rezometz
/
re2o
mirror of https://gitlab.federez.net/re2o/re2o
8
0
Fork 0
Code Issues Releases Wiki Activity
Browse Source

Pre-subscription VLAN

feature_pre_subscribtion_vlan^2
Hugo LEVY-FALK 7 years ago
committed by chirac
parent
7a26aadaa9
commit
a773f5d717
7 changed files with 324 additions and 32 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 17
      freeradius_utils/auth.py
  2. 91
      preferences/migrations/0052_auto_20181013_1629.py
  3. 85
      preferences/models.py
  4. 96
      preferences/templates/preferences/aff_radiusoptions.html
  5. 55
      preferences/templates/preferences/display_preferences.html
  6. 5
      preferences/urls.py
  7. 7
      preferences/views.py

17
freeradius_utils/auth.py
View File

@ -63,6 +63,7 @@ from preferences.models import OptionalTopologie
options, created = OptionalTopologie.objects.get_or_create()
VLAN_NOK = options.vlan_decision_nok.vlan_id
VLAN_OK = options.vlan_decision_ok.vlan_id
VLAN_NON_MEMBER = options.vlan_non_member.vlan_id
RADIUS_POLICY = options.radius_general_policy
#: Serveur radius de test (pas la prod)
@ -338,14 +339,15 @@ def decide_vlan_switch(nas_machine, nas_type, port_number,
- mode strict :
- pas de chambre associée : VLAN_NOK
- pas d'utilisateur dans la chambre : VLAN_NOK
- cotisation non à jour : VLAN_NOK
- cotisation non à jour : VLAN_NON_MEMBER
- sinon passe à common (ci-dessous)
- mode common :
- interface connue (macaddress):
- utilisateur proprio non cotisant ou banni : VLAN_NOK
- utilisateur proprio non cotisant : VLAN_NON_MEMBER
- utilisateur proprio banni : VLAN_NOK
- user à jour : VLAN_OK
- interface inconnue :
- register mac désactivé : VLAN_NOK
- register mac désactivé : VLAN_NON_MEMBER
- register mac activé -> redirection vers webauth
"""
# Get port from switch and port number
@ -414,8 +416,10 @@ def decide_vlan_switch(nas_machine, nas_type, port_number,
if not room_user:
return (sw_name, room, u'Chambre non cotisante -> Web redirect', None, False)
for user in room_user:
if not user.has_access():
if user.is_ban() or user.state != User.STATE_ACTIVE:
return (sw_name, room, u'Chambre resident desactive -> Web redirect', None, False)
elif not (user.is_connected() or user.is_whitelisted()):
return (sw_name, room, u'Utilisateur non cotisant', VLAN_NON_MEMBER)
# else: user OK, on passe à la verif MAC
# Si on fait de l'auth par mac, on cherche l'interface via sa mac dans la bdd
@ -431,7 +435,7 @@ def decide_vlan_switch(nas_machine, nas_type, port_number,
# On essaye de register la mac, si l'autocapture a été activée
# Sinon on rejette sur vlan_nok
if not nas_type.autocapture_mac:
return (sw_name, "", u'Machine inconnue', VLAN_NOK, True)
return (sw_name, "", u'Machine inconnue', VLAN_NON_MEMBER)
# On rejette pour basculer sur du webauth
else:
return (sw_name, room, u'Machine Inconnue -> Web redirect', None, False)
@ -445,8 +449,7 @@ def decide_vlan_switch(nas_machine, nas_type, port_number,
return (sw_name,
room,
u'Machine non active / adherent non cotisant',
VLAN_NOK,
True)
VLAN_NON_MEMBER)
## Si on choisi de placer les machines sur le vlan correspondant à leur type :
if RADIUS_POLICY == 'MACHINE':
DECISION_VLAN = interface.type.ip_type.vlan.vlan_id

91
preferences/migrations/0052_auto_20181013_1629.py
View File

@ -0,0 +1,91 @@
# -*- coding: utf-8 -*-
# Generated by Django 1.10.7 on 2018-10-13 14:29
from __future__ import unicode_literals
from django.db import migrations, models
import django.db.models.deletion
import re2o.mixins
def create_radius_policy(apps, schema_editor):
OptionalTopologie = apps.get_model('preferences', 'OptionalTopologie')
RadiusOption = apps.get_model('preferences', 'RadiusOption')
RadiusPolicy = apps.get_model('preferences', 'RadiusPolicy')
option,_ = OptionalTopologie.objects.get_or_create()
radius_option = RadiusOption()
radius_option.radius_general_policy = option.radius_general_policy
radius_option.unknown_machine = RadiusPolicy.objects.create()
radius_option.unknown_port = RadiusPolicy.objects.create()
radius_option.unknown_room = RadiusPolicy.objects.create()
radius_option.non_member = RadiusPolicy.objects.create()
radius_option.banned = RadiusPolicy.objects.create()
radius_option.vlan_decision_ok = option.vlan_decision_ok
radius_option.save()
class Migration(migrations.Migration):
dependencies = [
('machines', '0095_auto_20180919_2225'),
('preferences', '0051_auto_20180919_2225'),
]
operations = [
migrations.CreateModel(
name='RadiusOption',
fields=[
('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
('radius_general_policy', models.CharField(choices=[('MACHINE', "On the IP range's VLAN of the machine"), ('DEFINED', "Preset in 'VLAN for machines accepted by RADIUS'")], default='DEFINED', max_length=32)),
],
options={
'verbose_name': 'radius policies',
},
bases=(re2o.mixins.AclMixin, models.Model),
),
migrations.CreateModel(
name='RadiusPolicy',
fields=[
('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
('policy', models.CharField(choices=[('REJECT', 'Reject the machine'), ('SET_VLAN', 'Place the machine on the VLAN')], default='REJECT', max_length=32)),
('vlan', models.ForeignKey(blank=True, null=True, on_delete=django.db.models.deletion.PROTECT, to='machines.Vlan')),
],
options={
'verbose_name': 'radius policy',
},
bases=(re2o.mixins.AclMixin, models.Model),
),
migrations.AddField(
model_name='radiusoption',
name='non_member',
field=models.ForeignKey(on_delete=django.db.models.deletion.PROTECT, related_name='non_member_option', to='preferences.RadiusPolicy', verbose_name='Policy non member users.'),
),
migrations.AddField(
model_name='radiusoption',
name='unknown_machine',
field=models.ForeignKey(on_delete=django.db.models.deletion.PROTECT, related_name='unknown_machine_option', to='preferences.RadiusPolicy', verbose_name='Policy for unknown machines'),
),
migrations.AddField(
model_name='radiusoption',
name='unknown_port',
field=models.ForeignKey(on_delete=django.db.models.deletion.PROTECT, related_name='unknown_port_option', to='preferences.RadiusPolicy', verbose_name='Policy for unknown machines'),
),
migrations.AddField(
model_name='radiusoption',
name='unknown_room',
field=models.ForeignKey(on_delete=django.db.models.deletion.PROTECT, related_name='unknown_room_option', to='preferences.RadiusPolicy', verbose_name='Policy for machine connecting from unregistered room (relevant on ports with STRICT radius mode)'),
),
migrations.AddField(
model_name='radiusoption',
name='banned',
field=models.ForeignKey(on_delete=django.db.models.deletion.PROTECT, related_name='banned_option', to='preferences.RadiusPolicy', verbose_name='Policy for banned users.'),
),
migrations.AddField(
model_name='radiusoption',
name='vlan_decision_ok',
field=models.OneToOneField(blank=True, null=True, on_delete=django.db.models.deletion.PROTECT, related_name='vlan_ok_option', to='machines.Vlan'),
),
migrations.RunPython(create_radius_policy),
]

85
preferences/models.py
View File

@ -218,6 +218,7 @@ class OptionalTopologie(AclMixin, PreferencesModel):
blank=True,
null=True
)
switchs_web_management = models.BooleanField(
default=False,
help_text="Web management, activé si provision automatique"
@ -309,7 +310,6 @@ class OptionalTopologie(AclMixin, PreferencesModel):
"""Return true if all settings are ok : switchs on automatic provision,
ip_type"""
return bool(self.provisioned_switchs and self.switchs_ip_type and SwitchManagementCred.objects.filter(default_switch=True).exists() and self.switchs_management_interface_ip and bool(self.switchs_provision != 'sftp' or self.switchs_management_sftp_creds))
class Meta:
permissions = (
("view_optionaltopologie", _("Can view the topology options")),
@ -588,3 +588,86 @@ class MailMessageOption(AclMixin, models.Model):
)
verbose_name = _("email message options")
class RadiusPolicy(AclMixin, models.Model):
class Meta:
verbose_name = _('radius policy')
REJECT = 'REJECT'
SET_VLAN = 'SET_VLAN'
CHOICE_POLICY = (
(REJECT, _('Reject the machine')),
(SET_VLAN, _('Place the machine on the VLAN'))
)
policy = models.CharField(
max_length=32,
choices=CHOICE_POLICY,
default=REJECT
)
vlan = models.ForeignKey(
'machines.Vlan',
on_delete=models.PROTECT,
blank=True,
null=True
)
class RadiusOption(AclMixin, models.Model):
class Meta:
verbose_name = _("radius policies")
MACHINE = 'MACHINE'
DEFINED = 'DEFINED'
CHOICE_RADIUS = (
(MACHINE, _("On the IP range's VLAN of the machine")),
(DEFINED, _("Preset in 'VLAN for machines accepted by RADIUS'")),
)
radius_general_policy = models.CharField(
max_length=32,
choices=CHOICE_RADIUS,
default='DEFINED'
)
unknown_machine = models.ForeignKey(
RadiusPolicy,
on_delete=models.PROTECT,
verbose_name=_("Policy for unknown machines"),
related_name='unknown_machine_option',
)
unknown_port = models.ForeignKey(
RadiusPolicy,
on_delete=models.PROTECT,
verbose_name=_("Policy for unknown machines"),
related_name='unknown_port_option',
)
unknown_room = models.ForeignKey(
RadiusPolicy,
on_delete=models.PROTECT,
verbose_name=_(
"Policy for machine connecting from "
"unregistered room (relevant on ports with STRICT "
"radius mode)"
),
related_name='unknown_room_option',
)
non_member = models.ForeignKey(
RadiusPolicy,
on_delete=models.PROTECT,
verbose_name=_("Policy non member users."),
related_name='non_member_option',
)
banned = models.ForeignKey(
RadiusPolicy,
on_delete=models.PROTECT,
verbose_name=_("Policy for banned users."),
related_name='banned_option'
)
vlan_decision_ok = models.OneToOneField(
'machines.Vlan',
on_delete=models.PROTECT,
related_name='vlan_ok_option',
blank=True,
null=True
)

96
preferences/templates/preferences/aff_radiusoptions.html
View File

@ -0,0 +1,96 @@
{% comment %}
Re2o est un logiciel d'administration développé initiallement au rezometz. Il
se veut agnostique au réseau considéré, de manière à être installable en
quelques clics.
Copyright © 2018 Hugo Levy-Falk
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License along
with this program; if not, write to the Free Software Foundation, Inc.,
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
{% endcomment %}
{% load i18n %}
{% load acl %}
{% load logs_extra %}
<table>
<tr>
<th>{% trans "General policy for VLAN setting" %}</th>
<td>{{ radiusoptions.radius_general_policy }}</td>
<td>{% trans "This setting defines the VLAN policy after acceptance by RADIUS: either on the IP range's VLAN of the machine, or a VLAN preset in 'VLAN for machines accepted by RADIUS'" %}</td>
</tr>
<tr>
<th>{% trans "VLAN for machines accepted by RADIUS" %}</th>
<td>{{ radiusoptions.vlan_decision_ok }}</td>
</tr>
</table>
<hr/>
<table class="table table-striped">
<thead>
<tr>
<th>{% trans "Situation" %}</th>
<th>{% trans "Behavior" %}</th>
</tr>
</thead>
<tr>
<th>{% trans "Unknown machine" %}</th>
<td>
{% if radiusoptions.unknown_machine.policy == 'REJECT' %}
<span class="label label-danger">{% trans "Reject" %}</span>
{% else %}
<span class="label label-success">Vlan {{ radiusoptions.unknown_machine.vlan }}</span>
{% endif %}
</td>
</tr>
<tr>
<th>{% trans "Unknown port" %}</th>
<td>
{% if radiusoptions.unknown_port.policy == 'REJECT' %}
<span class="label label-danger">{% trans "Reject" %}</span>
{% else %}
<span class="label label-success">Vlan {{ radiusoptions.unknown_port.vlan }}</span>
{% endif %}
</td>
</tr>
<tr>
<th>{% trans "Unknown room" %}</th>
<td>
{% if radiusoptions.unknown_room.policy == 'REJECT' %}
<span class="label label-danger">{% trans "Reject" %}</span>
{% else %}
<span class="label label-success">Vlan {{ radiusoptions.unknown_room.vlan }}</span>
{% endif %}
</td>
</tr>
<tr>
<th>{% trans "Non member" %}</th>
<td>
{% if radiusoptions.non_member.policy == 'REJECT' %}
<span class="label label-danger">{% trans "Reject" %}</span>
{% else %}
<span class="label label-success">Vlan {{ radiusoptions.non_member.vlan }}</span>
{% endif %}
</td>
</tr>
<tr>
<th>{% trans "Banned user" %}</th>
<td>
{% if radiusoptions.unknown_port.policy == 'REJECT' %}
<span class="label label-danger">{% trans "Reject" %}</span>
{% else %}
<span class="label label-success">Vlan {{ radiusoptions.banned.vlan }}</span>
{% endif %}
</td>
</tr>
</table>

55
preferences/templates/preferences/display_preferences.html
View File

@ -32,14 +32,14 @@ with this program; if not, write to the Free Software Foundation, Inc.,
{% block content %}
<div id="accordion">
<div class="panel panel-default" id="general">
<div class="panel-heading" data-toggle="collapse" href="#collapse_general">
<h4 class="panel-title" id="general">
<a><i class="fa fa-cog"></i> {% trans "General preferences" %}</a>
</h4>
</h4>
</div>
<div id="collapse_general" class="panel-collapse panel-body collapse">
<a class="btn btn-primary btn-sm" role="button" href="{% url 'preferences:edit-options' 'GeneralOption' %}">
@ -70,7 +70,7 @@ with this program; if not, write to the Free Software Foundation, Inc.,
<th>{% trans "General message displayed on the website" %}</th>
<td>{{ generaloptions.general_message }}</td>
<th>{% trans "Main site url" %}</th>
<td>{{ generaloptions.main_site_url }}</td>
<td>{{ generaloptions.main_site_url }}</td>
</tr>
<tr>
<th>{% trans "Summary of the General Terms of Use" %}</th>
@ -99,7 +99,7 @@ with this program; if not, write to the Free Software Foundation, Inc.,
<h4 class="panel-title">
<a><i class="fa fa-users fa-fw"></i> {% trans "User preferences" %}</a>
</h4>
</div>
</div>
<div id="collapse_users" class="panel-collapse panel-body collapse">
<p></p>
@ -146,7 +146,7 @@ with this program; if not, write to the Free Software Foundation, Inc.,
</div>
</div>
</div>
<div class="panel panel-default" id="machines">
<div class="panel-heading" data-toggle="collapse" href="#collapse_machines">
<h4 class ="panel-title">
@ -159,7 +159,7 @@ with this program; if not, write to the Free Software Foundation, Inc.,
<a class="btn btn-primary btn-sm" role="button" href="{% url 'preferences:edit-options' 'OptionalMachine' %}">
<i class="fa fa-edit"></i>
{% trans "Edit" %}
</a>
</a>
<p></p>
<table class="table table-striped">
<tr>
@ -208,10 +208,10 @@ with this program; if not, write to the Free Software Foundation, Inc.,
<th>{% trans "VLAN for machines rejected by RADIUS" %}</th>
<td>{{ topologieoptions.vlan_decision_nok }}</td>
</tr>
<tr>
<th>Placement sur ce vlan par default en cas de rejet</th>
<td>{{ topologieoptions.vlan_decision_nok }}</td>
</tr>
<tr>
<th>{% trans "VLAN for non members machines" %}</th>
<td>{{ topologieoptions.vlan_non_member }}</td>
</tr>
</table>
<h4>Clef radius</h4>
@ -219,7 +219,7 @@ with this program; if not, write to the Free Software Foundation, Inc.,
<a class="btn btn-primary btn-sm" role="button" href="{% url 'preferences:add-radiuskey' %}"><i class="fa fa-plus"></i> Ajouter une clef radius</a>
{% acl_end %}
{% include "preferences/aff_radiuskey.html" with radiuskey_list=radiuskey_list %}
</div>
</div>
@ -236,7 +236,7 @@ with this program; if not, write to the Free Software Foundation, Inc.,
{% trans "Edit" %}
</a>
<p></p>
<table class="table table-striped">
<tr>
<th>Web management, activé si provision automatique</th>
@ -254,11 +254,11 @@ with this program; if not, write to the Free Software Foundation, Inc.,
<th>Switchs configurés automatiquement</th>
<td>{{ topologieoptions.provisioned_switchs|join:", " }} {% if topologieoptions.provisioned_switchs %}<span class="label label-success"> OK{% else %}<span class="label label-danger">Manquant{% endif %}</span></td>
</tr>
<tr>
<tr>
<th>Plage d'ip de management des switchs</th>
<td>{{ topologieoptions.switchs_ip_type }} {% if topologieoptions.switchs_ip_type %}<span class="label label-success"> OK{% else %}<span class="label label-danger">Manquant{% endif %}</span></td>
</tr>
<tr>
<tr>
<th>Serveur des config des switchs</th>
<td>{{ topologieoptions.switchs_management_interface }} {% if topologieoptions.switchs_management_interface %} - {{ topologieoptions.switchs_management_interface_ip }} <span class="label label-success"> OK{% else %}<span class="label label-danger">Manquant{% endif %}</span></td>
</tr>
@ -287,6 +287,18 @@ with this program; if not, write to the Free Software Foundation, Inc.,
</div>
</div>
<div class="panel panel-default" id="radius">
<div class="panel-heading" data-toggle="collapse" href="#collapse_radius">
<h4 class="panel-title">{% trans "Radius preferences" %}</h4>
</div>
<div id="collapse_radius" class="panel-collapse panel-body collapse">
<a class="btn btn-primary btn-sm" role="button" href="{% url 'preferences:edit-options' 'RadiusOption' %}">
<i class="fa fa-edit"></i>
{% trans "Edit" %}
</a>
{% include "preferences/aff_radiusoptions.html" %}
</div>
</div>
<div class="panel panel-default" id="asso">
<div class="panel-heading" data-toggle="collapse" href="#collapse_asso">
@ -295,7 +307,6 @@ with this program; if not, write to the Free Software Foundation, Inc.,
</h4>
</div>
<div id="collapse_asso" class="panel-collapse panel-body collapse">
<a class="btn btn-primary btn-sm" role="button" href="{% url 'preferences:edit-options' 'AssoOption' %}">
<i class="fa fa-edit"></i>
{% trans "Edit" %}
@ -331,11 +342,11 @@ with this program; if not, write to the Free Software Foundation, Inc.,
</table>
</div>
</div>
<div class="panel panel-default" id="mail">
<div class="panel-heading" data-toggle="collapse" href="#collapse_mail">
<h4 class="panel-title">
<a><i class="fa fa-comment"></i> Message pour les mails</a>
<a><i class="fa fa-comment"></i> Message pour les mails</a>
</h4>
</div>
<div id="collapse_mail" class="panel-collapse panel-body collapse">
@ -367,7 +378,7 @@ with this program; if not, write to the Free Software Foundation, Inc.,
</div>
<div id="collapse_rappels" class="panel-collapse panel-body collapse">
{% can_create preferences.Reminder%}
<a class="btn btn-primary btn-sm" role="button" href="{% url 'preferences:add-reminder' %}"><i class="fa fa-plus"></i> Ajouter un rappel</a>
<p></p>
{% acl_end %}
@ -384,12 +395,12 @@ with this program; if not, write to the Free Software Foundation, Inc.,
</div>
<div id="collapse_services" class="panel-collapse panel-body collapse">
{% can_create preferences.Service%}
<a class="btn btn-primary btn-sm" role="button" href="{% url 'preferences:add-service' %}"><i class="fa fa-plus"></i>{% trans " Add a service" %}</a>
<p></p>
{% acl_end %}
{% include "preferences/aff_service.html" with service_list=service_list %}
</div>
</div>
@ -400,7 +411,7 @@ with this program; if not, write to the Free Software Foundation, Inc.,
</h4>
</div>
<div id="collapse_contact" class="panel-collapse panel-body collapse">
{% can_create preferences.MailContact %}
<a class="btn btn-primary btn-sm" role="button" href="{% url 'preferences:add-mailcontact' %}"><i class="fa fa-plus"></i>{% trans "Add an address" %}</a>
{% acl_end %}

