fix autocapture

2021-10-23 11:54:01 +02:00 · 2021-10-23 11:54:01 +02:00 · d1ac9ec8eb
commit d1ac9ec8eb
parent ac3118dd8d
1 changed files with 38 additions and 23 deletions
--- a/auth.py
+++ b/auth.py
@ -159,22 +159,16 @@ def authorize(data):

    nas_type = data_from_api["nas"]
    user = data_from_api["user"]
-    user_interface = data_from_api["user_interface"]

    if not nas_type or nas_type and nas_type["port_access_mode"] == "802.1X":
-        result, log, password = check_user_machine_and_register(
-            nas_type, user, user_interface, nas, username, mac)
-        logger.info(log.encode("utf-8"))
+        password = user.get("pwd_ntlm", "")
        logger.info(username.encode("utf-8"))

-        if not result:
-            return radiusd.RLM_MODULE_REJECT
-        else:
-            return (
-                radiusd.RLM_MODULE_UPDATED,
-                (),
-                ((str("NT-Password"), str(password)),),
-            )
+        return (
+            radiusd.RLM_MODULE_UPDATED,
+            (),
+            ((str("NT-Password"), str(password)),),
+        )

    else:
        return (radiusd.RLM_MODULE_UPDATED, (), (("Auth-Type", "Accept"),))
@ -188,6 +182,9 @@ def post_auth(data):
    nas = data.get("NAS-IP-Address", data.get("NAS-Identifier", None))
    nas_port = data.get("NAS-Port-Id", data.get("NAS-Port", None))
    mac = data.get("Calling-Station-Id", None)
+    username = data.get("User-Name", "")
+    # For proxified request, split
+    username = username.split("@", 1)[0]

    # Get all required objects from API
    data_from_api = api_client().view(
@ -197,9 +194,28 @@ def post_auth(data):
            urllib.parse.quote(mac or "None", safe="")
        ))

+    data_from_api2 = api_client().view(
+        "radius/authorize/{0}/{1}/{2}".format(
+            urllib.parse.quote(nas or "None", safe=""),
+            urllib.parse.quote(username or "None", safe=""),
+            urllib.parse.quote(mac or "None", safe="")
+        ))
+
    nas_type = data_from_api["nas"]
    port = data_from_api["port"]
    switch = data_from_api["switch"]
+    nas_type = data_from_api2["nas"]
+    user = data_from_api2["user"]
+    user_interface = data_from_api2["user_interface"]
+
+    result, log = check_user_machine_and_register(
+            nas_type, user, user_interface, nas, username, mac)
+
+    logger.info(log.encode("utf-8"))
+    logger.info(username.encode("utf-8"))
+
+    if not result:
+        return radiusd.RLM_MODULE_REJECT

    # If proxified request
    if not nas_type:
@ -258,10 +274,10 @@ def check_user_machine_and_register(nas_type, user, user_interface, nas_id, user

    if not user:
        # No username provided
-        return (False, "User unknown", "")
+        return (False, "User unknown")

    if not user["access"]:
-        return (False, "Invalid connexion (non-contributing user)", "")
+        return (False, "Invalid connexion (non-contributing user)")

    if user_interface:
        if user_interface["user_pk"] != user["pk"]:
@ -272,7 +288,7 @@ def check_user_machine_and_register(nas_type, user, user_interface, nas_id, user
            )

        elif not user_interface["active"]:
-            return (False, "Interface/Machine disabled", "")
+            return (False, "Interface/Machine disabled")

        elif not user_interface["ipv4"]:
            # Try to autoassign ip
@ -281,11 +297,11 @@ def check_user_machine_and_register(nas_type, user, user_interface, nas_id, user
                    "radius/assign_ip/{0}".format(
                        urllib.parse.quote(mac_address or "None", safe="")
                    ))
-                return (True, "Ok, new ipv4 assignement...", user.get("pwd_ntlm", ""))
+                return (True, "Ok, new ipv4 assignement...")
            except HTTPError as err:
-                return (False, "Error during ip assignement %s" % err.response.text, "")
+                return (False, "Error during ip assignement %s" % err.response.text)
        else:
-            return (True, "Access ok", user.get("pwd_ntlm", ""))
+            return (True, "Access ok")

    elif nas_type:
        # The interface is not yet registred, try to autoregister if enabled
@ -297,14 +313,13 @@ def check_user_machine_and_register(nas_type, user, user_interface, nas_id, user
                        urllib.parse.quote(username or "None", safe=""),
                        urllib.parse.quote(mac_address or "None", safe="")
                    ))
-                return (True, "Access Ok, Registering mac...", user["pwd_ntlm"])
+                return (True, "Access Ok, Registering mac...")
            except HTTPError as err:
-                return (False, "Error during mac register %s" % err.response.text, "")
-            return (False, "Autoregistering is disabled", "")
+                return (False, "Error during mac register %s" % err.response.text)
        else:
-            return (False, "Unknown interface/machine", "")
+            return (False, "Autoregistering is disabled")
    else:
-        return (False, "Unknown interface/machine", "")
+        return (False, "Unknown interface/machine")


 def set_radius_attributes_values(attributes, values):