radius: on se débarasse du fils ssh
Et on a presque un truc qui marche. Bon le trigger_generate, on va vite le virer parce que c'est mauche tout de même.
This commit is contained in:
Daniel STAN
parent
b372b52c76
commit
d5bd1ec23e
3 changed files with 57 additions and 17 deletions
|
|
@ -19,14 +19,15 @@
|
|||
# Voir des exemples plus complets ici:
|
||||
# https://github.com/FreeRADIUS/freeradius-server/blob/master/src/modules/rlm_python/
|
||||
|
||||
from lc_ldap.shortcuts import with_ldap_conn, lc_ldap_admin
|
||||
import lc_ldap.shortcuts
|
||||
from lc_ldap.crans_utils import escape as escape_ldap
|
||||
import lc_ldap.crans_utils
|
||||
from gestion.config.config import vlans
|
||||
import lc_ldap.objets
|
||||
import radiusd
|
||||
import netaddr
|
||||
from gestion.gen_confs.generate import trigger as trigger_generate
|
||||
import traceback
|
||||
from gestion.gen_confs.trigger import trigger_generate_cochon as trigger_generate
|
||||
|
||||
# Voilà, pour faire marcher le V6Only, il faut se retirer l'ipv4 de sa machine
|
||||
# ou en enregistrer une nouvelle (sans ipv4) avec une autre mac. Moi j'ai la
|
||||
|
|
@ -37,6 +38,15 @@ u'dc:9f:db:5c:c3:ea', # polynice-wlan0
|
|||
u'00:26:c7:a6:9e:16', # cerveaulent
|
||||
]
|
||||
|
||||
# TODO (à metre dans bcfg2)
|
||||
#setfacl -m u:freerad:rx /etc/crans/
|
||||
#setfacl -m u:freerad:rx /etc/crans/secrets
|
||||
#setfacl -m u:freerad:r /etc/crans/secrets/dhcp.py
|
||||
#setfacl -m u:freerad:r /etc/crans/secrets/secrets.py
|
||||
#setfacl -m u:freerad:r /etc/crans/secrets/trigger-generate.pub
|
||||
#setfacl -m m::r /etc/crans/secrets/trigger-generate
|
||||
#setfacl -m u:freerad:r /etc/crans/secrets/trigger-generate
|
||||
|
||||
bl_reject = [u'bloq']
|
||||
bl_isolement = [u'virus', u'autodisc_virus', u'autodisc_p2p', u'ipv6_ra']
|
||||
# TODO carte_etudiant: dépend si sursis ou non (regarder lc_ldap)
|
||||
|
|
@ -44,7 +54,10 @@ bl_isolement = [u'virus', u'autodisc_virus', u'autodisc_p2p', u'ipv6_ra']
|
|||
bl_accueil = [u'carte_etudiant', u'chambre_invalide', u'paiement']
|
||||
|
||||
# Decorateur utilisé plus tard (same connection)
|
||||
use_ldap = with_ldap_conn(retries=2, delay=5, constructor=lc_ldap_admin)
|
||||
use_ldap_admin = lc_ldap.shortcuts.with_ldap_conn(retries=2, delay=5,
|
||||
constructor=lc_ldap.shortcuts.lc_ldap_admin)
|
||||
use_ldap = lc_ldap.shortcuts.with_ldap_conn(retries=2, delay=5,
|
||||
constructor=lc_ldap.shortcuts.lc_ldap_anonymous)
|
||||
|
||||
@use_ldap
|
||||
def get_machines(auth_data, conn):
|
||||
|
|
@ -84,7 +97,7 @@ def get_machines(auth_data, conn):
|
|||
]
|
||||
|
||||
for filter_s in search_strats:
|
||||
res = conn.search(filter_s, mode='rw')
|
||||
res = conn.search(filter_s)
|
||||
if res:
|
||||
break
|
||||
|
||||
|
|
@ -120,8 +133,9 @@ def get_prise(auth_data):
|
|||
return bat_name + "%01d%02d" % (bat_num, port)
|
||||
|
||||
|
||||
@use_ldap
|
||||
@use_ldap_admin
|
||||
def register_mac(auth_data, machine, conn):
|
||||
machine = conn.search(unicode(machine.dn.split(',',1)[0]), mode='rw')[0]
|
||||
for (key, value) in auth_data:
|
||||
if key == 'Calling-Station-Id':
|
||||
try:
|
||||
|
|
@ -129,19 +143,25 @@ def register_mac(auth_data, machine, conn):
|
|||
mac = lc_ldap.crans_utils.format_mac(value)
|
||||
except:
|
||||
radiusd.radlog(radiusd.L_ERR, 'Cannot format MAC !')
|
||||
|
||||
if mac is not None:
|
||||
mac = unicode(mac.lower())
|
||||
|
||||
radiusd.radlog(radiusd.L_INFO, 'Registering mac %s' % mac)
|
||||
machine['macAddress'] = mac
|
||||
machine.history_add(u'auth.py', u'macAddress ( %s )' % mac)
|
||||
machine.history_add(u'auth.py', u'macAddress (<automatique> -> %s)' % mac)
|
||||
machine.save()
|
||||
radiusd.radlog(radiusd.L_INFO, 'Mac set')
|
||||
trigger_generate('komaz', background=True)
|
||||
radiusd.radlog(radiusd.L_INFO, 'Triggering komaz')
|
||||
trigger_generate('komaz')
|
||||
radiusd.radlog(radiusd.L_INFO, 'done ! (triggered komaz)')
|
||||
else:
|
||||
radiusd.radlog(radiusd.L_ERR, 'Cannot find MAC')
|
||||
|
||||
@use_ldap_admin
|
||||
@use_ldap
|
||||
def instantiate(p, conn):
|
||||
"""Utile pour initialiser la connexion ldap une première fois (otherwise,
|
||||
def instantiate(p, *conns):
|
||||
"""Utile pour initialiser les connexions ldap une première fois (otherwise,
|
||||
do nothing)"""
|
||||
pass
|
||||
|
||||
|
|
@ -249,7 +269,10 @@ def post_auth(auth_data, conn):
|
|||
# return (0, "Hébergeur non à jour", "accueil")
|
||||
#
|
||||
#<!>
|
||||
# Pour l'instant, on ne met pas d'infos de vlans dans la réponse
|
||||
return radiusd.RLM_MODULE_OK
|
||||
|
||||
# This is dead code (for now)
|
||||
return (radiusd.RLM_MODULE_UPDATED,
|
||||
(
|
||||
("Tunnel-Type", "VLAN"),
|
||||
|
|
|
|||
|
|
@ -5,13 +5,17 @@ import auth
|
|||
import sys
|
||||
import time
|
||||
|
||||
if len(sys.argv) < 2 and False:
|
||||
print "Give me a mac !"
|
||||
sys.exit(1)
|
||||
delattr(sys, 'argv')
|
||||
|
||||
#if len(sys.argv) < 2 and False:
|
||||
# print "Give me a mac !"
|
||||
# sys.exit(1)
|
||||
|
||||
# Machine à s'authentifier (cerveaulent)
|
||||
#p=(('Calling-Station-Id', sys.argv[1]),)
|
||||
|
||||
auth.instantiate(())
|
||||
|
||||
p=(
|
||||
('Calling-Station-Id', 'ba:27:eb:3c:54:d5'),
|
||||
('User-Name', 'test18'),
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue