Aiguillage entre site nas, filaire et wifi effectué dans le auth.py à présent (règle le prb de segfault sous jessie)
This commit is contained in:
Gabriel Detraz
parent
4915d64e90
commit
587b76d930
2 changed files with 60 additions and 1 deletions
|
|
@ -274,6 +274,18 @@ def instantiate(*_):
|
||||||
if TEST_SERVER:
|
if TEST_SERVER:
|
||||||
logger.info('DBG_FREERADIUS is enabled')
|
logger.info('DBG_FREERADIUS is enabled')
|
||||||
|
|
||||||
|
@radius_event
|
||||||
|
def authorize(data):
|
||||||
|
"""Fonction qui aiguille entre nas, wifi et filaire pour authorize
|
||||||
|
On se contecte de faire une verification basique de ce que contien la requète
|
||||||
|
pour déterminer la fonction à utiliser"""
|
||||||
|
if data.get('NAS-Port-Type', '')==u'Ethernet':
|
||||||
|
return authorize_fil(data)
|
||||||
|
elif u"Wireless" in data.get('NAS-Port-Type', ''):
|
||||||
|
return authorize_wifi(data)
|
||||||
|
else:
|
||||||
|
return authorize_nas(data)
|
||||||
|
|
||||||
@radius_event
|
@radius_event
|
||||||
def authorize_wifi(data):
|
def authorize_wifi(data):
|
||||||
"""Section authorize pour le wifi
|
"""Section authorize pour le wifi
|
||||||
|
|
@ -358,7 +370,7 @@ def authorize_fil(data):
|
||||||
return (radiusd.RLM_MODULE_UPDATED,
|
return (radiusd.RLM_MODULE_UPDATED,
|
||||||
(),
|
(),
|
||||||
(
|
(
|
||||||
("Auth-Type", "crans_fil"),
|
("Auth-Type", "Accept"),
|
||||||
),
|
),
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
@ -431,6 +443,15 @@ def authorize_nas(data, ldap):
|
||||||
("FreeRADIUS-Client-Virtual-Server", vserver),
|
("FreeRADIUS-Client-Virtual-Server", vserver),
|
||||||
),
|
),
|
||||||
)
|
)
|
||||||
|
|
||||||
|
@radius_event
|
||||||
|
def post_auth(data):
|
||||||
|
# On cherche quel est le type de machine, et quel sites lui appliquer
|
||||||
|
if data.get('NAS-Port-Type', '')==u'Ethernet':
|
||||||
|
return post_auth_fil(data)
|
||||||
|
elif u"Wireless" in data.get('NAS-Port-Type', ''):
|
||||||
|
return post_auth_wifi(data)
|
||||||
|
|
||||||
@radius_event
|
@radius_event
|
||||||
def post_auth_wifi(data):
|
def post_auth_wifi(data):
|
||||||
"""Appelé une fois que l'authentification est ok.
|
"""Appelé une fois que l'authentification est ok.
|
||||||
|
|
|
||||||
38
freeradius/rlm_python_unifie.conf
Normal file
38
freeradius/rlm_python_unifie.conf
Normal file
|
|
@ -0,0 +1,38 @@
|
||||||
|
# Configuration for the Python module.
|
||||||
|
#
|
||||||
|
#
|
||||||
|
|
||||||
|
python crans_unifie {
|
||||||
|
mod_instantiate = freeradius.auth
|
||||||
|
func_instantiate = instantiate
|
||||||
|
|
||||||
|
# Pour le authorize, c'est auth.py qui fait le tri maintenant
|
||||||
|
mod_authorize = freeradius.auth
|
||||||
|
func_authorize = authorize
|
||||||
|
|
||||||
|
# Renseigne le vlan si necessaire
|
||||||
|
# remplacer par dummy_fun pour ignorer le tagging de vlan
|
||||||
|
mod_post_auth = freeradius.auth
|
||||||
|
func_post_auth = post_auth
|
||||||
|
|
||||||
|
# Que faire avant de quitter
|
||||||
|
mod_detach = freeradius.auth
|
||||||
|
func_detach = detach
|
||||||
|
|
||||||
|
# Le reste sert à rien
|
||||||
|
mod_accounting = freeradius.auth
|
||||||
|
func_accounting = dummy_fun
|
||||||
|
|
||||||
|
mod_pre_proxy = freeradius.auth
|
||||||
|
func_pre_proxy = dummy_fun
|
||||||
|
|
||||||
|
mod_post_proxy = freeradius.auth
|
||||||
|
func_post_proxy = dummy_fun
|
||||||
|
|
||||||
|
mod_recv_coa = freeradius.auth
|
||||||
|
func_recv_coa = dummy_fun
|
||||||
|
|
||||||
|
mod_send_coa = freeradius.auth
|
||||||
|
func_send_coa = dummy_fun
|
||||||
|
}
|
||||||
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue