Commit 5c740ae7 authored by Daniel STAN's avatar Daniel STAN

freeradius/auth.py: plus de détails de logs

parent a83dba0d
......@@ -73,10 +73,10 @@ def wifi_authorize(auth_data, conn):
items = get_machines(auth_data, conn)
if not items:
radiusd.radlog(radiusd.L_ERR, 'Nobody found :(')
radiusd.radlog(radiusd.L_ERR, 'lc_ldap: Nobody found')
return radiusd.RLM_MODULE_NOTFOUND
if len(items) > 1:
radiusd.radlog(radiusd.L_ERR, 'Too much results from lc_ldap !')
radiusd.radlog(radiusd.L_ERR, 'lc_ldap: Too many results')
machine = items[0]
......@@ -90,6 +90,8 @@ def wifi_authorize(auth_data, conn):
return radiusd.RLM_MODULE_REJECT
if not machine.get('ipsec', False):
radiusd.radlog(radiusd.L_ERR, 'WiFi authentication but machine has no' +
'password')
return radiusd.RLM_MODULE_REJECT
password = machine['ipsec'][0].value.encode('ascii', 'ignore')
......@@ -106,29 +108,39 @@ def post_auth(auth_data, conn):
On peut rajouter quelques éléments dans la réponse radius ici.
Comme par exemple le vlan sur lequel placer le client"""
vlan_name = None
reason = ''
identity = "" #TODO
prise = "" #TODO
items = get_machines(auth_data, conn)
decision = 'adherent',''
if not items:
return radiusd.RLM_MODULE_NOTFOUND
decision = 'accueil', 'Machine inconnue'
machine = items[0]
proprio = machine.proprio()
vlan = vlans['adherent']
if isinstance(machine, lc_ldap.objets.machineWifi):
vlan = vlans['wifi']
decision = 'wifi', ''
if not machine['ipHostNumber']:
# No IP => vlan v6only
vlan = vlans['v6only']
decision = 'v6only', 'No IPv4'
elif machine['ipHostNumber'][0].value in netaddr.IPNetwork('10.2.9.0/24'):
# Cas des personnels logés dans les appartements de l'ENS
vlan = vlans['appts']
decision = 'appts', 'Personnel ENS'
for bl in machine.blacklist_actif():
if bl in bl_isolement:
vlan = vlans['isolement']
if bl in bl_accueil:
vlan = vlans['accueil']
if bl.value['type'] in bl_isolement:
decision = 'isolement', unicode(bl).encode('utf-8')
if bl.value['type'] in bl_accueil:
decision = 'accueil', unicode(bl).encode('utf-8')
vlan_name, reason = decision
vlan = vlans[vlan_name]
radiusd.radlog(radiusd.L_INFO, 'auth.py: %s -> %s [%s%s]' %
(prise, identity, vlan_name, (reason and ': ' + reason))
)
#<!>
#
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment