authenticate_filaire.py 2.78 KB
Newer Older
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
import os, sys

proj_path = "/var/www/re2o/"
# This is so Django knows where to find stuff.
os.environ.setdefault("DJANGO_SETTINGS_MODULE", "re2o.settings")
sys.path.append(proj_path)

# This is so my local_settings.py gets loaded.
os.chdir(proj_path)

# This is so models get loaded.
from django.core.wsgi import get_wsgi_application
application = get_wsgi_application()

import argparse

Gabriel Detraz's avatar
Gabriel Detraz committed
17 18
from django.db.models import Q
from machines.models import Interface, IpList, Domain
19 20 21 22 23 24 25 26
from topologie.models import Room, Port, Switch
from users.models import User

from re2o.settings import RADIUS_VLAN_DECISION

VLAN_NOK = RADIUS_VLAN_DECISION['VLAN_NOK']
VLAN_OK = RADIUS_VLAN_DECISION['VLAN_OK']

Gabriel Detraz's avatar
Gabriel Detraz committed
27
def decide_vlan(switch_id, port_number, mac_address):
28
    # Get port from switch and port number
Gabriel Detraz's avatar
Gabriel Detraz committed
29
    switch = Switch.objects.filter(switch_interface=Interface.objects.filter(Q(ipv4=IpList.objects.filter(ipv4=switch_id)) | Q(domain=Domain.objects.filter(name=switch_id))))
30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64
    if not switch:
        return ('?', 'Switch inconnu', VLAN_OK)

    sw_name = str(switch[0].switch_interface)

    port = Port.objects.filter(switch=switch[0], port=port_number)
    if not port:
        return (sw_name, 'Port inconnu', VLAN_OK)

    port = port[0]

    if port.radius == 'NO':
        return (sw_name, "Pas d'authentification sur ce port", VLAN_OK)

    if port.radius == 'BLOQ':
        return (sw_name, 'Port desactive', VLAN_NOK)

    if port.radius == 'STRICT':
        if not port.room:
            return (sw_name, 'Chambre inconnue', VLAN_NOK)

        room_user = User.objects.filter(room=Room.objects.filter(name=port.room))
        if not room_user:
            return (sw_name, 'Chambre non cotisante', VLAN_NOK)
        elif not room_user[0].has_access():
            return (sw_name, 'Chambre resident desactive', VLAN_NOK)
        # else: user OK, on passe à la verif MAC

    if port.radius == 'COMMON' or port.radius == 'STRICT':
        # Authentification par mac
        interface = Interface.objects.filter(mac_address=mac_address)
        if not interface:
            return (sw_name, 'Machine inconnue', VLAN_NOK)
        elif not interface[0].is_active():
            return (sw_name, 'Machine non active / adherent non cotisant', VLAN_NOK)
65
        else:
66 67 68 69 70
            return (sw_name, 'Machine OK', VLAN_OK)

    # On gere bien tous les autres états possibles, il ne reste que le VLAN en dur
    return (sw_name, 'VLAN impose', int(port.radius))

71 72 73

if __name__ == '__main__':
    parser = argparse.ArgumentParser(description='Decide radius vlan attribution')
Gabriel Detraz's avatar
Gabriel Detraz committed
74
    parser.add_argument('switch_id', action="store")
75 76 77
    parser.add_argument('port_number', action="store", type=int)
    parser.add_argument('mac_address', action="store")
    args = parser.parse_args()
Gabriel Detraz's avatar
Gabriel Detraz committed
78
    print(decide_vlan(args.switch_id, args.port_number, args.mac_address))
79