re2o/re2o-radius
5
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix autocapture

Browse source
This commit is contained in:
chapeau 2021-10-23 11:54:01 +02:00
parent ac3118dd8d
commit d1ac9ec8eb
1 changed files with 38 additions and 23 deletions
Download patch file Download diff file Expand all files Collapse all files

61
auth.py
View file

@ -159,22 +159,16 @@ def authorize(data):
nas_type = data_from_api["nas"] nas_type = data_from_api["nas"]
user = data_from_api["user"] user = data_from_api["user"]
user_interface = data_from_api["user_interface"]
if not nas_type or nas_type and nas_type["port_access_mode"] == "802.1X": if not nas_type or nas_type and nas_type["port_access_mode"] == "802.1X":
result, log, password = check_user_machine_and_register( password = user.get("pwd_ntlm", "")
nas_type, user, user_interface, nas, username, mac)
logger.info(log.encode("utf-8"))
logger.info(username.encode("utf-8")) logger.info(username.encode("utf-8"))
if not result: return (
return radiusd.RLM_MODULE_REJECT radiusd.RLM_MODULE_UPDATED,
else: (),
return ( ((str("NT-Password"), str(password)),),
radiusd.RLM_MODULE_UPDATED, )
(),
((str("NT-Password"), str(password)),),
)
else: else:
return (radiusd.RLM_MODULE_UPDATED, (), (("Auth-Type", "Accept"),)) return (radiusd.RLM_MODULE_UPDATED, (), (("Auth-Type", "Accept"),))
@ -188,6 +182,9 @@ def post_auth(data):
nas = data.get("NAS-IP-Address", data.get("NAS-Identifier", None)) nas = data.get("NAS-IP-Address", data.get("NAS-Identifier", None))
nas_port = data.get("NAS-Port-Id", data.get("NAS-Port", None)) nas_port = data.get("NAS-Port-Id", data.get("NAS-Port", None))
mac = data.get("Calling-Station-Id", None) mac = data.get("Calling-Station-Id", None)
username = data.get("User-Name", "")
# For proxified request, split
username = username.split("@", 1)[0]
# Get all required objects from API # Get all required objects from API
data_from_api = api_client().view( data_from_api = api_client().view(
@ -197,9 +194,28 @@ def post_auth(data):
urllib.parse.quote(mac or "None", safe="") urllib.parse.quote(mac or "None", safe="")
)) ))
data_from_api2 = api_client().view(
"radius/authorize/{0}/{1}/{2}".format(
urllib.parse.quote(nas or "None", safe=""),
urllib.parse.quote(username or "None", safe=""),
urllib.parse.quote(mac or "None", safe="")
))
nas_type = data_from_api["nas"] nas_type = data_from_api["nas"]
port = data_from_api["port"] port = data_from_api["port"]
switch = data_from_api["switch"] switch = data_from_api["switch"]
nas_type = data_from_api2["nas"]
user = data_from_api2["user"]
user_interface = data_from_api2["user_interface"]
result, log = check_user_machine_and_register(
nas_type, user, user_interface, nas, username, mac)
logger.info(log.encode("utf-8"))
logger.info(username.encode("utf-8"))
if not result:
return radiusd.RLM_MODULE_REJECT
# If proxified request # If proxified request
if not nas_type: if not nas_type:
@ -258,10 +274,10 @@ def check_user_machine_and_register(nas_type, user, user_interface, nas_id, user
if not user: if not user:
# No username provided # No username provided
return (False, "User unknown", "") return (False, "User unknown")
if not user["access"]: if not user["access"]:
return (False, "Invalid connexion (non-contributing user)", "") return (False, "Invalid connexion (non-contributing user)")
if user_interface: if user_interface:
if user_interface["user_pk"] != user["pk"]: if user_interface["user_pk"] != user["pk"]:
@ -272,7 +288,7 @@ def check_user_machine_and_register(nas_type, user, user_interface, nas_id, user
) )
elif not user_interface["active"]: elif not user_interface["active"]:
return (False, "Interface/Machine disabled", "") return (False, "Interface/Machine disabled")
elif not user_interface["ipv4"]: elif not user_interface["ipv4"]:
# Try to autoassign ip # Try to autoassign ip
@ -281,11 +297,11 @@ def check_user_machine_and_register(nas_type, user, user_interface, nas_id, user
"radius/assign_ip/{0}".format( "radius/assign_ip/{0}".format(
urllib.parse.quote(mac_address or "None", safe="") urllib.parse.quote(mac_address or "None", safe="")
)) ))
return (True, "Ok, new ipv4 assignement...", user.get("pwd_ntlm", "")) return (True, "Ok, new ipv4 assignement...")
except HTTPError as err: except HTTPError as err:
return (False, "Error during ip assignement %s" % err.response.text, "") return (False, "Error during ip assignement %s" % err.response.text)
else: else:
return (True, "Access ok", user.get("pwd_ntlm", "")) return (True, "Access ok")
elif nas_type: elif nas_type:
# The interface is not yet registred, try to autoregister if enabled # The interface is not yet registred, try to autoregister if enabled
@ -297,14 +313,13 @@ def check_user_machine_and_register(nas_type, user, user_interface, nas_id, user
urllib.parse.quote(username or "None", safe=""), urllib.parse.quote(username or "None", safe=""),
urllib.parse.quote(mac_address or "None", safe="") urllib.parse.quote(mac_address or "None", safe="")
)) ))
return (True, "Access Ok, Registering mac...", user["pwd_ntlm"]) return (True, "Access Ok, Registering mac...")
except HTTPError as err: except HTTPError as err:
return (False, "Error during mac register %s" % err.response.text, "") return (False, "Error during mac register %s" % err.response.text)
return (False, "Autoregistering is disabled", "")
else: else:
return (False, "Unknown interface/machine", "") return (False, "Autoregistering is disabled")
else: else:
return (False, "Unknown interface/machine", "") return (False, "Unknown interface/machine")
def set_radius_attributes_values(attributes, values): def set_radius_attributes_values(attributes, values):