"radius/post_auth/(?P<nas_id>[^/]+)/(?P<nas_port>.+)/(?P<user_mac>[^/]{17})/(?P<username>.+)$",
views.post_auth, views.post_auth,
None, None,
), ),

21
radius/api/views.py
View File

@ -37,10 +37,9 @@ from re2o.acl import can_view_all_api, can_edit_all_api, can_create_api
class AuthorizeResponse: class AuthorizeResponse:
"""Contains objects the radius needs for the Authorize step""" """Contains objects the radius needs for the Authorize step"""
def __init__(self, nas, user, user_interface): def __init__(self, nas, user):
self.nas = nas self.nas = nas
self.user = user self.user = user
self.user_interface = user_interface
def can_view(self, user): def can_view(self, user):
"""Method to bypass api permissions, because we are using ACL decorators""" """Method to bypass api permissions, because we are using ACL decorators"""
@ -50,13 +49,12 @@ class AuthorizeResponse:
@api_view(["GET"]) @api_view(["GET"])
@login_required @login_required
@can_view_all_api(Interface, Domain, IpList, Nas, User) @can_view_all_api(Interface, Domain, IpList, Nas, User)
def authorize(request, nas_id, username, mac_address): def authorize(request, nas_id, username):
"""Return objects the radius needs for the Authorize step """Return objects the radius needs for the Authorize step
Parameters: Parameters:
nas_id (string): NAS name or ipv4 nas_id (string): NAS name or ipv4
username (string): username of the user who is trying to connect username (string): username of the user who is trying to connect
mac_address (string): mac address of the device which is trying to connect
Return: Return:
AuthorizeResponse: contains all required informations AuthorizeResponse: contains all required informations
@ -74,11 +72,8 @@ def authorize(request, nas_id, username, mac_address):
# If no username was provided (wired connection), username="None" # If no username was provided (wired connection), username="None"
user = User.objects.filter(pseudo__iexact=username).first() user = User.objects.filter(pseudo__iexact=username).first()
# get the interface which is trying to connect (if already created)
user_interface = Interface.objects.filter(mac_address=mac_address).first()
serialized = serializers.AuthorizeResponseSerializer( serialized = serializers.AuthorizeResponseSerializer(
AuthorizeResponse(nas_type, user, user_interface) AuthorizeResponse(nas_type, user)
) )
return Response(data=serialized.data) return Response(data=serialized.data)
@ -94,6 +89,7 @@ class PostAuthResponse:
port, port,
port_profile, port_profile,
switch, switch,
user,
user_interface, user_interface,
radius_option, radius_option,
EMAIL_STATE_UNVERIFIED, EMAIL_STATE_UNVERIFIED,
@ -105,6 +101,7 @@ class PostAuthResponse:
self.port = port self.port = port
self.port_profile = port_profile self.port_profile = port_profile
self.switch = switch self.switch = switch
self.user = user
self.user_interface = user_interface self.user_interface = user_interface
self.radius_option = radius_option self.radius_option = radius_option
self.EMAIL_STATE_UNVERIFIED = EMAIL_STATE_UNVERIFIED self.EMAIL_STATE_UNVERIFIED = EMAIL_STATE_UNVERIFIED
@ -119,13 +116,14 @@ class PostAuthResponse:
@api_view(["GET"]) @api_view(["GET"])
@login_required @login_required
@can_view_all_api(Interface, Domain, IpList, Nas, Switch, Port, User) @can_view_all_api(Interface, Domain, IpList, Nas, Switch, Port, User)
def post_auth(request, nas_id, nas_port, user_mac): def post_auth(request, nas_id, nas_port, user_mac, username):
"""Return objects the radius needs for the Post-Auth step """Return objects the radius needs for the Post-Auth step
Parameters: Parameters:
nas_id (string): NAS name or ipv4 nas_id (string): NAS name or ipv4
nas_port (string): NAS port from wich the request came. Work with Cisco, HP and Juniper convention nas_port (string): NAS port from wich the request came. Work with Cisco, HP and Juniper convention
user_mac (string): mac address of the device which is trying to connect user_mac (string): mac address of the device which is trying to connect
username (string): username of the user who is trying to connect
Return: Return:
PostAuthResponse: contains all required informations PostAuthResponse: contains all required informations
@ -172,6 +170,10 @@ def post_auth(request, nas_id, nas_port, user_mac):
if port: if port:
port_profile = port.get_port_profile port_profile = port.get_port_profile
# get the User corresponding to the username in the URL
# If no username was provided (wired connection), username="None"
user = User.objects.filter(pseudo__iexact=username).first()
# get the interface which is trying to connect (if already created) # get the interface which is trying to connect (if already created)
user_interface = ( user_interface = (
Interface.objects.filter(mac_address=user_mac) Interface.objects.filter(mac_address=user_mac)
@ -202,6 +204,7 @@ def post_auth(request, nas_id, nas_port, user_mac):
port, port,
port_profile, port_profile,
switch, switch,
user,
user_interface, user_interface,
radius_option, radius_option,
EMAIL_STATE_UNVERIFIED, EMAIL_STATE_UNVERIFIED,

Write Preview
Loading…
Cancel
Save