freeradius/auth.py: plus de détails de logs

2013-11-06 18:47:32 +01:00 · 2013-11-06 18:47:32 +01:00 · 5c740ae712
commit 5c740ae712
parent a83dba0dcd
1 changed files with 24 additions and 12 deletions
--- a/freeradius/auth.py
+++ b/freeradius/auth.py
@ -73,10 +73,10 @@ def wifi_authorize(auth_data, conn):
    items = get_machines(auth_data, conn)

    if not items:
-        radiusd.radlog(radiusd.L_ERR, 'Nobody found :(')
+        radiusd.radlog(radiusd.L_ERR, 'lc_ldap: Nobody found')
        return radiusd.RLM_MODULE_NOTFOUND
    if len(items) > 1:
-        radiusd.radlog(radiusd.L_ERR, 'Too much results from lc_ldap !')
+        radiusd.radlog(radiusd.L_ERR, 'lc_ldap: Too many results')

    machine = items[0]
    
@ -90,6 +90,8 @@ def wifi_authorize(auth_data, conn):
            return radiusd.RLM_MODULE_REJECT
    
    if not machine.get('ipsec', False):
+        radiusd.radlog(radiusd.L_ERR, 'WiFi authentication but machine has no' +
+            'password')
        return radiusd.RLM_MODULE_REJECT
    password = machine['ipsec'][0].value.encode('ascii', 'ignore')

@ -106,29 +108,39 @@ def post_auth(auth_data, conn):
    On peut rajouter quelques éléments dans la réponse radius ici.
    Comme par exemple le vlan sur lequel placer le client"""

+    vlan_name = None
+    reason = ''
+    identity = "" #TODO
+    prise = ""    #TODO
    items = get_machines(auth_data, conn)

+    decision = 'adherent',''
    if not items:
-        return radiusd.RLM_MODULE_NOTFOUND
+        decision = 'accueil', 'Machine inconnue'
+
    machine = items[0]
    proprio = machine.proprio()

-    vlan = vlans['adherent']
    if isinstance(machine, lc_ldap.objets.machineWifi):
-        vlan = vlans['wifi']
+        decision = 'wifi', ''
    
    if not machine['ipHostNumber']:
-        # No IP => vlan v6only
-        vlan = vlans['v6only']
+        decision = 'v6only', 'No IPv4'
    elif machine['ipHostNumber'][0].value in netaddr.IPNetwork('10.2.9.0/24'):
        # Cas des personnels logés dans les appartements de l'ENS
-        vlan = vlans['appts']
+        decision = 'appts', 'Personnel ENS'

    for bl in machine.blacklist_actif():
-        if bl in bl_isolement:
-            vlan = vlans['isolement']
-        if bl in bl_accueil:
-            vlan = vlans['accueil']
+        if bl.value['type'] in bl_isolement:
+            decision = 'isolement', unicode(bl).encode('utf-8')
+        if bl.value['type'] in bl_accueil:
+            decision = 'accueil', unicode(bl).encode('utf-8')
+
+    vlan_name, reason = decision
+    vlan = vlans[vlan_name]
+    radiusd.radlog(radiusd.L_INFO, 'auth.py: %s -> %s [%s%s]' % 
+        (prise, identity, vlan_name, (reason and ': ' + reason))
+    )

 #<!>
 #