crans/scripts
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

freeradius/auth.py: plus de détails de logs

Browse source
This commit is contained in:
Daniel STAN 2013-11-06 18:47:32 +01:00
parent a83dba0dcd
commit 5c740ae712
1 changed files with 24 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

36
freeradius/auth.py
View file

@ -73,10 +73,10 @@ def wifi_authorize(auth_data, conn):
items = get_machines(auth_data, conn) items = get_machines(auth_data, conn)
if not items: if not items:
radiusd.radlog(radiusd.L_ERR, 'Nobody found :(') radiusd.radlog(radiusd.L_ERR, 'lc_ldap: Nobody found')
return radiusd.RLM_MODULE_NOTFOUND return radiusd.RLM_MODULE_NOTFOUND
if len(items) > 1: if len(items) > 1:
radiusd.radlog(radiusd.L_ERR, 'Too much results from lc_ldap !') radiusd.radlog(radiusd.L_ERR, 'lc_ldap: Too many results')
machine = items[0] machine = items[0]
@ -90,6 +90,8 @@ def wifi_authorize(auth_data, conn):
return radiusd.RLM_MODULE_REJECT return radiusd.RLM_MODULE_REJECT
if not machine.get('ipsec', False): if not machine.get('ipsec', False):
radiusd.radlog(radiusd.L_ERR, 'WiFi authentication but machine has no' +
'password')
return radiusd.RLM_MODULE_REJECT return radiusd.RLM_MODULE_REJECT
password = machine['ipsec'][0].value.encode('ascii', 'ignore') password = machine['ipsec'][0].value.encode('ascii', 'ignore')
@ -106,29 +108,39 @@ def post_auth(auth_data, conn):
On peut rajouter quelques éléments dans la réponse radius ici. On peut rajouter quelques éléments dans la réponse radius ici.
Comme par exemple le vlan sur lequel placer le client""" Comme par exemple le vlan sur lequel placer le client"""
vlan_name = None
reason = ''
identity = "" #TODO
prise = "" #TODO
items = get_machines(auth_data, conn) items = get_machines(auth_data, conn)
decision = 'adherent',''
if not items: if not items:
return radiusd.RLM_MODULE_NOTFOUND decision = 'accueil', 'Machine inconnue'
machine = items[0] machine = items[0]
proprio = machine.proprio() proprio = machine.proprio()
vlan = vlans['adherent']
if isinstance(machine, lc_ldap.objets.machineWifi): if isinstance(machine, lc_ldap.objets.machineWifi):
vlan = vlans['wifi'] decision = 'wifi', ''
if not machine['ipHostNumber']: if not machine['ipHostNumber']:
# No IP => vlan v6only decision = 'v6only', 'No IPv4'
vlan = vlans['v6only']
elif machine['ipHostNumber'][0].value in netaddr.IPNetwork('10.2.9.0/24'): elif machine['ipHostNumber'][0].value in netaddr.IPNetwork('10.2.9.0/24'):
# Cas des personnels logés dans les appartements de l'ENS # Cas des personnels logés dans les appartements de l'ENS
vlan = vlans['appts'] decision = 'appts', 'Personnel ENS'
for bl in machine.blacklist_actif(): for bl in machine.blacklist_actif():
if bl in bl_isolement: if bl.value['type'] in bl_isolement:
vlan = vlans['isolement'] decision = 'isolement', unicode(bl).encode('utf-8')
if bl in bl_accueil: if bl.value['type'] in bl_accueil:
vlan = vlans['accueil'] decision = 'accueil', unicode(bl).encode('utf-8')
vlan_name, reason = decision
vlan = vlans[vlan_name]
radiusd.radlog(radiusd.L_INFO, 'auth.py: %s -> %s [%s%s]' %
(prise, identity, vlan_name, (reason and ': ' + reason))
)
#<!> #<!>
# #