5
preferences/urls.py
View File

@ -66,6 +66,11 @@ urlpatterns = [
views.edit_options,
name='edit-options'
),
url(
r'^edit_options/(?P<section>RadiusOption)$',
views.edit_options,
name='edit-options'
),
url(r'^add_service/$', views.add_service, name='add-service'),
url(
r'^edit_service/(?P<serviceid>[0-9]+)$',

7
preferences/views.py
View File

@ -62,7 +62,8 @@ from .models import (
HomeOption,
Reminder,
RadiusKey,
SwitchManagementCred
SwitchManagementCred,
RadiusOption,
)
from . import models
from . import forms
@ -86,6 +87,7 @@ def display_options(request):
reminder_list = Reminder.objects.all()
radiuskey_list = RadiusKey.objects.all()
switchmanagementcred_list = SwitchManagementCred.objects.all()
radiusoptions, _ = RadiusOption.objects.get_or_create()
return form({
'useroptions': useroptions,
'machineoptions': machineoptions,
@ -98,7 +100,8 @@ def display_options(request):
'mailcontact_list': mailcontact_list,
'reminder_list': reminder_list,
'radiuskey_list' : radiuskey_list,
'switchmanagementcred_list': switchmanagementcred_list,
'switchmanagementcred_list': switchmanagementcred_list,
'radiusoptions' : radiusoptions,
}, 'preferences/display_preferences.html', request)

Write Preview
Loading…
Cancel
Save